Pakistan’s financial limitations hamper its ability to achieve parity with India, especially in technology and capital intensive areas such as the air and sea warfare. The disparity is pervasive, but to put it simply, India has the assured ability to project power, even to realms of strategic interest to Pakistan, such as its sea-lines-of-communication (SLOC) or sea lanes (which are essential for trade). Pakistan does not possess any conventional power projection assets. However, this inability to compete does not necessarily mean that Pakistan is incapable of defending itself or deterring India.
Projected to spend $12 billion over the next eight years on procurement, Pakistan does not have much (in relative terms) to commit towards big-ticket items. Matching India in terms of howitzers, tanks, planes, ships, etc, may seem tempting, especially in light of India’s procurement plans, but Pakistan simply does not have the luxury to be that liberal with its funds. Each dollar needs to achieve more than simply adding another unit to the force (e.g. just another fighter aircraft), the acquisition needs help Pakistan withstand a conventional incursion, and inflict enough damage (via conventional means) to discourage an attack.
Pakistan basically requires force multipliers, i.e. weapon systems that can inflict quick and assured damage against an enemy’s vital assets, deny access against a numerically larger and technologically superior foe, and generate a conventional deterrence threat outlook. The last aspect is, admittedly, the most difficult to quantify – some may deny that it is even measurable, but this series will aim to substantiate the idea.
In order to fulfill each of the aforementioned areas, Pakistan could potentially procure complete systems such as new warships and combat aircraft, but the bulk of its expenditure will likely be devoted to less obvious – but very important – areas, such as precision-guided munitions, stand-off range weapons (e.g. cruise missiles), electronic support measures (ESM) and electronic warfare (EW).
One area where Pakistan could relatively excel in is anti-access and area denial (A2/AD). A2/AD is essentially the objective of preventing one’s enemies from acquiring a foothold, which could occur in one’s own territory, among other places (depending on the one defining the area in need of defending).
For Pakistan, the benefits of A2/AD will vary. For example, A2/AD may keep Karachi secure from direct military threats, but it will do little – if anything – to protect Pakistan’s SLOC or sea lanes. In war, a choke on Pakistan’s sea lanes will have a negative impact on Pakistan’s coastal economy, Karachi’s economic activities alone make up 20% of the country’s Gross Domestic Product. On the other hand, A2/AD across the Eastern Front on land and in the skies would afford Pakistan the space to comfortably strike Indian targets from within Pakistani territory. Force multipliers would be key for A2/AD as well as in generating a threshold for conventional deterrence.
There are many different areas to study in terms of Pakistan’s force multiplier efforts. Even if one were to focus on one service arm, such as the Pakistan Air Force, they would find that there are multiple areas that need to be examined; precision-guided munitions (PGM), EW, ESM, and combat aircraft, to name a few. But one could boil each sub-section within the PAF down even further, e.g. indigenizing PGM technology and scaling core elements – such as propulsion, range extension, guidance, etc – across a very large number of applications as a means to gain ground on cost, thus enabling one to amass a relatively large inventory. In reality, there is more to a force multiplier than simply the weapon used to inflict damage. Secondary factors, such as cost-savings and domestic support, can feed into the efficacy of one’s force multiplier assets as well.
Through July and August, Quwa will publish articles examining a number of areas that feed into Pakistan’s A2/AD strategy (or potential strategy). The focus will be on conventional systems, but will cover a range of areas, be it in terms of land, air and sea warfare, to the electromagnetic spectrum (i.e. EW/ECM), to the orientation of the defence industry. Part-two will be published this Friday (08/06/2016).
Pretty heart breaking situation.
How is the idea of developing Naval base in Gwadar for Chinese Navy? It will help to ease stress on limited sources of our own navy. After all both Pakistan & China share similar interests in Arabian sea & Persian straits…..
Though it’s not a very “honorable” idea but still, desperate times demand desperate measures.
This is the direction we need to start thinking in. Look at China, their ASBMs have given the USN nightmares, and they’re not even fully functional yet. Why? Because even the possibility of a single ballistic missile taking out a multi billion dollar aircraft carrier is actually nightmarish. If Pakistan had kept up its space program that Abdus Salam kick-started (which at the time was the most advanced in the region) we would’ve had a network of satellites today that could support a similar system. The ASBM is a ‘silver bullet’ and this is the type of tech we need to develop. But this requires innovation, and a lot of R&D. Here’s some ideas that don’t even require a lot of thought: build small and inexpensive robotic sub-hunting underwater drones, kamakazi decoys and drones to flood the enemy airspace, cluster munition carrying cruise missiles, and also the supersonic variety to attack key nodes, surface vessels and air bases etc. etc. etc.
