THE CURRENT GLOBAL THREATS TO CYBERSPACE SECURITY

Transcription

1 前 沿 探 索 THE CURRENT GLOBAL THREATS TO CYBERSPACE SECURITY By Lt Col Jose Luis Llagran Bonilla 1 (Ecuador) I. Introduction Cyberspace is an interdependent network of information technology infrastructures that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries and institutions of a State; the term also extends to the virtual environment of information and interactions between people. Nowadays, economy and national security has become fully dependent upon information technology and the information infrastructure. A network of networks directly supports the operation of all sectors of our economy: energy (electric power, oil and gas), transportation (rail, air, and merchant marine), finance and banking, information and telecommunications, public health, emergency services, water, chemical, defense industrial base, food, agriculture, and postal and shipping. The reach of these computer networks exceeds the bounds of cyberspace. They also control physical objects such as electrical transformers, trains, pipeline pumps for oil exploitation, radar and airborne systems for defense and security. 2 The threat to security that represents the potential for systems to access and destroy important data implies that the nation must implement strategy to detect and protect against deliberate attacks seeking to penetrate into these sensitive systems. This strategy is usually called National Cyberspace Security Strategy 3. 1 Lt Col Jose Luis Llagran Bonilla from Ecuador, participant of the 30th Defense and Strategic Studies Course, NDU, China. 2 Strategic Review, Xia Zhengnan, Center for National Defense Policy, Academy of Military Science, Exploring Law Enforcement Perspectives, Frederic Lemieux, April 年 第 2 期 防 务 论 坛 23

2 Academic Frontier II. The Strategic Challenges to National Cyberspace Security The openness that cyberspace has brought to human activities has changed the way of living of the people in the modern world. However, this conectivity opens greatest risks. An adversary in cyberspace needs to attack the weakest link of the network to inflict harm to the entire whole, therefore state or nonstate actors can create a system risk. Firstly, the nature of the strategic threat in cyberspace is as broad as cyberspace itself. Any aspect of the world that is dependent on the cyber domain is at least potentially at risk. Thus, we are concerned with any adverse actions that might: threaten the integrity of our critical infrastructure; destabilize our financial system; allow the theft of intellectual property; or in any other significant way undermine our ability to rely upon technology for important national security objectives. Secondly, the threat in cyberspace is diverse. It is characterized by a high variety of potential malefic actors. The cyber world is populated with more than nation-state actors: there are also well-organized criminal gangs; independent terrorist organizations; and hackers of every type. Each poses a distinct sort of threat, requiring a specific differential response. A consequence of the unique structure of cyberspace is that fundamental precepts that work in the physical world, especially those precepts of risk management and deterrence, have less ready application in the virtual world 4. Common risk management mechanisms will not work as effectively as they do in the physical world. Often, risk management involves systems for the detection, avoidance and mitigation of risk. In the globalized cyberspace these efforts to detect and monitor threats are sometimes technologically unfeasible. Even when feasible, elimination of risk is often impractical because the risks are resistant to traditional cost-benefit analysis. In a world where the identity of the threat cannot be determined with confidence, mitigation of that threat is problematic. Moreover, traditional models of deterrence, which rely on the identification and punishment of dangerous actors, cannot operate as adequately in this environment. All of the protective measures we take today (firewalls, monitoring systems, audits, antivirus, etc.) are, effectively, transaction costs that add nothing productive to the system. Likewise, the social costs that remain from the vulnerabilities that are not resolved are very dangerous. 4 National Security Threats in Cyberspace, Paul Rosenzweig, American Bar Association, Defense Forum Autumn 2013

3 前 沿 探 索 Cyber crime can be defined as a group of behaviors which are intended to attack government or private information technology systems or those related to these systems being able to present several ways of damage to important information data bases. These crimes go further beyond borders and needs immediate and effective actions against 5. Cyber terrorism is a sophisticated threat at this time. Terrorists can launch a single cyber attack. This is probably because it currently takes a large, well-resourced and time-intensive effort to use cyber tools for disruption or attack. The most advanced attacks, like the Stuxnet attack on Iran s nuclear program, require resources and a level of technical sophistication. Espionage against political and military targets is also a danger. Cyber espionage provides powerful intelligence capabilities to many countries that would otherwise lack the ability to do this sort of collection, in terms of both geographic scope and in the scale of information filtrated. Cyber espionage can include a new avenue for political action. Instead of planting false stories in newspapers, an intelligence service could use simple denial of service attacks, leaks of material obtained through hacking, or more sophisticated exploits in an attempt to manipulate politics in the target country. The recent release of the information made by Edward Snowden about the use of PRISM system to track and monitor Phone calls and internet information with the participation of High Tech companies as Facebook, Google, Yahoo, Microsoft, AOL, Apple and others, is a major threat to the world wide users since these applications for communications are being used by hundreds of millions of users all over the world, so the unique way to avoid being tracked and monitored is by keeping from the usage of these applications or implement these applications within regional boundaries, this measure is completely out of the league of small countries. Despite criticism and protests from various sides about this scandal, it is highly unlikely the United States will make substantial adjustment to its intelligence programs. So far, US President Barack Obama, Secretary of State John Kerry and many senior intelligence officials have defended the surveillance program, saying it is aimed at overseas targets and not US citizens, that it was approved and supervised by the US legislative, judiciary and executive branches, and that it has made important contributions to counter-terrorism and US allies. Analysts say the Obama administration faces little domestic pressure on the issue as it labeled the program with the 5 Los Delitos Informáticos en el Ecuador, Dr. Snatiago Acurio del Pino, Universidad Católica del Ecuador, 年 第 2 期 防 务 论 坛 25

