Category Archives: defence

Cyber Warfare: Protecting the Soldier

(Published in CLAWS Scholar Warrior, 06 Jan 2018)

The machine has presented us with a central nervous system, protected with no spinal vertebrae, lying almost naked for the cutting. If, for one reason or another, the severance is made, we face a terrifying, perhaps mortal crisis…. Day by day the complexity, and hence the potential danger, accelerates; materials and structures ceaselessly and silently deteriorate.

                                                                Stuart Chase, in Men and Machines, 1929

The warfare domains have traditionally included those which have geographic and topographic warfighting constraints, for example the land, sea, and air (now aero-space) domains. However, in Cyberwarfare the physical domains are no longer relevant since the domain has changed to the all-encompassing global electromagnetic spectrum. There is a need therefore, to look for the definition of the Cyberspace in which a modern soldier is required to operate.

The US Department of Defense defines cyberspace as, “A global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers”.[1]

Kuehl has defined it as,[2] “an operational domain whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via inter-connected information and communication technology-based systems and their associated infra-structures.”

The above definitions draw upon the interrelated effects of the physical, the informational, and the cognitive. These together comprise: the physical platforms, systems & infrastructure that provide global connectivity to interconnect information systems, networks, and human users; the massive amounts of information that can be digitally and electronically shared; and the impact on human behaviour & decision making when faced with the deluge of information.[3]

Some characteristics of cyberspace are that: it exists and functions within the natural electromagnetic spectrum (EMS); it exists due to man-made technologies; it can be replicated; and that it is far more economical to operate and utilise cyberspace than other domains. These lead to a more encompassing definition of Cyberspace that,[4]it is a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via interdependent and interconnected networks using information-communication technologies”.

The cyberspace has been preferred by nations, criminals and hackers for cyber-attacks across the globe due to the fact that: its usage is becoming the backbone of the society; the current systems do not have adequate protection and predictive intrusion detection systems[5]; it is very fast, its reach is worldwide, and it provides anonymity. The increasing usage of digital sensing, and software based control in critical infrastructure, and dependence upon communication network for movement of network based data has made cybersecurity a national security problem. Cybersecurity can be defined[6] as, “Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation”.

Based upon the above Military cyber power can be defined[7] as, ‘the application of operational concepts, strategies, and functions that employ the tools of cyberspace to accomplish military objectives and missions’.

Cyber Threat Assessment – China

The establishment of the People’s Liberation Army’s (PLA) Cyberspace Strategic Intelligence Research Centre in June 2014 to ‘provide strong support in obtaining high-quality intelligence research findings and help China gain advantage in national information security’ indicates to the focus of the PLA on cyberspace[8]. Strategic Support Force (SSF) of China is a Military Theatre-grade organisation responsible for the space, cyber, and electronic warfare missions of the PLA and strategic-level information support for joint operations. The SSF is more or less the information warfare branch of the People’s Liberation Army. While detailed information about the SSF is not available, it is understood that the SFF will be composed of three separate forces: space troops (recognition and navigation satellites), cyber troops (offensive and defensive hacking), and electronic warfare forces (jamming and disrupting radars and communications) [9]. As per Rear Admiral Yin Zhuo, its main task will be ensuring the military’s local advantages in aerospace, space, cyber, and electromagnetic battlefields through operations such as target tracking and reconnaissance, satellite navigation, and attack and defence in cyber and electromagnetic spaces – the underlying goal of which should be attaining victory in future wars. Further, the SSF will assume responsibilities in defending the civilian infrastructure to increase the security of China’s financial institutions as well as people’s daily lives in general[10]. It implies that the SSF will be responsible for all aspects of information warfare, including intelligence, technical reconnaissance, cyber warfare, and electronic warfare. This is in line with China’s strategic thinking, which sees paralysing and sabotaging the enemy’s operational and command systems as a key to achieving dominance in all other domains, land, sea, and air[11].