As for sea-lines and trade, our first concern should be a more self-sufficient economy and industry, which can withstand the duration of war without crippling. Reduce dependence on resources we can’t secure or produce. Build links to Central Asia, via Afghanistan. This will eventually benefit the entire region, and improve Pakistan regional standing considerably. Instead of building oil-based powerplants (what the hell were we thinking there?!) we need more dams, and alternative energy based electricity. We can’t depend so heavily on Saudi oil, it comes with too many strings attached, constraining our strategic options. We also need to decrease poverty so that our industry has more consumers within its own borders. We can’t be dependent on exports (Germany) or be rabid consumers (the US) both are unhealthy and unbalanced developmental models, increasing dependence on others. And let’s not forget that the greatest ‘force multiplier’ a country can have is a healthy and well educated population whose welfare is guaranteed by the state.
That’s a very tall order. Mohsin!
I do sincerely hope Pakistan can move towards even half of all you suggest for the way forward.
I don’t know if you saw last year a defence chat session on a Pakistani channel where retired ACM Shahid Latif talked of Pakistan modernising and strengthening it’s anti air defences rather than invest too heavily in increasing the size of it’s fighter fleet. This is the same as “your” cost-effective approach to deterrence.
On the issue of underwater drones, I did request Bilal if he could kindly do a piece looking at the military application Remotely Operated (underwater) Vehicles (ROV). Of course what you are suggesting is something more advanced, military Autonomous Underwater Vehicles,
What Pakistan need is to follow Chile model where the army chief wiped off corruption Eliminated the bad politicians and bring in people who were serious to save their country.
Bring 300 billion dollars back from West and especially Switzerland pay all the debt then focus on budget of military then people well-being and business and establish small but high tech manufacturing plants to produce any weapons then expand on making them bigger. As for force multiplier Pakistan should focus it heavily and try to build launch vehicle for space because Pakistan has satellite technology.
Iran has workable state space industry with meagre budget of <100 mill $.
I know about the missing links of the ASBM kill chain, which is why I said “they’re not even fully functional yet.”
And Pakistan is right not agree to the status-quo, but that doesn’t make our policy “expansionist”, that’s a ridiculously biased conclusion. The only reason we haven’t yet overturned that status-quo is because of a host of internal issues that have nothing to do with security at all.
Everything in pak is either about security or managed by establishment elites
Civilian govt are blamed for all mess primarily due to mammoth defence expenditure in order to compete with 8-9times bigger economy while establishment hide behind security state.
On the contrary to your opinion; pak has made many failed numerous attempt to change status quo.
It just doesn’t possess capabilities, capacity or technology to alter regional chemistry other than using pawns & proxies which has taken big toll on its brand/credibility in world
Pak establishment & elites have policy of insanity as they expect different result while doing same thing over & over again.
Pak state is likely to fail & retrogress as long as establishment are alllowed to control it.
Of course as suicidal state pak has done well to slow down indian rise but the impact is likely to b reduced with world aware of pak policies in region
If india were inplace of pakistan then it will sign peace deal with larger neighbour as it did with china &; focus on common economic/social welfare of region.
MT, first of all, focus on fixing your own problems before critiquing any other nation. You as an Indian should look to China’s developmental trajectory and be ashamed. Both China and India started in the same place relatively in the 40’s. Look at where China is, and look where you stand.
Secondly, have you ever actually read the budget report issued by the state of Pakistan? It’s available for free online. The military budget isn’t nearly as high as you (or many people think.) I’ve already had this debate with some friends of mine, so spare me. The real problem with our budget is the allocation of resources within the services, and overall in the civilian sector which doesn’t focus on education, R&D, health, building dams etc.
And you simply didn’t understand my “opinion” before commenting on it. I never said “Pakistan has never made any failed attempts at changing the status quo.” I said it hasn’t changed it YET. We kept going to war before we were ready, and every time we went to war it set us back further. But that doesn’t equate to “expansionism” because the cause of the wars (over Kashmir at least) are completely justified and will remain so.
