02 geopolitical handbooks
moderndiplomacy
THE COMING CYBER STORM Examining the Russia-US-China Hacking Nexus
moderndiplomacy.eu
GIANCARLO ELIA VALORI Advisory Board Co-chair Honoris Causa Professor Giancarlo Elia Valori is an eminent Italian economist and businessman. He holds prestigious academic distinctions and national orders. Mr Valori has lectured on international affairs and economics at the world’s leading universities such as Peking University, the Hebrew University of Jerusalem and the Yeshiva University in New York. DR. MATTHEW CROSSTON Dr. Matthew Crosston is Vice Chairman of Modern Diplomacy and member of the Editorial Board at the International Journal of Intelligence and Counterintelligence. LAURA GARRIDO Laura Garrido is currently finishing her Master’s degree in the International Security and Intelligence Studies Program at Bellevue University in Omaha, Nebraska, USA. Her primary research interests cover the post-Soviet space and the fight against radical Islamism. DAVID DAVIDIAN David Davidian is an Adjunct Lecturer at the American University of Armenia. He has spent over a decade in technical intelligence analysis at major high technology firms. MAHMUDUL HASAN Mahmudul Hasasn is Lecturer of Law at the University of Development Alternative (UODA), Bangladesh. ANONYMOUS Anonymous is currently a graduate student in International Security and Intelligence Studies at Bellevue University and works within the US governmental system. The opinions expressed are strictly personal and do not reflect a formal endorsement of or by the United States’ government and/or Intelligence Community.
the gRand cYbeR spY gaMe can aMeRica eVeR Match RUssian cYbeR innoVation? china & RUssia: cYbeR coUsins bUt not cYbeR bRotheRs a peRFect cYbeR stoRM does RUssia haVe a neW WaY to Wage WaR? ManUFactURed bogeYMan the Us intelligence and pResident donald tRUMp Fsb's snoWden WaR a WeaponiZed cYbeR coMMons the Fsb and sigint inteRnational cYbeR secURitY coopeRation the challenge oF the indigenoUs aRMs indUstRY
t
The Coming Cyber STorm Examining the Russia-US-China Hacking Nexus
There can be no denying the importance of cyber-conflict and the potential of cyber-war in the 21st century. What was once restricted to the screenplays of Hollywood science fiction writers now seems to be an essential component of any modern conflict. In fact, as our readers will see with this anthology from the Modern Diplomacy, cyber weapons may indeed eventually come to be seen as a preferred method for initially waging war and starting conflict, ultimately replacing the more tried-and-true traditional kinetic operations. We investigate this reality here by looking at the three dominant global players responsible for most of the major cyber initiatives taking place today: the United States, the People’s Republic of China, and the Russian Federation. We call this triumvirate the ‘hacking nexus’ because it is difficult to research any major cyber event in the 21st century that has not involved one or more of these three rivals.
modern diplomacy
moderndiplomacy.eu
And these events do not transpire in a political vacuum: they are indicative of a new technological foreign policy that signals these three countries in particular will be able to infiltrate and insert themselves into the affairs of just about anyone, if they so wished. This kind of invasive power needs to be chronicled and analyzed and this anthology is but the first small step to open that discussion. As is always our style, Modern Diplomacy does not label any one country the villain or any state the ‘good guy.’ We do not believe the world of cyber actually has black hats and white hats (pun intended). Instead, we believe the world of cyber makes politics, war, and diplomacy a sometimes hopeless and long-lasting cloudy grey. But as is always the case with research from the Modern Diplomacy, it is our faith in bringing complex issues into greater detail, and contributing knowledge to subjects that seem to enjoy remaining obfuscated, that gives us hope for finding new opportunities for understanding, collaboration, and conflict resolution. So, we hope you enjoy this effort and truly find the information contained within a step in the right direction for making you more informed, more enlightened, and more willing to investigate the problem deeply, accurately, and powerfully. In a world full of misinformation and disinformation, may the readers of our anthologies be the light shining such shadows away into oblivion. Dr. Matthew Crosston Vice Chairman, Modern Diplomacy
The coming cyber STorm
D r . m aT T h e w C r o S S T o n & anonymouS
The Grand Cyber Spy Game
Russia, America, & China Stealing the World One Byte at a Time
e
Every month another story of cybertheft linked to China or Russia emerges. Recent data breaches at Target, United Airlines, Blue Cross Blue Shield, and OPM have been linked back to Russia, while theft of key technology across major Department of Defense contractors such as Lockheed Martin and US government laboratories have been linked to China. Neither China nor Russia’s government formally admit to leveraging the internet to steal secrets from other countries but hacks have been linked directly to their intelligence services’ respective buildings or individuals known to be under governmental influence.
The Coming Cyber STorm
International cyber incidents in Ukraine, Georgia, and Estonia have all been apparently linked back to Russia while the Canadian government recently set up domestic cyber-protection programs after several major corporations were hacked by Chinese intelligence. The US government struggles on how to approach these cyber intrusions. Should they be ignored so that other foreign policy initiatives can move forward? Are these initiatives acts of war or a new method of state gamesmanship? Do these collections of vast amounts of information count as high treason/espionage or simple economic theft? Environmental negotiations just about broke down several years ago when President Obama called out China for hacking several governmental systems during the negotiations. What does all of this signify as Russia and China become more important strategic world partners, while still at least semi-maintaining long-held intelligence and military adversarial attitudes toward the US? Welcome to the REAL cyber era, where multiple players try to steal the world one byte at a time while pretending to do nothing of the sort. The Chinese, American, and Russian intelligence services have no issue launching clandestine internet attacks to pursue what they all consider to be legitimate national security and foreign policy objectives. Sometimes the information collected is economic, directed against or about important corporations; other times the information is military and political. In all cases the information is highly strategic.
moDern DiplomaCy
While it is true that the information the Russian and Chinese intelligence services are providing to their respective policymakers is much broader in scope than the CIA or US Department of Defense, and is arguably much more domestically invasive than the FBI or DEA, both Russia and China have successfully started campaigns questioning the ‘purity of purpose’ within American intelligence given the details of the Snowden scandal. All of which begs questions: should American intelligence maneuvers match Chinese and Russian cyber precedence? Is the American public aversion to cyber collection programs really just a front for a private philosophy that already rivals China and Russia? Is there something fundamentally important for states to consider in this style vs. substance cyber spy debate? Crucial differences in intelligence organizational culture and mission make figuring these questions out quite difficult. While the United States has been quick to leverage open-source collection for its own programs, it has supposedly been hesitant to execute the power of its cyber abilities in invasive, offensive, global scenarios (although this consideration is now being heavily debated in the classified sector and some accuse it of already transpiring). This article will attempt to determine if Chinese and Russian intelligence services have gained a tactical advantage over the United States because of a political and bureaucratic blind spot, or if the United States intelligence collection culture is different only at the superficial level and is largely the same as its rivals in terms of true cyber substance.
moderndiplomacy.eu
The first important aspect in understanding the Grand Cyber Game is to understand how the Russian, Chinese, and US intelligence communities are structured. The United States is known for the ‘big brothers’ of its IC, the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA). However, there are actually 17 members of the US Intelligence Community. Some of these include intelligence offices for each branch of the US military, Department of Homeland Security, Department of Energy, Department of State, Department of the Treasury, Drug Enforcement Administration, National Reconnaissance Office (NRO), and National Geospatial- Intelligence Agency (NGA). The first five use intelligence collection as part of a law enforcement mission, while the NSA, NRO, and NGA all harvest data and imagery collection. Traditionally, the CIA operates overseas and cultivates human sources while conducting clandestine operations. The FBI traditionally manages counterterrorism operations domestically, provides investigation support overseas when American citizens are involved, and acts under an enforcement jurisdiction to maintain the law. The NSA was established to provide cryptologic services and to protect US information systems and signals intelligence. It supports military customers, national policymakers, and counterterrorism and counter-intelligence communities under the Department of Defense. However, in a post-9/11 world, these explicitly defined roles have become more blurred and opaque as global travel
and transnational collections are intensely complicated by the internet.Conversely, modern Chinese intelligence services have always had domestic and international missions intertwined. China’s Ministry of Public Security (MPS) was formed in 1954 as a domestic law enforcement agency. It managed criminal investigations, security protection, public information network security, traffic control, legal affairs, counter-terrorism, drug control, and other anti-smuggling and anticorruption duties. In 1983, the Ministry of State Security (MSS) was established as the formal intelligence and security agency of China for non-military areas of interests. It has the same authority to arrest or detain people as the MPS with a nearly identical oversight mission by the courts, but it is also a separate, parallel network to the MPS. The MSS mission is to ensure “the security of the state through effective measures against enemy agents, spies, and counter-revolutionary activities designed to sabotage or overthrow China’s socialist system.” Similar to the CIA, the MSS gathers foreign intelligence from targets in various countries overseas while the MPS gathers information domestically to protect against domestic terrorism and political coups. Both heavily rely on cyber collection.
The Coming Cyber STorm
Russia operates with three principal intelligence services. The SVR focuses on foreign intelligence collection, but mainly with civilian affairs. It is formally responsible for intelligence and espionage activities outside the Russian Federation. The GRU is the main foreign military intelligence directorate of the General Staff of the Armed Forces. It is Russia’s largest foreign intelligence agency, deploying at least six times as many agents as the formal KGB successor, the SVR. The FSB operates in theory only across the former Soviet Republics and domestically, but having had its operational portfolio increased in 2003 to include the Border Guard Service and the Federal Agency of Government Communication and Information. The three intelligence services often overlap and sometimes compete against one another in the recruitment and collection of intelligence sources. Russia also established an Anti-Terrorist Center that falls under full control of the FSB. The Center’s mandate was to create a database for intelligence sharing among the security services of all members of the Commonwealth of Independent States (CIS). Although the SVR has promised not to spy within CIS territories, the FSB has not. As such, it has become the de facto leading intelligence service for foreign collection activities for Russia. Interestingly, Russia has often turned a blind eye to Central Asian intelligence service activity within its borders, when Central Asian leaders are making moves against so-called political enemies (these moves are usually abductions back to Central Asia for detainment).
moDern DiplomaCy
These activities have included both the Chinese MSS and MSP. In 2001, the Shanghai Cooperation Organization (SCO) was established by China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan, to work together against terrorism, separatism, and extremism. They established their own Regional Anti-Terrorist Structure (RATS) that became the mechanism of choice for carrying out abductions across national boundaries, outside of standard judicial procedures. RATS operations have been compared to the CIA’s practice of extraordinary rendition and allow members to detain suspects in the six participating states outside of any rule of law. The members’ operators are not subject to criminal liability and they are immune from arrest and detention within the six states. The reality is, on an international level, the intelligence services of all three nations operate with remarkably similar mission goals and objectives: they wish to protect the national interests of their respective states and garner advantages for said states via the acquisition of important information. While Hollywood has often focused on the political deviance and violence of intelligence missions around the world, the less exciting reality is that intelligence is more often utilized simply for political leverage. On the domestic level, the United States has long-held the moral superiority card against rivals like Russia and China, largely based on the democratic system in America supposedly being more altruistic and legally-minded than the so-called autocratic-type regimes in Beijing and Moscow.
moderndiplomacy.eu
Snowden and other details in the past several years have started to make some at least wonder how much that moralism is built upon a foundation of sand and not stone. Finally, the stylistic aspect of intelligence public relations is significantly different between the three: the US decidedly tries to maintain an air of secrecy and deniability over just about everything its Intelligence Community does or needs to do. Russia and China, while revealing no secrets, tend to be a bit more unabashed about the role and necessity intelligence plays for the furthering of state power and do not fear making public statements to that effect anywhere, anytime. For them, therefore, the only difference between the three great players in the Grand Cyber Spy Game is the costuming and marketing of their respective goals, but NOT the ploys, initiatives, and overall desires. When it comes to winning, it seems all three are set and determined to virtually steal, that is, ‘obtain’ as much as possible. The Grand Cyber Spy Game demands no less.
