Information and communication technology (ICT) plays an unprecedented role in today’s world, but cyberspace is clearly lacking in security mechanisms that can guarantee stable and sustained world development. Insufficient information security is a barrier to investment in high-tech sectors. Digital technology with its artificial intelligence (AI), cloud computing, big data, the internet of things (IoT), electronic medicine, and electronic finance is a hostage to the absence of internationally accepted rules of behavior in cyberspace.
All countries without exception are increasingly vulnerable to cyber threats. The international community needs to join forces to build a reliable information security system, but instead individual states pursue policies that make cyberspace even less secure.
The United States is undoubtedly a global ICT leader. However, over the past few years it has increasingly demonstrated an open desire to use ICT for military purposes. It has been developing military ICTs and intensively militarizing cyberspace, thereby unleashing a cyber arms race. There is ample evidence of this.
It was the United States that developed the Stuxnet computer worm, and the American use of it against Iran in 2011 was, as it were, a cyber Hiroshima and an alarm signal to the entire international community because that cyberattack might have had irreversible consequences for Iran, and for its region as a whole for that matter. That attack was effectively the first instance in history of a state using a cyber weapon against another state. Thereby, the United States threw Iran’s civilian nuclear program several years back.
In 2009, the Pentagon set up a body to direct cyberspace operations, the United States Cyber Command (USCYBERCOM), and put it in full-scale service the next year. Cyber Command is authorized to conduct both defensive and offensive operations. Its decisions are to be based on reports from the National Security Agency (NSA).
In August 2017, US President ordered Cyber Command to be elevated to the status of an independent unified combatant command. The order, which was implemented in May 2018, put Cyber Command on a par with the nine other unified combatant commands. Cyber Command is currently hiring hundreds of cyber operators to help carry out defensive and offensive cyber operations. The command is planned to eventually comprise nearly 6,200 personnel organized into 133 teams. According to media reports, these teams are due to achieve full operational capability by the end of 2018.
Lieutenant General Paul Nakasone, head of NSA and Cyber Command, has called for a more aggressive approach to opponents in cyberspace. For this reason, in March 2018 a road map was drawn up for Cyber Command that was entitled Achieve and Maintain Cyberspace Superiority. The new strategy requires that the U.S. military carry out practically daily raids on foreign networks and disable suspicious servers before they launch malicious software. The Pentagon is, besides, developing an advanced cyber weapon system to be called United Platform. Hardly any details about it have been disclosed but the facility is known to be planned as the basis for the defense of U.S. government agencies against hacker attacks and for offensive online operations.
The new cyber strategy is expected to force “strategic costs on our adversaries, compelling them to shift resources to defense and reduce [online] attacks.” But, in order to avoid any of its moves being qualified as an act of military aggression against another country, Cyber Command would not cross the line into actual warfare. Cyber Command’s initiatives are reflected in the 2018 National Defense Strategy, the year’s chief military doctrinal document of the United States.
The New York Times has cited current and former U.S. officials as warning that U.S. attacks against foreign networks may provoke “retaliatory strikes against American banks, dams, financial markets or communications networks.” Moreover, Cyber Command admits that its strategy poses diplomatic risks because, according to what it calls “new vision” of Cyber Command, it is by no means terrorists, hackers or common criminals that are the United States’ main adversaries but states – China, Russia, Iran and others.
Another aspect of the United States’ new cyber policy is legislation. At the National Cybersecurity Summit in New York on July 31, 2018, which was hosted by the Department of Homeland Security (DHS), U.S. Vice President Mike Pence called on the U.S. Senate to enact legislation to create a specialized DHS body11. In order to fund the new body that should act as a centralized hub and encompass resources of the US national government, Mike Pence asked Congress for a record $15 billion.
The United States is going out of its way to monopolize cyberspace. It is an increasingly intensive enterprise, and what makes it particularly dangerous are Trump’s initiatives to do away with the traditional system of White House control of U.S. offensive and defensive cyber activities while a system that is going to replace it is still essentially in embryo.
The Wall Street Journal said that, on August 16, 2018, Trump with a stroke of the pen scrapped Presidential Policy Directive 20, which had been issued by former president Barack Obama and laid down rules on the use of cyber weapons against adversaries of the United States. According to the Wall Street Journal, Trump’s move aimed to lift restrictions on the offensive use of cyber weapons against foreign states because of alleged fears that some supposed hackers were plotting to meddle in U.S. congressional elections in November 2018.14
Hence, the United States is replacing the Obama-era cyber strategy of defense and deterrence with a strategy authorizing aggressive offensive action up to pre-emptive cyberattacks against sovereign countries.
Besides, the United States has for several decades been conducting global espionage via the Echelon electronic system that was based on a 1947 agreement between the United States and four allies. Today’s sophisticated ICTs enrich the resources of U.S. intelligence services. One good example is the Program for Robotics, Intelligent Sensing and Mechatronics (PRISM), which has been running since 2007 and is a facility for the mass-scale secret collection of digital data without judicial approval. In 2013, former CIA employee Edward Snowden publicized documentary evidence that PRISM gave American intelligence services access to the central servers of nine key Internet companies – Microsoft, Yahoo!, Google, Facebook, Paltalk, YouTube, AOL, Skype, and Apple. This implies that the intelligence services are building a global database of audio and video files, photographs, emails, and personal data of social network users. Moreover, according to Snowden’s revelations, NSA tapped the telephone conversations of 35 world leaders and some foreign diplomats, also via PRISM. Experts claim that U.S. intelligence services, in collaboration with Britain’s Government Communications Headquarters (GCHQ), have been cracking practically all Internet cryptography standards by using supercomputers and the services of savvy hackers.
