Cybersecurity. Canisius College

Transcription

1 Cybersecurity Introduction In the year 2013, cybersecurity is a relevant issue on both the most personal level and the global level. Never has humanity had access to such a vast array of information. Never before has there been so much information digitized and available electronically. People and their governments struggle to preserve norms of privacy in a new digital age and sometimes tensions between privacy and security arise. The recent case involving Edward Snowden highlights just how important cybersecurity truly is in the world today. In this case a citizen was exposing secrets of his own state and that s not the only high-profile case of this kind. The legal case, trial, and conviction of Private Chelsea (Bradley) Manning in the United States for releasing secret documents to Wikileaks has provided proof that governments do not take breaches of cybersecurity lightly. Cyber-attacks against governments and corporations are also on the rise annually sometimes with origins traceable to state militaries, sometimes to non-government sources. In this atmosphere of cyber insecurity, states are looking for solutions to protect themselves and their citizens. The Issue McAfee, a security software company, produces its own research on cyberattacks both annually and quarterly. The most recent quarterly report is that from the first quarter of The report is quite extensive but a few conclusions about personal cybersecurity are worth noting. For example, one major point of the report was that mobile security has seen more breaches in the first quarter of 2013 than in all of the previous year. The report also notes the development of more advanced malware than they have ever witnessed in the past. 1 This malware is associated with cybercrime, which involves theft and fraud made possible by gaining access to individual users private data. Concurrent with the rise in personal cybercrime is the development of states abilities to carry out cyber attacks. Many countries have been implicated as victims, perpetrators, or both, including the United States, Russia, China, Iran, Israel, and many others, and allegations are leading to concerns about cyber weapons and even cyber arms races. Stuxnet and Flame are just two examples of specific cyber weapons that have made their way to headline news in the United States and around the world. Stuxnet is a computer worm attributed to the United States that 1

2 infiltrated and damaged Iranian nuclear facilities. Similarly, Flame is malware attributed to the Israeli government that has infiltrated the computer networks of other Middle Eastern States. Although two of the biggest stories of state of the art cyber weapons came from these two states, most of the developed states are producing similar weapons. For example when the Russian army invaded Georgia in 2008, a cyber weapon was developed to jam Georgian computers, with the assistance of Russian civilians. 2 Another story comes from the United States with regard to its development of cyber weapons. As explained in Computer Weekly, The US plans to fast-track the development of cyber weapons to give it the ability to create the means to attack specific targets within months and even days. The rapid development process is designed to respond to urgent, mission critical needs when the risk to operations and personnel is unacceptable, said the Washington Post, citing Pentagon a report. 3 While these measures create security for some, they also create insecurity that needs to be addressed by the global community. Some see the development and deployment of cyber weapons as an emerging threat that destabilizes global security and creates pressure for cyber arms races that could spiral out of control. Another pressing issue for the international community is cyber terrorism. The Center for Strategic and International Studies (CSIS) defines cyber terrorism as, "The use of computer network tools to shut down critical national infrastructures (e.g., energy, transportation, government operations) or to coerce or intimidate a government or civilian population." 4 Research shows that cybercrime is on the rise; as states seek out their own solutions to protect themselves and their citizens from these cybercrimes, the international community through the United Nations has also conducted its own research on the issue. A recent UN study called the Comprehensive Study on Cyber Crime concluded the following: The technological developments associated with cybercrime mean that while traditional laws can be applied to some extent legislation must also grapple with new concepts and objects, such as intangible 'computer data,' not traditionally addressed by law At the national level, cybercrime laws most often concern criminalization establishing specialized offences for core cybercrime acts. Countries increasingly recognize the need, however, for legislation in other areas. Compared to existing laws, new or planned cybercrime laws more frequently address investigative measures, jurisdiction, electronic evidence, and international cooperation. 5 The UN consensus, released June 7 th of 2013, was one of the first major steps that the charter has made in addressing the issues of cyber security, but it is not enough to call for individual member-states to develop laws that deal with cybercrime within their own borders. Cyber security is a transnational issue and requires coordination and cooperation across borders. The People s Republic of China (PRC) has been accused of generating cyber attacks, but the government of the PRC has also been a leading voice among those calling for transnational

3 cooperation to improve cyber security. 6 In the wake of the sensationalized Snowden affair and just a few days after China called for cyber security measures to be passed by the international community, Russia and the United States responded. On June 17th, the two states signed a bilateral agreement, stating that they would keep each other updated in real time on threats to security so as to reduce the risk of conflict in cyber space. The agreement came together as part of a broader effort to improve cooperation, including issues of counterterrorism and weapons of mass destruction. 7 Bilateral agreements between leading states is an important step toward global security, and cooperation between P-5 member-states Russia and the United States is encouraging. However, an endless series of bilateral agreements is not as desirable as broad-based global cooperation. The United Nations Security Council can build a strong foundation for global cooperation on cyber security by issuing a resolution pledging that all member-states should work together on this vital issue. What is being done? The United Nations will hold a summit meeting on the issue in Azerbaijan in But can the world afford to wait that long for UN leadership to emerge? A resolution from the UN Security Council would emphasize the importance of global cooperation on cybersecurity and would probably increase the chances of success at the summit meeting. As one report published on July 31 st, 2013 states about next year s summit: Taking into account that Azerbaijan is a UN Security Council non-permanent member, the UN proposed the country to hold a summit on cyber security in Baku The International Telecommunication Union (ITU) together with the [Azerbaijani IT] Ministry plan to organize an international conference on cyber security, to be held within the 19th International Exhibition and Conference BakuTel-2013 (Dec. 2-5). An expert meeting and a ministerial meeting of the member-states are expected to be held within the conference, [and] the Baku Declaration on cyber security is expected to be adopted following the conference [which would be] the first and single resolution on cyber security in the world. 8 There is no way to predict the outcome of this accord however the summit itself is of great significance. This is a very young issue with no certainty as to its direction. Recent years have shown that some solution or agreement must originate, because tensions are on the rise in the international community. The task will only become more difficult as technology increases, and states become more and more prone to construct protections for them. That is why it is imperative that the United Nations reaches consensus on the road ahead for cyber security, and crucial for the UN Security Council to lead the way by working toward a meaningful resolution