The Coming Cyber STorm
Laura garrido
Can ameriCa ever matCh russian Cyber innovation?
i
In February 2015, James Clapper, the Director of National Intelligence in the United States, announced that the appraisal of Russian cyber capability and intention had been elevated, pushing Russia to the number one spot on the list of countries which pose a major cyber-threat to the United States. China held the number one spot for years because of the frequency of attacks on the United States. However, China’s cyberattacks were financially and economically motivated espionage rather than outright physical infrastructure attacks. Also, even though China’s cyberattacks were more frequent, it is believed Russia has more capabilities but has simply chosen not to use them all yet.
The Coming Cyber STorm
Clapper also stated that Russian cyber saboteurs, spies, and thieves are widening their attacks against vulnerable American internet infrastructure, which chips away at US wealth and security over time. Clapper’s intelligence assessment details how Russian cyber actors are creating new ways to remotely hack into industrial control systems that run electrical power grids, urban mass-transit systems, air-traffic control networks, and oil and gas pipelines. According to private-sector cyber security experts, these actors have been able to successfully compromise the product supply chains of three control system vendors so customers unknowingly downloaded exploitative malware directly from the vendors’ websites along with routine software updates. Russia is seen as an unregulated area as well as a safe haven for the development and spread of malicious codes around the world. According to senior Russian military officials, its Ministry of Defense is establishing its own cyber command that will be responsible for conducting offensive cyber activities, such as propaganda operations and inserting malware into enemy command and control systems. A specialized branch for computer network operations is also being established by Russia’s armed forces. This is the consequence of a national security legacy, as Russia was one of the first nations to move assertively into the cyber sphere. In 1998, long before most nations even began thinking about cyber-security, the Kremlin established “Directorate K” to begin operations to monitor and defend against hackers and spammers.
modern dipLomaCy
However, in recent years, Directorate K has taken on a more offensive role in the digital sphere. Russia has been cyber-attacking the United States for several years. In 1999, it was discovered that the Moonlight Maze virus had been stealing information from the Department of Defense, Department of Energy, NASA, and military contractors for two years. In early 2015, Russia hackers were able to access an unclassified server of the US Department of State. Through this they were able to penetrate sensitive areas of the White House computer system and access information such as the real-time non-public details of President Barack Obama’s schedule. The FBI, the Secret Service, and United States intelligence community overall are all involved in investigating the breach and say that it was one of the most sophisticated attacks ever launched against American governmental computer systems. Russia was also able to hack into systems at the Pentagon in July 2015. The sophisticated cyberattack affected nearly 4,000 federal employees when it shut down the Pentagon’s unclassified email system for the Joint Staff for nearly two weeks. The attack was carried out through the use of encrypted accounts on social media and officials at the Department of Defense stated that the attack involved “new and unseen approaches into the network.” Fortunately, only unclassified accounts and emails were involved so no classified information was accessed or taken from the network.
moderndiplomacy.eu
These cyberattack threats from Russia are a major concern for the United States because they undermine United States economic competitiveness and its fundamental belief in maintaining the secrecy of national security information. As of now, a “cyber armageddon” is not a high risk, but low to moderate-level attacks over time could pose serious financial security risks to the United States. In the US alone, international hacking has cost, on average, between 25 billion to 100 billion dollars annually. In 2008, cyber espionage, including industrial espionage, intellectual property theft, and theft of trade secrets caused the loss of more than one trillion dollars worldwide, with Russia always being cited as one of the main perpetrators. Russia’s tactics of using cyber-attacks to block any and all communications from within a nation-state and its ever increasing innovative capabilities could have a significant negative impact on United States’ security and interests. What the real question seems to be is not so much can Russia be stopped but does the United States have the talent pool to create similar cadres capable of matching the same innovation emerging from Russia. Classified information and state secrets aside, the jury on that question, quite frankly, remains out.
The Coming Cyber STorm
D r . m aT T h e w C r o S S T o n
China & Russia: CybeR Cousins but not CybeR bRotheRs
t
There seems to be a strong divergence in perception behind China's desire to command cyberspace oensively. On the one hand, there is the assumption that this is a natural manifestation of its growing desire to achieve global superpower status. On the other hand, there is the counter-argument that emphasizes China's own perception to be unable to operate eectively against the United States in a conventional military confrontation. (Hjortdal 2011) Indeed, many Chinese writings suggest cyber warfare is considered an obvious asymmetric instrument for balancing overwhelming US power. (Hjortdal 2011)
The Coming Cyber STorm
This latter argument is more compelling based on the stark military realities: •In overall spending, the United States puts between five and 10 times as much money into the military per year as does China. •Chinese forces are only now beginning to be brought up to speed. Just one-quarter of its naval surface fleet is considered modern in electronics, engines, and weaponry. •In certain categories of weaponry, the Chinese do not compete. For instance, the U.S. Navy has 11 nuclear-powered aircraft-carrier battle groups. The Chinese navy is only now moving toward the complete construction of its very first carrier. •In terms of military effectiveness, i.e. logistics, training, readiness, the difference be tween Chinese and American standards is not a gap but a chasm. The Chinese military took days to reach survivors after the devastating Sichuan earthquake in May of 2008, because it had so few helicopters and emergency vehicles. (Fallows 2010) Given this state of military affairs, a Chinese perception of insecurity is not surprising. Even more logical is the Chinese resolve to evolve its asymmetric cyber capabilities: such attacks are usually inexpensive and exceedingly difficult to properly attribute, meaning the victim is unlikely to know who was directly responsible for initiating the attack. It is even more complex for states, where cyber-attacks can be ‘launched’ from inside of neutral or allied countries. (Ollman 2011)
moDern DiplomaCy
Given an authoritarian state’s capacity for paranoia, it is illogical for China to not develop its offensive cyber capabilities. In this case the weakness - conventional military strength - is quite real. To that end, the People's Republic of China has endeavored to create its own set of lopsided military advantages in the cyber domain: •The Pentagon's annual assessment of Chinese military strength determined in 2009 that the People's Liberation Army had established information warfare units to develop viruses to attack enemy computer systems and networks. •The PLA has created a number of uniformed cyber warfare units, including the Technology Reconnaissance Department and the Electronic Countermeasures and Radar Department. These cyber units are engaged on a daily basis in the development and deployment of a range of offensive cyber and information weapons. •China is believed to be engaged in lacing the United States’ network-dependent infrastructure with malicious code known as ‘logic bombs.’ (Manson 2011) The official newspaper of the PRC, the Liberation Army Daily, confirmed China's insecurity about potential confrontation with the United States in June 2011. In it, the Chinese government proclaimed that, "the US military is hastening to seize the commanding military heights on the Internet…Their actions remind us that to protect the nation's Internet security we must accelerate Internet
moderndiplomacy.eu
defense development and accelerate steps to make a strong Internet Army." (Reisinger 2011) Clearly, the Chinese have sought to maximize their technological capacity in response to kinetic realities. This is not to say the United States is therefore guaranteed to be in an inferior position (information about American virtual capabilities at the moment remains largely classified), but the overt investment, recruitment, and development of Chinese virtual capabilities presents opportunities that the US should also be willing to entertain. How does all of this compare and contrast with the Russian approach to the cyber domain? Anyone studying cyber conflict over the last five years is well aware of Russia's apparent willingness to engage in cyber offensives. The 2007 incident in which the Estonian government was attacked and the 2008 war with Georgia are universally considered examples of Russia using cyber technology as the tip of their military spear. While it is true that Russia actively encourages what has come to be known as ‘hacktivism’ and lauds ‘patriotic nationalist’ cyber vigilantism as part of one's ‘civic duty,’ there are still distinct differences with China.
Much of Russia’s cyber activity, when not in an open conflict, seems to be of the criminal variety and not necessarily tied directly into the state. Indeed, Russia seems to utilize organized crime groups as a cyber conduit when necessary and then backs away, allowing said groups continued commercial domination. Russia, therefore, almost acts as a rentier state with criminal groups: cyber weapons are the ‘natural resource’ and the Russian government is the number one consumer. This produces a different structure, style, and governance model when compared to China.