The United States’ cyber weapons buildups and global cyber espionage threaten world security. The United States may accuse any country of a hacker attack without any substantial evidence and launch an aggression, even armed action, against it with the assistance of its allies. The range of actions prescribed by the 2015 version of the U.S. Defense Department’s cyber strategy includes armed retaliation for cyberattacks. Recently, Western politicians, mainly the U.S. administration, have been showering Russia with accusations of cyber transgressions of all kinds. In tune with the established practice, no sustainable evidence has been provided of alleged Russian subversive cyber activities. Because of the fanning of the Russian hacking myth and fake news, it largely goes unnoticed that Russia itself has been a victim to large-scale cyberattacks – in 2017, for example, its critical state infrastructure came under more than 70 million attacks.
Nearly 20 years ago, Russia became the first country to sound the alarm at the United Nations about threats that were germinating in cyberspace. Moscow put forward a breakthrough initiative for a guarantee of international information security – a draft UN General Assembly resolution entitled Developments in the field of information and telecommunications in the context of international security. Since 1998, draft resolutions with the same title have been included in General Assembly session agendas every year. In 2017, to ensure the continuity of information security debates in the United Nations, Russia and more than 60 other countries proposed that the General Assembly put the cybersecurity issue on the agenda for its 73rd session. The proposal received unanimous approval.
Russia also initiated the creation of a UN negotiation mechanism on international information security – the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE). The GGE has reached agreement on many key points such as sources of cyber threats, the imperative of taking action against cyber terrorism and cybercrime, and the principle that international law applies to cyberspace. The GGE unanimously approved three detailed reports that recommended rules on the responsible behavior of states in cyberspace. In 2015, the member states of the Shanghai Cooperation Organization (SCO) put before the United Nations a proposed draft document that aimed to prevent conflicts in cyberspace and was entitled International Code of Conduct for Information Security.
The Russian position amounts to the principle that no military or political conflicts in cyberspace are acceptable and that therefore any policy that doctrine declaring the use of force in cyberspace a fair method must be rejected.
Russia stands for a digital world order that is based on equality and justice and guarantees the possibility of advancing national interests to all countries regardless of their level of technological development. State sovereignty, non-use of force, the non-interference of a country in the internal affairs of another country, the observance of the fundamental rights and freedoms of the individual, and the equal rights of all states in governing the Internet must be key principles.
The international community needs to develop universal rules on responsible behavior in cyberspace, rules that would be approved by all states. This is a fundamental condition for peace in cyberspace. Russia as the initiator of UN debates on international information security urges all countries to start full-scale work on such rules. Moscow plans to submit a draft resolution containing a basic set of rules to the General Assembly’s First Committee during the Assembly’s 73rd session this year. The planned resolution would include all of the GGE’s recommendations of 2010, 2013 and 2015. It would propose 25 rules, including –
– purely peaceful use of ICT;
– international action to prevent conflicts in cyberspace;
– observance of the principles enshrined in the UN Charter, including the sovereign equality of states, refraining from the threat or use of force, and the non-interference of states in the internal affairs of other states;
– avoidance of groundless accusations of malicious use of ICT and provision of evidence to support any accusation;
– non-use of ICT by states for interfering in the internal affairs of other states;
– non-use of mediators for cyberattacks;
– measures to prevent the spread of malicious ICT instruments and harmful hidden functions.
Russia proposes that these 25 rules should be a basic set of guidelines that might be adjusted and enlarged afterward. This process could be carried out in 2019 by the renewed UN GGE on IIS, which will ensure continuity of IIS discussion within the UN through already tested format.
Cybercrime has been growing on an unprecedented scale, posing a serious international threat. UN Secretary General António Guterres has said that cybercrime yearly inflicts damages of about $1.5 trillion on the world.
Regional legal mechanisms such as the Council of Europe Convention on Cybercrime (Budapest Convention), which was signed in 2001, cannot defeat this evil, although the West literally tries to force the convention on the entire world, including Russia, as the only possible format for international anti-cybercrime action.
Russia’s position on the Budapest Convention remains unchanged. Moscow has repeatedly pointed out that it cannot accept Article 32b of the convention, which, allegedly in the interests of criminal investigations, effectively allows a state to access information stored on any computer on the territory of another state without seeking the latter’s permission for this and even without notifying that state.
Russia believes that it is imperative to develop a new, universal instrument for combating cybercrime. This idea is enshrined in the declaration of the BRICS summit of July 2018. Russia plans to initiate a full-scale debate on this matter in the UN General Assembly’s Third Committee by submitting a draft resolution “Countering the use of ICTs for the criminal purposes” to that effect.
A draft universal convention on cooperation in combating cybercrime that was submitted by Russia to the United Nations was accepted by the General Assembly as one of its documents on December 28, 2017 and was meant to act as “food-for-thought”. It becomes clear that a start for the relevant wide political discussion within the UN General Assembly in New York is needed.
Absolutely all states are obviously in the same boat as regards cybercrime. Some of them are safer against it than others but all are vulnerable to it, and the United States with all its numerous cybersecurity services is no exception either. In a world harassed by cyber gangs, international community should jointly deal with real and not fake threats and criminals.
There is an alternative to the cyber arms race – a cyberspace peace plan proposed by Russia and other countries standing for strengthening peace and security in information space. Future reactions in the United Nations to Russia’s information security initiatives will make clear who really wants peace in cyberspace and who uses manipulation and fake concerns as a screen for plans to unleash a cyberwar. Maintenance of peace in cyberspace is the responsibility of each sovereign member of the international community.