Desmond Ball has brought out that PLA Information Warfare (IW) units have reportedly developed and tested ‘detailed procedures’ for Internet warfare, including software for network scanning, obtaining passwords and breaking codes, and stealing data; information-paralysing software, information-blocking software, information-deception software & other malware; and software for effecting counter-measures. These procedures have been tested during simulated cyber-attacks against Taiwan, India, Japan and South Korea. The PLA has reportedly established at least twelve facilities for Integrated Network Electronic Warfare (INEW) training at unit levels in computer network attack & defence operations, jamming & other forms of electronic warfare, and other IW activities. The facility is supposedly located at Zhurihe in the Beijing Military Region[12].

It is understood that Chinese hackers have been able to: crash selected Web servers, penetrate Web-sites and deface them, erase data from them, post on them, and have developed various viruses/Trojan Horse programs for spreading/inserting by e-mails to disable/steal information from targeted computer systems. However, there is no evidence yet that these hackers would be able to penetrate highly secure networks/command and control or weapon system networks to copy or manipulate critical data. Currently, China’s extensive cyber-warfare capabilities are very good for simple attacks but not for sustained cyber-warfare. As a result, the PLA may seek to use its cyberwarfare capabilities to collect data for intelligence and cyberattack purposes; to constrain an adversary’s actions by targeting network-based logistics, communications, and commercial activities; or to serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict[13].

Military Cyber Vulnerabilities

The Future Soldier Vision (FSV)

The FSV design for UK as unveiled by MOD UK includes[14]:

-Head sub-system concept incorporating hearing protection, lightweight sensors for information sharing and an integrated power supply.

-Torso sub-system concept of segmented armour that can be customised to the user or situation with integrated connectors and power supply.

-Smart watch style wearable communications concept which incorporates sensors to record the user’s biometric data.

-Smart glasses concept which include a heads-up display, integrated camera and bone conducting headphones to increase situational awareness without compromising hearing.

-A robust personal role computer concept enabling better information sharing and communications between personnel.

-Ergonomically designed and customisable the weapon concept that will allow targeting information to be shared between soldiers and their units.

-Further the FSV is designed to work as an integrated system with survivability, enhanced situational awareness and network capability. Protection technology, a network of sensors for information sharing and power and data connectors will also all be built-in.

At the 2017 Association of the United States Army annual meeting (AUSA 2017), US Army Research, Development, and Engineering Command (RDECOM) presented a concept for the US Army’s future soldier of the 2030 which also promised everything from powered exoskeletons, to futuristic optics, to individual network capability[15].

The modernisation program for the infantry in India began with the F-INSAS (Future Infantry Soldier As a System), but it has now evolved in to two separate programs – arming the Infantry with better offensive and defensive gear and the Battlefield Management System. The system is technology based with sensors, laser range finders, and cameras etc. The system will merge the information to give the soldier a real-time picture of the battlefield. The tactical level communication will take place over secure radio networks, and command level communication would be carried over Indian satellites. Each soldier will have a personal GPS device and will be able to see the position of other soldiers via a helmet mounted display[16].

As can be envisioned from the FSV above, the future soldier would be operating in an environment where he would be subjected to direct and indirect cyber-attacks by the adversary since the FSV is designed around the core concept of network centric warfare. In addition to the FSV, the complete architecture of modern warfare revolves around network centricity which itself is vulnerable to cyber-attack.

Military Systems

The military cyberspace domain under which its systems operate comprises of two major types of networks namely, an open network which relies on data-sharing, situational awareness, and teamwork, whereas the other utilises secure networks which depend upon speed, reliability and data integrity. The military communications utilise various types of modes for example, the global communications systems, military controlled commercial networks, and highly secure networks for target-shooter systems.

Complex Military C4I systems are relying more and more on sophisticated software and communication systems and hence they remain lucrative targets for hackers and adversary states. Next come the weapon systems which use software, like aircraft, warships and military special vehicles. Thereafter come the communication nodes, wide area networks, logistics and GPS feeds etc. Ingress into a system using software can be made by physical means through inputs to the system for example, like spare ports, by installing malware, or installing clandestine wireless devices. Indirect ingress can be made through connectivity ports for example, through internet, or through connection leading from other computers, or indirectly accessing the device from a distance using operating software vulnerabilities. In case of the Military both these methods of attack can be guarded against effectively but not absolutely.