Parsing Cyber Rogues
The Coming Cyber STorm
Purpose China's purpose in developing its cyber capability seems motivated by protectionist instincts, based largely on the perception that it is not able to defend itself against the United States in a straight conventional military conflict. Russia's purpose seems utterly predatory. This is no doubt influenced by the fact that most of the power dominating cyber capability in the Russian Federation is organized and controlled by criminal groups, sometimes independently and sometimes in conjunction with governmental oversight. Psychology The operational mindset of China seems to be both long-term and rational. It develops its strategies based on future strategic objectives and its position within the global community. Most if not all of China's goals in the cyber domain can be clearly understood if rational self-interest is taken into consideration. Russia's cyber mindset is dominated by short-term thinking, largely motivated by the pursuit of massive profit and wielding inequitable political power. When analyzing just how much of Russian cyber activity is in fact controlled by the desire for wealth it is hard to not have an overall impression akin to state cynicism. Style The atmospheric style in which Chinese cyber activity takes place is strategic. The state strives to control the cyber environment and maintain influence over all groups in the interest of the state. The Russian cyber atmosphere unfortunately resembles nothing if not anarchy.
moDern DiplomaCy
The state engages criminal groups whereby the relationship’s authority structure is blurred if not non-existent. As a result, there is little confidence that the government of Russia exclusively controls its cyber environment. Governance Model It is clear that China's cyber governance model is state-centric. This may not be most ideal for democracy, but it shows how China does not allow competing authorities or shadow power structures to interfere with its own national interests. Russia's cyber governance model is crimino-bureaucratic. It is not so much that the state is completely absent from the cyber domain in Russia: it is rather the ambiguity of power and authority that defines the cyber domain. Russia may enjoy claiming the allegiance of its patriotic nationalist hackers, but it does not in fact tightly control its own cyber netizens, at least not in comparison to China. While both Russia and China are not afraid to use oensive cyber weapons, there are dramatic structural, motivational, strategic, and philosophical dierences. Russia seems to embody a criminal-governmental fusion that has permeated the entire state apparatus. The cyber domain there is used for temporary forays to achieve state objectives and then returns to more permanent criminal projects.
moderndiplomacy.eu
As such, the domain is not truly state-controlled, is relatively anarchic, and cannot establish any deterring equilibrium. China, on the other hand, may be the first state to truly embrace the importance of techwar: it has realistically assessed its own kinetic shortcomings and looked to cyber for compensation. In short, it has fused Sun Tzu with Machiavelli: better to quietly overcome an adversary's plans than to try to loudly overcome his armies. This analysis paints Russia in a relatively stark strategic light. While these differences do not give rise to a trusted alliance with China, the manner in which China approaches its cyber domain presents interesting new ideas about how the US or the West should approach the global cyber commons. Russia has room to improve still on the cyber front if its interests are in greater cooperation internationally with the world’s other great powers. If it prefers its current ‘lone wolf’ approach, then it is doubtful the cyber commons will ever see any organized or honored regime of rules and proper behavior.
The Coming Cyber STorm
Laura garrido
A Perfect cyber Storm Russia and China Teaming Together
u
United States intelligence agencies have listed cyber-attacks as the top threat to American national security, ahead of terrorism. These threats are increasing in sophistication, scale, frequency, and severity of impact. Also, the range of actors, attack methods, targeted systems, and victims are expanding. In February 2015, James Clapper, the Director of National Intelligence in the United States, announced that the estimation of the Russian cyber threat had been elevated, pushing Russia to the number one spot on the list of countries which pose the greatest danger to the United States.
The Coming Cyber STorm
Since the collapse of the Soviet Union, Russia has faced political, military, and economic challenges which it worried could mean that its national interests could be ignored by other powers. In order to protect their interests defensively, and free up their offensive capabilities for deployment elsewhere, Russia and China signed an agreement in April 2015 vowing not to attack each other, while also agreeing to share intelligence and software and cooperate in law enforcement and investigations. This is a direct challenge to the United States because not only are Russia and China working together to get ahead in the energy race but this agreement meant they were now trying to combine their capacities in the digital world. China and Russia, by far, have the most sophisticated cyber capabilities in the world. The offensive cyber capabilities of each individual country was a threat already to the United States but if they now work together in earnest the United States could be facing an unprecedented cyber danger. According to senior military officials, Russia’s Ministry of Defense is establishing its own cyber command that will be responsible for conducting offensive cyber activities such as propaganda operations and inserting malware into enemy command and control systems. A specialized branch for computer network operations is also being established by Russia’s armed forces. Computer security studies claim that unspecified Russian cyber actors are developing ways to access industrial control systems remotely. Industrial control systems manage critical infrastructures such as electrical power grids, urban mass-
modern dipLomaCy
transit systems, air-traffic control, and oil and gas distribution networks. “These unspecified Russian actors have successfully compromised the product supply chains of three ICS vendors so that customers download exploitative malware directly from the vendors’ websites along with routine software updates.” Russia was one of the first nations to move assertively into the cyber sphere. In 1998, long before most nations even began thinking about cyber-security, the Kremlinbacked “Directorate K”, a government agency, began operations to monitor and defend against hackers and spammers. However, in recent years Directorate K has taken on a more offensive role in the digital sphere. Russia has been cyber-probing the United States for many years. In 1999, it was discovered that the Moonlight Maze virus had been stealing information from the Department of Defense, Department of Energy, NASA, and military contractors for two years. In early 2015, Russian hackers were able to access an unclassified server belonging to the United States Department of State. Through this they were able to penetrate sensitive areas of the White House computer system and access information such as the real-time non-public details of President Barack Obama’s schedule. The FBI, Secret Service, and other United States intelligence agencies were all involved in investigating the breach and said that it was the most sophisticated attack ever launched against an American governmental system.
moderndiplomacy.eu
The breach was pinpointed to hackers working for the Russian government based on “tell-tale codes and other markers,” even though the intrusion was routed through computers all around the globe. The attack was believed to have begun with a phishing email launched using a State Department email account that the hackers had previously stolen.
Titan Rain is particularly unnerving because the attack was meant to be completed in as little as 20 minutes and was able to target high-profile agencies such as NASA, the US Army Information Systems Engineering Command, the Defense Information Systems Agency, the Naval Ocean Systems Center, and the US Army Space and Strategic Defense Installation simultaneously in one day.
China has also recently increased the amount of time, manpower, resources and money spent on cyber espionage. China’s People’s Liberation Army (PLA) includes a special bureau within its intelligence community specifically managed for cyber espionage. The PLA, according to recent intelligence reports, is not only capable of advanced surveillance and collection but also possesses malware that could take down foreign electricity and water grids. However, it seems that China so far has only been motivated to commit financial and economic espionage, rather than any outright physical infrastructure attacks. Nevertheless, the United States has been getting compromised by China for many years. “It is estimated that in the last few years, Chinese hackers have attempted attacks on 2,000 companies, universities, and government agencies in the United States.” In 2003, China launched Titan Rain against United States military and government agencies. Titan Rain targeted US defense networks in an attempt to obtain confidential national security information. While no information was reported as stolen, it was considered to be one of the largest attacks in cyber espionage history.
These cyber threats from Russia and China were always a major concern for the United States because they undermined American economic competitiveness and at least tried to compromise national security interests. As of now, a “cyber armageddon” may not be a high risk but low to moderate-level attacks over time could pose serious financial and security risks to the United States. Especially if this supposed cyber alliance ever truly takes root and begins to create new innovative cyber strategies for attacks. “In the United States alone, the value of the information that is compromised due to international hacking is somewhere between 25 billion to 100 billion dollars annually.” With Russia’s tactics of using cyber-attacks to block any and all communications from within a nation-state and China’s habit of economic and financial cyber-attacks, the two countries combining could be a perfect storm of political and economic havoc that may not yet have the United States’ proper attention and deterrence capacity.
The Coming Cyber STorm
Laura garrido
Cyber-prepping the battlefield Does Russia have a New Way to Wage War?
a
According to the Bloomberg report, Russia may leverage vulnerabilities in critical infrastructure, including large banks, stock exchanges, power grids, and airports, as pressure points against the West. Ashmore (2009) says the future of Russian cyber warfare is oensively poised. Mshvidobadze (2014) also claimed that analysts examining espionage malware of apparent Russia origin indicate a preparation of the battlefield for cyber war. Russia is developing information warfare capabilities such as computer network operations, electronic warfare, psychological operations, deception campaigns, and mathematical programming impact.
The Coming Cyber STorm
Ashmore (2009) agrees that Russia is developing new information war strategies with the use of hackers that support Russian government information specialists, providing Russia with assets to use during future cyber conflicts. Heickero (2010) also identifies the main organizations responsible for offensive and defensive cyber capabilities as the Federal Protective Service (FSO), the Federal Security Service (FSB), and the Main Intelligence Directorate (GRU). Russia’s approach to information warfare and information operations differs from that of Western countries to some extent. Russia sees information as a valuable asset that has strategic value and is a key factor for the stability of the state, for the regime, and for influential actors. According to Dr. Matthew Crosston, one of the leading experts both in cyberwar and Russian foreign policy, part of the reason why Russia is such a major threat to the United States is not only its increasing capabilities but the reasoning and psychology behind its attacks and development of such capabilities. Russia’s purpose in developing cyber capabilities seems to be predatory in nature.This predatory purpose is heavily influenced by “the fact that much of the power dominating cyber capability in the Russian Federation is organized and controlled by federal security agencies but also quasi-outsourced to criminal groups, sometimes independently and sometimes in strict conjunction with governmental oversight.” Crosston also notes the cynical cyber mindset of Russia is somewhat controlled by short-term thinking that has massive profit and political power-wielding motives.
modern dipLomaCy
While not all cyberattacks originating in Russia come from the state, Russia has been seen as a safe haven for cyber criminality directed against foreign interests and to some extent domestic cyber criminality. Many have pointed out that Russia has not acted resolutely enough to deal with these law breakers. Thus, what makes Russia especially dangerous, according to Mshvidobadze (2014), is the collusion between the Russian state and cyber criminals. Criminal operators confound attribution and hone their skills on criminal activity, which ends up being a costeffective reserve cyber force available to the state when needed. There has also been a conjoining of criminal and governmental malware which could result in even more potent cyber weapons. All together this makes Russian cyber espionage widespread, hard to detect, difficult to attribute, and costly to counter. Heickerö (2010) pointed out Russian strategy emphasizing the importance of information warfare during the initial phase of a conflict to weaken the command and control ability of the opponent. This was evident in the 2007 attacks against Estonia and the 2008 attacks against Georgia. Some calculate this was also extensively used during the intervention in Syria in 2015. To add to this, Herzog (2011) claimed that the severity of the Estonian attacks was a wake-up call to the world. It showed that potentially autonomous transnational networks, such as state-sponsored, pro-Kremlin hacktivists, could avenge their grievances by digitally targeting the critical infrastructure of technically sophisticated states.
moderndiplomacy.eu
Herzog suggested that enhancing cyber security and creating new multinational strategies and institutions to counter cyber threats was essential to the sovereignty and survival of states. The biggest challenge, however, is striking a balance between Internet freedom and maintaining adequate early-warning monitoring systems. Cordesman and Cordesman (2002) criticized the disconnect between US cyber-defense and cyber-offense. This was later expansively enhanced by the work of Crosston (2011; 2013; 2014) This conceptual analytic disconnect permeates US governmental efforts and the response of state and local authorities, the private sector, and non-governmental organizations. They believe in a need for a “comprehensive annual net assessment of cyber threats that combines analysis of the threat that states present in terms of cyberwarfare with the threats that foreign, domestic, and non-state actor groups can present in terms of cyber-crime and cyber-terrorism.” Ashmore (2009) believes that the international community should work together to track and prosecute cyber criminals that operate outside the country being attacked. Also, Ashmore (2009) believes that nations should “work together to share technical data to maintain cyber defenses and keep up with the newest and ever-changing cyber-attacks” because individual hackers usually share information on new techniques that can penetrate IT defense structures. This prescription, however, requires enormous amounts of trust from both sides, which is hard to ask for even amongst allies.
