New Battlegrounds: The Future of Cyber Security and Cyber Warfare

Transcription

1 New Battlegrounds: The Future of Cyber Security and Cyber Warfare Information and communications technologies are part of daily life. They are helping to revolutionize health and education, transform the way we live and work and move us closer to our development goals. But cyber-attacks have the potential to destabilize on a global scale. Cybersecurity must therefore be a matter of global concern. UN Secretary-General Ban ki-moon. Depending on how one defines this term, cyberspace has been with us for at least some decades. It brought new hopes for decidedly peaceful undertakings. Intercultural understanding and cooperation have been promoted in ways and to extents previously unheard of. But obviously, this new space also brings new dangers, new opportunities for criminal and violent acts. Cyber warfare in the sense of a purely virtual armed conflict has so far surfaced but a few times. It can be expected to gain more importance in future battles. Then, the international community should be prepared. This preparedness is complicated by the wide array of new concepts and circumstances that cyberspace introduces. In theory, any individual with a laptop and an internet connection can be a globally relevant actor. Considering its relatively young age, it is astounding to which degree the internet has penetrated everyday life. Cyberspace brought numerous opportunities for literally all kind of actors. It brought new hope for peaceful undertakings. But since not all actors are interested in international peace, cooperation and the promotion of solidarity or even national sovereignty, cyberspace is also used for acts that raise concern from a point of view of national security. Cyber-warfare is Internet-based conflict involving politically motivated attacks on information and information systems. Cyber-warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data, and cripple financial systems. Cyber-attacks can be carried out by a small team no large military battalion is required; yet, its effects can be far more catastrophic than that of a ground assault or bombing. Many countries have invested in their cyber-security and their cyber-arsenal as well, the largest and most notable being the USA and China. Of late, governments and government services have not been the lone targets of cyber-attacks corporations have as well. These range from large financial institutions, as an attack on the stock market could result in a financial meltdown of unforeseen proportions, all the way to supermarket chains, to breach and access consumer data. While the software industry does its best to keep apprised of newfound flaws and threats (such as the Heartbleed bug16) it is impossible to regulate it so that perfect software is created better measures for national security are needed to escape this threat. Cyberspace Cyberspace is "the notional environment in which communication over computer networks occurs." The word became popular in the 1990s when the uses of the internet, networking, and digital communication were all growing dramatically and the term "cyberspace" was able to represent the many new ideas and phenomena that were emerging. The term cyberspace can be taken to mean several things, in the sense of referring to any form of public sphere. Even in our narrow definition, nowadays cyberspace is, geographically, everywhere. Mobile

2 phones are far more sophisticated and capable than most personal computers. The internet has grown to such a magnitude that it is too big to control. The ways in which internet protocols (IP) work, the internet is inherently open, decentralized and largely undirected. Generally speaking, it permits the relatively easy use of aliases and proxies that are relatively difficult to penetrate and reveal and may also be used for socially less acceptable acts. Cyberspace has been praised for democratizing communication by design. While the telephone allows for one-to-one communication and newspaper for one-to-many, the internet does in fact allow communication of the type many-to many. Cyber Security Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest. Countermeasures can be put in place in order to increase the security of data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization. It includes physical security to prevent theft of equipment and information security to protect the data on that equipment. It is sometimes referred to as "cyber security" or "IT security". Those terms generally do not refer to physical security, but a common belief among computer security experts is that a physical security breach is one of the worst kinds of security breaches as it generally allows full access to both data and equipment. Cyber Warfare Cyber warfare is politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare. Attacks on foreign cyber networks are what cyber war is all about. In some respects, war in cyberspace is very similar to traditional warfare. A cyber-attack can only happen if and only if the attacker can gain more than it loses, even in the face of a kinetic response. This in turn reduces the questions to enemy capability, the potential for serious damage from a cyberattack and the risk of retaliation. Another peculiarity in comparison to other spaces is that in cyberspace, a country can prepare the battlefield, deploy malware that will act destructively on command but wait quietly until hostilities break out. Cyber threats have been highly present in media coverage and international political discourse but so far, major disruptive attacks have remained mere chimeras. To prevent future cyber-attacks, it has been argued, existing security technologies won t suffice. Because ultimately, the security issues of the information society is not of a technical nature. Instead, it lies in the motives and goals of human conflicts. Solving it is a political task. History The origins of cyber terrorism can be traced back to the 1970s in which viruses and malware developed in the form of worm attacks. Such worms are malware computer programs that replicate themselves in order to spread to other computers. Specifically, the Morris worm,

