Connect with us

Intelligence

International Cyber Security Cooperation

Published

on

[yt_dropcap type=”square” font=”” size=”14″ color=”#000″ background=”#fff” ] T [/yt_dropcap]he rapid development of digital technologies and wide range of services provided for activities in cyberspace raises the issue of cyber security as a serious concern for governments around the world. Cybercrimes pose a direct threat to the security of critical infrastructures and Information Technologies (IT) as a low-cost asymmetric warfare element.

Most countries are aware of the vulnerability of information technologies, abuse of public data provided on the internet and the great importance of shielding critical infrastructures. Nations adapt their own national strategies and policies to cope with the threat of potentially devastating cyberattacks. Policy makers in different countries are increasingly considering the use deterrence strategies to supplement national cyber defense. But it is rather hard to counteract the threat by means of merely ‘national’ cyber defense strategies and policies, given that cyberspace spans worldwide and attacks can be carried out from anywhere of the world.

The internet has changed the political landscape of the planet in an extremely profound way. If the whole world is connected via the internet, cyber attacks are never just a national threat. With the advent of advanced information and communication technologies, crime now knows no jurisdictional or national boundaries. The very nature of the internet allows for unprecedented collaboration and interaction among particular communities of criminals. In February 2016, a spectacular bank hack occurred that stole $81 million from accounts at the Bangladesh Bank via the SWIFT system. SWIFT credentials of Bangladesh Bank employees were used by unknown hackers to send fraudulent money transfer requests to the US Federal Reserve Bank in New York asking to transfer nearly $1 billion from Bangladesh Bank’s funds held there to bank accounts in the Philippines, Sri Lanka and other parts of Asia. Despite separate investigations carried out by Bangladesh, Philippines and US authorities, the true identity and origin of those attacks are still undetected. Reportedly, almost eleven different cyber criminal groups including the Sony hack, which the US government attributed to North Korea, have been suspected to have connections with this central bank cyber heist. Following the Bangladesh Bank cyber heist, SWIFT sent out an alert to its members indicating that a second bank in Asia had been targeted in a similar attack.

Though, in the past, cybercriminals were mainly individuals or small groups, today, heavily funded and highly organized cyber criminal groups are bringing together individuals from across the globe. As cybercrimes can be committed in real time from anyplace in the world in an unprecedented way, and they are hard to track, prosecute, and enforce penalties, therefore, criminals are increasingly turning to the internet to facilitate their activities and maximize their profit. Crimes committed in cyberspace are not necessarily new, such as theft, fraud etc. but they are rising in line with the opportunities presented by digital technologies. Consequently, cyber criminals are frequently holding the world to ransom. The Daily Mail (UK) reports (10 June 2014) that cyber attacks damage the global economy to the amount of more than £238 billion a year – almost equal to 0.5 per cent of the world’s total GDP. On the other hand, Juniper research (UK) predicts that cybercrime will cost businesses over $2 Trillion by 2019. Cyber attacks, by analogy, represent a threat to global peace and security as frightening and horrific as nuclear war. So every government, business entity, organizations and individuals who are using electronic data processing have no way to escape the threat of cyber attacks.

While cybercrime is generally understood to mean unlawful access and attempts to unlawful access to computers, networks, and the information stored therein – all illegal, harmful and hostile activity on the internet – cyberterrorism, meanwhile, adds a new dimension of threat in cyberspace. Though cyberterrorism does not necessarily imply something different from cybercrime, it has a stronger meaning. Cyberterrorism usually describes acts done online that have similar characteristics to real-world terrorism attacks. As the statutory definition suggests, terrorism is usually intended to demoralize either a society or a civilian population in furtherance of some political or social objectives. To understand what cyberterrorism can – and will – be, we must examine how terrorists can use information and communication technology to gain those objectives.

Using cyber attacks, terrorists can cause much wider damage to a country or region than they could by resorting to conventional physical violence. As a hypothetical example of cyberterrorism, a critical infrastructure such as a nuclear plant may be taken over by terrorists for destructive purposes. The Lipman Report (2010) states that “During 2009, a series of cyber attacks were launched against popular government Web sites in the United States and other countries, effectively shutting them down for several hours” and claims that “most disturbing is the possibility that this limited success may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic control systems — with devastating consequences for the economy and security“. More recently, Bangladesh based the Daily Star (August 28, 2013) reports that in August 2013 media companies including the New York Times, Twitter and the Huffington Post lost control of some of their websites after a hacker group named Syrian Electronic Army supporting the Syrian government breached the Australian Internet company that manages many major site addresses.