While the international community should come together to secure cyberspace, it is a completely different ballgame to ask states to share their defense techniques. Not only could this information be used to identify vulnerabilities in their defenses, if the information is stolen by hackers, it could be used against these states and in turn applied to the hackers’ networks to make countermeasures impotent. Another prescription offered by Ashmore (2009) is the creation of laws that make cybercrimes illegal with the hope that the punishments would deter potential cyber criminals. The problem with this is that there is already plenty of laws criminalizing hacking and cyber espionage, none of which have slowed the frequency of cyberattacks. Will new laws prevent the average middleclass Joe from sending vicious malware to his ex-employer out of spite? Maybe. Will new laws prevent criminal hacktivists from launching a politically motivated attack to their adversary’s networks? The answer is most likely no. Just as terrorists continue to murder, maim, and rape their victims regardless of the laws that forbid such actions, those who want to hack likely will. It does not matter what laws are in place. It is this innate internal motivation of the hacker that states like the Russian Federation count on and strategically utilize. For the most part, Russia is the undisputed leader in this newly politicized world of the dark net.
The Coming Cyber STorm
D r . m aT T h e w C r o S S T o n
Manufactured BogeyMan Trump, Mainstream Media, and Russian Hacking
t
The current America media coverage in the West on the Russian-hacking scandal has largely been used to further portray President-elect Donald Trump as either an oblivious ignoramus (granted, this is not the only issue used to try to portray the President-elect in such a light) or as some oddly recalcitrant Russian patsy, being used and manipulated by a strategically superior Vladimir Putin. Part of this motivation is clearly rooted in a still bitterly disappointed progressive movement that clings to the hope some piece of information can emerge before January 20th that might derail the inauguration.
The Coming Cyber STorm
Since the possibility of recounts, voter fraud, and other such shenanigans seemed to wither and die on the vine before they could gain any real momentum, the Russian-hacking scandal is now the du jour focus for the anti-Trump brigade. Since largely domestic procedural complaints failed, perhaps an international espionage illegitimacy angle will work? The reality is this will not work and for several important reasons. It seems that mainstream media isn’t interested in covering these reasons but the larger global community should be cognizant of them. 1. The relative insignificance of the information released through hacks It has been rather odd to see how a fact that was hugely trumpeted by progressives during the campaign is now being largely shoved under the media rug, as it were: that just about all of the massive trove of emails released by Wikileaks contained either selfevident ‘duh’ moments (the Democratic National Committee felt it needed to support Hillary over Bernie in order to have a better chance in the national election? This is newsworthy or a surprise to anyone?) or were mind-numbingly boring (exactly how many Podesta emails must we read to know that Podesta really wasn’t all that important in the election campaign?). The interesting bait-and-switch being performed now in mainstream media is that the public is being told to not focus on the content of the hacks but simply on the process: that a foreign nation allegedly engineered the release is what needs to be criminalized and anyone who benefited from it should be nullified.
moDern DiplomaCy
Creative, most certainly, but not legitimate to nullify the election because no one will be able to explicitly and quantifiably show the impact any alleged Russian hacking had on actual voter turnout. Without that crucial evidentiary connection the trail simply goes dormant. 2.The crucial aspects of Hillary’s poor performance in key-Democratic areas cannot be truly tied to Russian hacking Three crucial states that Hillary ultimately lost were Michigan, Pennsylvania, and Florida. Inside each were three key democratic stronghold cities: Detroit, Philadelphia, and Miami. Hillary handily beat Trump in all three, mostly by percentages in the high teens. A prominent victory for sure in most races. The problem, of course, is that Obama four years earlier had taken those three cities over Romney by percentages as high as EIGHTY, a truly astounding figure. This trouncing helped Obama carry those three crucial states in 2012. Hillary’s relatively modest wins there were not enough to overcome Trump’s state dominance outside of those metropolitan centers. No one can show or prove that the largely urban minority populations of Detroit, Philadelphia, and Miami were demotivated to go vote for Hillary because of Wikileaks. This is because that demotivation was not instigated by the Russians but by the relatively uninspiring and indifferent attitude of the Clinton campaign. It was so confident it was going to easily capture these areas, based on the resounding victories of Obama beforehand, that it basically just bypassed them on the campaign trail again and again.
moderndiplomacy.eu
This clearly proved to be a huge mistake but it had nothing at all to do with Russians engineering a Trump presidency. Thus in some ways Russian hacking is now being used to cover over fundamental strategic missteps in the Democratic campaign. 3.The overall poor turnout on both sides of the electorate places blame in other places While Trump did indeed command a healthy electoral college victory, he did in fact lose the popular vote. This enrages many progressives (even though they went through this exact scenario 16 years ago, when Gore lost a much closer electoral college race, but won the overall popular vote against Bush) and allows them to not pay as much attention to the eternal vexation of American politics: that a mature and stable democracy seems to never motivate its voting population to participate beyond 50%. So, taking half of half, as it were, means once again America is putting into the Oval Office a person who was explicitly affirmed by barely 25% of the public. This undermines the accusation that any Russian hacking campaign was crucially impactful in the election results: it needs to be shown that the hacks either inspired Trump voters to go out or depressed Clinton voters from showing up. In real terms, as in recent Presidential elections, the electorate overall stayed remarkably and uninspiringly consistent in terms of poor participation. Thus, it is legitimate to argue Russian hacking had relatively little influence.
4.The disagreement now emerging from within the American Intelligence Community about what it all means still misses a basic point of fact The CIA has been the agency within US Intelligence (there are 17 overall within the American system) that has spear-headed both the analysis of the alleged Russian hacking and the conclusions to be made from it. CIA analysts have continuously stated the ‘evidence’ leading back to Russianbased hacking efforts is overwhelming. While Trump still somewhat clumsily misplays this fact by trying to stubbornly deny any such evidence at all, people need to realize that the more important question is not one of process but intent. Amazingly, it seems significant players within the US Intelligence Community are starting to unknowingly or begrudgingly agree with Trump. The Office of the Director of National Intelligence (ODNI) has maintained that the main problem in the hacking analysis is that no one has the ability to peer into the mindset of the actual actors who did the hacking. Therefore, the ability to know the true intent of the hacking is impossible to ascertain. The FBI, which usually conducts its analyses based on the higher threshold of building an actual legal case before an American court, has first agreed with the ODNI but then, receiving some criticism, has said it agrees with the overall conclusion of the CIA. This will get a lot of new press in the West but it won’t hide the fact that the FBI would NOT want to go to court with what the CIA has shown so far as ‘proof of electoral results tampering.’
The Coming Cyber STorm
There is a huge difference between being co-conspirators to undermine the institutions of American democracy and engineer an illegitimate result and simply wanting to embarrass the candidate who has spent half a dozen years publicly proclaiming antiRussian policies and sentiments (something Hillary has done with ample media evidence to prove it). Given the shock of most media outlets during election night it is hard to imagine Russian sources were more in tune with the pulse of the American people. Which means they thought Hillary was going to win just like everybody else. Which means the hacking, if anything, was not about electing Trump pre-election but embarrassing Clinton post-election. And while that is still certainly unsavory it also does not add up to anything more than what every politically-motivated campaign ad was trying to do to each candidate all throughout the election campaign for two years. Unfortunately, the present media circus surrounding the hacking scandal has dripped into the true corridors of power within Washington, as both the Senate and House of Representatives are demanding deeper investigations.
moDern DiplomaCy
But these investigations are going to do nothing but reveal the very astute and important divergence presently separating the US Intelligence Community: no one is ever going to be able to ‘prove’ in a legal sense that Russia explicitly compromised the American presidential election. What it did was largely akin to very powerful and wellfinanced PAC (political action committee) campaigns fueling anti-Clinton rumors and disinformation. But that reality is something that epitomizes nearly every election campaign at every level within America today. Just look at the recent fervor to root out ‘fake news.’ For those who analyze foreign policy closely, it is not surprising that Russia would prefer a President Trump over a President Clinton. But that does not mean the Trump Presidency now exists solely or exclusively because of Russian interference. It doesn’t. And progressives need to realize this manufactured bogeyman is not going to help them move forward as a party or strategize better in future elections.
moderndiplomacy.eu
g i a n C a r l o e l i a Va l o r i
The US inTelligence and PreSidenT donald TrUmP
e
Everyone should or could carry out influence actions and operations or, if the situation is favourable, each country could even interfere with or intrude into the political process of an opponent or an ally. Francesco Cossiga, who really knew everything about intelligence services, used to say that the agent of influence "attacks the country of interest by influencing its decision-making process." If we made a list of the agents of influence currently operating in Italy, we could almost smile and wonder at this refined, complex and subtle intelligence field. On the other hand, as many Italian and foreign journalists and scholars have documented, the United States made several influence actions and operations vis-Ă -vis Italy.
