Connect with us

Intelligence

Two Cyber Resolutions Are Better Than None

Published

on

The latest annual report of the Global Economic Forum lists cyberattacks among the top 5 global risks, along with extreme weather events, natural disasters and the effects of climate change. Moreover, experts offer pessimistic forecasts: in 2019, the risks will only increase as a result of the lack of collective will and the growing divisions in the global community.

Clearly, the issue of international information security (IIS) today is not just pressing, but burning. The problem is relevant to virtually all participants in international relations and requires a political solution.

At the same time, Russia warned of the dangers of cyber incidents 20 years ago and was the first to launch a discussion on the matter at the United Nations. At first, support for Russia’s initiative was reluctant, but the more information technologies progressed and cyber challenges evolved to match them, the greater traction the problem of information security gained in the agenda of the UN and other international platforms.

In late 2018, truly important steps were taken to bolster international information security. In particular, the global community realized the need to re-launch the UN Group of Governmental Experts (UN GGE), the principal multilateral venue for information security talks, which in 2017 found itself at an impasse due to disagreements among its members. Now, though, there will be two groups…

A/RES/73/27 and A/RES/73/266

Today, we can confidently state that the global discussion on international information security has been resumed. In November 2018, the United Nations General Assembly First Committee adopted two draft resolutions at once on the behaviour of states in the information space, and in December, the General Assembly voted in pleno and approved both documents. This article considers the contents of both resolutions.

Resolution A/RES/73/27 “Developments in the Field of Information and Telecommunications in the Context of International Security” was proposed and promoted by Russia in collaboration with 32 states. A total of 109 states voted in favour of the resolution, with 46 voting against and 14 abstaining. The overwhelming majority of states supporting the resolution are members of BRICS and the Shanghai Cooperation Organisation (SCO), as well as many countries of the developing world. The West preferred to collectively oppose the document.

Resolution A/RES/73/27 has several key features. First, it is intended to protect the digital interests of all states regardless of their level of technological development. In that connection, the resolution notes the importance of aiding some states in overcoming the gap in information and communication technologies (ICT), which, as the authors of the document believe, has a major significance for international security.

Second, the resolution presents a code of 13 rules, norms and principles of the responsible behaviour of states in the information space. Their objective is to lay the foundations of peaceful interaction between states in the ICT environment and prevent wars, confrontations and any aggressive actions. The following rules are of principal significance:

  • using ICT for peaceful purposes only;
  • observing the principle of state sovereignty in the information space;
  • cooperation in the fight against the use of ICT in criminal or terrorist purposes;
  • preventing the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions.

Third, a new UN GGE – an Open-Ended Working Group (OEWG) – is set to launch work in June 2019. Its chief task will be to continue to develop norms, rules and principles of the responsible behaviour of states in the information space and consider the issue of the applicability of international law to the ICT environment. Russia believes that the previous UN GGE with limited representation is no longer workable and a new level of interaction on matters of information security must be reached. The resolution proposes making the negotiating process more democratic so that it can be truly open, inclusive and transparent. Initially, the Group of Governmental Experts comprised, at various times, between 15 and 25 states. Now, all UN members states, without exception, will be able to take part in the OEWG. Additionally, for the first time, non-state actors will be involved in the group (business, non-governmental organizations and the academic community) via intersessional consultative meetings. Therefore, the Russian side has succeeded in getting IIS topics to grow beyond the narrow scope of the UN GGE. “The Club of the Elect“ has been transformed into a full-fledged UN organ. The results of the group’s work will be summarized in the consensus report to be presented in two years at the 75th session of the UN General Assembly.

The second document approved by the General Assembly is Resolution A/RES/73/266 “Advancing Responsible State Behaviour in Cyberspace in the Context of International Security.” It was proposed by the United States in collaboration with 35 states. The vote was as follows: 139 in favour, 11 against and 16 abstentions. The resolution was primarily supported by of the EU and NATO member states and other allies of the United States.

The resolution stresses the effective work of the UN GGE and the importance of assessments and recommendations contained in the Group’s reports for 2010, 2013 and 2015. The document calls for the creation of a new Group of Governmental Experts in 2019 based on equitable geographic distribution. As before, it will not be an open group, which, it has to be admitted, does not make the process of developing the “road traffic rules” in the information space truly inclusive. This is certainly one of the principal differences between the U.S. and Russian approaches.

The resolution also requests that the Office for Disarmament Affairs of the Secretariat (UNODA), on behalf of the UN GGE, collaborate with regional organizations (the African Union, the European Union, the Organization of American States, the Organization for Security and Co-operation in Europe and the ASEAN Regional Forum) in matters of information security.

An “American style” UN GGE will be vested with powers to carry out research on possible joint measures to eliminate existing and potential cyber threats and study the norms, rules and principles of the responsible behaviour of states and confidence- and potential-building measures, with due regard to their effective implementation. The results of the group’s work are slated to be presented in three years at the 76th session of the UN General Assembly. The final report, which does not require a consensus of all participants, is expected to contain written national materials on how international law applies to the use of ICT by states.

