Prime Minister’s Office, New Delhi, 22 February 2024
…‘What’s the problem?’ the prime minister rasps.
‘Sir, this looks like a formidable cyberattack. Even our secure network has been breached,’ the NSA says. ‘We are unable to contact anyone.’
The prime minister of India’s office has turned into an island.
In a few minutes it becomes clear that the PMO is not the only one to fall off the internet highway. The ministries of defence, home, finance, as well as the service headquarters of the armed forces have all gone offline. The Government of India has been thrown backwards by more than three decades. Even the phone lines are not working.
A sense of foreboding descends on the room. The prime minister walks back to his office, followed by the NSA. The principal secretary is tasked with physically summoning the members of the Cabinet Committee on Security (CCS), the chief of defence staff (CDS), and the three service chiefs for an immediate meeting.
‘Could this be a rogue attack?’ the prime minister asks.
‘Unlikely,’ replies the NSA. Beads of perspiration appear on his forehead.
‘That’s most likely.’
China had been issuing warnings to India since the previous year when the prime minister had visited Bum La in Arunachal Pradesh and addressed the troops in Tawang. China had termed this a grave provocation. Consequently, it increased military activity in its Western Theatre Command (WTC) close to the border with India. According to the intelligence reports that the NSA has been receiving over the last few months, the activity appeared to be more than the regular exercises that the People’s Liberation Army (PLA) regularly conducts.
Convoys of all kinds of trucks are frequently spotted moving stores, ammunition, and fuel on the multiple tar roads heading towards Lhasa (the headquarters of Tibet Military Command), and sometimes on the arterial roads linking up to the LAC1. Since 2020, the PLA has built robust and technologically advanced underground facilities (UGFs) to protect all aspects of its military forces, including command and control, logistics, ammunition, and missile systems.
Started around 2012, the UGF building programme in the Tibet Autonomous Region (TAR) had been upgraded and expanded. The deeply buried UGFs were traditionally meant to protect military assets from the effects of penetrating conventional munitions and nuclear strikes.
According to intelligence reports, after the 2020 Ladakh face-off, the PLA deployed electronic and cyber warfare units in TAR. Dual-use airports were upgraded for combat jet and drone flights. Huge communication towers had been set up. Blast pens or hardened shelters for combat aircraft had been built. Numerous air defence and missile sites had been dug. But India had been ignoring these provocations.
On 26 January 2024, India invited the Dalai Lama to the Republic Day parade. China was livid and threatened to snap diplomatic ties with India. It dismissed India’s assertion that the Dalai Lama had been invited in his capacity as a spiritual leader along with the gurus of other faiths.
Despite all the threats, the prime minister and the NSA were convinced that China would not enter all-out war with India and imperil its own economic growth. This view was also supported by the military establishment led by the CDS. Even in 2024, the Indian military held the view it had formulated back in 2009 – that China would not want to wage a war with India because a stalemate on ground would be viewed as defeat.
And stalemate it would be, they believed, because the Indian military of 2024 was not the same as 1962. It was prepared to fight and was battle hardened by decades of fighting terrorism on the Line of Control (LoC) with Pakistan. The Indian Air Force, with some 250-300 combat aircraft from all bases located at much lower altitudes, had many advantages over the PLA Air Force (PLAAF). It would make sure that it sent back thousands of body bags of PLA soldiers, thereby destroying China’s reputation as a world power.
But was the Chinese military of 2024 the same as the one in 1962? This was an uncomfortable question with an unsavoury answer. Since the prime minister was not in the habit of listening to unpleasant answers, nobody raised this question. Perhaps nobody knew that this was a question that needed to be asked.
Despite ongoing studies on China, the Indian military, even in 2024, was oblivious of the war China had been preparing for. Traditionally, the Indian military believed that China was at least a decade ahead of Indian capabilities. Sanguine in this assessment, it was clueless about the rapid transformation that had been taking place in the neighbourhood.
But if China does not intend to go to war with India, why would it mount such a formidable cyberattack on the seat of the government?
Looking through his notes based on a recent intelligence report, the NSA runs the prime minister through what he knows about the PLA’s presence in TAR. The combat support forces (Rocket Force, Strategic Support Force, and Joint Logistics Support Force) in the WTC have been conducting training with combat units to deploy and manoeuvre with them. The reported PLA convoys into TAR include large numbers of unmanned vehicles – combat as well as reconnaissance. One report mentions sighting thousands of humanoid robots in military buses and trains to Lhasa.
‘They are likely to be used for combat support like maintenance, readying of ammunition, supplies, fuel and so on,’ the NSA says in a slightly dismissive tone.
‘Why have they launched a cyberattack on the PMO?’ asks the prime minister. ‘Phishing?’
‘Difficult to say. But it’s unlikely that a phishing attack would disrupt our networks. This seems to be something else.’
By this time, the CCS has assembled in the conference room. Breaking protocol, the chief of air staff (CAS) blurts out, ‘This is not an ordinary cyberattack. The malware that has attacked us is extremely sophisticated. It has breached all our firewalls. Our entire communication network has collapsed. We have been rendered blind and deaf.’
A cold frisson runs through the conference room. The army and the navy chiefs have similar reports to share. The navy chief is particularly worried. The navy has lost contact with the INS Vikrant carrier battle group that includes two destroyers, four frigates, three submarines, fifteen fighters, eight helicopters, two long-range maritime patrol aircraft, and a number of smaller vessels.
Seeing the prime minister’s quizzical look, the NSA explains stoically, ‘Sir, if we have lost contact with them, it means they have also lost contact with ground control. This can lead to accidents.’
The CAS interrupts. ‘It’s a very serious situation. We have deployed six aircraft for this exercise. All communications with them have snapped.’
The ground situation was equally dire. The troops deployed in the mountains had long lines of communications. These were on the blink now. ‘Sir, for troops posted 18,000 feet and above, communication is the lifeline,’ the chief of army staff (COAS) says. ‘In Ladakh we have an emergency. As you know, in certain places, our soldiers are eyeball to eyeball with the PLA.’
Glancing at the NSA, he adds, ‘In Ladakh, the PLA has also deployed a large number of unmanned and autonomous systems, including combat systems. If they get up to some mischief using machines, we won’t get to know. Of course, our troops are trained and prepared for all eventualities. But communication with headquarters is critical.’
Despite the apparent calm in the room, the panic was palpable. The COAS’s remark was foreboding, but it also held a clue to the motive for the cyberattack. The principal secretary was told to summon the director of National Critical Information Infrastructure’s Protection Centre (NCIIPC) that works under the National Technical Research Organisation (NTRO), the head of the Defence Cyber Agency under the Integrated Defence Headquarters, and the National Cyber Security Coordinator who works directly under the PMO.
The reports are worse than expected.
‘Sir, it doesn’t look like a mere cyberattack. The internet in peninsular India has stopped working. Most DRDO laboratories, ISRO, and the DPSUs have no internet. We don’t know yet how much of the infrastructure has been affected,’ the NSA says, running his hand over his forehead.
‘It’s a major cyberattack,’ the prime minister says.
After a moment’s silence, the NSA adds, ‘It looks like some of our submarine cables that connect us to the global internet have been tampered with. Maybe they have been cut.’
‘But that’s an act of war,’ the prime minister says to the now silent room.
The conference room turns into an impromptu war room.
‘I need updates every half hour,’ the prime minister declares and storms out.
Excerpted with permission from The Last War: How AI Will Shape India’s Final Showdown with China, Pravin Sawhney, Aleph Book Company.