The widespread usage of commercial-off-the-shelf (COTS) or open-source systems for military uses has increased the vulnerability to cyber-attack, their use should be guided by policies that assure the Military of obviating the risks and by carrying out a risk and cost benefit study.[17]

Standardisation has reduced costs, but it exposes a large number of similar products through exploitation of common vulnerabilities. Trojan horses could be introduced in the process of developing or maintaining the software. Vulnerabilities could be deliberately planted in a device or software program. By and large critical military systems are carefully designed and operated and are expected to remain safe during cyber-attacks.

The cyber space interlays and overlays with the civilian and military cyber domains therefore, even though military defences at local level can be strengthened; using physical access controls, password regimes, complex logging procedures & biometrics, isolation, human interfaces for critical equipment operations etc; it is an effort at the policy level which has to be put in place by the government so that the cyber-attack does not debilitate national security.

Policy Level Efforts

The US Department of Defense (DoD) has three primary cyber missions: Defend DoD networks, systems, and information; Defend the nation against cyberattacks of significant consequence; and Support operational and contingency plans.

US DoD has set five strategic goals for its cyberspace missions[18]:

  1. Build and maintain ready forces and capabilities to conduct cyberspace operations; This strategy sets specific objectives for DoD with regard to manning, training, and equipping its forces and personnel over the next five years and beyond.
  2. Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions; DoD must take steps to identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively. DoD must also plan and exercise to operate within a degraded and disrupted cyber environment in the event that an attack on DoD’s networks and data succeeds, or if aspects of the critical infrastructure on which DoD relies for its operational and contingency plans are disrupted.
  3. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence; The Department of Defense must work with its interagency partners, the private sector, and allied and partner nations to deter and if necessary defeat a cyberattack of significant consequence on the U.S. homeland and U.S. interests.
  4. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages; During heightened tensions or outright hostilities DoD must be able to provide the President with a wide range of options for managing conflict escalation. If directed, DoD should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure, and weapons capabilities.
  5. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability; All three of DoD’s cyber missions require close collaboration with foreign allies and partners. In its international cyber engagement DoD seeks to build partnership capacity in cybersecurity and cyber defense, and to deepen operational partnerships where appropriate.

Way ahead

It would be utopian to expect an integrated military cyberspace infrastructure which can fulfil all the requirements of open and closed networks of the military to cater to its multifarious requirements of data sharing and weapon-shooter-target engagements. Further, expecting it to be vulnerability proof, having infinite band width, reliable, survivable & upgradable, virtually amounts to asking for the moon. However, under the prevalent technology regime a pragmatic structure can be provided with sufficient redundancy to enable it to withstand cyber-attacks and carry out assigned tasks during the period of the conflict. Two major adversaries the US and China have well defined cyber security policies in place which offer India a workable platform for tailoring its own policy. The government of India is planning to create a new tri-service agency for cyber warfare. The Defence Cyber Agency will work in coordination with the National Cyber Security Advisor. It will have more than 1,000 experts who will be distributed into a number of formations of the Army, Navy and IAF. According to reports, the new Defence Cyber Agency will have both offensive and defensive capacity[19].

It would be the exhaustive implementation of this policy, as and when it materialises, which would protect the soldier during a cyberwar.

End Notes

[1] Joint Chiefs of Staff, Joint Publication 1-02, Washington D.C., US Department of Defense, 08 Nov 2010;as amended through 15 Feb 2016. (Accessed 01 Jan 2018).

[2] Daniel T. Kuehl, “From Cyberspace to Cyberpower: Defining the Problem,” in Franklin D. Kramer, Stuart Starr & Larry K. Wentz, eds., Cyberpower and National Security, Washington D.C., National Defense University Press, Potomac Books, 2009. (Accessed 01 Jan 2018).

[3] Ibid.

[4] Ibid.

[5] Richard A. Clarke & Robert K. Knake, Cyber War: The Next Threat to National Security and What to do About it, New York, Ecco, 2010, pp. 103-149.

[6] 1 Ibid.