The Coming Cyber STorm
They included the "demagnetize" project designed to eradicate, both in Italy and in France, the cultural and political influence of the Communist Party and its allies. Not to mention the Embassy briefings given to Indro Montanelli and many other great Italian journalists. This is exactly the "influence" which has always materialized in Italy. Obviously, also the Soviet Union did so, through networks not identifiable with Moscow and apparently apolitical - or even notoriously right-oriented - news agencies. If there had not been a colonel of the Defence Intelligence System (SID), who distributed bribes to the participants of the Italian Republican Party Congress in Ravenna, so as to ensure the victory of Ugo La Malfa - and hence of the Party line in favour of the "centre-left project" – currently Italy would have been very different. Finally, if a great foreign correspondent of the newspaper "L’Unità" had not had personal and direct contacts with the Palestinian leadership, he visited at night by crossing the lines - and who was later discovered to be a KGB colonel - much of the Middle East policy of the Italian Left would have not been implemented. Intrusion is a technique of offensive and covert penetration into friends’ or foes’ intelligence systems to draw confidential information and, once again, change the decision-making process of the "victim." These are crimes which, if discovered – as is probably now happening in Italy – affect the agents, but usually keep the source that used data intact. It is not necessary for these operations to be always in the cyber area - they can also be carried out with the old paper documents.
modern diplomaCy
As an Italian Navy Officer did during World War II, by taking away important documents during a party held in an enemy embassy and later returning to the ball- room with a dazzling smile. To be clear and technically accurate, with Donald Trump the US intelligence services have decided to do what they do in countries swinging between two influences: a delegitimizing bloodless coup. Why? Because the US intelligence community has many and varied interests, including companies, foreign politicians and geostrategic projects already underway. Everybody has mobilized against Trump since the very beginning so as to make him a “lameduck”: lavishly funded demonstrations against him were staged throughout the country, such as those of the Ukrainian Euromaidan, as well as of the usual Hollywood actors - who are progressive and liberal only when their money is not called into question – and of the gay or LGBT communities that have long become reference groups for election or advertising campaigns or for campaigns designed to change social perceptions. One issue regards also Israel: 20% of Hillary Clinton’s campaign was funded by Saudi Arabia, not to mention the Sunni lobby which has been domineering the State Department since George W. Bush’s administration. With Donald Trump, also this mechanism will go up in smoke. The President-elect knows all too well that, without Israel, there is no room for the United States in the Middle East. And even this rankles in the now modest mind of our American friends.
moderndiplomacy.eu
If Trump’s line for an appeasement with the Russian Federation had real effect, the whole new cold war apparatus arranged by Barack Husseyn Barack Obama and Hillary Clinton would go to waste. Obviously, it is very likely that Putin ordered his networks in the United States to favour the Republican candidate hated by his own party. However, we will never know and the reconstructions of facts made by the Director of Central Intelligence (DCI), who is usually the Head of CIA, are very weak and sometimes naive. In his official document, summarizing a longer and very confidential text, the DCI speaks about public and well-known attempts made by Vladimir Putin to influence "the US decision-making process". Cannot a sovereign State say what it thinks? How can we prevent it to do so? On April 7, 2016 the DCI also publicly spoke of Panama Papers dismissing them as defamation means used by the United States against Russia, by even adding the issue of the Russian athletes’ doping at the Olympics. Is there anything more evident than this? Would this be a secret mechanism to "demolish the American liberal society and its institutions"? I do not think so. Furthermore the document notes that Putin, although appreciating the efforts made by Trump during the election campaign, "avoided praising him so as not to create problems to his reference candidate". What else could he do - as the DCI document maintains - if not developing "a clear preference for the candidate Trump"? Is it a crime or - and here the issue gets comic - an "intelligence operation"?
However, what our US friends currently mean by intelligence? I fear that it happened to them what is also happening to us, that is a kind of transformation of Agencies and Services into a large "communication company", in which operations are no longer carried out or, rather, it is believed that “communication” is enough. It is not enough to organise competitions for children to "draw intelligence". We need to still be harsh and impassive operators of covert actions, which are only rarely real war actions. In short, from the US DCI document we can infer that a foreign Head of State should not even dare to mention the US election campaign. The document also mentions Putin’s "friends", namely Silvio Berlusconi and Gerhard Schroeder, both kicked out of their own governments because they were thinking of a new relationship between Russia and Europe. Indeed - as happened with the old cold war - Europe is still the bone of contention between the old and new Empires. Currently the issue lies in weakening it economically, but in the past the issue lay in making it strong – though not enough - to face the USSR and its Eastern European allies. Moreover, the DCI document also speaks of Guccifer 2.0 that hacked the US Democratic Committee’s website and is supposed to be an operator of the Russian military service (GRU). In fact, it is good practice for any serious secret service to use e-mails and Internet addresses directly related to its own structure, or possibly state, during the hacking activities, what it is and for what reason it is doing so.
The Coming Cyber STorm
Unbelievable. Conversely, the other charge included in the DCI document regarding the possible Russian intrusion into the US electoral machines, is more realistic. Would it not be better to use the old indelible pencils? Why using - as also happens in India – online electoral machines owned by private companies? The DCI document also states that the Russian media have always commented Trump statements favourably. What did they have to do - always stay quiet? And also other countries, such as Italy or France, have been fans of Donald Trump or Hillary Clinton, In fact, clumsily as usual, Italy funded Hillary Clinton’s campaign with Matteo Renzi. Hence the charges of manipulating the election process should apply also to Italy, which, however, with Matteo Renzi, knew nothing about the real US political equilibria. Reference is also made to well-known websites, such as Russian Times, which supposedly "denigrated" the poor wretched Hillary Clinton. Hence, obviously no one can pass judgments on American politicians. Moreover the report drawn up by CIA and disseminated by CNN about the Trump’s alleged sexual activities in Russia was - and is - entirely invented. Indeed, the DCI himself, James Clapper, apologized and has recently pledged allegiance to this Presidential administration. It seems incredible, but it is true that, according to some authoritative American media sources, CIA had asked for help to the Ukrainian services, which I imagine will be gone right through by Russia until after the Summit.
modern diplomaCy
To put it in harsh and clear terms, with these operations against its own country, CIA proved to be an amateurish Agency, now unable to do intelligence, but only capable of doing "communication" - and badly so. We do not even well understand why the 'Langley Agency has sunk so low. It may be full of poor-quality analysts, but it is not the only one. It does not want Trump to make peace with the Russian Federation, but why? It is true that the new cold war feeds the "industrial military system” that not even Eisenhower liked. However there is a strategic and political alternative option round the corner. Reaching an agreement with Russia and China (and here Trump harshly criticizes China’s "currency manipulation") so as to rebuild the new areas of influence in the world. China wants a free hand in the Pacific, without getting in the way and interfering with Japan. It is a smart proposal to be carefully studied in the United States. Obviously the United States will not leave South Korea to its fate, but again an agreement is possible even with the Communist North Korea. Europe should go to rack and ruin, for its irrelevant strategic merits, but it could become a safe area southwards, against the permanent Sunni jihad (fuelled exactly by the United States) and open to Eurasia and its new “Silk Road”, with collective security measures to be studied specifically.Latin America, that the United States have proved to be unable to hold, could be a reference area also for the European powers, called upon to support - with new development patterns - the economies created by millions of their emigrants.
moderndiplomacy.eu
Moreover Africa will increasingly need China and the Russian Federation, which will make their intervention areas safe. Finally Trump shall turn his intelligence system upside down, considering that McCain himself stated he drafted and then disseminated . instead of a now amateurish CIA – the 35-page document he himself had received from a British MI6 agent operating in Moscow. Material just sketched out and unverifiable, irrelevant and stupidly defamatory. The American “deep state” has not yet digested Donald J. Trump’s victory. but it shall do so quickly because the new President does not seem to be a man who is content with pretending to rule.
The Coming Cyber STorm
AlexAnder S. mArTin
FSB'S Snowden war
Using the American NSA against Itself
r
Russia's understanding of information warfare must be understood in the context of Russian statism. Russian leaders, particularly President Vladimir Putin, view state power as essential to national health and broadly-defined state power. The state attempts to maintain absolute privilege over rights, ownership, and power, and often confers these things to others as gifts or presents. (Jurevicius, 2015) Since Putin's rise to power, exclusive private ownership within the state has been weakened and the state has increasingly used its now massive media industry as a means of influencing both the domestic population as well as foreign audiences. (Kiriya & Degtereva, 2010)
The Coming Cyber STorm
In terms of foreign influence, information plays a critical role in Russian political and military strategy. The Russian military divides information operations into two means of attack: “information-technological means,” which include attacks on national critical infrastructure and cyber-attaches; and information-perceptual means, which include propaganda, perception management, disinformation, psychological operations, and deception. (Liaropoulos, 2007) Russia's exploitation of US intelligence disclosures falls within this second set of means as a form of propaganda. While the Russian state has always used propaganda as a means of ensuring Russian security, examination of this tactic is under-appreciated in the modern day. (Stewart, 2014) In relation to the West, Russian information operations, often called Information Warfare by Russian strategists, fill a critical strategic role in all phases of conflict. In a conflict involving kinetic operations, information warfare is used as a force multiplier “whose purpose is to guarantee the achievement of the goals of the operation” and is often seen as most effective in targeting enemy command and control structures, as well as enemy decision-making. (Thomas, 1996) Tellingly however, the Cold War notion of information warfare as a low-intensity form of conflict targeting the enemy's civilian population and its public awareness, as well as “state administrative systems, production control systems, scientific control, cultural control, and so forth” remains a key feature of Russian thinking today regarding information operations. (Thomas, 1996)
modern diplomACy
It is not that other nations do not accept this anymore as a part of modern warfare, but rather only Russia is so openly adamant about the properness of such techniques. In 2013, the Russian Chief of the General Staff wrote that modern conflict includes the “broad use of political, economic, informational, humanitarian, and other non-military measures.” (Jones, 2014) Russian information warfare thinking has thus evolved beyond Soviet-era concepts into a fully modern doctrine, particularly in the more intense forms of conflict. Critical to the effective use of Russian propaganda are its intelligence agencies, particularly the FSB. One high profile example of FSB media manipulation is the allegation that the FSB controls “troll armies,” a term used to describe an estimated 200,000 FSB employees who are tasked with flooding social networks, Internet forums, and media comment sections with pro-Russian content. (Jurevicius, 2015) It is worth noting that this is but one aspect of the FSB's control of Russian media. While it is difficult to ascertain precisely what links exist between the FSB and Russian media corporations formally, the FSB's extensive power makes it clear that FSB-directed propaganda is likely a critical component of many Russian media operations. In response to the expansion of US intelligence because of the Global War on Terror, Paul Todd and Jonathan Bloch wrote “just as the Cold War provided a legitimizing framework for the unprincipled and often counterproductive waging of covert warfare, so the dangers of a new era of intelligence 'blowback' are all too clear.”
