South Asia is witnessing a rapid increase in cyber threats and attacks, signaling the need for a comprehensive framework of confidence building measures (CBMs) in the cyber domain. Cyber CBMs are actions used to mitigate the threat of cyber warfare between states and reduce the potential of conflict in the digital realm. CBMs serve multiple purposes. They foster trust and transparency between nations, facilitate better communication and information sharing, and ultimately lower the likelihood of a conflict.
Anticipating the active threat of cyber warfare, the two key states of the region – India and Pakistan – must recognize the significance of CBMs in addressing the emerging challenges in this dynamic realm. The bitter historical rivalry between these nuclear-armed neighbors and India’s revisionism casts a shadow on peaceful coexistence in the region. In this context, Pakistan has been striving to maintain a strategic balance in traditional and non-traditional security realms. Though the warfare landscapes may have evolved embracing new means and methodologies, the underlying objectives have remained the same. Considering the regional security dynamics, it becomes vitally important for South Asian countries to establish robust and effective cyber CBMs.
Evolving Multi-Dimensional Threat Landscape
South Asia is often marked by cyber espionage, disinformation campaigns, and escalated tensions due to an increased and often uncontrolled use of the internet and social media amid weak governance and skills. Extremist groups and non-state actors also find an advantage to accomplish their objectives in such a situation. As reported by the National Counter Terrorism Authority (NACTA), terrorist organizations leverage social media to promote their ideology and engage in recruitment through these platforms. These can thus pose a significant risk to regional stability if remain unchecked. As it is difficult to attribute a cyber-attack, any such attempt by a terrorist organization either against Pakistan or India will be harmful for regional peace and stability. Cyber incidents have marred Pakistan-India bilateral relations. In the aftermath of the Pulwama attack in 2019, suspected state-sponsored Indian hacking groups engaged in retaliatory cyber operations, like defamation campaigns. These were identified as the activities of an advanced persistent threat (APT) faction originating from India, working under the pseudonym “Confucius,” which targeted key governmental and military establishments within Pakistan.
Need for Cyber CBMs
The contemporary technological trends make Pakistan-India cyber CBMs a necessity for preventing inadvertent escalations in cyberspace. These measures will foster transparency, enhance communication channels, and facilitate mutual understanding, reducing the risk of misinterpretation or attribution errors. CBMs lay the foundation for responsible state behavior. Such initiatives can curtail the destabilizing effects of cyber operations and contribute to regional stability. Since it is a complex endeavor, a phased and gradual approach can surmount challenges associated with threat perceptions. The adoption of cyber CBMs aligns with the principles of conflict prevention, transparency, and trust-building, underscoring their significance as a pathway to a secure and peaceful digital future for them. Pakistan-India cyber CBMs will also pave the way for other South Asian states to secure cyberspace.
Obstacles in Building CBMs Framework
The idea of Pakistan-India cyber CBMs faces several challenges – foremost is their deeply entrenched history of mistrust and conflict. This legacy of animosity can impede sincere cooperation and hinder the willingness to share critical cyber-related information. Another major challenge is the shared understanding and standardized frameworks of cyber activities and their threats. The absence of agreed-upon frameworks hampers the ability to communicate intentions and respond to incidents in a predictable and de-escalatory manner. Moreover, there is significant asymmetry in their cyber capabilities and technological advancements. Technologically superior India may be apprehensive about engaging in CBMs with Pakistan, fearing that the other party may use such engagement to bridge the gap and catch up in cyber capabilities. Then, there is a problem of attribution due to the rapidly evolving nature of cyberspace, which can lead to misjudgments, accusations, and escalations, undermining the effectiveness of CBMs and heightening mistrust. Lastly, non-state actors, such as hacktivist groups or terrorist organizations, can exploit the lack of well-defined CBMs to carry out disruptive or destructive cyber activities. Their actions could inadvertently trigger a crisis and exacerbate tensions between Pakistan and India.
Way Forward
Given the circumstances, it is prudent for both India and Pakistan to consider an alternative approach, such as a Track 1.5 diplomacy. This innovative strategy, often denoted as “semi-official diplomacy,” presents a distinctive and amalgamated perspective within international relations. Drawing from the formal governmental interactions of Track 1 and the informal people-centric dialogues of Track 2, Track 1.5 diplomacy orchestrates a methodical engagement platform. This platform convenes government officials, policymakers, subject-matter experts, scholars, and non-governmental participants, facilitating comprehensive discussions grappling with intricate challenges and nurturing meaningful and productive discourse. Some of the recommendations in this regard are:
Track 1.5 Diplomacy: The utilization of Track 1.5 diplomacy as an additional channel for fostering cyber security dialogue between India and Pakistan can establish semi-official platforms that bring together government officials, technical experts, academics, and civil society representatives from both countries.
Regular Track 1.5 Dialogues: Periodic Track 1.5 cyber security dialogues facilitated by respected institutions and involving a diverse set of participants will be useful. These dialogues can provide an inclusive and informal space for open discussions on cyber issues.
Information Exchange: Sharing insights, perspectives, and innovative ideas during Track 1.5 discussions can be encouraged. Participants can contribute to shaping cyber CBMs, identifying potential areas of collaboration, and addressing mutual concerns.
Conflict Prevention and Early Warning: Track 1.5 diplomacy can enhance conflict prevention mechanisms in the cyber domain. Early warning systems and crisis management strategies can be discussed and refined within this framework.
Sustained Engagement: The continuity of Track 1.5 cyber security dialogues must be ensured over time, allowing for the accumulation of shared experiences, lessons learned, and gradual progress in building trust and cooperation.
South Asia needs some quick solutions for peaceful development – efficient Pakistan-India confidence building measures are key to ensuring such a scenario. The longstanding disputes between these states, particularly due to the Indian aggression and stubbornness, are keeping South Asia a marginalized and impoverished region of the world. The evolving technological trends and asymmetries in the region, such as those in the cyber domain, will be additional burdens. Using viable diplomatic tools in this regard, such as through Track 1.5 modes, can enhance the comprehensive approach to addressing challenges. It will promote inclusive and cooperative environment for managing cyber risks and building mutual confidence.
About the Author
Mr Usman Akhtar is Cyber Security Intern at Institute of Regional Studies (IRS) Islamabad, and can be reached at usmankhan70611@gmail.com.