Cyberwarfare – as distinguished from cybercrime and cyberterrorism – can be defined as actions by a nation-state to break into another nation’s computers, networks and the information stored therein for the purposes of gaining some military objectives i.e., achieving certain advantages over a competing nation-state or preventing a competing nation-state from achieving advantages over them. Cyberwarfare generally constitutes the use of cyberspace by nation states to achieve the same general goals they pursue through the use of conventional military force. Some governments are increasingly making it an integral part of their overall military strategy, having invested heavily in cyber warfare capability. The Chinese Defense Ministry has confirmed the existence of a cyberwarfare unit officially claimed to be engaged in cyber-defense operations. There are reports published in Washington Times that the People’s Republic of China is frequently launching cyberattacks that are intended to disable Taiwan’s infrastructure and defeat the capacity of that island’s government and economy. In May 2007, Estonia faced mass cyberattack soon after removal of a Soviet World War II war memorial from downtown Tallinn. In August 2008, during the Russia-Georgia War cyberattacks caused the Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. Several other incidents of cyberwarfare are increasingly being reported between different state sponsored cyber defense groups and military cyber units, most commonly, US-China, US-Russia, Israel-Iran, North Korea-South Korea, India-Pakistan etc.

Since crimes in the cyberspace often transcend a nation’s boundaries in being committed, actions to cope with them must also be of an international nature. While threats arising out of cybercrime, cyberterrorism or cyberwarfareare increasing rapidly with the advent of information and communication technology, international law to deal with cybercrime has been slow to adapt. The International Cybercrime Treaty (ICT) is the first and only international treaty to date seeking to address internet and computer crime by harmonizing national laws, improving investigative techniques, focusing on regulatory initiatives and increasing cooperation among nations. Due to the heterogeneity of law enforcement and technical countermeasures of different countries, the Treaty is far ranging in the areas it attempts to address and touch upon. Given the myriad of issues arising from the Treaty, much controversy has sprung up over various points. It is silent about the most crucial issues rapidly evolving in cyberspace such as cyberterrorism or cyberwarfare. The main failings of existing international Treaty systems that touch on cyber law are that most do not carry enforcement provisions. Treatments of cybercrime or cyberwarfare outside the orthodox international human rights law (IHRL) or international humanitarian law (IHL) framework are almost absent. On the other hand, issues relating to cyberspace are multidimensional and too complex to fit easily under the mainstream IHRL and IHL framework. This renders the tension between classifying cyber attacks as merely criminal, or as matters of state survival resorting to the same rationales as conventional threats to national security and which then creates a vacuum for cybercrime to grow bigger.

As cyberspace is not a customary arena over which a Sate may exercise its national jurisdiction or State sovereignty and, thus, challenges arising out of it are unique, the situation therefore requires exceptional regulatory solutions. Some have argued that cyberspace is international commons – resource domains or areas that lie outside of the political reach of any one nation. To the extent cyberspace is international commons, it requires the common vision of the international community to deal with the issue. By fostering international cooperation, nations can tackle the problem of the borderless nature of cybercrime by enabling actions beyond the borders of a single nation. This will be a win-win situation for all countries coming forward to cooperate. It is important for the international community to establish a comprehensive regime for various types of cyber threats through a new international accord dealing exclusively with cyber security and its status in international law. Until such an accord becomes politically viable, it is important to examine how existing treaty systems may extend to handle the challenges presented by cyber threats. In addition to each country taking individual measures and actions for their own cyber security, all stakeholders in the global cyberspace need to cooperate and assist each other