First published in our partner International Affairs
Islamic Caliphate is dead, but its dangerous and infectious ideology is alive
The year 2019 witnessed the rout of the Islamic Caliphate – the pseudo-state entity created on the territories of Iraq and Syria by the terrorist organization Islamic State of Iraq and the Levant, a.k.a. the Islamic State or IG, ISIL, Daesh (Arabic), a terrorist group outlawed in the Russian Federation.
On March 1, 2019, just three or four years after the Islamic Caliphate terrorized the entire world, Kurdish units of the Syrian Democratic Forces in Syria launched an offensive to flush out 500 jihadist fighters holed up in the city of Baguz, ISIL’s last stronghold in the country.
Does this mean that Islamist terrorism is now done for?
During the first decade of the 21st century, ISIL emerged as the biggest threat to international security and world order. On June 29, 2014 ISIL terrorists announced the creation of an Islamic Caliphate with claims to global domination.
As seen on the map , the Islamic Caliphate, comprising numerous provinces, was to extend from China to the Atlantic Ocean, and from Central Europe and Siberia all the way down to equatorial Africa. The Caliphate encompasses all Muslim states without exception, including Iran and non-Muslim Israel, the territories “occupied by infidels,” as well as the whole of the Middle East and North Africa. Moreover, the Caliphate lays claims to Western Asia and Europe, including Spain, the Balkans, Romania and Austria.
The Islamic Caliphate went on to make the Syrian city of Raqqa its de-facto capital in 2014.
Although still far from achieving global dominion, the jihadists started building the basis of their future Islamic Caliphate by enslaving between 8 million and 10 million people in the occupied territories of Iraq and Syria, and virtually annihilating Syrian and Iraqi Christians, Yezidis, Shiites and Kurds.
In addition to Syria and Iraq, the Islamic State and its affiliates controlled parts of Afghanistan, Egypt, Yemen, Libya, Nigeria, Somalia and the Democratic Republic of Congo.
ISIL also used its substantial financial resources to increase the number of “sleeper” terrorist cells in Morocco, Algeria, Tunisia, Pakistan, Saudi Arabia, Lebanon, Indonesia, the Philippines, the North Caucasus and various European countries.
During its criminal heyday in 2014-2017, ISIL was one of the most numerous and well-armed terrorist groups in the Middle East, boasting over 100,000 fighters active mainly in Syria and Iraq.
Add to these 27,000 to 31,000 mercenaries from 86 countries who, according to the Soufan Group analytical center, fought in the ranks of this terrorist organization.
Equally noteworthy is the distribution of foreign ISIL militants by region and country (2016 – 2017):
|Former Soviet republics||8,717|
|Near and Middle East||7,054|
|Maghreb countries (North Africa)||5,356|
|South and Southeast Asia||1,568|
Countries –main suppliers of fighters for ISIL:
Equally noteworthy is data pertaining to the number of ISIL mercenaries from former Soviet republics (2015)
ISIL owes its temporary success in Iraq and Syria to these countries’ weak militaries, the seizure of their arsenals of advanced US-supplied weapons, and to the considerable financial resources looted from Iraqi banks.
And also to its militants’ religious fanaticism, the professional skills of former Iraqi and Syrian military officers who joined ISIL, to foreign mercenaries, the cruel and fear-instilling daily activities of this quasi-state, the ideological brainwashing of jihadist fighters and to professionally organized advocacy work.
ISIL’s bloody and ruthless way of dealing with opponents and the medieval laws it imposed on its subjects shocked the world. Even the ill-famed al-Qaeda that ISIL spun off from has come out against its “daughter,” with al-Qaeda leader Ayman al-Zawahiri officially announcing in February 2014 that he did not recognize ISIL as a member of his group.
In their effort to secure the locals’ support, ISIL members tried, within the framework of their quasi-state, to restore the cities’ economic life by rebuilding their war-ravaged infrastructure. Imitating state authority, they paid salaries and benefits to the unemployed, collected taxes and paid monthly salaries of $700 to their militants. At the same time, in their brutal imposition of Islamist medieval order, they surpassed even the Afghan Taliban.
Propaganda and PR feature prominently in the ISIL leaders’ activity.
ISIL has “revolutionized” the field of online promotion of jihadist ideology by creating a powerful social movement and recruiting thousands of fighters from around the world, Russia included, through a web of social networks alone.
According to Yekaterina Sokiryanskaya, director of the Center for Analysis and Conflict Prevention, a leading expert on the North Caucasus, ISIL created a highly professional and ramified propaganda machine for recruiting online, consisting of “central” media organizations, such as Al-Furqan and al-Hayat, and “regional” ones. In addition, the AMAQ News agency provides coverage for the Caliphate’s military operations and its everyday life even without having the status of its “official” media outlet.
Propagandists enjoy a privileged status in ISIL. According to the propaganda researcher IG Charles Winter, during the organization’s halcyon days (2014–2015), spin doctors were paid seven times as much as regular fighters.
Since its outset, ISIL has put out over 41,000 media releases, with an additional 2.3 billion releases made by its supporters (The New York Times).
“The loss of territory, resources, the retreat and evacuation of fighters, compounded by problems with the Internet has significantly reduced the flow of jihadist propaganda,” Yekaterina Sokiryanskaya writes.