[7] Elihu Zimet and Charles L. Barry. Military Service Cyber Overview in Military Perspectives on Cyberpower

edits Larry K. Wentz, Charles L. Barry, Stuart H. Starr. Center for technology and national security policy at the National Defense University, Washington, DC. July 2009. (Accessed 02 Jan 2018).

[8] Yao, Jianing. ‘PLA Cyberspace Strategic Intelligence Research Center Founded.’ China’s Military. 30 June 2014. (Accessed 03 Jan 2018).

[9] Mikk Raud, China and Cyber: Attitudes, Strategies, Organisation. The NATO Cooperative Cyber Defence Centre of Excellence. Tallin 2016. (Accessed 01 Jan 2018).

[10] Costello, John. ‘The Strategic Support Force: China’s Information Warfare Service.’ The Jamestown Foundation. 8 Feb. 2016.

54639ab2cb6bc7868e96736b6cb#.V6RA_Lt95aQ>. Accessed 23 Aug. 2016. (Accessed 01 Jan 2018).

[11] Ibid.

[12] Desmond Ball. China’s Cyber Warfare Capabilities. Security Challenges, Vol. 7, No. 2 (Winter 2011), pp. 81-103. (Accessed 01 Jan 2018).

[13] Office of the Secretary of Defense, Annual Report to Congress: Military and Security Developments

Involving the People’s Republic of China 2017. (Accessed 02 Jan 2018).

[14] Ministry of Defence UK, Defence Science and Technology Laboratory, and The Rt Hon Sir Michael Fallon MP. MOD unveils futuristic uniform design. 16 September 2015. (Accessed 02 Jan 2018).

[15] Nathaniel F. “SOLDIER OF THE FUTURE” Concept Displayed by US Army at [AUSA 2017]. The Firearm Blog. 30 Oct 2017. (Accessed 01 Jan 2018).

[16] Abhishek Saksena. Indian Army’s Future Infantry Soldiers To Get Lethal Weapons And Better Protection. India Times. 18 Jan 2017. (Accessed 03 Jan 2018).

[17] Howard F. Lipson, Nancy R. Mead, and Andrew P. Moore, “Can We Ever Build Survivable Systems from COTS Components?” CMU/SEI–2001–TN–030 (Pittsburgh: Carnegie Mellon University, Software Engineering Institute, December 2001). (Accessed 01 Jan 2018).

[18] The DOD Cyber Strategy 2015, (Accessed 05 Jan 2018).

[19] India is quietly preparing a cyber warfare unit to fight a new kind of enemy. (Accessed 05 Jan 2018).

Book Review-Strategic Vision 2030: Security and Development of Andaman & Nicobar Islands

(Published IndraStra Global 24 Aug 2017)

Air Marshal P K Roy and Commodore Aspi  Cawasji, Strategic Vision 2030: Security and Development of Andaman & Nicobar Islands. Pages 177. Vij Books India Pvt Ltd. Delhi, India. ISBN: 978-93-86457-18-9

The book is a topical release during a tense period in geopolitics of the region. The Doklam standoff between China and India, the South China Sea issues and the belligerent stance of North Korea, all have the potential to spark large scale wars in the Indo Pacific.

I have known the authors for a long period and admire them for their professionalism and their ability to put complex strategic issues in the correct perspective. This book represents their expertise in region of the strategic Andaman & Nicobar island territories of India, which sit astride the vital SLOCs leading to the Malacca Straits.

The book has ten chapters apart from the introduction, which provide an all-encompassing perspective in to the islands. These include not only the natural, industrial and economical potential, but also cover the important strategic significance, security issues and policy recommendations. The rise of China as an economic and military power has made significant difference in the Indian Ocean security environment. Its interest in the IOR emerges from the need to secure its energy supply lines and the route for export of its finished goods passing through the IOR. It has been expanding its sphere of influence in the IOR and security of the SLOCs is its priority at present.

