Cyber-physical, GPS disruption likely to shape future Indo-Pak hostility: CPS security expert

Traditional images of India–Pakistan conflict involving tanks, fighter jets, and troop mobilisation are becoming obsolete, warns K. S. Manoj, a leading Cyber-Physical System (CPS) Security Engineer.

In a detailed analysis, he argues that the next phase of hostility between the two countries is more likely to be fought through cyber-physical sabotage and GPS/GNSS disruption than through conventional warfare.

Advertisement

According to Manoj, Pakistan’s economic stress, political instability, and nuclear deterrence greatly reduce the likelihood of a full-scale war. However, cyber operations present an inexpensive, deniable, and strategically advantageous alternative for Islamabad and its proxies. “In the new domain, attackers don’t need missiles — they only need access,” he notes.

Manoj highlights growing risks to CPS — systems that integrate software with real-world physical processes and power essential infrastructure, including electricity grids, water systems, railways, factories, aviation, and hospitals. While once isolated, these systems are now internet-connected, remotely managed, and cloud-integrated, making them vulnerable to intrusion.

A key target, he warns, is India’s GPS/GNSS-based timing networks, widely and informally referred to as GPS. These satellite signals provide foundational timing and location support for power-grid synchronisation, telecom networks, stock-market timestamps, aviation, maritime operations, and emergency services. Even a millisecond of tampering could trigger cascading failures — from blackouts and telecom outages to aviation safety risks and financial disruptions.

Critically, such disruption does not require control of satellites. Manoj stresses that low-cost jammers can overpower GNSS signals, while spoofers can feed false timing and location data.

More advanced hybrid attacks can combine radio-frequency deception with cyber infiltration of firmware or timing servers, making detection extremely difficult.
Pointing to the 2020 Mumbai power outage, which drew international attention for possible foreign cyber involvement, Manoj says India has already witnessed early signs of adversaries shifting from website defacement and financial cybercrimes to probing critical infrastructure.

He flags outdated industrial devices and legacy protocols such as Modbus, DNP3, and IEC-101/104 as major weak points, as these systems lack encryption, authentication, and are difficult to patch. Remote vendor access and the erosion of the once-trusted “air-gapped” OT environment further increase exposure.

The expert outlines key defence imperatives, including strict network segmentation, zero-trust access, real-time anomaly monitoring, firmware integrity check,s and intensive operator training for degraded-GPS scenarios.

He also urges deployment of multi-constellation navigation systems (GPS, GLONASS, Galileo, NavIC), high-stability clocks for timing resilience, RF monitoring at airports, ports, and substations, and routine emergency-mode drills.

Policy reforms, Manoj stresses, are now critical. He calls for secure-by-design procurement, supply-chain security audits, mandatory reporting of OT/CPS incidents, and joint simulation exercises across power, aviation, and telecom sectors to prepare for GNSS denial or SCADA compromise. He also recommends stronger real-time coordination between CERT-IN, NCIIPC, and sector-specific CERTs.

“A coordinated campaign targeting CPS could disrupt electricity, scramble flights, distort telecom traffic, and shake financial markets — all without a single soldier on the move,” he warns.

Manoj concludes that India must now treat CPS and GPS-timing protection with the same strategic seriousness as physical border security.
“In the conflicts of tomorrow, stability may depend less on firepower and more on defending invisible signals and the silent logic of machines.”