“Daesh will not be able to maintain the previous level and quality of its propaganda materials any time soon. Realizing that with the loss of its ideological machine the whole project of the Islamic Caliphate will eventually be doomed, the ISIL leadership is adapting to new realities with affected references to a high mission now making way for more down-to-earth calls for one-off attacks with knives and axes on unarmed people. This change of tactic began in late-2015, after security agencies of various countries had seriously complicated the process of bringing in new fighters to Syria. ISIL initially advised its supporters to look for workarounds, and later – to move to other “provinces” of the Caliphate. Finally, last year, ISIL said that those who could not reach the Caliphate proper should stage attacks back at home,” she continues.
This is an extremely important trend. Just as the Caliphate ceases to exist as a quasi-state, its subjects, who have survived the antiterrorist battles, remain. Islamist terrorism is taking a new shape.
The Islamic Caliphate created by ISIL is perhaps the highest organizational quasi-state form of modern-day Islamist terrorism. Terror (“Fear,” “horror” in Latin) was used by ISIL as a primary method of warfare. Therefore, it could be compared (in function, if not in scale) with Nazi Germany or militaristic Japan, where international terrorism was part of official state policy.
Even though chances of a complete reincarnation of either ISIL or the Islamic Caliphate are pretty slim, dangerous options thereof can’t be ruled out.
That terrorism is often used by non-state actors – whether left-wing, right-wing or nationalist – and religious groups, is well known. In the 19th and 20th centuries, hundreds of political parties and groups were known to have used terror in their work.Their activities covered virtually the whole world: from small settlements and countries to continents, and were often supervised and financed by individual states to achieve geostrategic ends.
It is highly probable that the routed ISIL will still be trying to preserve its remaining terrorist groups, rebrand old ones, and recruit new fighters. Moreover, what has remained of the Daesh forces will spread throughout the world.
As BBC columnist Frank Gardner writes, “At the recent Munich Security Conference, Alex Younger, the chief of Britain’s secret intelligence service (MI6) said this: “The military defeat of the ‘caliphate’ does not represent the end of the terrorist threat. We see it therefore morphing, spreading out… within Syria but also externally… This is the traditional shape of a terrorist organization.”
Speaking at the same event, German Defense Minister Ursula von der Leyen said that ISIL was going deeper underground and building networks with other terrorist groups.
General Joseph Votel, who runs US Central Command, also said that even though the ISIL network is dispersed, pressure must be maintained or its components will have “the capability of coming back together if we don’t.”
Indeed, much of the ISIL militant force has not been destroyed and is now breaking up into small terrorist groups, which is only natural since ISIL is a plethora of jihadist groups fully capable of acting autonomously. .
With the rout of the Caliphate now a hard fact, ISIL is desperately looking for a way out of the situation. There are several such “exists” to speak of.
The first is the dispersal of jihadist fighters among the local population in Syria and Iraq, and the creation of “sleeper cells” waiting for an order to resume the fight.
A second option would be to redeploy militants to remote areas of Syria and Iraq, and the formation of guerilla units there.
Thirdly, this could be gradual infiltration into other countries where ISIL already has a base, or at least has supporters necessary for the organization to function further, perhaps under a different name, but with similar ideology and military-political doctrine. Primarily into Libya, where ISIL controls the cities of Derna, Nofalia, Sirt, and the Al-Mabrouk oil field. Moreover, in Libya, ISIL could become a third party in the ongoing confrontation between Tripoli and Tobruk.
In Afghanistan, ISIL has already become a third party in the long-running standoff between Kabul and the Taliban. However, the ongoing negotiations between the international community, primarily Russia and the US, with the Afghan Taliban (though in a separate format) could eventually ease tensions in that country which, in turn, would seriously undercut ISIL’s ability to influence the situation there.
In Egypt, local jihadists, taking orders from ISIL, control parts of the Sinai Peninsula.
Also, the Boko Haram group, which controls the north-east of Nigeria and is making inroads into neighboring Chad, Cameroon and Niger, has recently subordinated itself to ISIL.
There are certain opportunities now opening for ISIL also in Yemen, Somalia and the Democratic Republic of Congo.
Another “exit” option could be the return of the remaining jihadist fighters to their home countries, either individually or as part of small but closely-knit groups.
In the wake of the Islamic Caliphate’s downfall, many militants have recently returned home. About 30 percent of the 5,000 ISIL fighters (1,500) happen to be EU citizens. Of these, 300 have returned to France, about 900 people – to the former Soviet republics (including 400 to Russia), 800 – to Tunisia, 760 – to Saudi Arabia, and 250 – to Jordan.
This process is characteristic of all 86 countries Islamist volunteers once set out from to defend the ideas of radical Islam.
Clearly, the presence of experienced and battle-hardened ISIL terrorists, sometimes even armed, in the countries of their current residence is dangerous, even disastrous for these and other countries’ security. Small wonder, therefore, that the world is getting increasingly aware of the real threat posed by this jihadist-terrorist contagion.
Religious leaders are united in their denunciation of Islamist terror.
Saudi Arabia’s Supreme Mufti Abdulaziz bin Abdullah Al-Sheikh has branded the al-Qaeda and Islamic State jihadists the main enemies of Islam. He also quoted a verse from the Koran, which calls to kill the perpetrators of acts that “have a disastrous effect on Islam.” Any compromises with bloodthirsty fanatics are simply out of the question. They must be eliminated once and for all.
Pope Francis has approved the use of force against Islamist radicals. The Pontiff believes that coercive methods should be used to protect religious minorities from militants.
The World Jewish Congress (WJC) and the Russian Jewish Congress (RJC) has urged the entire world community to stand together against the “disgusting wave of violence” against Christians in the Middle East.
In Iraq, the Shiite leader Ayatollah Ali al-Sistani has reiterated his call for the Iraqi people to resist ISIL militants.
