Pages

18 November 2015

Securing Cyberspace: A Global Commons

By Lt Gen Davinder Kumar
17 Nov , 2015

Computer intrusions and attacks have become methods for aggression. The frequency of incidents coupled with their intensity and implications have driven the world to formally recognise cyberspace as a domain for military activities for the purposes of organising, training, equipping, defence, intelligence and offensive operations. While technological advances continue to influence the art of war, perhaps the greatest technological impact came when attacks moved from being physical to being digital. Given that reality, cyberspace now has not only joined the other traditional conflict domains but has emerged as the youngest global commons which is largely anarchic with no formal governance regime; evolving and distinct in many ways. As on date, it does not yet even have an internationally accepted definition. At the last count, there were 26 definitions of cyberspace under discussion.

“Freedom in a commons brings ruin to all.” – Gerrett Hardin in “Tragedy of Commons”

Cyber attacks are at the speed of light with no direct collateral damage…

Overview of the Global Commons

Today, more than ever, international security and economic prosperity depend upon safe access to the shared domains that make up the global commons – maritime, air, space, and cyberspace. Together these domains serve as essential conduits through which international commerce, communication, and governance prosper. However, the Global commons are congested, contested, and competitive.

Oceans and the airspace above them were the first internationally recognised global commons and the model for analyzing the emerging space and cyberspace domains. The role of the commons in developing and facilitating international trade is indisputable. Mitigating security threats to the maritime commons benefited all nations even non-coastal states. Piracy, terrorism and other criminal acts at sea must be countered to protect free trade and international commerce. Respect for freedom of navigation must be maintained by all nations, particularly through non-territorial waters illegally claimed by littoral states and international straits.

Aerospace power is the key to gaining strategic advantages in any theater by the application of military force via platforms either operating in or passing through air and space. Control of the skies is a critical enabler in domination on the Earth’s surface and a major determinant of victory. Air superiority provides leaders with the operational freedom to coerce other nations to make concessions in an international dispute or gain a decisive edge on the land in the event of war.

Cyber threats exist 24/7 and manifest along the full spectrum ranging from cyber crime to cyber war…

Computer intrusions and attacks have become methods for aggression. The frequency of incidents coupled with their intensity and implications have driven the world to formally recognise cyberspace as a domain for military activities for the purposes of organising, training, equipping, defence, intelligence and offensive operations. While technological advances continue to influence the art of war, perhaps the greatest technological impact came when attacks moved from being physical to being digital. Given that reality, cyberspace now has not only joined the other traditional conflict domains but has emerged as the youngest global commons which is largely anarchic with no formal governance regime; evolving and distinct in many ways. As on date, it does not yet even have an internationally accepted definition. At the last count, there were 26 definitions of cyberspace under discussion.

However, the most accepted definition is that pronounced by the USA, “Cyber space is a global domain, within the information environment, whose distinctive and unique character is framed by the use of electronics and electromagnetic spectrum to create, store, modify, exchange and exploit information via interdependent and inter-connected networks using information communication technologies.”

The unfettered use of the other domains – air, sea and space – largely depends on cyber systems for their management and control. As a result the challenge of developing practical and sustainable systems to administer and secure the cyberspace domain is critical to effectively operating in the global commons. In the words of the President of the United States, “This cyber threat is one of the most serious economic and national security challenges…”

The most important happening of the century so far has been the merger of the virtual and physical worlds…

At three billion connections, 41 per cent of the world’s population is connected to the internet today. This is likely to go up to 70 per cent by 2017. By 2020, each person on the globe will have at least SIX machines/ appliances/equipment connected to the internet.

Characteristics of Cyberspace Commons

It is man-made, is growing every second (100 per second now and likely to grow 250 per second by 2020) and encompasses all other global commons. It spans the entire globe almost seamlessly. It is not restricted by national boundaries and is re-defining the concept of ‘National Sovereignty’. It is central to both the national and international economic growth and security. Cyberspace is asymmetric, offence dominant and inherently insecure. Cyber attacks are at the speed of light with no direct collateral damage. They are relatively easier to launch and are cost effective means of Power Projection. Cyber warfare is a sub-set of Information Warfare which involves the integrated application of electronic, cyber and kinetic weapons.

Cyberspace covers both the physical and virtual domains and provides the ability of operating in cognitive domain of the humans. Consequently, it is a potent tool and environment for ‘Perception Management’. It enables Accessibility and Anonymity since attribution of cyber intervention/attacks is extremely difficult with direct effect on retribution and deterrence. Since cyberspace is a medium for ‘information’ in all its stages – collection, storage, processing, manipulation and transmission, it is an extremely attractive space for Espionage. About 90 per cent of Open Source Intelligence originates from cyberspace.