3 one of the first recognized worms that affected cyber infrastructure, spread to 6,000 computers (estimated to be 10 percent of the internet at the time) and lead to approximately $98 million in damages as it slowed down computers and left them unusable. As the world entered the 21st century, cyber technology became more accessible and hacking groups or Internet mafias like the Russian Business Network (RBN) proliferated throughout the web. In the early 2000s, botnets grew in rapid numbers in several recorded attacks like the attack on the Microsoft wormhole by Botnet Herders in the 21st century. As worms and viruses further developed, several attacks were launched against government agencies like NASA, that compromised the International Space Station, stealing the plans for the latest US space launch vehicles, as well as the Pentagon, which was suspected to be infiltrated by Russian computer hackers. Worms, viruses, malware, and Trojans are the most common forms of cyber warfare and constituted 85 percent of all cyber-attacks in In recent years, more attacks on Chinese websites perpetrated by the Iranian Cyber Army and reported attacks on Canadian government agencies information have occurred. Furthermore, botnet attacks have been staged against financial institutions. For example, the State Bank of India is believed to have been the infiltrated by a group of hackers from Pakistan. The attacks on such financial institutions hint at the insurmountable damages cyber-attacks can cause. Ultimately, the widespread organizations and agencies that are targets of such attacks often hold sensitive and often classified information, thus the continued attacks on such institutions are dangerous both to the international community and the nations being attacked. Recent timeline A timeline of major international cyber-attacks, data breaches and information theft: In September 2010, Iran was hit by the Stuxnet virus, which specifically targeted Iran s Natanz nuclear enrichment facility. This worm was particularly notable since the virus worked across different operating systems, and represented the first piece of software designed to cause physical damage. In November 2010, as a form of retaliation to the terrorist attacks on Mumbai 2 years earlier, the Indian Cyber Army hacked 36 Pakistani government and army websites. In December 2010, the Pakistani Cyber Army responded in kind, taking down the website of India s Central Bureau of Investigation (CBI). In July 2011, a South Korean company, SK Communications, was hacked, and personal details of around 35 million people were stolen. A Trojan horse was the modus operandi, and it is believed that similar attacks were attempted at other firms as well In October 2011, the drone fleet system at the US Creech Air Force Base was hit by a keylogger (a virus which tracks keystrokes entered into a system). However, attempts to reverse this into controlling the drones failed, and the Air Force says that the virus posed no threat to our operational mission.

4 In January 2012, former director of national intelligence at the NSA under President Bush said in an interview that the US has attempted cyber-attacks against other nations, and has been the target of attacks from Russia and China as well. In June 2012, the Flame virus was discovered by anti-virus software developers Kaspersky, and was labeled as the beginning of the end of the [interconnected] world as we know it. In July 2012, several high-ranking officials in the Indian Ministry of Home Affairs, Ministry of External Affairs and Defense Research and Development Organization had their accounts hacked in a direct breach of governmental information. In September 2012, several US banks were hit by denial of service attacks, believed to originate from Iran, which blacked out user access and Internet banking platforms. Methods of Attack 1. Espionage and National Security Breaches Cyber espionage is the act of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. Specific attacks have been given codenames like Titan Rain and Moonlight Maze. Cyber Command is currently trying to determine whether such activities as commercial espionage or theft of intellectual property are criminal activities or actual "breaches of national security." 2. Sabotage Computers and satellites that coordinate other activities are vulnerable components of a system and could lead to the disruption of equipment. Compromise of military systems, such as C4ISTAR components that are responsible for orders and communications could lead to their interception or malicious replacement. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. According to Clarke, the civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market. In mid-july 2010, security experts discovered a malicious software program called Stuxnet that had infiltrated factory computers and had spread to plants around the world. It is considered "the first attack on critical industrial infrastructure that sits at the foundation of modern economies". 3. Denial-of-service attack In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Perpetrators of DoS attacks typically target sites or services hosted on high-