moderndiplomacy.eu
Russian media propaganda against US intelligence services makes use of such allegations - of vastly expanded and illegal American power to collect information against foreign and domestic targets. While it is possible to draw from a range of incidents the disclosures of Edward Snowden, a former NSA system administrator, has arguably been the most controversial and impactful. Reporting on the NSA's requirement to end its collection of telephony metadata as stipulated by the USA Freedom Act, one grouping Russia Today articles highlighted the conflict between privacy advocates and US lawmakers, writing “while privacy advocates described the change as only a single step with the prospect of more progress to come, lawmakers adopted a tone of finality.” (RT, 2015) Another grouping of articles aimed at demonstrating the loophole the NSA technically used to continue collection against US citizens. Finally a third implied that the vast metadata collection program did not provide the NSA with any operational or analytic value. (RT, 2015) These article groups demonstrate not only Russia's main aim in reporting on the Snowden leaks so as to undermine American image on the international stage, they are also an abstract attempt to achieve an important Russian foreign policy goal: using the expansive NSA collection effort targeted against US citizens to positively contrast with Russian maneuvers on the global stage. In the context of America always making charges against Russia for using draconian measures to limit its citizens' rights and invade their privacy,
these reports are designed to highlight US hypocrisy and sow the seeds of discord and doubt among American allies about any socalled US moral supremacy. Falling approval ratings of the US Government also help determine the impact of FSB propagandizing the Snowden leaks. After Snowden leaked the disclosures, US President Barack Obama's approval ratings plummeted. (CNN, 2014) Gallup poll data show now that American confidence in all three branches of the US Government is declining, with the Supreme Court and Congress being at all-time lows in 2015. (McCarthy, 2014) In contrast, a recent Economist/YouGov poll found that 78% of Americans view President Putin as a stronger leader than President Obama. (The Economist/YouGov, 2014) A final area of impact to consider is European reactions to the leaks. As with the American public, European publics were outraged. Not only by the perceived US hypocrisy, but also by the alleged NSA collection against European diplomats and elites. (Network of European Union Centers of Excellence, 2014)
The Coming Cyber STorm
These disclosures have had a negative impact on US-European relations, as the EU has become increasingly reluctant to impose further economic sanctions on Russia despite US pressure. (Harress, 2015) Furthermore, European leaders are showing an increased willingness to cooperate with Russia with regard to military operations and objectives in Syria. (Bloomberg, 2015) While the reasons for these developments are complex and multi-level, the damage done to US-European relations has absolutely been impacted by explicit Russian intelligence efforts to ‘refocus’ media perception on American image and global status. It is important to note that this form of intelligence media propaganda is not effective in isolation. It was not Russian propaganda that caused widespread distrust of the US government. However, the FSB and Russian media conglomerates are able to effectively profit from the damning Snowden disclosures by casting the US in a suspicious, negative light, while at the same time minimizing its own supposed flaws and political sins. More study should be devoted in future to this softer but still significant aspect of US-Russian relational conflict.
modern diplomACy
moderndiplomacy.eu
D r . m aT T h e w C r o S S T o n
A WeAponized Cyber Commons
Coding Anarchy or Peace Into The Matrix?
m
Many cyber experts say the world is woefully ill-prepared for a sophisticated cyber-attack and that each passing day brings it one step closer to a potential virtual Armageddon. While the problems hindering the development of an eective and comprehensive cyber deterrence policy are clear (threat measurement, attribution, information-sharing, legal codex development, and poor infrastructure, to name several), this article focuses on one aspect of the debate that heretofore has been relatively ignored: that the futility of governmental innovation in terms of defensive eďŹƒcacy is a relatively constant and shared weakness across all modern great powers, whether the United States, China, Russia, or others.
The Coming Cyber STorm
In other words, every state that is concerned about the cyber realm from a global security perspective is equally deficient and vulnerable to offensive attack; therefore, defensive cyber systems are likely to remain relatively impotent across the board. As a consequence, the goal for major powers should not be the futile hope of developing a perfect defensive system of cyber deterrence, but rather the ability to instill deterrence based on a mutually shared fear of an offensive threat. By capitalizing on this shared vulnerability to attack and propagandizing the open buildup of offensive capabilities, there would arguably be a greater system of cyber deterrence keeping the virtual commons safe. Though it may seem oxymoronic, the more effective defense in this new world of virtual danger is a daunting cyber-lethal offensive capability; not so much to actually use it, but rather to instill fear of it being used. Interestingly, some states are clearly already adhering to this strategy, at least in the informal sense if not in explicit policy position— China’s fervent support of “honkers” and the Russian Federation’s frequent reliance upon “patriotic hackers” come to mind most readily. The United States certainly has the technological capability to equal Chinese and Russian virtual lethality. The formal lack of an open policy arguably indicates hesitancy on the part of the United States to develop a “weaponized virtual commons.” Rather than an indication of infeasibility, this reluctance seems to be a nod to intelligence considerations, meaning the United States is arguably
moDern DiplomaCy
more satisfied developing its offensive capabilities in secret as part of more-covert operations than as a piece of overt policy. This article argues the emphasis on covert offensive capability rather than overt is an error that compromises the effectiveness and potentiality of developing a true virtual commons across the globe that ensures greater security for all, not just one powerful nation. In some ways, this reality gives argument to the possibility of cyber war existing above and beyond conventional war; not because conventional war will ever be obsolete or be a state’s most supreme form of gaining and enhancing its own security, but rather cyber war can be seen by many states as a less confrontational and more results-oriented maneuver. Effective hacking and strategic cyber-attacks at the moment still hold many more opportunities for hiding participation while successfully gaining economic, political, diplomatic, and military secrets. In simple cost-benefit calculations, cyber war is much more cost effective than conventional war, so it is arguable that its popularity over time will grow exponentially. When considering the impotence of defensive systems tasked with stopping such efforts, cyber war as a concept is fundamentally complex, convoluted, and diffused by design. This is one of the reasons the Islamic State is having greater success around the globe through its cyber recruitment and incitement while suffering heavy conventional losses in the field across the Levant. For the past 15 years (at least), the United States has invested heavily in cyber-security technologies.
moderndiplomacy.eu
Despite this commitment, major problems remain across the most fundamental areas. There is still no large-scale deployment of security technology capable of comprehensively protecting vital American infra structure (Note the reasoning behind the en masse resignation of eight officials this weekend from the Trump Cybersecurity group). The need for new security technologies is essential, but to date the best developments have only been in small-to- medium-scale private research facilities. What would be required to make rapid, large-scale advances in new network security mechanisms is daunting: • development of large-scale security test beds, combined with new frameworks and standards for testing and benchmarking; • overcoming current deficiencies and impediments to evaluating network security mechanisms, which to date suffer from a lack of rigor; • relevant and representative network data; • adequate models of defense mechanisms; and • adequate models of the network and for background and attack traffic data.
Most of these issues are problematic because of the severe complexity of interactions between traffic, topology, and protocols. In short, it is simply easier to attack than to defend in the cyber realm, and the innate complexities of infrastructure preparedness make it seem likely this is not just an estimation of current affairs but rather an axiom that will stand across eras, actors, and countries. In short, hackers will always trump defenders. Even with this admission, however, this piece is not in fact arguing for the creation of some cyber variant of a Dr. Strangelove doomsday machine, the repercussions of which would make the attribution problem utterly moot. Rather, taken to its extreme extrapolation, a mutually and openly weaponized cyber commons deters just as the nuclear Mutually Assured Destruction principle did, ie, the perception of realistic virtual devastation via retaliatory strike induces fear of action, thereby rendering the global system safe through a dangerous but stable equilibrium. But just as with nuclear weapons, the ability to universally destroy the virtual commons is not the sole ultimate hope and outcome for peace across the system. It is not a call to rejoice in fear and dread.
The Coming Cyber STorm
Recall that mutuality not only builds fear but also allows the possibility of trust through repeated engagement. That element of trust is essential. Up to now the dynamic nature of the cyber domain too heavily favored those who sought to only do damage against it. A weaponized cyber commons would finally put some of that dynamism in the hands of major powers with a mutual interest in rules, regulations, and stability, rather than chaos, theft, and illicit behavior. So this is not an argument for giving any president a choice between surrender to constant technological violations or hacking the modern world into the Middle Ages. Rather, a weaponized cyber commons policy — by being open, transparent, expansive, and mutual — could have enough new deterrents built into it structurally to not only provide more options to all of the actors in the game but also give pause to the rogue behavior that constantly probes its edges, threatening to disrupt the entire scenario. That combination of creating hesitation amongst rogues while instilling trust amongst major actors is where the sweet spot of global virtual peace can develop.
moDern DiplomaCy
moderndiplomacy.eu
bruCe AdriAnCe
THE FSB and SIGInT
Absolute Power at Home and Abroad
t
The Russian Federal Security Service (FSB) should easily be considered one of the most influential and powerful intelligence organizations in the world today. Its primary functions and roles include: law enforcement, counterintelligence, domestic surveillance, and internal intelligence functions at the national level. These roles mirror many of the functions assigned to the Federal Bureau of Investigation in the US (FBI). However, while many of these functions would put the FSB squarely in the realm of law enforcement instead of security or intelligence, the FSB also has mission responsibilities that organizations such as the FBI do not.
The Coming Cyber STorm
The most significant being the mission of signals exploitation (SIGINT). This article focuses on the SIGINT capability of the FSB and its threat to US political, economic, and diplomatic policies as well as the threat in the new environment of cyber espionage. Initially an internally focused organization, the FSB threat profile changed in 2003 when, under Presidential Edict No. 314, the missions and authorities of the Federal Agency for Government Communications and Information (FAPSI) were transferred to the FSB. This meant the FSB would now have both the resources and authorities for SIGINT collection against its adversaries and information assurance for all Russian government information systems. This transition established the FSB as a much larger player in the intelligence exploitation community and a larger threat to US interests. Most Western intelligence services separate the responsibilities and missions of SIGINT to a single intelligence organization, like the National Security Agency (NSA) in the US, which has only that authority. Other intelligence services handle matters such as counterintelligence and military-related intelligence. This is not the case with the FSB, which after Presidential Edict No. 314 controls elements of all major aspects and disciplines of intelligence, essentially giving it both unfettered access to collected intelligence as well as the ability to potentially restrict other Russian organizations from accessing the collected data. What exists is a single intelligence service with the capabilities to conduct human
modern diplomACy
intelligence, counter-intelligence, law enforcement, border security, counter-surveillance, and signals collections. This represents a significant amount of authority and global reach that cannot be compared to any one intelligence service within the US or most other modern developed states. With the transition of SIGINT responsibilities, increased authority on border security, and cryptographic responsibilities to the FSB, the comparison of it to the US Intelligence Community also transitioned. Its domestic protection roles still most closely align with the FBI, but its SIGINT responsibilities mirror that of the National Security Agency (NSA), while the border security functions are more akin to the US Customs and Border Patrol (CBP) or even Immigration and Customs Enforcement (ICE). On top of all of this, the FSB has become increasingly connected to all issues cyber as well. The world continues to become more interconnected. The internet has become an integral part of our daily lives and, for some, even a necessity. It supports everything from e-commerce to sensitive governmental correspondence. So when a country’s intelligence service inserts itself into business transactions, there becomes an increased risk that sensitive data could be syphoned o and used to support both commercial and national intelligence interests at home and abroad. Even though the Russian IT registration requirement is only for private companies operating within Russia, this means little in the interconnected world of the internet where data crosses many geographical boundaries between transmitter and receiver.