4 Questions to consider when preparing for Security Council deliberations on cybersecurity: What can member-states of the UN do to improve national and transnational cybersecurity? Are there precedents in the UN Security Council s resolutions that can be extended to the emerging issue-area of cybersecurity? Is cyberterrorism a big problem? If so, what can the UN Security Council do about it? Who or what is hurt by international cyberattacks? How can the UN Security Council prevent or reduce the damage associated with cyberwarfare or even better, to prevent cyberattacks from happening at all? Should the UN Security Council discourage the development of cyberweapons? What is your state s position on cybersecurity? Is your country developing cyber weapons or a cyberwarfare doctrine? What would your state be willing to do to contribute to improved global security in this area? Is cyber-warfare to be treated as any other form of war? If not, will a standard of just cyberwarfare develop? Is cyberwarfare a precursor to war, or an act of war itself? Sources and other valuable links: Cited Sources:

5 Useful Sources, some with excerpts UN Security Council Page: Are cyber security and international cooperation at odds? (December 2009; news) It has quickly transformed the way we live our lives, from the way we communicate to the way we do business. The Internet has evolved rapidly and with it the threats to international peace and security the idea of an international framework governing the rules of cyberspace has taken on a renewed spirit in public discussions. United Nations Making Slow Progress on Cybersecurity (July 2010; opinion) The U.N. has a chance to really make a difference with cybersecurity. Let's hope that diplomats realize that we are dealing with a real-time issue and respond with 21st century solutions rather than 19th century pomp and circumstance. US to fast-track cyber weapon development (12 April 2012; news) The US plans to fast-track the development of cyber weapons to give it the ability to create the means to attack specific targets within months and even days. The rapid development process is designed to respond to "urgent, mission critical" needs when the risk to operations and personnel is unacceptable, said the Washington Post, citing Pentagon a report. Security researchers discover powerful cyber espionage weapon 'Flame' (28 May 2012; news) Security researchers have discovered a powerful cyber weapon with functionality exceeding that of all other known threats. The advanced malware, which is said to be attacking targets in several countries, was discovered by security firm Kaspersky Lab during an investigation prompted by the International Telecommunication Union (ITU). The malicious program, detected as Worm.Win32.Flame, is designed to carry out cyber espionage Kaspersky calls for international cooperation on cyber security (31 January 2013; news) Governments must understand that cyber weapons are extremely dangerous and have to agree not to use them, according to Eugene Kaspersky, founder and chief of security firm Kaspersky Lab. It would be good if governments were to sign a treaty against the use of cyber weapons in the same way as they have done against nuclear, biological and chemical weapons, he told Computer Weekly Cybersecurity Strategies Raise Hopes of International Cooperation (Summer 2013; expert analysis)

6 Statement on Consensus Achieved by the UN Group of Governmental Experts On Cyber Issues (7 June 2013; press statement) The UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security agreed that confidence-building measures, such as high-level communication and timely information sharing, can enhance trust and assurance among states and help reduce the risk of conflict by increasing predictability and reducing misperception. The Group agreed on the vital importance of capacity-building to enhance global cooperation in securing cyberspace. The Group reaffirmed the importance of an open and accessible cyberspace, as it enables economic and social development. And, the Group agreed that the combination of all these efforts support a more secure cyberspace. Furthermore, the Group affirmed that international law, especially the UN Charter, applies in cyberspace. International Cyber Security at the UN: Between Doom and Hesitant Optimism (11 June 2013; blog post) Congruen with three, week-long sessions by the UN Group of Governmental Experts (GGE) on cyber security issues, the German embassy to the UN in cooperation with the EastWest Institute hosted an expert panel, entitled Cyber Security - Uncharted waters for the UN. Yes, the group maintained, international law and even the UN Charter apply to cyberspace. However, the path to consensus among member states on a global framework will be, not surprisingly, long and arduous. After Snowden revelations, China calls for cyber security regulations (14 June 2013) Foreign Ministry spokesperson Hua Chunying said at a regular briefing on Friday, "The international community should come up with regulations on cyber security. What cyberspace needs is not war or hegemony, not irresponsible attacks or accusations, but regulation and cooperation." Ms. Hua said [that] China was of the view that "international regulations should be made within the framework of the United Nations". U.S. and Russia sign pact to create communication link on cyber security (17 June 2013; news) The United States and Russia have signed a landmark agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern The accord is a rare positive development in an area of national security otherwise dominated by gloomy assessments of increased threats and capabilities among other nations and terrorists. UN offers Azerbaijan to host summit on cyber security (31 July 2013; news) The International Telecommunication Union (ITU) together with the [Azerbaijani Communications and IT Ministry] plan to organize an international conference on cyber security, to be held within the 19th International Exhibition and Conference BakuTel-2013 (Dec. 2-5). The Baku Declaration on cyber security the first and single resolution on cyber security in the world is expected to be adopted within the summit. In classified cyberwar against Iran, trail of Stuxnet leak leads to White House (18 August 2013; news) /?page=all The Obama administration provided a New York Times reporter exclusive access to a range of highlevel national security officials for a book that divulged highly classified information on a U.S. cyberwar on Iran s nuclear program, internal State Department s show.