One of the most urgent needs for the international community is to establish an inclusive mechanism to regulate cyberspace. The best way to ensure international cyber security is to form an appropriate legal regime for the various types of cyber threats e.g. cybercrime, cyberterrorism or cyberwarfare – whether it is humanitarian law (laws of war), human rights law or some novel combination of treaty systems. Before thinking about cyber security, an institution has to define what is worthy to protect. The institution will also be in charge of building fundamentals for dynamic cyber defense, implementing relevant international cyber security treaties and laws, functioning as catalyst for discussion among different disputant States and other entities, and harmonizing with other treaty systems. The institution will have a comprehensive jurisdiction to appropriately address the risks associated with the revolution in information and communication technology. There should be also a mechanism based on enhanced international cooperation to implement a risk-based approach, whereby risks are quickly and appropriately identified as they evolve and responded to dynamically in accordance with their characteristics. A major effort should be undertaken to increase the monitoring of critical networks, and to assess and furnish remedies for any vulnerabilities that are identified. Measures should be taken to help developing countries improve their cyber defense programs through training and other necessary logistic support. Mechanisms should be developed for comprehensive military cooperation including cyber security deterrence strategies.

As the United Nations (UN) has a significant and unique role in the international community, the organization can take action on a wide range of issues. An inclusive legal regime, institutional mechanisms, multilateral agreements and international military deterrence can be considered and discussed under the auspices of UN. Other international organizations, in particular, NATO, European Union, Council of Europe, G-8, OECD etc. can play a lead role in furtherance of international cyber security cooperation.

Mahmudul Hasan is a recent LL.M. graduate of energy and environmental law and Thomas Buergenthal Fellow at The George Washington University Law School, Washington, D.C.

Continue Reading
Comments

Intelligence

USA and Australia Worry About Cyber Attacks from China Amidst Pegasus Spyware

Published

on

Pegasus Spyware Scandal has shaken whole India and several other countries. What will be its fallout no one knows as we know only tip of iceberg. Amidst Pegasus Spyware Scandal USA and Australia both have shown serious concerns about Cyber Attacks on US and Australian interests. Both say that China is hub of malware software and both face millions of such attacks daily.

I am trying to understand why a software is needed to spy on a particular individual when all calls, messages, data, emails are easily accessible from server. In most of cases these servers are located in USA and some cases these are located in host country. In certain sensitive cases Government Agencies have their own server like Central Intelligence Agency and hundreds of other agencies and military establishment world over including India. Now point is who installs those servers.

A couple of years back I had talked to Mr Mike Molloy who is Chief Executive Officer of Orion Global Technologies previously known as Orion SAS. He had explained me how his company installs servers in host countries on request of private or gov bodies. He talks about contract and trust. That means even when a company or Gov buys a server or software for designated uses the “Secrecy” Factor remain on discretion of company which has supplied server or software.

Now  if all data, e-mail, chat, messages, calls are accessible to Gov as per law and technology (Through Server all components of Communication are accessible and thats why  me and you see start seeing call recording of a person even after many years later), I am unable to understand why a Gov will be needing a software to Spy on any one.

Now coming to where Australia and USA wants to carry the whole debate.

Australian Foreign Minister Sen Marise Payne said, “Australian Government joins international partners in expressing serious concerns about malicious cyber activities by China’s Ministry of State Security.

“In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia. These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain”, She further added.

She opined, ”The Australian Government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government”.

She warned China by saying, “Australia calls on all countries – including China – to act responsibly in cyberspace.  China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage”.

On other hand USA’s The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory on Chinese State-Sponsored Cyber Operations. National Security Advisor said, ”Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives”.

The information in this advisory builds on NSA’s previous release “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities.” The NSA, CISA, and FBI recommended mitigations empower our customers to reduce the risk of Chinese malicious cyber activity, and increase the defensive posture of their critical networks. 

Continue Reading

Intelligence

Afghan issue can not be understood from the simplistic lens of geopolitical blocs

Published

on

pakistan-terrorism

Authors: Tridivesh Singh Maini  and Varundeep Singh*

On July 14, 2021 a terror attack was carried out in Khyber Pakhtunkhwa (KPK) province in which a number of Chinese engineers, working on the Dasu hydropower project (a project which is part of the China Pakistan Economic Corridor) were killed. The attack predictably evinced a strong response from China. The Chinese foreign minister, Wang Yi speaking before a Shanghai Cooperation Organisation (SCO) Foreign Minister’s meeting asked the Taliban to disassociate itself from ‘terrorist elements’ and in a meeting with Pakistan Foreign Minister, Shah Mehmood Qureshi, asked Pakistan to bring the perpetrators to book. Earlier in April 2021, a car bomb attack took place at Serena hotel in Quetta which was hosting China’s Ambassador to Pakistan (four people were killed and twelve were injured)

Wang Yi significantly praised the Ashraf Ghani government, for its attempts towards building national unity and providing effective governance. Beijing clearly realizes that its economic investments in the country as well as big ticket infrastructural projects can not remain safe if there is no security. Afghanistan also criticized Pakistan for its role in sending 10000 Jihadis to Taliban, this is important in the context of the region’s geopolitics.

