Targeted attacks on military installations, power plants, air traffic control, train traffic control, telecommunication networks are the most likely threats. Other targets could be police, medical, fire and rescue systems. If successful, this category can wreak havoc and cause panic amongst the civilian population. The perpetrators can be terrorist outfits or unfriendly governments of other nations.
Militarisation of cyberspace and development of cyber weapons are raising the spectre of cyber war…
The threat to critical infrastructure is so severe and real that the USA and China have signed an agreement of not attacking each other’s electrical infrastructure. Not only that, in April 2014, while he was in China, Defense Secretary Chuck Hagel announced that he had authorised releasing details of the US cyber warfare doctrine unilaterally to China in a bid to win similar cooperation from Beijing. A detailed briefing was given by Christopher Painter, State Department Coordinator for Cyber Issues, and Eric Rosenbach, then-Deputy Assistant Defense Secretary for Cyber Policy. The Chinese were told about US cyber warfare and defensive doctrine and policy, including a summary of Pentagon cyber operations and activities. “The purpose of this briefing was to increase transparency of one other’s military cyber activities and intentions,” said Colonel Pickart, spokesperson for the Pentagon.
An entirely new dimension has very recently been added by the hacking attack on the Sony Entertainment Company, wherein for the first time, the assets of the corporate had been physically destroyed. Such an event can bring the entire business to a standstill causing huge losses. Nations and societies will have to develop trusted and robust infrastructure with comprehensive plans for prevention, response and reconstitution.
Cyber spying typically involves the use of unauthorised access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage. More recently, cyber spying involves analysis of public activity on social networking sites such as Facebook and Twitter. This is the most potent threat that exists today in the cyberspace. It is believed that US has lost technical data worth one trillion dollars in the last five years through unauthorised access and exfiltration.
Russian cyber attacks collapsed the communication systems of almost all Ukrainian forces that were based in Crimea…
Since 2009, malware Trojans such as Babar, Bunny, Dino, N Bot and Tafaclou have been used for data theft. One of the biggest cyber espionage attack ‘Titan Rain’ (2003 to 2005) was discovered after three years. Hackers gained access to many United States defense contractor computer networks targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and the NASA.
Nations are also forming alliances amongst their intelligence agencies for cyber espionage. One prominent group is known as ‘Five Eyes Intelligence Alliance’ consisting of intelligence agencies of the UK, Canada, Australia, New Zealand and the USA. Cyber espionage is an integral part of military strategy and foreign policy of Russia towards the countries of the former Soviet Union. The ability to access information systems of diplomatic, government and military organisations gives Russia a huge advantage in predicting their tactics, actions and analysing the thinking of their neighbours. Many nations are also using cyber espionage and probing missions to build up intelligence for conducting cyber and kinetic operations when required.
Social media such as Facebook, Twitter, and LinkedIn have emerged as very powerful tools for perception management, social engineering and Open Source Intelligence. These media are being exploited in equal measure by the superpowers and the poor/developing nations and non-state actors. Social media, a double-edged weapon which can also be used by the Government, has emerged as a major instrument of waging ‘asymmetric warfare’ through exploitation of the aspirations of people, differential development, varying religious beliefs and cultural leanings. These have also become attractive sources for recruitment by the terrorist organisations. Nations across the world are putting in place legal frameworks, infrastructure and human resources for monitoring and censoring this media to remain proactive.
“The crisis in Ukraine was the largest battlefield of cyber war since Russia’s cyber-attacks on Estonia in 2007 and Georgia in 2008.”
— Simon Tsipis, Cyber Warfare Researcher, INSS Think-Tank Reports
Management of cyberspace in a globalised and connected world is a big challenge…
Militarisation of cyberspace and development of cyber weapons are raising the spectre of cyber war. Military planners across the globe are at inflexion point taking far reaching decisions which include the ushering in of cyber weapons fully integrated into military operations and kinetic warfare. Nations such as USA, Russia, China and UK have already pronounced their respective Cyber Warfare Doctrines, created appropriate organisations and polices to implement the same and tested cyber weapons on a limited scale. More than 140 countries are said to be working on getting offensive cyber capabilities.
While cyber warfare was used in the Estonia conflict by ‘denial of service’ attacks on the financial system; conflict in Georgia saw, for the first time, conduct of cyber warfare in conjunction with kinetic operations. Crimea and Ukraine are recent examples of conduct of cyber warfare. The largest military cyber attack was the one implemented by the Russian Military Intelligence (GRU) on the armed forces of Ukraine, as reported by BBC. According to the law enforcement agencies of Ukraine, Russian cyber attacks collapsed the communication systems of almost all Ukrainian forces that were based in Crimea that could pose danger to the invading Russian troops. Attacks of a lesser scale were directed at government websites, news and social networks.
