The internet and advances in computer technology have brought about an unprecedented shift in technological advantages and has led to new forms of warfare in the military domain.
A cyber threat arises from the possibility and intention of an adversary to launch a cyber-attack into an electronic infrastructure to read (espionage), change (intrusion), delete, or even add information. It is imperative that the government realise the need for existing security strategies and military methods to be adjusted to protect our nation from the emerging threat of cyber warfare.
The scope of the threat
One of the security challenges that Bangladesh will be facing is the proliferation of cyber technology.
Defaulting and unstable states, as well as terrorist and criminal organisations, will try to make use of cheap software, freeware, and commercial off the shelf software as effective cyber to undermine the credibility of our military.
There is indication that several nations supply cyber capabilities to rogue authorities and military entities in exchange for commercial gain and military presence in specific regions. Currently, the internet also offers terrorist organisations a platform for efficient communication.
Cyberspace is not limited by geographical boundaries, and potential perpetrators of cyber-attacks are widely divergent, starting from a lone hacker to state-sponsored cyber-attack. There are small groups on the internet operating solely for financial gain -- always ready to launch an attack on vulnerable targets.
The advanced methods of using anonymous technology on the internet can further reduce the risk of being detected by security measures. A single keystroke can travel twice around the world un-noticed -- it can take weeks, months, or even years of forensic research to identify an attacker in cyberspace.
The digital ‘armed attack’
Bangladesh National Defence College (NDC) and Bangladesh Bank (BB) came under state-sponsored cyber attack on several occasions. Bangladesh Bank lost millions of dollars to cyber theft and was left vulnerable to further attacks by the same rogue nation.
Similarly, in an alarming development, attackers reportedly breached security and hacked Bangladesh National Defence College (NDC) cyber assets. Article 51 of the Charter of the United Nations does not articulate a specific weapon or means used to damage military and/or public safety of a country, for an attack to qualify as an armed attack.
Given that the chance of a cyber-attack is much higher than that of a physical attack, we should be investing more in cyber-security capabilities
The hacking of the Bangladeshi NDC website by Burmese hackers, therefore, constitutes an armed attack on Bangladesh. The UN Charter describes the right to self-defence in response to an armed attack, so Bangladesh should have retaliated using electronic means of attack on Myanmar’s military infrastructure.
But the application of counter-measures involves many challenges.
Although Bangladesh has received praise from the international community for showing restraint upon military provocation, it may have also betrayed a deficiency in our military capabilities.
The Bangladeshi context
The lack of acknowledgement and awareness of cyber-security in the country’s military leadership and at the highest levels of government is detrimental to Bangladeshi national security. The 2016 terrorist attack on Holey Artisan Bakery showed how our military and civil security intelligence were apparently unaware of any electronic activities of the attackers.
Even though the attackers were leaving a trail of evidence on the internet and via electronic fund transfer from Canada and the UK, our defense intelligence failed to detect suspicious activity from the electronic chatter.
As far as I am aware, Bangladesh armed forces are yet to realise the current national security gaps in cyberspace and the danger that it entails. Given that the chance of a cyber-attack is much higher than that of a physical attack, we should be investing more in cyber-security capabilities.
Bangladesh must keep the “cyber risks” below an acceptable level to guarantee a proper execution of military missions by a continuous analysis of the potential threats, a management structure to detect cyber vulnerabilities enabling early detection of a cyber-attack.
The capability will support all of our defense’s territorial and expeditionary missions as well as military diplomacy. Bangladesh needs a specific strategic approach and specific doctrines to fulfill the requirement of cyber-security.
Most computer and network components of the Bangladesh military come from China and that poses a potential risk to national security. Bangladesh military has to develop particular concepts, processes, and procedures for recruitment, awareness enhancement, education and training, procurement of equipment, and deployability of cyber weapons.
A framework for cyber space
In the cyber domain, knowledge is the primary weapon, and so, every precaution must be taken to ensure data protection and proper knowledge management. Defining a strategic framework for the Bangladesh armed forces for cyber-security posture should consist of cyber defense, cyber intelligence, and cyber counter-offensive.
We need to define a clear vision in cyber-security. Our armed forces need a cyber-security culture, starting with an acknowledgement of the increased cyber risks.
Command and control systems, logistics systems, as well as weapon systems, including sensors, communication, data-link, and navigation systems, are critical for planning during peace-time and for the execution of actual operations.
An alliance on cyber space
Militarily advanced countries like the US, Australia, and many European countries have redefined their military and security posture to include cyber attack as an act of armed attack on their national interests -- there are alliances among Western nations to collaborate on the cyber space.
On December 24, 2008, Bangladesh and Australia signed an MOU to cooperate on counter-terrorism and to exchange information and intelligence, and in 2015, they signed an MOU on police-to-police cooperation.
Australia is the only country that Bangladesh has signed a security cooperation MOU with. However, Bangladesh was unable to take significant benefits out of the MOU. Bangladesh needs to realign its security posture to seek a strategic alliance with the US, the UK, Australia, Canada, and the EU.
For an effective cyber security program, the defense authorities should be prepared to:
• Acquire technology that can be deployed rapidly and establish secured military networks
• Use cyber-security strategies, plans, policies, enabling technologies, and procedures in cyberspace
• Detect cyber threats at every level, especially at the Strategic and Operational levels of Bangladesh military
• Set up a cyber-infrastructure for the military to maintain, oversee, and support law and order
• Develop cyber warfare and cyber intelligence capabilities to deter any future attacks on Bangladesh
• Establish a protocol for coordination among various agencies to facilitate the speedy execution of critical cyber missions
• Share information in a secure environment among the military and civil organisation
Raihan Al-Beruni is a contractor and analyst for a global defense and security supplier based in Australia.