Indian Defence Review

Computer intrusions and attacks have become methods for aggression. The frequency of incidents coupled with their intensity and implications have driven the world to formally recognise cyberspace as a domain for military activities for the purposes of organising, training, equipping, defence, intelligence and offensive operations. While technological advances continue to influence the art of war, perhaps the greatest technological impact came when attacks moved from being physical to being digital. Given that reality, cyberspace now has not only joined the other traditional conflict domains but has emerged as the youngest global commons which is largely anarchic with no formal governance regime; evolving and distinct in many ways. As on date, it does not yet even have an internationally accepted definition. At the last count, there were 26 definitions of cyberspace under discussion.

“Freedom in a commons brings ruin to all.” – Gerrett Hardin in “Tragedy of Commons”

Overview of the Global Commons

Today, more than ever, international security and economic prosperity depend upon safe access to the shared domains that make up the global commons – maritime, air, space, and cyberspace. Together these domains serve as essential conduits through which international commerce, communication, and governance prosper. However, the Global commons are congested, contested, and competitive.

Oceans and the airspace above them were the first internationally recognised global commons and the model for analyzing the emerging space and cyberspace domains. The role of the commons in developing and facilitating international trade is indisputable. Mitigating security threats to the maritime commons benefited all nations even non-coastal states. Piracy, terrorism and other criminal acts at sea must be countered to protect free trade and international commerce. Respect for freedom of navigation must be maintained by all nations, particularly through non-territorial waters illegally claimed by littoral states and international straits.

Aerospace power is the key to gaining strategic advantages in any theater by the application of military force via platforms either operating in or passing through air and space. Control of the skies is a critical enabler in domination on the Earth’s surface and a major determinant of victory. Air superiority provides leaders with the operational freedom to coerce other nations to make concessions in an international dispute or gain a decisive edge on the land in the event of war.

Computer intrusions and attacks have become methods for aggression. The frequency of incidents coupled with their intensity and implications have driven the world to formally recognise cyberspace as a domain for military activities for the purposes of organising, training, equipping, defence, intelligence and offensive operations. While technological advances continue to influence the art of war, perhaps the greatest technological impact came when attacks moved from being physical to being digital. Given that reality, cyberspace now has not only joined the other traditional conflict domains but has emerged as the youngest global commons which is largely anarchic with no formal governance regime; evolving and distinct in many ways. As on date, it does not yet even have an internationally accepted definition. At the last count, there were 26 definitions of cyberspace under discussion.

However, the most accepted definition is that pronounced by the USA, “Cyber space is a global domain, within the information environment, whose distinctive and unique character is framed by the use of electronics and electromagnetic spectrum to create, store, modify, exchange and exploit information via interdependent and inter-connected networks using information communication technologies.”

The unfettered use of the other domains – air, sea and space – largely depends on cyber systems for their management and control. As a result the challenge of developing practical and sustainable systems to administer and secure the cyberspace domain is critical to effectively operating in the global commons. In the words of the President of the United States, “This cyber threat is one of the most serious economic and national security challenges…”

At three billion connections, 41 per cent of the world’s population is connected to the internet today. This is likely to go up to 70 per cent by 2017. By 2020, each person on the globe will have at least SIX machines/ appliances/equipment connected to the internet.

Characteristics of Cyberspace Commons

It is man-made, is growing every second (100 per second now and likely to grow 250 per second by 2020) and encompasses all other global commons. It spans the entire globe almost seamlessly. It is not restricted by national boundaries and is re-defining the concept of ‘National Sovereignty’. It is central to both the national and international economic growth and security. Cyberspace is asymmetric, offence dominant and inherently insecure. Cyber attacks are at the speed of light with no direct collateral damage. They are relatively easier to launch and are cost effective means of Power Projection. Cyber warfare is a sub-set of Information Warfare which involves the integrated application of electronic, cyber and kinetic weapons.

Cyberspace covers both the physical and virtual domains and provides the ability of operating in cognitive domain of the humans. Consequently, it is a potent tool and environment for ‘Perception Management’. It enables Accessibility and Anonymity since attribution of cyber intervention/attacks is extremely difficult with direct effect on retribution and deterrence. Since cyberspace is a medium for ‘information’ in all its stages – collection, storage, processing, manipulation and transmission, it is an extremely attractive space for Espionage. About 90 per cent of Open Source Intelligence originates from cyberspace.