Andaman and Nicobar Islands, ANI also face serious internal and non-traditional security threats that could have grave consequences affecting the security environment of ANI. These include terrorism, illegal migration, drug trafficking, proliferation of Weapons of Mass Destruction (WMD), arms smuggling, poaching of natural resources, etc. The book brings out that these islands can be developed as a self-sustaining economic model and rationale of development of both commercial and military infrastructure as a “dual maritime eco-system” to counter Chinese forays in to the Indian Ocean. Security of ANI and its use as a launching pad in shaping the environment of the region must remain a top priority for India.

The book aptly brings in to focus the fact that the connectivity initiatives taken by China on both, the Eastern and Western flanks of India along with the increasing economic relations with ASEAN countries of IOR adjoining Malacca will create a favourable maritime strategic environment for it. China with its modernized PLAN and the support of these logistic nodes will be capable of deploying its major forces in the Indian Ocean within the next five years.

The book recommends that the infrastructure development in terms of ports, jetties, airfields, docking and ship-repair facilities etc must be dual purpose infrastructure serving the needs of civilian as well as the armed forces. There is a need to create a comprehensive economic engagement plan of these islands with the littoral for them to have a stake in its developmental process. Only then such an engagement would allay suspicions amongst them while India enhances the capabilities of ANC and the consequent increased military activity in the region.

The book is a must read for all those who have a need to study strategic complexities of the Andaman & Nicobar Island territories.

Artificial Intelligence and Cyber Defence


( Published IndraStra Global 23 Aug 2017)

The current year has seen unprecedented amount of hacker/ransomware attacks on government as well as private enterprises spread all across the world. Shadow Brokers came in form this year by leaking alleged NSA tools, which included a Windows exploit known as EternalBlue. In May, WannaCry ransomware crippled hundreds of thousands of computers belonging to public utilities, large corporations, and private citizens. It also affected National Health Service hospitals and facilities in the United Kingdom. It was halted in its tracks by utilising its flaws and activating a kill switch. WannaCry rode on Shadow Brokers leak of Windows OS weakness EternalBlue and the fact that the Windows MS17-010 patch had not been updated on many machines by the users.  In June, Petya (also known as NotPetya/Nyetya/Goldeneye) infected machines world-wide. It is suspected that its main target was to carry out a cyber-attack on Ukraine. It hit various utility services in Ukraine including the central bank, power companies, airports, and public transportation[1].

In 2009, Conficker[2] worm had infected civil and defence establishments of many nations, for example, the UK DOD had reported large-scale infection of its major computer systems including ships, submarines, and establishments of Royal Navy. The French Naval computer network ‘Intramar’ was infected, the network had to be quarantined, and air operations suspended. The German Army also reported infection of over a hundred of its computers. Conficker sought out flaws in Windows OS software and propagated by forming a botnet, it was very difficult to weed it out because it used a combination of many advanced malware techniques. It became the largest known computer worm infection by afflicting millions of computers in over 190 countries.

It is evident from the above incidents, which have the capability to inflict damage to both military and public institutions, that the amount of data and the speeds at which processing is required in case of cyber defence is beyond the capacity of human beings. Conventional algorithms are also unable to tackle dynamically changing data during a cyber-attack. Therefore, there is an increasing opinion that effective cyber defence can only be provided by real time flexible Artificial Intelligence (AI) systems with learning capability.

The US Defence Science Board report of 2013[3] states that “in a perfect world, DOD operational systems would be able to tell a commander when and if they were compromised, whether the system is still usable in full or degraded mode, identify alternatives to aid the commander in completing the mission, and finally provide the ability to restore the system to a known, trusted state. Today’s technology does not allow that level of fidelity and understanding of systems.” The report brings out that, systems such as automated intrusion detection, automated patch management, status data from each network, and regular network audits are currently unavailable. As far as cyber defence in military is concerned, in the US, it is the responsibility of the Cyber Command to “protect, monitor, analyze, detect, and respond to unauthorized activity within DOD information systems and computer networks”[4]. The offensive cyber operations could involve both military and intelligence agencies since both computer network exploitation and computer network attacks are involved. The commander of Cyber Command is also the Director of National Security Agency, thus enabling the Cyber Command to execute computer exploitations that may result in physical destruction of military or civilian infrastructure of the adversary.