 Like all other countries, Beijing and Islamabad, would have expected uncertainty after the US withdrawal of troops but perhaps over estimated their capabilities in dealing with the turbulence which had been predicted by many.

Importance of Chinese Foreign Minister’s statements

Wang Yi’s statements are important because days earlier a Taliban spokesman, Suhail Shaheen had praised China and welcomed its role in the country’s reconstruction. He had also assured China that those involved in the insurgency in Xinjiang would not be given refuge in Afghanistan (one of China’s major concerns has been the support provided by Taliban to the East Turkmenistan movement)

While Beijing may have opened back channels with the Taliban and realized that it needs to adapt to the changing geopolitics, recent developments would have increased its skepticism vis-à-vis the Taliban. On the other hand, Russia has been more favorable towards the Taliban. Russia’s Deputy Chief of Mission in India, Roman Babushkin argued that the Taliban are a reality which needs to be accepted, and also that any military activities without a political process are insufficient.

Babushkin did make the point that for successful negotiations, Taliban needed to end violence.

‘that Taliban should deal with the problem of terrorism and other related issues in order to become legitimate, in order to [get] delisted [at the UN Security Council], in order to go ahead with the future Afghanistan and creation of the inclusive government

It would be pertinent to point out, that Zamir Kabulov, Russian President’s Afghanistan envoy went a step further and said that the Afghan government was not doing enough to make talks with Taliban a success.

China’s statements subtle warning to the Taliban, indicating its reservations, and praise of Ghani indicate a possibility of greater understanding between Washington and Beijing (even though Beijing has repeatedly attributed the current troubles in Afghanistan to Washington’s decision to withdraw troops).

Can US and China find common ground

 It remains to be seen if Biden who has exhibited dexterity on a number of complex issues reaches out to Xi Jinping to find common ground with regard to Afghanistan. Significantly, while US-Turkey relations had witnessed a downward trajectory and Biden has been critical of Turkish President Recep Tayyip Erdogan’s authoritarian tendencies and Human rights record, both leaders met on the sidelines of the NATO Summit in June 2021. During the meeting Turkey agreed to secure Kabul Airport. US National Security Advisor Jake Sullivan while commenting on Turkey’s assurance said

‘The clear commitment from the leaders was established that Turkey would play a lead role in securing Hamid Karzai International Airport, and we are now working through how to execute to get to that,’

Taliban earlier this week warned Turkey of ‘consequences’ if the Middle Eastern nation increased its troop presence in Afghanistan.

Conclusion

Russia’s statements with regard to the Taliban indicate that it is not totally on the same page as China (its prior experience in Afghanistan has made it more cautious and circumspect), and that the Afghan issue can not be understood from the simplistic lens of geo-political blocs and traditional lenses. All major stakeholders in Afghanistan, both within the region and outside, seem to be understandably befuddled by the turn of events. It is not just the US, but even China which would be worried not just from an economic stand point but the overall security implications of the turmoil in Afghanistan. The terror attack in KPK indicates that other CPEC related projects could also face threats from militant groups. Beijing would thus need to be quick to react to the overtures from the Taliban in order to secure its economic assets and lives of Chinese workers in neighbouring Pakistan.

 It is especially important for Washington, Beijing and other important stakeholders in the region to work together for dealing with the near term turbulence as well as long term challenges Afghanistan is likely to face.

*Varundeep Singh is an Independent Policy Analyst.

Continue Reading

Intelligence

Pegasus: Human rights-compliant laws needed to regulate spyware

Published

on

The UN human rights chief on Monday said the apparent widespread use of Pegasus spy software to illegally undermine the rights of those under surveillance, including journalists and politicians, was “extremely alarming” and confirmed “some of the worst fears” surrounding the potential misuse of such technology. 