Threat Landscape

Cyber threats exist 24/7 and manifest along the full spectrum ranging from cyber crime and cyber terrorism to cyber espionage and cyber war.

Cyber Crime is a generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web. These involve the exploitation of vulnerabilities which may be introduced during coding, in the software, product and system manufacturing, processes, in the supply chain by deliberate injunction of malware, use of pirated software and so on. The systems, which have made it easier for people to carry on e-commerce and online transactions, are now being exploited by cyber criminals.

Crimes can be committed from a remote location anywhere in the world and the criminals need not worry about law enforcement agencies in the country where they are committing crimes. It is a bigger risk now than ever before due to the sheer number of the people connected. Cyber crimes are increasing both in frequency and sophistication as more and more vulnerabilities are being discovered. Today, the ‘Online’ sale of vulnerabilities is a lucrative and thriving business.

An International Legal framework duly supported by respective national laws is required to combat this menace of cyber crime and ensure Human Security, the fundamental right of all humans. Unfortunately, the applicability of international laws, in this domain, is still being debated. The existing international agreement, the Council of Europe (CoE) Convention on cyber crime is limited in scope and even more limited in enforcement. McAfee-sponsored report produced by the Centre for Strategic and International Studies (CSIS) titled ‘The Economic Costs of Cyber Attacks and Cyber Espionage’ reveals the cost of cyber crime and espionage racks up between US $300 billion to $1 trillion. These costs are likely to increase with greater internet penetration and as organisations continue digitalising their products to compete in ever more competitive markets.

The size of any loss, however, is the subject of intense dispute. Is this what one senior official called “the greatest transfer of wealth in human history” or is it what a leading economist called a “rounding error in a fourteen trillion dollar US economy?”

The cost of malicious cyber activity involves more than the loss of financial assets or intellectual property. There are opportunity costs, damage to brand and reputation, consumer losses from fraud, the opportunity costs of service disruptions ‘cleaning up’ after cyber incidents and the cost of increased spending on cyber security.

Cyber Terrorism

The most important happening of the century so far has been the merger of the virtual and physical worlds. This was demonstrated by the Stuxnet attack (2010) on the Iranian nuclear facility at Natanz, the response allegedly by Iran in attacking Saudi Arabia’s oil facility ARAMCO and Quatar’s Ras Gas (2012) by launching of SHAMOON (The cutting Sword of Justice) virus which damaged more than 30,000 ARAMCO work stations. More recently, in December 2014, the cyber attack on the German steel plant caused significant damage to the blast furnace.

Concerted efforts are being made both by nations and non-state players to develop and field Remote Access Trojans (RAT) for cyber espionage of Industrial Control Systems (ICS) like Supervisory Control And Data Acquisition (SCADA) system and Programmable Logic Controller (PLC). HAVEX-Remote Access Trojan, discovered in 2011, is perhaps the most powerful virus thus far for cyber espionage of Industrial Control Systems. Security analysts have discovered 88 variants of this virus till 2014. Victims are located in Europe (France and Germany), California and Russia.

BLACK ENERGY, a complex multi-component malware primarily used for spamming enables criminals to create one of the largest spam botnets, capable of sending 18 billion messages per day. The latest version of this virus, discovered in September 2014, has three integrated components for Spam, online bank frauds and targeted attacks. A number of state organisations and private businesses from various industry sections in Ukraine and Poland have been targeted by this virus in recent attacks.

Click to buy

ENERGETIC BEAR or Dragon Fly is another Remote Access Tool for attacks on Industrial Control Systems allegedly produced by the Russians. It has already affected over 1,000 energy firms across the world and can disrupt power supply systems. USA, Spain, Serbia, Romania, Poland, Turkey, Germany, Italy and France have been targeted. These pose the greatest threat and have added a new dimension to the phenomenon of cyber terrorism and cyber war and put the entire infrastructure under threat with direct impact on public safety, national security and economic security.