There are only a couple of ways for reliable attribution. You tap and backdoor the core of the Internet like the NSA does, fusing it with the full spectrum of intelligence gathering. You engage in offensive defence, launching counterattacks on adversary’s command-and-control. Or you wait for their OPSEC (operations security) measures to fail and leak some clues. How would the institutions habitual of waging doctrinal warfare survive amidst such crudity?

My repartee at the MEA concluded with the invocation of a negative utopia, kind of like what Aldous Huxley imagined in Brave New World. I was hired to undertake offensive operations at NTRO, but so engrossing was the effort to protect our national assets in the first place that I spent the majority of time in counterintelligence. I even experienced a subliminal and perverted form of politicisation of cyberspace.

While containing an infection on the National Security Advisor’s personal laptop, I witnessed that the malicious traffic headed towards the botnet’s mother ship was actually getting redirected to a Canadian university. A compromised computer is called a bot. A host of them falling prey to the same espionage operation would form a botnet. It is generally managed by the perpetrator through a handful of peering servers acting as the Command-and-Control (C&C). In that specific case, the C&C was a domain ending with “.net”. The American company Verisign manages the registry for this suffix globally. If a domain is abused, the company has the discretion to hand over its control to a third party for investigation – a simple technique called sinkholing. Yet, despite our repeated requests, they didn’t provide us the control; rather they sinkholed it for a Canadian research group.

The memories of that encounter have enforced a belief in me that aggressive multilateralism, and not neutrality, is the way to move forward in cyber diplomacy – a bunch of Davids stacking up against the Goliath to form a Non-Aligned Cyberspace. That’s my ambitious proposition, submitted as a foreign policy brief to the MEA.