moderndiplomacy.eu
The internet is a medium susceptible to signals collection just like any other and when countries or intelligence services have access to all internet-based traffic that falls within their borders, then that threat is not only very real but actually amplified. One example of this threat is the Russian SORM program. SORM, or System for Ensuring Investigated Activity, is a mechanism that permits the FSB to monitor all phone and internet traffic coming in and out of the Russian Federation. While arguments are that this program is a law enforcement and internal security tool, the FSB still remains an intelligence service with a mission set that goes beyond internal security and law enforcement. It is worth noting that until a Russian Supreme Court ruling was handed down in late 2000, the FSB was under no obligation to inform Internet Service Providers (ISPs) that agents were accessing the system. The work undertaken by the FSB to support signals exploitation is not just limited to Russian companies, therefore, but extends to international entities with a presence in the Russian Federation. On 11 April 2011, for example, a government source told the Interfax news agency that the FSB was not proposing a ban on Gmail, Skype or Hotmail in Russia. The FSB expert speaking at this meeting only expressed concerns that a number of those servers provide services outside of the national legal framework. The inferred concern was that because these companies utilize encryption for securing the communications of users, and none of them are directly based in
Russia, the FSB requirement under SORM may not be implemented properly. It is interesting that the FSB would take the time for an interview to highlight its effort to find a solution to make the functioning of these services on Russian territory ‘comply’ with national laws. This statement, while perhaps innocuous on the surface, speaks to the potential level of penetration the FSB can gain into all aspects of communications, both traditional and emerging. On 8 June 2011 Microsoft Russia made a statement with respect to the FSB and the on-line communications service Skype. In a statement carried by the Russian Federal Security Service-owned but supposedly editorially-independent Russian news agency Ekho Moskvy, Microsoft denied claims it had provided the FSB with encryption algorithms for the internet service. It did, however, admit that the source code for the program was provided. With its charter to protect and monitor cryptographic systems for the Russian government, the FSB has access to those individuals who both create and decipher cryptographic algorithms as part of the newly transferred FAPSI functions.
The Coming Cyber STorm
With these vast resources, it is not a giant leap of logic to think the FSB will be sorely tempted to conduct eavesdropping on any entity it wishes, without the support of said company, as long as a suitable connection to ‘national security’ is found. These two examples are a sample of how cyber seems to be a new focus of FSB SIGINT collection efforts. And while, for now, they focus solely on what has occurred within Russian territory, it is important to note the FSB has recognized links in over 80 countries and formal offices in at least 18 of them. This level of global reach and interaction means its SIGINT mission can be transferred anywhere the FSB maintains a presence. As these capabilities are deployed, they provide the FSB with a larger SIGINT capability than most intelligence agencies around the world. The FSB of course formally declares that it honors all international treaties and pursues only legitimate inquiries that hold potential harm to the sovereign interests and national security of the Russian Federation. The problem, of course, is just how fungible those sovereign interests might be over time and how relevant the old adage about absolute power corrupting absolutely might become.
modern diplomACy
moderndiplomacy.eu
mahmudul haSan
InternatIonal Cyber SeCurIty CooperatIon
t
The rapid development of digital technologies and wide range of services provided for activities in cyberspace raises the issue of cyber security as a serious concern for governments around the world. Cybercrimes pose a direct threat to the security of critical infrastructures and Information Technologies (IT) as a low-cost asymmetric warfare element. Most countries are aware of the vulnerability of information technologies, abuse of public data provided on the internet and the great importance of shielding critical infrastructures. Nations adapt their own national strategies and policies to cope with the threat of potentially devastating cyberattacks.
The Coming Cyber STorm
Policy makers in different countries are increasingly considering the use deterrence strategies to supplement national cyber defense. But it is rather hard to counteract the threat by means of merely ‘national’ cyber defense strategies and policies, given that cyberspace spans worldwide and attacks can be carried out from anywhere of the world. The internet has changed the political landscape of the planet in an extremely profound way. If the whole world is connected via the internet, cyber attacks are never just a national threat. With the advent of advanced information and communication technologies, crime now knows no jurisdictional or national boundaries. The very nature of the internet allows for unpre cedented collaboration and interaction among particular communities of criminals. In February 2016, a spectacular bank hack occurred that stole $81 million from accounts at the Bangladesh Bank via the SWIFT system. SWIFT credentials of Bangladesh Bank employees were used by unknown hackers to send fraudulent money transfer requests to the US Federal Reserve Bank in New York asking to transfer nearly $1 billion from Bangladesh Bank’s funds held there to bank accounts in the Philippines, Sri Lanka and other parts of Asia.Despite separate investigations carried out by Bangladesh, Philippines and US authorities, the true identity and origin of those attacks are still undetected.Reportedly, almost eleven different cyber criminal groups including the Sony hack, which the US government attributed to North Korea, have been suspected to have
modern diplomaCy
connections with this central bank cyber heist. Following the Bangladesh Bank cyber heist, SWIFT sent out an alert to its members indicating that a second bank in Asia had been targeted in a similar attack. Though, in the past, cybercriminals were mainly individuals or small groups, today, heavily funded and highly organized cyber criminal groups are bringing together individuals from across the globe. As cybercrimes can be committed in real time from anyplace in the world in an unprecedented way, and they are hard to track, prosecute, and enforce penalties, therefore, criminals are increasingly turning to the internet to facilitate their activities and maximize their profit. Crimes committed in cyberspace are not necessarily new, such as theft, fraud etc. but they are rising in line with the opportunities presented by digital technologies. Consequently, cyber criminals are frequently holding the world to ransom. The Daily Mail (UK) reports (10 June 2014) that cyber attacks damage the global economy to the amount of more than £238 billion a year – almost equal to 0.5 per cent of the world’s total GDP. On the other hand, Juniper research (UK) predicts that cybercrime will cost businesses over $2 Trillion by 2019. Cyber attacks, by analogy, represent a threat to global peace and security as frightening and horrific as nuclear war. So every government, business entity, organizations and individuals who are using electronic data processing have no way to escape the threat of cyber attacks.
moderndiplomacy.eu
While cybercrime is generally understood to mean unlawful access and attempts to unlawful access to computers, networks, and the information stored therein - all illegal, harmful and hostile activity on the internet cyberterrorism, meanwhile, adds a new dimension of threat in cyberspace. Though cyberterrorism does not necessarily imply something different from cybercrime, it has a stronger meaning. Cyberterrorism usually describes acts done online that have similar characteristics to real-world terrorism attacks. As the statutory definition suggests, terrorism is usually intended to demoralize either a society or a civilian population in furtherance of some political or social objectives. To understand what cyberterrorism can – and will – be, we must examine how terrorists can use information and communication technology to gain those objectives. Using cyber attacks, terrorists can cause much wider damage to a country or region than they could by resorting to conventional physical violence. As a hypothetical example of cyberterrorism, a critical infrastructure such as a nuclear plant may be taken over by terrorists for destructive purposes.The Lipman Report (2010) states that “During 2009, a series of cyber attacks were launched against popular government Web sites in the United States and other countries, effectively shutting them down for several hours” and claims that “most disturbing is the possibility that this limited success may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic control systems — with devastating consequences for the economy and security“.
More recently, Bangladesh based the Daily Star (August 28, 2013) reports that in August 2013 media companies including the New York Times, Twitter and the Huffington Post lost control of some of their websites after a hacker group named Syrian Electronic Army supporting the Syrian government breached the Australian Internet company that manages many major site addresses. Cyberwarfare - as distinguished from cybercrime and cyberterrorism – can be defined as actions by a nation-state to break into another nation's computers, networks and the information stored therein for the purposes of gaining some military objectives i.e., achieving certain advantages over a competing nation-state or preventing a competing nation-state from achieving advantages over them. Cyberwarfare generally constitutes the use of cyberspace by nation states to achieve the same general goals they pursue through the use of conventional military force. Some governments are increasingly making it an integral part of their overall military strategy, having invested heavily in cyber warfare capability. The Chinese De fense Ministry has confirmed the existence of a cyberwarfare unit officially claimed to be engaged in cyber-defense operations.
The Coming Cyber STorm
There are reports published in Washington Times that the People’s Republic of China is frequently launching cyberattacks that are intended to disable Taiwan’s infrastructure and defeat the capacity of that island’s government and economy. In May 2007, Estonia faced mass cyberattack soon after removal of a Soviet World War II war memorial from downtown Tallinn. In August 2008, during the Russia-Georgia War cyberattacks caused the Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. Several other incidents of cyberwarfare are increasingly being reported between different state sponsored cyber defense groups and military cyber units, most commonly, US-China, US-Russia, Israel-Iran, North KoreaSouth Korea, India-Pakistan etc. Since crimes in the cyberspace often transcend a nation’s boundaries in being committed, actions to cope with them must also be of an international nature. While threats arising out of cybercrime, cyberterrorism or cyberwarfareare increasing rapidly with the advent of information and communication technology, international law to deal with cybercrime has been slow to adapt.The International Cybercrime Treaty (ICT) is the first and only international treaty to date seeking to address internet and computer crime by harmonizing national laws, improving investigative techniques, focusing on regulatory initiatives and increasing cooperation among nations. Due to the heterogeneity of law enforcement and technical countermeasures of different countries, the Treaty is far
modern diplomaCy
ranging in the areas it attempts to address and touch upon. Given the myriad of issues arising from the Treaty, much controversy has sprung up over various points. It is silent about the most crucial issues rapidly evolving in cyberspace such as cyberterrorism or cyberwarfare. The main failings of existing international Treaty systems that touch on cyber law are that most do not carry enforcement provisions. Treatments of cybercrime or cyberwarfare outside the orthodox international human rights law (IHRL) or international humanitarian law (IHL) framework are almost absent. On the other hand, issues relating to cyberspace are multidimensional and too complex to fit easily under the mainstream IHRL and IHL framework. This renders the tension between classifying cyber attacks as merely criminal, or as matters of state survival resorting to the same rationales as conventional threats to national security and which then creates a vacuum for cybercrime to grow bigger. As cyberspace is not a customary arena over which a Sate may exercise its national jurisdiction or State sovereignty and, thus, challenges arising out of it are unique, the situation therefore requires exceptional regulatory solutions. Some have argued that cyberspace is international commons resource domains or areas that lie outside of the political reach of any one nation.To the extent cyberspace is international commons, it requires the common vision of the international community to deal with the issue. By fostering international cooperation, nations can tackle the problem of the borderless nature of cybercrime by enabling actions
moderndiplomacy.eu
beyond the borders of a single nation. This will be a win-win situation for all countries coming forward to cooperate. It is important for the international community to establish a comprehensive regime for various types of cyber threats through a new international accord dealing exclusively with cyber security and its status in international law. Until such an accord becomes politically viable, it is important to examine how existing treaty systems may extend to handle the challenges presented by cyber threats. In addition to each country taking individual measures and actions for their own cyber security, all stakeholders in the global cyberspace need to cooperate and assist each other One of the most urgent needs for the international community is to establish an inclusive mechanism to regulate cyberspace. The best way to ensure international cyber security is to form an appropriate legal regime for the various types of cyber threats e.g. cybercrime, cyberterrorism or cyberwarfare whether it is humanitarian law (laws of war), human rights law or some novel combination of treaty systems. Before thinking about cyber security, an institution has to define what is worthy to protect. The institution will also be in charge of building fundamentals for dynamic cyber defense, implementing relevant international cyber security treaties and laws, functioning as catalyst for discussion among dierent disputant States and other entities, and harmonizing with other treaty systems.