Important as religious leaders’ rejection of terrorism and its perpetrators is, however, the same can hardly be said about the world community. Indeed, even in the midst of the fight against ISIL in Syria, the antiterrorist forces failed to present a shared understanding of the danger posed by their common enemy.
It is really unforgivable that a universally accepted definition of international terrorism has not yet been worked out. The term is often used as an instrument of political struggle, because each country actually decides for itself whether a certain group is “terrorists” or “freedom fighters.” In Russia, 21 Islamist organizations are recognized as terrorist, and 33 in the United States . Moreover, actual definitions of “terrorism” often vary.
Coordinated fight is the only possible and effective way of ridding the planet of the scourge of terrorism. Unfortunately, there is no international legal basis for a collective solution of the problem. The experience of the past few years shows that a slow-moving and bureaucratic UN is not capable of providing quick and effective response to the threat posed by international terrorism. The world needs a fundamentally new and mobile international mechanism, structured to counter the terrorists’ extensive and diverse criminal activities.
The proposed idea of creating a supranational system uniting antiterrorist forces that would include administrative, information, analytical, intelligence, financial, counter-propaganda and power structures – well-equipped counter-terrorist units ready for quick deployment to troubled regions looks pretty viable. However, this international antiterrorist system must be established under the auspices of the United Nations, with its blessing, and rest on a solid legal foundation.
First published in our partner International Affairs
Cyber Warfare: Competing National Perspectives
The threat of cyberwarfare is a growing fear among all intelligence communities. “In June 2009 the U.S. Cyber Command was created and in July of 2011 Deputy Secretary of Defense William J. Lynn III announced that as a matter of doctrine, cyberspace will be treated as an operational domain similar to land, air, sea, and space” (Colarik & Janczewski, 2012, 35). Cyber warfare is conducted by infiltrating the country’s computer networks to cause damage and/or disruption to various infrastructures. This could be as minimal as spying on another nation or as in-depth as implementing acts of sabotage directed towards specific targets such as military operations or the power grid. The threat of cyber warfare is not specific to one country. This is a potential threat that effects each country across the globe.
China is a dominant power within the global arena and is consistently evolving with potential threats especially cyber technology. Chinese colonels Liang and Xiangsui claimed advanced technology gave the country’s adversaries a significant advantage, and proposed that China ‘build the weapons to fit the fight. Recently, the Chinese People’s Liberation Army (PLA) confirmed the existence of its Online Blue Army (Colarik, &Janczewski, 2012, 35). China’s fear of the impact and devastation that can be caused by the internet has forced them to implement strict policies governing the freedom and use of the internet within the country and creating strong security measures against infiltration by outside sources.
In 2014, China implemented the Central Internet Security and Informatization Leading Group to oversee all internet security. “This leading group is to deepen reform, protect national security, safeguard national interests, and promote the development of information technology. The group will have complete authority over online activities, including economic, political, cultural, social, and military” (Iasiello, 2017, 5). This group disseminates and monitors all information found on the web to ensure that there are no security breaches and the people are not in violation of the law.
In 2015, China drafted a national cybersecurity law.“The chief goals of its 2015 draft national cybersecurity law are (1) ensure cybersecurity, (2) safeguard cyberspace sovereignty, national security, and the public interest, (3) protect the legitimate rights and interests of citizens, legal persons and other organizations, and (4) promote the healthy development of economic and social information” (Kolton, 2017, 126). Whereas the United States promotes a free internet, China’s main focus is on establishing an internet that is secure from all potential threats both external and internal.
In 2016, China passed the “Cyber Security Law” that focused on the security of the internet and information systems and extended the ability of the government to oversee the information that was being shared to determine if it was done within accordance of their strict cyber security laws. This law helps the government to monitor any potential breaches of security by outside or internal sources. By implementing a stronger grasp of control over the internet, the government is able to reduce the potential of an attack or intrusion. Within this law, government agencies would be able to implement more guidelines for network security within industries to include energy, transport, military, defense, and many more (Iasiello, 2017, 6).These restrictions increase the control of the government over cybersecurity but also limits the freedoms of its citizens to explore the internet.
China has created new training for its military to be prepared against potential cyber warfare attacks. It has “developed detailed procedures for internet warfare, including software for network scanning, obtaining passwords and breaking codes, and stealing data; information-paralyzing software, information-blocking software, information-deception software, and other malware; and software for effecting counter-measures” (Ball, 2011, 84). It has also increased its number of training facilities to focus only on network attacks on cyber infrastructure and defense operations. The amount of money China is investing in facilities and training of military personal increases its ability to remain secure within this global threat of cyber warfare. One fear for China is its dependence on Western technology. “China’s capabilities in cyber operations and emerging technologies such as artificial intelligence are becoming more sophisticated, the country still depends largely on Western technology. Beijing is hoping to break that dependency through the Made in China 2025 plan” (Bey, 2018, 33). This is a mutual fear for both the US and China as they both rely on each other’s manufacturers with the fear that they will implement a trojan horse to intervene.
Like China, Russia has increased its abilities in combating the potential threat of cyber warfare. However, Russia has taken a different approach to this threat by going on the offensive. Russia has focused on non-linear warfare within the cyber world, which is defined as “the collection of plans and policies that comprise the state’s deliberate effort to harness political, military, diplomatic, and economic tools together to advance that state’s national interest. Grand strategy is the art of reconciling ends and means” (Schnauffer, 2017, 22). To assert its dominance in the global arena, Russia has been utilizing its own forms of cyber attacks to collect information and become a dominant cyber power.