4 Academic Frontier buzzwords of overseas targets and counterterrorism. David Rothkopf, CEO and editor-at-large of the Foreign Policy Group, wrote in an article recently that US congressional and executive branch officials have bought into the post 9/11 paranoia and hyped-up threat mentality and come to accept that even the possibility of an attack on the United States warrants disregard for US laws and international agreements. Some countries also recruit proxy forces hackers and criminals they use to carry out specific tasks. The use of these private actors should not hide the central role of governments. The greatest danger from these state actors comes from economic espionage, where foreign governments, companies and citizens steal intellectual property, confidential business and military information. If a nation s cyber security is poor, it is subsidizing its competitors. Cyber war is also a risk. Advanced militaries have plans and capabilities to attack opposing military forces, critical infrastructure, and other civilian targets. Cyber attack can be regarded as a new attack capability that has both tactical and strategic uses, similar to missiles or aircraft that can be launched from a distance and strike rapidly at a target. We are likely to see cyber attack only in the context of some larger military conflict 6. From the sources of attacks, cyber security is facing both external threats and internal threats. The external threats means the cyber attacks can be launched from outside the network, using hackers, against information systems. Because stealing data and spying do not prevent users from enjoying free use of their own systems, there may be few signs that they are being tapped into. Detection is possible, if a user notices an unexpected exfiltration of data packets notices strange activities or activity patterns; notices rogue code resident on a system; or observes the consequences of a specific intrusion. 7 The internal threats means states recruit insiders, who, with varying degrees of help, can introduce mischief into systems, especially if they are system administrator themselves. The other is to toy with the supply chain so that target systems contain components that appear benign but contain code that responds to a state s directions or at least priorities. 6 Information Operations and Cyberwar: Capabilities and Relates Policy Issues, Clay Wilson, CRS Report for Congress, Cyberspace Security Issues and Challenges, Manu Mlek, Ph.D.,Stevens Institute of Technology, Defense Forum Autumn 2013

5 前 沿 探 索 III. The Responses 1. Governments Should Play a Leading Role The Government has the responsibility of establishing the National Cyberspace Security Strategy according to the principles and objectives of the National Security Strategy. The Governments should exercise the leadership over the overall efforts for the protection of the critical information infrastructure. The governments should assign responsibilities to ensure the continuity and sustainability of all the national efforts in this regard. The main responsibility of the State is taking all the measures to secure the national critical infrastructure. This includes not only the planning across local, national, regional and international security organizations but also the establishment of new structures, organizations and instruments to prepare and launch the coordinated responses to events which could decrease or destroy the governments abilities to protect the cyberspace and to deliver essential services to their citizens and equally prepare for the hostile actions from state and non-state actors in the cyberspace. In the case of Espionage from foreign countries there are some measures to be designed and implemented by the Government. First of all, all of the users should be aware that using software applications for social networks, internet calls and search engines as Facebook, Google, Yahoo, AOL, Skype, etc. involves the application of the Cloud computing concept which determines that the information is replied, processed and storage in the servers located inside the USA allowing this country to access to the contents transmitted and received without any restriction. Due to this threat, Chinese government has restricted the access to these applications within China in order to prevent and ensure the Information Sovereignty of China. In this regard, this measure should not be understood as a lack of freedom of use but a high level decision to protect the information of the Chinese citizens from being captured by foreign countries. In order to provide these services and applications to the Chinese people, China has launched several years ago Weibo, as a hybrid of Twitter and Facebook, and Baidu as an equivalent of Google or Yahoo. China is able to assure the information sovereignty by providing proprietary applications to its citizens since it is a Major Power not only economic but also technologically speaking. On the other hand, in the case of small countries that has no chance to make these decisions, the only way is to promote international cooperation especially with powerful countries who 2013 年 第 2 期 防 务 论 坛 27