Threat Landscape

Cyber threats exist 24/7 and manifest along the full spectrum ranging from cyber crime and cyber terrorism to cyber espionage and cyber war.

Cyber Crime is a generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web. These involve the exploitation of vulnerabilities which may be introduced during coding, in the software, product and system manufacturing, processes, in the supply chain by deliberate injunction of malware, use of pirated software and so on. The systems, which have made it easier for people to carry on e-commerce and online transactions, are now being exploited by cyber criminals.

Concerted efforts are being made both by nations and non-state players to develop and field Remote Access Trojans (RAT) for cyber espionage…

Crimes can be committed from a remote location anywhere in the world and the criminals need not worry about law enforcement agencies in the country where they are committing crimes. It is a bigger risk now than ever before due to the sheer number of the people connected. Cyber crimes are increasing both in frequency and sophistication as more and more vulnerabilities are being discovered. Today, the ‘Online’ sale of vulnerabilities is a lucrative and thriving business.

An International Legal framework duly supported by respective national laws is required to combat this menace of cyber crime and ensure Human Security, the fundamental right of all humans. Unfortunately, the applicability of international laws, in this domain, is still being debated. The existing international agreement, the Council of Europe (CoE) Convention on cyber crime is limited in scope and even more limited in enforcement. McAfee-sponsored report produced by the Centre for Strategic and International Studies (CSIS) titled ‘The Economic Costs of Cyber Attacks and Cyber Espionage’ reveals the cost of cyber crime and espionage racks up between US $300 billion to $1 trillion. These costs are likely to increase with greater internet penetration and as organisations continue digitalising their products to compete in ever more competitive markets.

The size of any loss, however, is the subject of intense dispute. Is this what one senior official called “the greatest transfer of wealth in human history” or is it what a leading economist called a “rounding error in a fourteen trillion dollar US economy?”

The cost of malicious cyber activity involves more than the loss of financial assets or intellectual property. There are opportunity costs, damage to brand and reputation, consumer losses from fraud, the opportunity costs of service disruptions ‘cleaning up’ after cyber incidents and the cost of increased spending on cyber security.

Global loss due to malicious cyber activity – $300 billion to $1 trillion is 0.4 per cent to 1.4 per cent of global GDP of 70 Trillion.
In US, only car crashes per year cost $99 billion to $168 billion 0.7 per cent to 1.2 per cent of GDP.
Source: Centre for Disease Control (CDC) and Automobile Association of America.
US loss due to malicious cyber activity – $24 billion to $120 billion 0.2 per cent to 0.8 per cent of GDP.
According to Norton (Symantec) report, India lost 8 billion US dollars to cyber crimes in finance alone in 2013.
Pilferage $70 billion to $280 billion 0.5 per cent to 2 per cent of GDP.
Source: National Retail Federation (USA).

Nations are also forming alliances amongst their intelligence agencies for cyber espionage…

Cyber Terrorism

The most important happening of the century so far has been the merger of the virtual and physical worlds. This was demonstrated by the Stuxnet attack (2010) on the Iranian nuclear facility at Natanz, the response allegedly by Iran in attacking Saudi Arabia’s oil facility ARAMCO and Quatar’s Ras Gas (2012) by launching of SHAMOON (The cutting Sword of Justice) virus which damaged more than 30,000 ARAMCO work stations. More recently, in December 2014, the cyber attack on the German steel plant caused significant damage to the blast furnace.

Concerted efforts are being made both by nations and non-state players to develop and field Remote Access Trojans (RAT) for cyber espionage of Industrial Control Systems (ICS) like Supervisory Control And Data Acquisition (SCADA) system and Programmable Logic Controller (PLC). HAVEX-Remote Access Trojan, discovered in 2011, is perhaps the most powerful virus thus far for cyber espionage of Industrial Control Systems. Security analysts have discovered 88 variants of this virus till 2014. Victims are located in Europe (France and Germany), California and Russia.

BLACK ENERGY, a complex multi-component malware primarily used for spamming enables criminals to create one of the largest spam botnets, capable of sending 18 billion messages per day. The latest version of this virus, discovered in September 2014, has three integrated components for Spam, online bank frauds and targeted attacks. A number of state organisations and private businesses from various industry sections in Ukraine and Poland have been targeted by this virus in recent attacks.

ENERGETIC BEAR or Dragon Fly is another Remote Access Tool for attacks on Industrial Control Systems allegedly produced by the Russians. It has already affected over 1,000 energy firms across the world and can disrupt power supply systems. USA, Spain, Serbia, Romania, Poland, Turkey, Germany, Italy and France have been targeted. These pose the greatest threat and have added a new dimension to the phenomenon of cyber terrorism and cyber war and put the entire infrastructure under threat with direct impact on public safety, national security and economic security.