I’m a much harsher critic of Pak strategy than you are. But to suggest Pak should just ‘give up’ in the face of Indian might, is simply ridiculous. India is no where near the level required to inspire such awe and fear in anyone, let alone Pakistan. Even if it was, it wouldn’t make us bow to you. We don’t think like that. You should’ve figured this out this by now. We RULED you once, remember?
I thought Indians would have given up the age old feel good notion about Pakistan they’ve had forever. “Pakistan is likely to fail”, that has been said since the very inception of modern India yet its been shamelessly thrown around and having getting caught with its pants down in Baluchistan is it not India that has policy of insanity?! Best part India telling Pakistan to about peace, look at history of india’s relation with China, srilanka, nepal, Pakistan even Afghanistan when it was the doormat for the Soviets, even the US secretary of defense in his lecture spoke about India using Afghan soil to finance destabilization of Pakistan and yet Indians are not giving up that fantasy of theirs. Check your facts about defense budget before just throwing our assumptions.
Quit that delusion of grandeur and realize India has the largest population of extreme poor in worlds most polluted cities in the world with a rape epidemic, a nuclear program loaded with incidents with missing scientists and villages of birth defects not to mention all three major separatist moments blowing up. Good lord what world are you living in.
Another emerging threat is cyberwarfare. Now that Pakistan Armed Forces have embraced network-centric doctrine, can we protect our network assets in the event of DDoS attacks? or more targeted attacks from groups similar to NSA’s Tailored Access Operations?
Also, as you have pointed out in the past, SUPARCO needs to concentrate on giving Pakistan Armed Forces a dedicated SATCOM. I’m in favour of reducing the size of Armed Forces once we are done cleaning up the WoT mess and diverting the funds to R&D.
Pakistan’s battlefield comms are encrypted and hardened. We’re ahead of India in this department, their front-line communications are not even encrypted. The PAF fields some EW and SIGINT assets, and we’re also making progress in ECCM R&D. A LUMS university recently got a patent for jamming-resistant technology for ground-based radars. So we know that at least there is work being done in this field.
As for our regular internet-facing servers used by the government and military, they will always be vulnerable to regular denial of service attacks and advanced zero-day vulnerabilities. The only real defense is an ‘air wall’ which isn’t practical, except for the most sensitive hardware. I’m sure all critical systems (e.g. those containing location of nuclear assets) are already airwalled, in every military’s networks.
Pakistan has demonstrated that it knows how to launch, and therefore defend against cyberwarfare threats (e.g. “Operation Arachnophobia”), however no network is truly safe, there are always vectors in an out of any network, even air-walled ones. Just keep in mind that whatever measures our military has put in place to mitigate these threats, would be themselves highly classified and no one here would be able to give you details on it.
Here’s my argument:
Until the 19th century, war was waged on two fronts: land and water. A new dimension was added during 20th century: air. In 21st century, another new dimension of war is being added: cyber. US has acknowledged this change by elevating the status of US Cyber Command. Pakistan needs to move positively in this direction.
Fact is our generation is more likely to see a cyber attack than a nuclear attack. Why? Because cyber warfare is cheaper, quicker and the threshold is extremely low. Worse, there are no laws or treaties governing cyber warfare so all is fair game. There is already an arms race going on in the digital realm. I encourage everyone to read Snowden leaks carefully and their impact on Pakistan.
My rebuttal is aimed at what I see as complacent arguments:
1. A military doesn’t operate in a vacuum. For example, its easy to bring down or destroy the electric grid or financial network of a nation. However, bringing them back online is not as simple. Its like Humpty Dumpty: breaking it is easy, putting it back is not. How long can a military wage war when the electric grid is down? or the citizens cannot withdraw money from their bank accounts?
2. Air gapping didn’t save Iranian nuclear facility at Natanz from being infected by Stuxnet. In fact, Stuxnet creators were able to get regular updates into Natanz. Ergo, air gapping a network is not enough. Not in this age anyways.