“Various parts of the UN Human Rights system, including my own Office, have repeatedly raised serious concerns about the dangers of authorities using surveillance tools from a variety of sources supposed to promote public safety in order to hack the phones and computers of people conducting legitimate journalistic activities, monitoring human rights or expressing dissent or political opposition”, said High Commissioner Michelle Bachelet in a statement

According to reports, the Pegasus data leak allegations which surfaced through a consortium of media organisations over the weekend, suggests widespread and continuing abuse of the software, which the manufacturers insist, is only intended for use against criminals and terrorists. 

The Pegasus malware infects electronic devices, enabling operators of the tool to obtain messages, photos and emails, record calls, and even activate microphones, according to the consortium’s reporting. The leak contains a list of more than 50,000 phone numbers which reportedly belong to those identified as people of interest, by clients of the company behind Pegasus, including some governments.  

‘Indispensable role’ 

Surveillance software has been linked to the arrest, intimidation and even killing of journalists and human rights defenders, according to the senior UN official.  

Reports of surveillance also trigger fear and cause people to censor themselves.   

“Journalists and human rights defenders play an indispensable role in our societies, and when they are silenced, we all suffer”, she said, reminding all States that surveillance measures can only be justified in narrowly defined circumstances when necessary and proportional to a legitimate goal.  

‘Deep intrusions’ 

Given that Pegasus spyware, “as well as that created by Candiru and others, enable extremely deep intrusions into people’s devices, resulting in insights into all aspects of their lives”, the UN rights chief underscored, “their use can only ever be justified in the context of investigations into serious crimes and grave security threats.” 

If recent allegations about the use of Pegasus are even partly true, she maintained that the “red line has been crossed again and again with total impunity”. 

‘Due diligence’ 

Companies developing and distributing surveillance technologies are responsible for avoiding human rights abuses, she said, and they must take immediate steps to mitigate and remedy the damage their products are causing, or contributing to, and carry out “human rights due diligence” to ensure that they no longer play a part in “such disastrous consequences” now, or in the future. 

States also have a duty to protect individuals from privacy rights abuses by companies, she added.  

One key step in this direction is for States to require by law that the businesses meet their human rights responsibilities by becoming more transparent in their design and use of products and by putting in place effective accountability mechanisms. 

Better regulation key 

Reports also confirm “the urgent need to better regulate the sale, transfer and use of surveillance technologies and ensure strict oversight and authorization.” 

Governments should not only immediately stop using surveillance technologies in ways that violate human rights, but also “take concrete actions” to protect against such invasions of privacy by “regulating the distribution, use and export of surveillance technology created by others”, the High Commissioner said.  

Without human rights-compliant regulatory frameworks, Ms. Bachelet upheld that there are “simply too many risks” that the tools could be used to intimidate critics and silence dissent.

Continue Reading

Publications

Latest

Africa Today4 hours ago

Partnership with Private Sector is Key in Closing Rwanda’s Infrastructure Gap

The COVID-19 (coronavirus) pandemic has pushed the Rwandan economy into recession in 2020 for the first time since 1994, according...

st st
Economy6 hours ago

Carbon Market Could Drive Climate Action

Authors: Martin Raiser, Sebastian Eckardt, Giovanni Ruta* Trading commenced on China’s national emissions trading system (ETS) on Friday. With a...

Development8 hours ago

10 new cities chosen for World Economic Forum circular economy initiative

The World Economic Forum’s Scale360° initiative announced today the 10 city-based hubs joining its Circular Shapers programme. Scale360° leverages innovation...

Middle East10 hours ago

A New Era in US-Jordan Relations

King Abdullah of Jordan is the first Arab leader who met American President Joe Biden at the White House. The...

Green Planet12 hours ago

Reusing 10% Will Stop Almost Half of Plastic Waste From Entering the Ocean

It is possible to prevent almost half of annual plastic ocean waste by reusing just 10% of our plastics products....

Intelligence14 hours ago

USA and Australia Worry About Cyber Attacks from China Amidst Pegasus Spyware

Pegasus Spyware Scandal has shaken whole India and several other countries. What will be its fallout no one knows as...

Economy16 hours ago

The EU wants to cut emissions, Bulgaria and Eastern Europe will bear the price

In the last few years, the European Union has been going above and beyond in dealing with climate change. Clearly,...

Trending