6 Academic Frontier have these capabilities and ensure the protection of their citizens information Establish Strong Public-Private Cooperation Since the critical infrastructure of the nation is in a large part owned by the private sector, a partnership of government, corporate and private companies is required to secure the cyberspace, through the Public Private Cooperation (PPC). The partnership needs to provide three capabilities essential to cyber security: (1) detection: the partnership must define, identify and watch for behavior of concern; (2) protection: it must ensure compliance with the partnership s security standards, sanctioning those who fail to comply; and (3) response: which must provide a means to conduct examinations following disruptions, analyze vulnerabilities, fix security shortcomings, and effectively attribute attacks to their perpetrators. 3. Strengthening the Legal Framework It is necessary to issue the regulations to comply with international treaties to the extent that are part of the constitutional and correct regulation of the provisions in national law. The institutions responsible for cyberspace security and cyber defense must find and evaluate participation in different international networks and cooperation mechanisms (Council of Europe, OAS and others), which allow the country to prepare to meet the growing challenges of the international environment in the area of cyberspace security and respond more efficiently to security incidents and cyber crimes 9. In general terms, the development of a legal framework should seek to accomplish the following goals: To develop and implement a appropiate legislation to ensure cyberspace security with the introduction of compulsory measures and standards to rule state-owned and private companies related to the critical infrastructure and to establish the security requirements in the information systems. To draft new legislation with the participation of all the sectors of the society, including civil and military participation. To launch initiatives in international law-making in international organizations to fight and punish espionage actions from any country in the international community. The specific measures proposed to face the legal challenges are: 8 China and Cybersecurity: Political, Economic and Strategic Dimensions, Jon Lindsay, University of San Diego, April International Law and the Future of Cyberspace: The Obama Administration s International Strategy for Cyberspace, David Fidler, Volume 15, American Society of International Law, June Defense Forum Autumn 2013

7 前 沿 探 索 Establishing, reviewing and modernizing criminal law, procedures for electronic investigations to prevent, respond and prosecute cyber crime both on the domestic and international levels. Establishing, reviewing and updating legal infrastructures for data protection, privacy, digital signature, commercial law and encryption between government and civil society. Creating acceptable legal norms for dealing with cyber crimes regarding territorial jurisdiction and use of force. Establishing the legal structure to support assurance measures, including clearing urisdictional barriers to pursue hackers. Assisting in developing international norms and standards, enabling and facilitating international and regional cooperation against cyber crime and espionage in the cyberspace dimension. 4. The Armed Forces Enhance the Capability of Cyber Warfare Since cyber warfare is asymmetric, adversaries do not need to build large and expensive weapons and develop traditional armed forces to pose a significant threat. Once found the vulnerability to exploit, the adversary can launch an attack intended to steal operational plans, blind intelligence capabilities, hinder the ability to deliver high precision weapons on target or disrupt logistics. This is the reason why many militaries are developing cyberspace offensive capabilities. The deterrence formula is not suitable to be applied in cyberspace due to the fact that no one can be confident of their ability to determine the attacker s identity. Skilled attackers can not only hide their identity but also making it look as if someone else is responsible for the attack. IT technology and the digital infrastructure enable almost everything the armed forces do: Command and control of forces; real time provision of intelligence, reconnaissance, surveillance and targeting information; planning and execution of operations; control of high precision strike weapons, logistical support and administration. These means can provide critical advantages to military forces but can also enable adversaries to gain previous knowledge of their intentions and capabilities to disrupt operations. The Armed Forces should develop the capabilities to monitor, prevent and fight against espionage actions that can be performed during peace, crisis and war times, so this is an endless national effort in order to promote the Information sovereignty of the nations. 5. Strengthening the International Cooperation International cooperation programs should be promoted in order to 2013 年 第 2 期 防 务 论 坛 29

8 Academic Frontier exercise the values of freedom of expression and individual rights in and through cyberspace allowing people of the country no matter race, faith, political thinking and point of view to communicate, cooperate and prosper. The technological gap should be overcome by international agreenments with technological powers in the world. The institutions responsible for cyber security and cyber defense should find and evaluate the participation of the country in different international networks and cooperation mechanisms with countries leaders in cyberspace to meet the growing challenges of the international environment in the area of cyberspace security and respond more efficiently to security incidents and cyber crimes. International organizations such as UN should promote transparency and trust among countries by supervising the updating and publishing periodically the cyberspace security strategies and policies to the international community to search the balance between freedom of use, privacy and security to the users all over the world. Meanwhile in order to protect cyber security, the International legal framework should be developed and implemented by the United Nations and other Regional Organizations to condemn and punish countries which perform espionage actions against other countries in the international community. Edited by Tan Tai Tiong and You Dongxiao 30 Defense Forum Autumn 2013