AI utilizes a large number of concepts like, Machine Learning, Fuzzy Logic Control Systems, and Artificial Neural Networks (ANNs), etc. each of which singly or in combination are theoretically amenable for designing an efficient cyber-defence systems. The designed AI cyber defence system should proficiently monitor the network in real time and must be aware of all the activities that the network is engaged in. The system should be able to heal and protect itself. It should have self-diagnostic capabilities and sufficient inbuilt redundancies to function satisfactorily for a specified period of time.

Some advance research work in respect of active cyber defence has been demonstrated under various fields of AI, a few successfully tested examples are:

Artificial Neural Networks- In 2012, Barman, and Khataniar studied the development of intrusion detection systems, IDSs based on neural network systems. Their experiments showed that the system they proposed has intrusion detection rates similar to other available IDSs, but it was at least ~20 times faster in detection of denial of service, DoS attacks[5].

Intelligent Agent Applications-In 2013, Ionita et al. proposed a multi intelligent agent based approach for network intrusion detection using data mining[6].

Artificial Immune System (AIS) Applications- In 2014, Kumar, and Reddy developed a unique agent based intrusion detection system for wireless networks that collects information from various nodes and uses this information with evolutionary AIS to detect and prevent the intrusion via bypassing or delaying the transmission over the intrusive paths[7].

Genetic Algorithm and Fuzzy Sets Applications- In 2014, Padmadas et al. presented a layered genetic algorithm-based intrusion detection system for monitoring activities in a given environment to determine whether they are legitimate or malicious based on the available information resources, system integrity, and confidentiality[8].

Miscellaneous AI Applications- In 2014, Barani proposed genetic algorithm (GA) and artificial immune system (AIS), GAAIS – a dynamic intrusion detection method for Mobile ad hoc Networks based on genetic algorithm and AIS. GAAIS is self-adaptable to network changes[9].

In May, this year it was reported by Gizmodo[10] that over 60,000 sensitive files belonging to the US government were found on Amazon S3 with public access. Amazon S3 is a trusted cloud-based storage service where businesses of all sizes store content, documents, and other digital assets. 28 GB of this data contained unencrypted passwords owned by government contractors (for e.g. Booze Allen) with Top Secret Facility Clearance. It appears that many users had failed to apply the multiple techniques and best practices available to secure S3 Buckets and files.

This month, Amazon became the first public cloud provider to amalgamate Artificial Intelligence with cloud storage to help customers secure data[11]. The new service, Amazon Macie, depends on Machine Learning to automatically discover, classify, alert and protect sensitive data stored in Amazon Web Service, AWS.

From the above it can be seen that there is rapid progress in design and development of cyber defence systems utilizing AI that have direct military and civil applications.




[3] Office of the Under Secretary of Defence for Acquisition, Technology and Logistics, Resilient Military Systems and the Advanced Cyber Threat, United States Department of Defence, Defence Science Board, January 2013

[4] U.S. Government Accountability Office, “Defence Department Cyber Efforts,” May 2011, 2–3,

[5] D. K. Barman, G. Khataniar, “Design Of Intrusion Detection System Based On Artificial Neural Network And Application Of Rough Set”, International Journal of Computer Science and Communication Networks, Vol. 2, No. 4, pp. 548-552

[6] I. Ionita, L. Ionita, “An agent-based approach for building an intrusion detection system,” 12th International Conference on Networking in Education and Research (RoEduNet), pp.1-6.

[7] G.V.P. Kumar, D.K. Reddy, “An Agent Based Intrusion Detection System for Wireless Network with Artificial Immune System (AIS) and Negative Clone Selection,” International Conference on Electronic Systems, Signal Processing and Computing Technologies (ICESC), pp. 429-433.

[8] M. Padmadas, N. Krishnan, J. Kanchana, M. Karthikeyan, “Layered approach for intrusion detection systems based genetic algorithm,” IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp.1-4.

[9] F. Barani, “A hybrid approach for dynamic intrusion detection in ad hoc networks using genetic algorithm and artificial immune system,” Iranian Conference on Intelligent Systems (ICIS), pp.1 6.