In the next five years, the threat landscape is likely to change drastically with the emergence of virtual currency, digital economy, the Internet of Things and Outer Net. Incidents such as the downing of the US drone Sentinel RB-170 by the cyber warfare unit of Iran and the possibility of remotely locking and assuming control of a car are pointers of things to come and provide glimpses of likely capabilities. Let us hope that by that time the international community would have secured cyberspace adequately. This would be a strategic imperative and will remain a “work in progress” due to the galloping pace of technology.
Cyber commons is at a nascent stage similar to the maritime commons in the early 17th century…
Imperatives For Securing Cyberspace
- Establish norms for proper and responsible behavior within the cyber commons.
- Promote international efforts to maintain a healthy and open cyber commons such as the Convention on Cybercrime.
- Move beyond working with governments to engage and support global multi-stakeholder organisations such as the Internet Engineering Task Force (IETF) and the Internet Corporation for Assigned Names and Numbers (ICANN).
- Encourage network operator groups to cross political borders to play active roles in improving the health, openness and resilience of the cyber commons.
- Make international organisations such as the Forum of Incident Response and Security Teams (FIRST) more comprehensive so as to bring them to the same level of legitimacy and capability for cyber security as the World Health Organisation (WHO) does for global health.
- Utilise public-private partnerships and encourage information-sharing on cyber defense among state and local organisations.
- Develop rapid response capabilities including higher levels of automated decision making.
- Develop technologies and concepts that will allow the military to operate effectively without the use of the Internet.
- Make cyber an integral part of military cooperation and include the same in the joint exercises.
- Developed nations must help with technology sharing and in creating world-class cyber warriors by helping both in the establishment of training infrastructure and building up of human resources with the requisite skills.
- Concurrently, we must identify ‘Pivotal States’ amongst our allies for protection of cyberspace global commons.
Establishment of an international clearing house for critical infrastructure protection to share threats, vulnerabilities and attack vectors.
Issues and Challenges
Cyber commons is at a nascent stage similar to the maritime commons in the early 17th century. Management of cyberspace in a globalised and connected world is a big challenge. While discussions are being held to formulate international agreements, treaties and legal framework to ensure security and responsible behaviour in the cyber space, the progress is very slow. It is for the first time that developed nations are directly threatened and the underdeveloped nations see an opportunity both for development and security. Accordingly, there are a number of issues requiring resolution in an environment of mutual trust and equality. Some of these are:
- Control of Internet (ICANN and IETS, Working Group on Internet Governance) and Internet governance. The seeds of international cooperation to maintain the openness of the cyber commons are already sprouting. The US Computer Emergency Response Team/ Coordination Center (US-CERT/CC), other national CERTs, and international organisations such as the Forum of Incident Response and Security Teams (FIRST) perform some of the same functions for cyber security as do the World Health Organisation and the Centers for Disease Control for public health.
- Privacy vs security, social media and social engineering.
- Nations must have the right of free navigation in the cyberspace commons.
- Intelligence sharing, incident management and reporting mechanisms for a strong watch and warning system.
- Bilateral, regional and international agreements/treaties.
- Cyberspace – a national and a global asset; resolve paradox.
- Technology development to resolve attribution problem and for robust /trusted infrastructure.
- International Legal Framework, legal concepts for “standards of care” and good practices.
- Liability and responsibility of service and infrastructure providers and cooperation with the Law Enforcement Agencies.
- Technology push by the USA/developed nations.
- International Standards of Cyber Security, verification establishments and liability.
- Definition of cyber war and application of Law of Armed Conflict and UN Charter including legality of going to war (jes ad bellum), and laws governing behavior during war (jus in bello). What constitutes cyber war, when does it start or finish?
- Are states responsible for computer network attacks and espionage that originate in their territory? Since distinction between cyber attacks and cyber warfare is thin (same attack vectors can lead to different outcomes), there is need to define under which conditions it is a computer network attack and an ‘act of war’.
- Development, control and release of cyber weapons.
- Establishment of an international clearing house for critical infrastructure protection to share threats, vulnerabilities and attack vectors.
Addressing and resolution of the issues and recommendations demand a high degree of international cooperation by way of technology and information sharing, a robust and responsive legal framework at the national and international levels, awareness of the threat and adherence to good practices, information security standards and facilities to examine their implementation and so on to ensure human security, equitable and peaceful use of the cyberspace, the nascent global commons for the benefit and prosperity of the mankind.