Targeted attacks on military installations, power plants, air traffic control, train traffic control, telecommunication networks are the most likely threats. Other targets could be police, medical, fire and rescue systems. If successful, this category can wreak havoc and cause panic amongst the civilian population. The perpetrators can be terrorist outfits or unfriendly governments of other nations.

Militarisation of cyberspace and development of cyber weapons are raising the spectre of cyber war…

The threat to critical infrastructure is so severe and real that the USA and China have signed an agreement of not attacking each other’s electrical infrastructure. Not only that, in April 2014, while he was in China, Defense Secretary Chuck Hagel announced that he had authorised releasing details of the US cyber warfare doctrine unilaterally to China in a bid to win similar cooperation from Beijing. A detailed briefing was given by Christopher Painter, State Department Coordinator for Cyber Issues, and Eric Rosenbach, then-Deputy Assistant Defense Secretary for Cyber Policy. The Chinese were told about US cyber warfare and defensive doctrine and policy, including a summary of Pentagon cyber operations and activities. “The purpose of this briefing was to increase transparency of one other’s military cyber activities and intentions,” said Colonel Pickart, spokesperson for the Pentagon.

An entirely new dimension has very recently been added by the hacking attack on the Sony Entertainment Company, wherein for the first time, the assets of the corporate had been physically destroyed. Such an event can bring the entire business to a standstill causing huge losses. Nations and societies will have to develop trusted and robust infrastructure with comprehensive plans for prevention, response and reconstitution.

Cyber Espionage

Cyber spying typically involves the use of unauthorised access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage. More recently, cyber spying involves analysis of public activity on social networking sites such as Facebook and Twitter. This is the most potent threat that exists today in the cyberspace. It is believed that US has lost technical data worth one trillion dollars in the last five years through unauthorised access and exfiltration.

Russian cyber attacks collapsed the communication systems of almost all Ukrainian forces that were based in Crimea…

Since 2009, malware Trojans such as Babar, Bunny, Dino, N Bot and Tafaclou have been used for data theft. One of the biggest cyber espionage attack ‘Titan Rain’ (2003 to 2005) was discovered after three years. Hackers gained access to many United States defense contractor computer networks targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and the NASA.

Nations are also forming alliances amongst their intelligence agencies for cyber espionage. One prominent group is known as ‘Five Eyes Intelligence Alliance’ consisting of intelligence agencies of the UK, Canada, Australia, New Zealand and the USA. Cyber espionage is an integral part of military strategy and foreign policy of Russia towards the countries of the former Soviet Union. The ability to access information systems of diplomatic, government and military organisations gives Russia a huge advantage in predicting their tactics, actions and analysing the thinking of their neighbours. Many nations are also using cyber espionage and probing missions to build up intelligence for conducting cyber and kinetic operations when required.

Social Media

Social media such as Facebook, Twitter, and LinkedIn have emerged as very powerful tools for perception management, social engineering and Open Source Intelligence. These media are being exploited in equal measure by the superpowers and the poor/developing nations and non-state actors. Social media, a double-edged weapon which can also be used by the Government, has emerged as a major instrument of waging ‘asymmetric warfare’ through exploitation of the aspirations of people, differential development, varying religious beliefs and cultural leanings. These have also become attractive sources for recruitment by the terrorist organisations. Nations across the world are putting in place legal frameworks, infrastructure and human resources for monitoring and censoring this media to remain proactive.

“The crisis in Ukraine was the largest battlefield of cyber war since Russia’s cyber-attacks on Estonia in 2007 and Georgia in 2008.”

— Simon Tsipis, Cyber Warfare Researcher, INSS Think-Tank Reports

Management of cyberspace in a globalised and connected world is a big challenge…

Cyber War

Militarisation of cyberspace and development of cyber weapons are raising the spectre of cyber war. Military planners across the globe are at inflexion point taking far reaching decisions which include the ushering in of cyber weapons fully integrated into military operations and kinetic warfare. Nations such as USA, Russia, China and UK have already pronounced their respective Cyber Warfare Doctrines, created appropriate organisations and polices to implement the same and tested cyber weapons on a limited scale. More than 140 countries are said to be working on getting offensive cyber capabilities.

While cyber warfare was used in the Estonia conflict by ‘denial of service’ attacks on the financial system; conflict in Georgia saw, for the first time, conduct of cyber warfare in conjunction with kinetic operations. Crimea and Ukraine are recent examples of conduct of cyber warfare. The largest military cyber attack was the one implemented by the Russian Military Intelligence (GRU) on the armed forces of Ukraine, as reported by BBC. According to the law enforcement agencies of Ukraine, Russian cyber attacks collapsed the communication systems of almost all Ukrainian forces that were based in Crimea that could pose danger to the invading Russian troops. Attacks of a lesser scale were directed at government websites, news and social networks.