Russia began its experiments with cyber warfare in 2007 in the clash with Estonia. This was done to determine its cyber capabilities as well as create a stronger resilience against future attacks. “Russia’s cyber experiment effectively shut down day-to-day online operations in Estonia’s cyber infrastructure for weeks, from news outlets to government institutions” (Shuya, 2018, 4). After this successful movement, Russia began to expand its focus to Georgia and Ukraine in 2008 and then in 2015, to offset local initiatives there which it considered to be against Russian national security interests. Russia has “developed multiple capabilities for information warfare, such as computer network operations, electronic warfare, psychological operations, deception activities, and the weaponization of social media, to enhance its influence campaigns” (Ajir& Valliant, 2018, 75). Russia has had a strong focus on using the tool of propaganda to disseminate key information to its citizens with the hope that they will abide by it as the real truth.
Russia’s investment into technology and the freedom of speech allotted by the West has made the West not only extremely vulnerable to Russia, but also has expanded the reach of the Russia globally. Ajir and Valliant (2018) highlight several key points of the Russian strategy:
Direct lies for the purpose of disinformation both of the domestic population and foreign societies; Concealing critically important information; Burying valuable information in a mass of information dross; Simplification, confirmation, and repetition (inculcation); Terminological substitution: use of concepts and terms whose meaning is unclear or has undergone qualitative change, which makes it harder to form a true picture of events, Introducing taboos on specific forms of information or categories of news; Image recognition: known politicians or celebrities can take part in political actions to order, thus exerting influence on the worldview of their followers; Providing negative information, which is more readily accepted by the audience than positive.
This approach allows the Russian government to remain in control of information that is filtered to its citizens. The restriction of freedom reduces the capability of deciphering fact from fiction.
Russia has also taken a defensive approach to cyber warfare by implementing strict laws that govern the use of the internet. The agency Roskomnadzor scans the internet for activity that is deemed illegal and detrimental to the Russian government. It has also implemented new laws to regulate internet activity. “The laws which came into force in November 2012 provided provisions for criminalizing slander, requiring nonprofits receiving funding from abroad to declare themselves “foreign agents,” and provide additional financial information and a final law sanctioning the blocking of websites featuring content that “could threaten children’s lives, health, and development” (Cross, 2013, 14). Many have deemed these laws as means to censor the internet, but the Russian government argues it is for the protection of its citizens.
An opposite example of failing to employ measures to protect the country from a potential cyber warfare attack is Mexico. The main focus for Mexico has been on drug cartels and eliminating internal threats within their own government. Mexico has begun to implement its own version of cybersecurity due to its substantial growth in cyber-attacks over the years. However, its overall success has been limited due to a lack of understanding and outdated systems. “Incidents in cyberspace pose a challenge to Mexico due to a lack of institutional structures and there is a need to strengthen capabilities since it does not have any specialized government or public sector agencies certified under internationally recognized standard” (Kobek, 2017, 8). Without the establishment of a specific agency dedicated to cybersecurity, Mexico will continue to struggle against cyber warfare threats. Mexico must implement new security measures that are applicable to all main threats beyond the drug cartels.
Currently, the government presence in Mexico is focused solely on actionable and tangible threats. There must be a reform to its current laws for “the armed forces require a law that reframes and modernizes the concepts of public safety, internal security, and national defense; clarifies the role, conditions, terms, and limits of the armed forces’ engagement; and establishes mechanisms to hold them accountable” (Payan& Correa-Cabrera, 2016, 3). The lack of accountability and oversight by the government to control key aspects, such as the military, and impose a stronger presence in the more demanding field of cybersecurity opens up the potential for a catastrophic event to occur within Mexico.
China and Russia are prime examples of how strict policy governance of the internet will help to reduce the potential threat of an attack. They are micromanaging every aspect of the internet from restricting specific websites (social media) or establishing specific agencies to monitor and analyze all information that is being viewed from all sources. “With the United States and European democracies at one end and China and Russia at another, states disagree sharply over such issues as whether international laws of war and self-defense should apply to cyber-attacks, the right to block information from citizens, and the roles that private or quasi-private actors should play in Internet governance” (Forsyth, 2013, 94). The failure of this policy is the restriction of freedoms to citizens. As stated above, one of Russia’s main focuses is promoting propaganda that is anti-west and pro-Russia. The control over the internet does not allow their citizens to research the truth or have global interaction. This increases the risk of upheavals among the people, especially as technology continues to improve and loopholes are found to circumvent existing policies and hidden content is exposed.
Another approach to cybersecurity is seen with the actions of NATO. It is focusing on improving its relationships with private security companies and “developing a Cyber Rapid Reaction Team (RRT)19 to protect its critical infrastructure, much like U.S. Cyber Command’s Cyber Protection Teams (CPTs)” (Ilves et al, 2016, 130). One downside to this approach is NATO is only able to apply defensive measures. It does not have the ability to implement an offensive attack. Creating a partnership with private companies provides it greater access and resources to potential cyber threats. Private companies have more funds available to pursue a stronger cyber security defense. A recommendation would be to create a joint European Union, United States, and NATO partnership against cyber warfare. Each has its own strengths that can be applied to a joint force against one common threat. A stronger partnership among key global powers will help to create a multifaceted approach to the threat of cyber warfare. The end goal of cyber warfare is the same for each country targeted. There is no specific adversary, but rather the substantial disruption or sabotage of key infrastructure.