The institution will have a comprehensive jurisdiction to appropriately address the risks associated with the revolution in information and communication technology. There should be also a mechanism based on enhanced international cooperation to implement a risk-based approach, whereby risks are quickly and appropriately identified as they evolve and responded to dynamically in accordance with their characteristics. A major eort should be undertaken to increase the monitoring of critical networks, and to assess and furnish remedies for any vulnerabilities that are identified. Measures should be taken to help developing countries improve their cyber defense programs through training and other necessary logistic support. Mechanisms should be developed for comprehensive military cooperation including cyber security deterrence strategies. As the United Nations (UN) has a significant and unique role in the international community, the organization can take action on a wide range of issues. An inclusive legal regime, institutional mechanisms, multilateral agreements and international military deterrence can be considered and discussed under the auspices of UN. Other international organizations, in particular, NATO, European Union, Council of Europe, G-8, OECD etc. can play a lead role in furtherance of international cyber security cooperation.
The Coming Cyber STorm
D av i D D av i D i a n
The Challenge of The IndIgenous arms IndusTry
The Ascendant and Dependent Classes
j
Just as Niccolo Machiavelli noted the unreliability of mercenaries [1] and interpretations of Sun Tzu [2] claiming a mercenary's real value is not more than half a native soldier, one can extrapolate from these observations to deduce that the most eective arms industry is indigenous. While this may not be much of a revaluation, its implementation, especially in developing countries (and even developed countries), is becoming exponentially diďŹƒcult. The gap between the necessity for manufacturing indigenous arms and the ability to deliver them is widening and has been since the end of WWII. This gap is not between first- and third-world states.
The Coming Cyber STorm
To be more precise, if one looks at the history of weapons development since the end of WWII, one sees that countries that have had uninterrupted arms development are those that have been able to build upon and maintain military research and development programs and can deliver continuously advanced weaponry to the field. It is nearly impossible for a newly established state or an established state that wishes to enhance its defensive capabilities with serious indigenous development to do so at the same rate as established state industries, for the everincreasing rate of change in technology is fostered by “ascendant-class states”. An exception to this may be Israel, but this is due to its extensive ties with the US military industrial complex. The widening of the technology barrier is in the interest of ascendant-class states such as the US, Russia, and China as they are the leading arms exporters to the “dependent-class states”. Where has this left the dependent-class states, specifically those that have budgets, technology, development and management capabilities, and inevitably the political necessity for weapons? Given a fortuitous combination of items from the preceding list the best bang-for-the-buck is to develop nuclear weapons.Israel's nuclear program [3] began as far back as the 1950s, accelerating after the 1967 Six Day War. Some states move from dependent-class to the nuclear club sometimes at the expense of feeding their own people.North Korea is an example. If Iran were not effective in its indigenous weapons program and uranium enrichment capabilities, it might be relegated a Middle
moDern DiplomaCy
East backwater subject to a Persian Spring. We have seen this spelled out clearly with India and Pakistan. Both have nuclear weapons. India claims to have hydrogen bombs [4] of varying yields, yet it must import its best fighter jets as does Pakistan. While joint development or licensing of technology seems a reasonable compromise in some scenarios, ascendant-class states limit the amount of technology that is exposed. Many examples can be cited, but earlier this month joint development of an Indian-Russian fifth generation fighter jet stalled over Russian concerns that its stealth technology would be compromised. [5] Pakistan was hoping it would acquire the capability to build a state-of-the-art fighter jet from scratch in their joint JF-17 Thunder program with China. This didn't happen. “...PAF [Pakistani Air Force] understood that it cannot build a backbone fighter via imports.” [6] A licensing agreement between Azerbaijan's Defense Ministry and Aeronautics Defense Systems of Israel for the local assembly of Aerostar and Orbiter UAVs (Unmanned Aerial Vehicles) in Baku still has 70% of the components produced in Israel. [7] These are strong reminders of what Machiavelli and Sun Tzu observed hundreds and thousands of years ago, respectively. The dependence resulting from not reinventing one's own wheel can be a gating factor as the ascendant-class can modulate the game. What of those states that have limited resources, and/or never had or lost their research and production capabilities to sustain a limited indigenous arms industry? These states would rank below dependent-class status.
moderndiplomacy.eu
In some cases, it makes little sense in both time and effort to match technology-fortechnology with a state's perceived enemies. For example, if state A has advanced tanks or other heavy weaponry, rather than to match or exceed it in quantity and/or quality, state B could use ultra-sensitive vibration and triangulation processing to locate tanks in motion from many kilometers away and target them with standard artillery. When the enemy's advanced tank is disabled and captured, further inspection and investigation could provide methods for more effective destruction. Most offensive military UAVs have anti-radiation protection. However, a UAV must either be directed or self-identify a target. Considering that the methods available for targeting are based on technologies associated with radar, ladar, electro-optical sensors, GPS, etc., rather than to match the enemy’s advanced UAV systems, creating ways of disabling or degrading their tracking and target acquisition may be the way to go in defending against such technologies. Inexpensive, yet effective, (non-nuclear) directed EMP (Electro Magnetic Pulse) systems may be enough to temporarily degrade or at least cause directional errors large enough to divert the UAV. Wide field laser weapons [8] meant to blind soldiers (banned by the UN) could damage electro-optical sensors, adapted for use in combination with other defense mechanisms. Such techniques can be an alternative to developing a top of the line military UAV industry.
Then, there is cyber warfare. Some call this the great equalizer because cyber attacks are anonymous, effective, deniable, and entire state infrastructures can be taken down with a keyboard.The United States, China, Russia, and Israel are on cyber warfare technology's leading edge. Some of this is very overt. Job postings for several years in the United States include a new position called an “ethical hacker”. Targeted cyber weapon efforts such as Stuxnet [9] require the prowess of a sizable state. This is due to the combination of wide systems expertise, cyber hacking technology, and human intelligence required to stage such a debilitating weapon. Less challenging, yet devastating, attacks can be the work of a single cyber soldier. Cyber warfare attacks have been reported on infrastructures in Syria, Ukraine, Estonia, Burma, Iran, Japan, Israel, South Korea, US, Georgia, etc. If there is such a thing as collateral damage from cyber attacks, the following story should shed light on this. While I was on a visit to the Republic of Georgia in 2008, hostilities between Russia and Georgia commenced. The Russians began the equivalent of a denial-of-service attack on the Georgian internet infrastructure.
The Coming Cyber STorm
This resulted in the inability of Georgians to access facilities such as email; but, most importantly, accurate information simply wasn't available. One might as well have been in the dark ages, for local TV reverted to showing black-and-white movies of Georgians defeating the Persians hundreds of years earlier. Russian cable channels were severed. Rumors became “reality”: flour imports were rumored halted, which caused a run on bakeries at 2pm one morning; word on the street was the country was low on beans, and within hours the price of beans in Tbilisi stores became astronomically high; Russian fighter jets were launched from air bases in Armenia (this was specifically announced as false on Georgian TV). If collateral cyber damage from not having internet access to at least neutral information were actually planned, it alone could cause erroneous decisions to be made based on false or incomplete information.
However, as the line between state-of-theart state-sponsored hackers and those of an astute individual is blurred, the capability of non-state actors to create infrastructure chaos is real. Six months ago, Syrian hackers claimed responsibility for hacking into Belgian news sites. Only last month, it was reported that ISIS-affiliated hackers attacked various governmental sites in the UK. [10] It could take only a few more keystrokes to hack into UK's power distribution grid even though it is actively protected against such attacks. Military and defense secrets are the most fleeting of all. The world is increasingly technologically complex. It would be remiss of established states not to maximize their indigenous defense capabilities – if – such states are determined to minimize their dependence on the ascendant-class. Minimum dependence enhances the ability to defend one's own interests.
Georgia did not need a classical army of soldiers, weapons and tanks to mitigate this denial-of-service attack. I am sure lessons learned will be implemented as the boundary between ascendant-class and dependent-class or below is not easily defined in cyber warfare.
[1] The Prince, page 20 [2] Art of War; 9. The Army on the March [3] Israel's Worst-Kept Secret [4] Nuclear Anxiety: The Overview; India Detonated a Hydrogen Bomb, Experts Confirm [5] Full tech transfer could derail Indo-Russian fifth-gen fighter program [6] What did Pakistan gain from the JF-17? [7] Azeris get Israel UAVs built under license [8] How the US Quietly Field Tests 'Blinding' Laser Weapons [9] An Unprecedented Look at Stuxnet, the World’s First Digital Weapon [10] Isis-linked hackers attack NHS websites to show gruesome Syrian civil war images
Finally, there are non-state actors. Non-state actors are either given weaponry or must secure them financially. As proxies for regional or international powers, non-state actors are subject to the vagaries of their patrons.
moDern DiplomaCy
moderndiplomacy.eu
“The society that separates its scholars from its warriors will have its thinking done by cowards and its fighting by fools� Thucydides
www.moderndiplomacy.eu