5 profile web servers such as banks, credit card payment gateways, and even root name servers. DoS attacks may not be limited to computer-based methods, as strategic physical attacks against infrastructure can be just as devastating. For example, cutting undersea communication cables may severely cripple some regions and countries with regards to their information warfare ability. Cyber Command is the newest global combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space." It will attempt to find and, when necessary, neutralize cyberattacks and to defend military computer networks. One cyber warfare scenario is Cyber Shock Wave which was war gamed on the cabinet level by former administration officials, raised issues ranging from the National Guard to the power to the limits of statutory authority. The distributed nature of internet based attacks means that it is difficult to determine motivation and attacking party, meaning that it is unclear when a specific act should be considered an act of war. There are many benefits to cyber warfare. Cyber warfare s low cost, ease of access, and high gain make this new technology even more dangerous. Militarily speaking it is difficult to quickly ruin the economy of another country, but now through the use of cyber warfare it could be done with ease. This being said because of all the previous mentioned points the thesis that cyber warfare is a newer, less deadly, but more dangerous form of warfare is further proven. Recent International Action Cyber warfare has become an imminent issue and there has been ongoing debate among policy-makers on what norms will guide behavior in cyberspace. The United Nations (UN) is one of the forum in which this debate is taking place, over the course of the past decade. In September 2011, Russia, together with China, Tajikistan and Uzbekistan, proposed an International code of conduct for information security. In 2010, the U.S. co-sponsored for the first time a draft resolution on cyber security that has been introduced in the UN General Assembly by the Russian Federation. Generally, two principal streams of negotiations regarding cyber security can be distinguished at the UN: a politico-military stream focusing on cyber warfare and an economic stream focusing on cybercrime. Cyber warfare is still a relatively new topic of discussion for the international community. In the opening remarks to the 52nd Session of the Secretary-General s Advisory Board on Disarmament Matters in July 2009, Sergio Duarte categorized the challenge of cyber warfare and its impact on international security as one of the new or emerging issues. He announced that cyber warfare potentially affects virtually all the United Nations is trying to accomplish with respect to both of its historic mandates of disarmament and the regulation of armaments, and had to claim that such a newly emerged issue is not an easy issue for the Board to address. On August 31, 2014, NATO (North Atlantic Treaty Organization) was set to ratify a pledge on joint defense in cases of major cyber-attacks. The addition in the organization s mission of collective defense, if ratified, means that for the first time, a cyber-attack on any of the 28 NATO nations could be declared an attack on all of them, much like a ground invasion or an airborne bombing. The details for retaliations to these attacks, however, remain unforeseen. While NATO has built a gleaming new computer security center, and now routinely runs computer exercises, it possesses no cyber weapons of its own and, apparently, no strategy for how it might use the weapons of member states to strike back in a computer conflict.

6 Although NATO s most powerful members, including the United States and Great Britain, have spent billions of dollars on secret computer offensive programs, all of them have declined to inform the public regarding the types of weapons they might contribute in a NATO-led computer conflict. As a result, while there are detailed plans about how NATO would respond and what capabilities are at the disposal of their military structure when conventional war or nuclear war breaks out, there are no such detailed NATO response plans in the cyber realm. In the UN, the Security Council s involvement has been largely limited to the work of the Working Group on Countering the Use of the Internet for Terrorist Purposes, which is part of the Counter-Terrorism Implementation Task Force (CTITF). Unfortunately, the Council s resolutions do not often take direct actions that address issues regarding the prospects of cyber terrorism. In 2010, ECOSOC opened its legislative session with a briefing titled Cyber security: emerging threats and challenges. Two of its functional commissions, the Commission on Narcotic Drugs and the Commission on Crime Prevention and Criminal Justice, have also been dealing with the criminal use of cyber space. The General Assembly has seen an increasingly large amount of activity and discussion on norms governing the behavior of member states as indicated by the fact that three out of the General Assembly s six committees have met to negotiate draft resolutions pertaining to cyber security. There have been a total of five Groups of Governmental Experts (GGE) on cyber related issues so far. The General Assembly s First Committee created the first GGE in In 2004, ECOSOC set up an intergovernmental expert group on identity related crime. The International Telecommunication Union (ITU) setup a high level expert group that developed a cyber-security agenda in 2007, and the United Nations Congress on Crime Prevention and Criminal Justice established an open-ended intergovernmental expert group on cybercrime in Throughout their negotiations, member states have been using UN organizations as organizational platforms for their competing agendas, resulting in highly fragmented activities regarding cyber security. Conclusion and Further Research The future of cyber warfare will bring many possibilities to a countries arsenal and it will open entirely new fronts on the battlefield. In the future cyber-attacks may be the beginning and end of a war. Cyberattacks may be treated the same as an amphibious invasion of a bombing. Ancient Chinese military tactician Sun Tzu once said that all war is based on deception, and there is no greater form of deception than cyber warfare. In the future generals may rely completely on cyber warriors for intelligence on the enemy, and to deceive the enemy with false information. Never before has a country been able to destroy another country s infrastructure without firing a shot, however cyber warfare may make complete shut-down possible. The future possibilities of cyber warfare cannot be explained in their entirety and it is this vastness of options which makes cyber warfare so dangerous. In order for the committee to be successful, it is imperative that questions such as the undermentioned are discussed: 1. To what extent is the threat of cyber war legitimate? 2. From what sources are the greatest threats of cyber warfare and what unique motivations do each of those sources act upon? 3. Are government leaders capable of developing tangible and actionable solutions to cyber security threats? With whom, if anyone, should governments develop

7 partnerships? 4. What are the key IT considerations for preventing cyber-attacks and more pertinently, with the requirements of such considerations, how can efforts to stem cyberattacks become internationally scalable? 5. Which nations are most vulnerable to cyberattacks and what factors make them most vulnerable?