Although facing intense criticism and skepticism, it would be beneficial for the US, China, and Russia to form a partnership against cyber warfare. As each country is already connected via their technology companies, they are each a global power that encompasses a vast majority of the world. A collaboration of information and resources would provide a stronger protection amongst common non-state threats. However, the chief obstacle is the ability to trust each country to act within the realm of security, instead of using it as an opportunity to gain substantial access to an inside look of the country. Since the US often accuses China and Russia of being the biggest state perpetrators of cyber actions, this criticism may be near impossible to overcome, despite the possible advantages. According to the World Economic Forum, the table below lists the top countries best prepared against cyber-attacks.
The United States is ranked number one with a significant margin above Canada. China and Russia who have implemented a very strict cyber security policy are not listed within the top 20. This is determined by the Global Cybersecurity Index, a partnership between private industries and international organizations that analyze all aspects of cybersecurity. This argues that the approach by countries such as China and Russia is geared more to the control over its citizens rather than executing a strong cybersecurity policy focused on legitimate external threats. Although, the table above does show that the United States is ranked number one in being able to protect the nation from potential cyber threats, it is only ranked at 82.4% effective. Russia and China have employed a different approach to cyber security that could be utilized to increase the overall effectiveness globally if each side was able to work together towards common threats. Ideally, such partnership would not only create new channels of connection and collaboration between adversaries, but would also set the stage for the more heavy-handed and restrictive policies of China and Russia to be loosened to the benefit of its citizens’ virtual freedom.
Cybersecurity between Enemies and Allies
Operational success, whether state or non-state, begins with a solid strategic plan that encompasses key objectives or targets. In today’s globally connected world, cybersecurity is holding the forefront space of challenges, vulnerabilities, and growth (Barrinha 2018). Success, in a globally connected environment, requires an understanding of the environmental systems and connections to appropriately identify the gaps in security and potential points of entry from adversarial actors (Barrinha 2018). Understanding the connected nature and networked capability of potential adversaries’ drives a need to analyze social networks as they relate to the interrelated environmental systems (Tsvetovat and Kouznetsov2011). Therefore, the ability to effectively engage within an interconnected and globalized operational environment is to understand the cybersecurity policies, trends, and vulnerabilities across western and non-western states like Russia, United Kingdom, China, and Israel.
Internationally, states are viewing cyber as the fifth domain of operations, added to air, space, land, and sea. In 2013, fifteen countries agreed with a need for international law for the elaboration of measures, norms, rules, or principles over the cyber domain. Today, military cyber capabilities exist in more than 40 states and of those 12 have explicitly offensive cyber capabilities. Despite the growing application of cybersecurity strategies and advancements in the development of international laws, a standard definition of cybersecurity does not exist (Greiman 2015).
Regardless of the state’s abilities or interest in cybersecurity, the intent is to create an ability to protect domestic networks against domestic or foreign intrusion and attack (Fischer 2016). Cyber-attacks come in many forms. Though attacks vary widely, they generally have a geopolitical, diplomatic, or economic interest, causing business and economic organizations to get involved with political structures to consider policy-setting and strategic capabilities (Jaquire et al. 2018). The difference is that instead of defending against states physically, the defense efforts are against actions exclusively housed within the cyber arena (Duvenage et al. 2018).
National cybersecurity strategies in general tend to possess three main components: strategies with intelligence and counterintelligence capabilities, personal security on information held in databases, and corporate security (Vancouver 2018). As Adamsky (2017) described Israel’s cybersecurity plan, the three interrelated vectors work together to provide robustness, resilience, and defense. The overall intent of national cybersecurity strategies is to provide a means by which the state can protect local networks from adversary threats.
The criticality and concern coming from the international community when dealing with increasing threat potential and vulnerabilities within the cyber domain is reflected by the more than 40 countries working to establish cyber policies. The United States and the United Kingdom both view “terrorism and cyber-attacks as the two greatest threats to national security” (Greiman 2015). As states look at the threat posed by the cyber domain, they must consider non-traditional ways in which foreign non-state actors are leveraging networks to spread their messages — to incite fear, spread support for their anti-state ideologies, or the ability to use virtual space as a meeting location to create extremist support (Cross 2013).
In efforts to standardize, Russia, China, Tajikistan, and Uzbekistan joined forces to submit an international code for information assurance (Grieman 2015). Australia, Canada, New Zealand, United Kingdom, and the United States banded together to create a stronger shared level of intelligence, known as the “Five Eyes” Community (Walsh 2015). However, Israel is still leading the way in the cyber policy, strategy, and successful operations (Adamsky 2017). Though all countries possess a mix of security interests and priorities, there is not a single consensus on how to internationally address threat conditions (Crosston 2016). In an attempt to address those conditions, countries must seek innovative and creative means to establish operations and policies to protect against globalized threats (Cross 2013).
Israel has the lead in leveraging innovation and creativity to develop tangible results and an example for other countries to emulate. In 2002, Israel established the goals and means by which it intended to secure its portion of the cyber domain. Seeking to find a balance between commercial and private needs with a need for national security, Israel established policies to “protect vital computerized systems of selected public and private civilian organizations.” Not wanting to fall short on future threats, Israel included concepts of “education, R&D, security, economic development, and international cooperation” into their policy design (Adamsky 2017). In 2015, the government established a concept of operations (CONOP) to regulate cyber mechanisms and operations focusing on cyber defense, capacity building,and structure. Using an interrelated framework of robustness, resilience, and defense, Israel can operate, sustain, and defend their local cyber domain from intrusion and attack better than most (Adamsky 2017).