3. Operation Arachnophobia was quite easily traced back to its creators which highlights the fact that the civilians involved in the project didn’t take operational security all that seriously like TAO unit does at NSA. If anything, it shows you why we need to develop institutions like US Cyber Command in Pakistan. Cyber warfare has already proven its effectiveness in Iraq where it was used to monitor cellular networks and track down IED makers. Its now being deployed in Afghanistan: https://en.wikipedia.org/wiki/MYSTIC_(surveillance_program)#Afghanistan
4. Hardened targets? Think again: Israeli Drone And F-16 Feeds Hacked By British and American Intelligence
For people wanting to improve/understand cyber threat, please watch the following documentary:
Zero Days (2016)
1) What you’re asking for (defending the civilian networks against a sustained attack by a state launched cyber attack) is harder to do then building a “missile shield” against MIRVs that actually work… Offensive cyber capacities are the only deterrence…
2) Yea, exactly, which is why I said: “… no network is truly safe, there are always vectors in an out of any network, even air-walled ones.” Since you apparently missed this point, I’ll use your own example of STUXNET to explain. The way STUXNET got in the network was via HUMINT, not SIGINT. Most likely, it was an agent that left free USB keys lying around everywhere, and some dumb idiot randomly picked one up and infected the entire network. The weakest links are always the humans in the chain. They are the most easily exploitable vulnerabilities of any system. And like I said, the security protocols that defend our sensitive installations against dumb humans and/or trained agents are not going to be known to anyone here, so this is a moot point.
3) Cyber attacks can always be traced, irregardless of OPSEC. Just ask Snowden himself. “Anonymity” is a myth, no matter how many. or what manner of proxies you use. That said, no one here would object to creating a Pakistani “cyber command” (if it doesn’t already exist.)
4) I’m not sure what point you’re trying to make here… The compromised feeds in the article you cited were either unencrypted, or poorly encrypted and susceptible to brute-force attacks. Good encryption when intercepted is practically impossible to crack in any reasonable timeframe. That said, I don’t know how many bits of encryption our front-line battle comms are using (…hopefully AES)… But I do know that Indian front line comms are using ZERO bits of encryption, so relative to them, our comms are indeed “hardened.”
1. That’s essentially the point of a Cyber Command, i.e., defending civilian and military networks. This is indeed a difficult task but the security establishment has to take the lead. Abdicating responsibility is no solution. Like Lt. Gen. Hamid Gul use to say, “Fear is no policy, surrender is no option.” We can’t just surrender cyberspace.
2. Agreed. Ergo, developing a culture of security is vital. It is no different than developing a culture of safety. I’m of the point of view that this is something that needs to transpire at an organizational level.
3. The question is how easily can a fishing expedition be traced back to its source? In case of STUXNET, it took a lot of detective work. It wasn’t evident from the code base itself. This is because the designers were deliberate in their choices starting from the compiler they used to the Russian nesting doll design of the worm itself. In case of Arachnophobia, there were clues all over the place. This leads back to the point I made earlier that civilians operating in military institutions need to take discipline and operational security more seriously. And such a change can only be signaled at an organizational level. Forming a Cyber Command sends that signal to personal and adversaries alike.
4. The point is we need to be vigilant and imaginative because so is everyone else: https://www.washingtonpost.com/news/the-switch/wp/2016/07/29/america-is-hacking-other-countries-with-stealthy-submarines/
P.s. The point of this discussion is to engage people on the cyber threat. I don’t think you need to be educated in this matter.
I just read up on the recent the SECONDDATE ‘leak’ ( https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ ). Note Snowden’s recent tweets: https://twitter.com/Snowden?ref_src=twsrc%5Etfw
This episode reminded me of this discussion so I thought I’d post this. Because this whole thing warns against the idea contained in your first point above… “That’s essentially the point of a Cyber Command, i.e., defending civilian and military networks.”
Even when the NSA spots ‘catastrophic’ flaws within US networks, instead of patching them, they let those zero day vulnerabilities linger, in the hope that they can use them OFFENSIVELY in the future, waiting for someone to install those Cisco routers (etc.) within networks that they can later exploit… The problem of course being that those routers are also installed on US soil, in US networks (financial and otherwise.) So the question is why do they not patch them? If their point is defense, as you said, then they should seek out all vulnerabilities to their own networks and patch them immediately… They don’t. Because there’s basically no way to secure sprawled out legacy networks, so why even bother with cyber defense? Clearly, in the case of the NSA, their job is cyber *offense* instead…. and for good reasons.
Even if you patch one vulnerability, how many others do your enemies already have in their back pockets? This is also why Russia (according to Snowden’s hypothesis) was trying to do with this ‘leak.’ It was another offensive op, the hope of which was to DETER future attacks by the NSA. The whole point of a ‘cyber command’ is to find vulnerabilities in your opponent’s networks and then just keep them in your back-pocket, purely for offensive or counter-offensive purposes. Defense is only a secondary mission, and one that is clearly not given too much importance, because a good offense is the best defense, especially in this case.