Future Threats

In the next five years, the threat landscape is likely to change drastically with the emergence of virtual currency, digital economy, the Internet of Things and Outer Net. Incidents such as the downing of the US drone Sentinel RB-170 by the cyber warfare unit of Iran and the possibility of remotely locking and assuming control of a car are pointers of things to come and provide glimpses of likely capabilities. Let us hope that by that time the international community would have secured cyberspace adequately. This would be a strategic imperative and will remain a “work in progress” due to the galloping pace of technology.

Cyber commons is at a nascent stage similar to the maritime commons in the early 17th century…

Imperatives For Securing Cyberspace
Establish norms for proper and responsible behavior within the cyber commons.
Promote international efforts to maintain a healthy and open cyber commons such as the Convention on Cybercrime.
Move beyond working with governments to engage and support global multi-stakeholder organisations such as the Internet Engineering Task Force (IETF) and the Internet Corporation for Assigned Names and Numbers (ICANN).
Encourage network operator groups to cross political borders to play active roles in improving the health, openness and resilience of the cyber commons.
Make international organisations such as the Forum of Incident Response and Security Teams (FIRST) more comprehensive so as to bring them to the same level of legitimacy and capability for cyber security as the World Health Organisation (WHO) does for global health.
Utilise public-private partnerships and encourage information-sharing on cyber defense among state and local organisations.
Develop rapid response capabilities including higher levels of automated decision making.
Develop technologies and concepts that will allow the military to operate effectively without the use of the Internet.
Make cyber an integral part of military cooperation and include the same in the joint exercises.
Developed nations must help with technology sharing and in creating world-class cyber warriors by helping both in the establishment of training infrastructure and building up of human resources with the requisite skills.
Concurrently, we must identify ‘Pivotal States’ amongst our allies for protection of cyberspace global commons.

Establishment of an international clearing house for critical infrastructure protection to share threats, vulnerabilities and attack vectors.

Issues and Challenges

Cyber commons is at a nascent stage similar to the maritime commons in the early 17th century. Management of cyberspace in a globalised and connected world is a big challenge. While discussions are being held to formulate international agreements, treaties and legal framework to ensure security and responsible behaviour in the cyber space, the progress is very slow. It is for the first time that developed nations are directly threatened and the underdeveloped nations see an opportunity both for development and security. Accordingly, there are a number of issues requiring resolution in an environment of mutual trust and equality. Some of these are:
Control of Internet (ICANN and IETS, Working Group on Internet Governance) and Internet governance. The seeds of international cooperation to maintain the openness of the cyber commons are already sprouting. The US Computer Emergency Response Team/ Coordination Center (US-CERT/CC), other national CERTs, and international organisations such as the Forum of Incident Response and Security Teams (FIRST) perform some of the same functions for cyber security as do the World Health Organisation and the Centers for Disease Control for public health.
Privacy vs security, social media and social engineering.
Nations must have the right of free navigation in the cyberspace commons.
Intelligence sharing, incident management and reporting mechanisms for a strong watch and warning system.
Bilateral, regional and international agreements/treaties.
Cyberspace – a national and a global asset; resolve paradox.
Technology development to resolve attribution problem and for robust /trusted infrastructure.
International Legal Framework, legal concepts for “standards of care” and good practices.
Liability and responsibility of service and infrastructure providers and cooperation with the Law Enforcement Agencies.
Technology push by the USA/developed nations.
International Standards of Cyber Security, verification establishments and liability.
Definition of cyber war and application of Law of Armed Conflict and UN Charter including legality of going to war (jes ad bellum), and laws governing behavior during war (jus in bello). What constitutes cyber war, when does it start or finish?
Are states responsible for computer network attacks and espionage that originate in their territory? Since distinction between cyber attacks and cyber warfare is thin (same attack vectors can lead to different outcomes), there is need to define under which conditions it is a computer network attack and an ‘act of war’.
Development, control and release of cyber weapons.
Establishment of an international clearing house for critical infrastructure protection to share threats, vulnerabilities and attack vectors.

Conclusion

Addressing and resolution of the issues and recommendations demand a high degree of international cooperation by way of technology and information sharing, a robust and responsive legal framework at the national and international levels, awareness of the threat and adherence to good practices, information security standards and facilities to examine their implementation and so on to ensure human security, equitable and peaceful use of the cyberspace, the nascent global commons for the benefit and prosperity of the mankind.
© Copyright 2015 Indian Defence Review

No comments:

Post a Comment