Russia and China have similar approaches and practices. In their efforts to collect intelligence, neither country relies solely on confidential sources or methods, nor does collection tie singularly to state-sanctioned collection requests. More importantly, collection in Russia and China does not focus on collection against foreign agencies alone (Crosston 2016). As part of the policy process in Russia and China, the government opts to control exposure and risk by limiting the availability of sites that threaten the influence their control over the population (Cross 2013). While similar in their approaches, Russia and China developed individual strategies to protect their networks (Fei 2010).
China opted for a strategy with a longer-term outlook and sought to respect other nation’s objectives while fostering mutually beneficial cooperation. China’s strategy emphasizes multilateral ties and dealing with both traditional and non-traditional threats. China’s strategic approach consists of four prongs: the inclusion of complex, non-traditional aspects; issue-orientation over country interests; economic development to be independent of foreign technologies; and, a supposed practice of good governance and transparency.
United Kingdom announced, in 2010, a plan to spend $1 billion US dollars over a four-year period to launch a “transformative national cybersecurity program” focused on closing the expanding gaps between current capabilities and emerging technological advancements. The UK outlined its plan with the intention of leveraging private-public partnerships to create a single point-of-contact for cyber-crimes and security issues. The strategy also outlined a plan to develop international cooperation with like-minded nations (Hammond 2010). Not unlike Israel, the United Kingdom is focusing on policy development to protect privacy and reduce crime, while establishing a resilience capability. Through private-public partnerships, the UK aims for capacity building and to implement a risk-based approach to defending against cyberattacks (Greiman 2015).
Private-public partnerships, coupled with dynamic state policies, contribute to the state’s ability for capacity building. This is particularly important with the understanding that the private sector mainly owns and operates activities within the cyber domain for most states (Grieman 2015). While Russia and China understand this phenomenon, they opt to block sites and access as a means of controlling the internet. The efforts of Russia are generally politically inclined, focused on the interest of making the president appear stronger. In China, the state leverages cyber abilities for economic maneuvering. Israel selects a more comprehensive and holistic approach to managing the cyber environment.
Tsvetovat and Kouznetsov (2011) explained the connected nature and networked capability of potential adversaries as driving social connections and purposes. Within the cyber domain, states are able to leverage the connections and networks to shape policy, offensive operations, and international relationship development. As Russia and China continue to work through their controlled approaches to cybersecurity, there is a need for international consensus towards cybersecurity. In an effort to standardize an approach to cybersecurity, the international community should seek to follow in the steps of Israel (Adamsky 2017).As a soft power instrument, Israel is leveraging opportunities and threats to harness the potential of cybersecurity. Over the last decade Russia, China, and many others have reached out to Israel. Additionally, the more success Israel has in leveraging cybersecurity to promote international ties, the greater likelihood it will lead an effort to normalize cyber across the globe (Adamsky 2017).
As academics and practitioners continue to work toward a standard definition and understanding of cybersecurity, there is a distinct need for various states to come together in an effort to establish international norms and standards for the execution of cybersecurity. This effort should be much the same as joint operations govern telling time or tracking targets. It is crucial that the United States continues to find ways to lead the effort to establish agreements that focus on commonalities that can benefit the reduction of cyber dangers between China, Russia, and Israel.
The effort to understand the cyber environment and its various network of connections is vital in working through concerns faced by countries emerging as a new power (i.e.,Brazil, India, Argentina, and Australia among others). The importance of this understanding links back to Brafman and Beckstrom’s (2012) starfish and spider concepts, demonstrating the capability of groups to operate from geographically dispersed locations without a centralized leader. Improved security within the cyber domain will assist in mitigating political, economic, and criminal activities that are counter to a state’s security strategies. Perhaps most importantly, he ability to increase cybersecurity and cooperation in the cyber domain internationally creates a possible platform to work against other threat issues such as transnational organized crime, terrorism, human trafficking, and migration from failing states. Understanding critical elements and the approach other countries use to navigate through their domestics and external threat will continue to prove to be as crucial for the United States and the interaction with other countries in the future.
Pakistan: Next Destination for Nature-Lovers
Pakistan is country blessed with natural beauty. Diverse topography, climate, people, makes it unique country, worth visiting. Northern part of...
ADB Supports 275 MW Power Plant to Boost Energy Access in Sumatra, Indonesia
The Asian Development Bank (ADB) today signed a private sector financing package to support the construction of a 275-megawatt combined-cycle gas...
“Gas wars” in Europe
Russia is ramping up natural gas exports to Europe. In 2018, Gazprom delivered a record 201.8 billion cubic meters of gas...
Investments in Gender Equality in Croatia Will Increase Opportunities for All
Croatia has made significant progress on including gender equality both institutionally and legally in its policy agenda, with indicators such...
The Breitling Cockpit B50 Orbiter Limited Edition
On March 21, 1999, balloonists Bertrand Piccard and Brian Jones safely landed their Breitling Orbiter 3 in a remote region...
Education critical to ensure future of forests, and reverse their destruction
The UN drew attention to the vital role that forests play in addressing some of the world’s greatest environmental challenges...
China’s great geostrategy for trade and defense
The primary policy line of the People’s Republic of China, above all at sea level, is to defend its strategic...
Middle East3 days ago
Syrian Coup de Grâce
Style3 days ago
The New Breitling Superocean Collection
South Asia2 days ago
A peek into India’s 2019 elections: Past trends and portents
Central Asia3 days ago
The Track to Prosperity
Terrorism2 days ago
Who is Brenton Tarrant: Insight on the New Zealand Attack
Economy2 days ago
Turkey and Trump’s sanctions-based “political economy”
Eastern Europe3 days ago
Ukrainian Presidential Elections 2019
Europe2 days ago