It doesn’t matter what firewall you have, or what virus scanner you get, because a zero-day exploit written by a regime-hacker, will bypass everything. (I’m not saying you shouldn’t armor up your PC and mobile devices, but that is to protect you against amateur script-kiddies, not actual hackers like the ones employed by the NSA etc.) Maybe in the future, you can replace classical networks with quantum encrypted networks (which would in theory make these types of ‘man in the middle’ attacks obsolete)… But I highly doubt that quantum encryption would solve the problem. Communication Encryption (of any kind) just secures the link between two nodes, it doesn’t do anything to protect the node itself from being exploited. If I can hack the node itself, then I don’t need to intercept the communication, I can just read it AFTER it has been safely transmitted and stored.
With all of that said, theoretically, there is one way to truly defend well against all such vulnerabilities. And that is to build an entirely new classified OS, a new programming language, and an entirely new communications protocol, and use it exclusively for your sensitive communications channels, and then keep all their documentation highly classified. Basically, you’ll have to recreate the wheel, only this time keep it in a black box so that very few people know how to work with it (and therefore, maintain it)… So in other words, it’s basically impossible because it makes no practical sense.
I did follow the recent NSA leaks and the criticism NSA faced for not disclosing its zero-day vulnerabilities: http://wapo.st/2bIQpxf
My assessment of the situation is invariably different than yours.
1. Norms in cyberspace are still fluid so naturally all sides push back when a subject like zero-day vulnerability disclosure is discussed. The positive here is that such issues are now in public domain. The trickle down effect I’m hoping for is Pakistani decision makers to take cyber security more seriously because others already are. South Korean defence ministry has announced plans to establish a cyber command. UK defence ministry has announced plans to establish an office of cyber security. Pakistan should do it before it is forced to.
2. The mandate of U.S. Cyber Command (USCYBERCOM) is far more broader than merely playing offence. It includes defending military networks and critical infrastructure. The actual task of defending critical infrastructure is delegated to Department of Homeland Security. Similarly, USCYBERCOM has the authority to attack a foreign network while NSA has the ability and the tools to carry out the task. Essentially, all the cyber attacks NSA has carried out have been authorised by USCYBERCOM. What USCYBERCOM offers is unity of command, unity of action and unity of effort.
3. Cyberspace affords an adversary unlimited range and a low-signature environment. Whereas in the past USSR had to train spies to infiltrate U.S., PLA Unit 61398 can sit comfortably in an unremarkable building in Shanghai and pull off similar stunts.
And adversaries in cyberspace come in all sizes. How effective will an all-offence strategy be against say North Korea (DPRK) which was blamed for Sony Pictures hack? DPRK doesn’t have much cyber infrastructure to speak of. What do you attack, disrupt, or destroy to deter adversaries like DPRK? or much smaller? Ergo, there is only so much offence can accomplish in cyberspace before one hits the laws of diminishing returns and you’re forced to defend.
4. I agree with you that the answer is not security through obscurity. The future, in my opinion, is open source.
I will not comment on anything quantum because its not a practical solution. In a way, Green Line network is the perfect solution. It is separated from public switching, not connected to internet, and, hopefully, encrypted. It provides specific services to military and civilian leadership. The onus for the security of individual smartphone or machine on Green Line is upon individual organization. As long as the exchanges and main backbone are secure, the damage a potential adversary can do is limited forcing him to pick and choose targets rather than overtaking entire exchanges and spying on everyone. The strengths of this model is it takes away some of the advantages a potential adversary might have but what it lacks is synergy. This model doesn’t provide Pakistan with unity of command, unity of action and unity of effort which I feel is a huge mistake but at least its a start. We can employ a similar network model to secure our critical infrastructure.
1: Again, no one here will object to Pakistan creating a cyber command.
2: Sure, cyber ‘defense’ is part of the mission statement (they need to justify their budgets publicly after all.) But this whole SECONDDATE episode just proved that the priority is on offense, not defense.
3: The reason you don’t see any serious hacks by North Korea on any critical American infrastructure is because such an action would trigger an all out shooting war, not because US networks are so super secure due to their ‘USCYBERCOM.’ It’s essentially the same reason no one is thinking of launching ballistic nukes at the US… obviously not because of its ‘missile defense’ capabilities.
4: Will read up on this ‘balkanization,’ thanks. I’ve been hearing about this for a while but haven’t looked into it much. And I agree about the need for unity of command and open source.