Complementarity Instead of Competition

On the whole, Russia and the United States proposed two largely competing resolutions. Therefore, discussion on ISS will be more complicated and multilevel, as the dialogue space on the issue is fragmented, especially since the degree of mutual distrust between the two countries is very high. Such circumstances certainly make any constructive international cooperation far more difficult, but they do not mean it is impossible.

However, even given the differences on many issues, there are no particular obstacles to block working in parallel, especially since both resolutions welcome the previous achievements of the UN GGE and their 2013 and 2015 reports. For instance, both resolutions confirm that international law is applicable in the information space and both promote the creation of an open, secure and accessible information environment. Both resolutions also recognize the importance of the business and academic communities and NGOs in increasing the effectiveness of international cooperation intended to ensure security of the ICT environment. These are not the only points of contact between the two documents.

Theoretically, with the political will, a joint negotiating process can be organized between the parties that would be complementary rather than competitive. Moreover, the GGE and the Open-Ended Working Group (OEWG) can motivate each other to develop and steadily move towards a rapprochement, since neither group would want to lag behind the other in terms of agreements or breakthrough solutions achieved.

It is noteworthy that many countries (77 in total) voted for both resolutions, including India, South Africa, Kazakhstan, Indonesia, etc. For those states, these documents do not represent opposite positions on ISS. They believe that both groups could complement each other and increase awareness of the problems related to the ICT environment. And this means that there is potential for creating a single track on the issue of putting information and communication technologies in order. In any case, a huge number of countries are ready for this, and they are interested in it happening. It is important to build a constructive, non-politicized dialogue and launch steady forward movement towards a consensus instead of competing in a “tug-of-war,” thus killing the long-standing dream of a peaceful and secure digital space.

The world has different approaches to solving various problems, and this is normal in the paradigm of the modern democratic process. However, this plurality of approaches notwithstanding, the global community should work for the benefit of a common positive result and not allow the security of some to be based on supremacy over others.

First published in our partner RIAC

Continue Reading
Comments

Intelligence

Cyber-attacks-Frequency a sign of Red Alert for India

Published

on

The biggest target is in terms of transportations, nuclear power plants, Power system Operation Corporation Limited, V.O. Chidambaram Port Trust, Telangana State Load Dispatch Centre, logistic industries and research organisations which eventually can lead to destruction of the whole ecosystem. The confidentiality breach in the case of medical data leak as reported by a German cyber security firm –Greenbone Sustainable Resilience wherein Picture Archiving and Communication Servers were linked to public internet without any requisite protection is a point of concern. Then, there are certain individualistic attacks such as hacking email and financial crimes (banking), etc. In the last two years the attacks radar of focus has been defence, government accounts and the vaccine manufacturing companies.

Cyber Security – Individualistic awareness need of the hour

The target of the individual in a peculiar case which led to heinous crimes casted was due to opening of a document which was a bait to install Netwire- a malware. The bait was eventually delivered through a file and what prompted a person to open that link was a Drop box sent to him on his email was actually opening a Pandora Box of malicious command and control server. An emphasis to understand the technicality that Netwire stands for a malware which gives control of the infected system to an attacker. This in turn paves way for data stealing, logging keystrokes and compromise passwords. In the similar vein the Pegasus used the tactic to infiltrate the user’s phones in 2019.

Cyber Security – Attacking Power Distribution Systems

The intrusions by Chinese hacker groups in October, 2020 as brought out by Recorded Future was done through Shadow Pad which opens a secret path from target system to command and control servers. And, the main target is sectors such as transportation, telecommunication and energy .And , there are different tags that are being used by the Chinese Espionage Industry such as APT41, Wicked Spider and Wicked Panda , etc.

The institutions backing legitimisation

The Institutions which are at working under the cyber security surveillance are the National Security Council and National Information Board headed by National Security Adviser helping in framing India’s cyber security policy .Then, in 2014 there is the National Critical Information Infrastructure Protection Centre under the National Technical Research Organisation mandating the protection of critical information infrastructure. And, in 2015 the National Cyber Security Coordinator advises the Prime Minister on strategic cyber security issues. In the case of nodal entity , India’s Computer Emergency Response Team (CERT-in) is playing a crucial role under the Ministry of Electronics and Information Technology(MEITY).But, there is a requirement of clarity in National Cyber Security Policy of 2013 and the needed updates desired in it respectively.

A cohesive approach – Data Protection and Privacy Importance

The Data privacy i.e. the personal data protection bill is an important imperative in which services of private actors can be bridged through a concerned law which is missing link in that sense. The point of Data localisation falls squarely within this dimension of Section 40 and 41 of the draft bill where in the Indian stakeholders have the capacity to build their own data centres .In this contextualisation there also a need to understand certain technicalities involved in terms of edge computing which in a way is enabling the data to be analysed, processed, and transferred at the edge of a network. An elaboration to this is the data is analysed locally, closer to where it is stored, in real-time without delay. The Edge computing distributes processing, storage, and applications across a wide range of devices and data centres which make it difficult for any single disruption to take down the network. Since more data is being processed on local devices rather than transmitting it back to a central data centre, edge computing also reduces the amount of data actually at risk at any one time. Whereas on the other hand, there is insistence on data localisation has paved the way for companies such as Google Pay to adhere to the policy and synchronise their working with the United Payments Interface (UPI).

What do you understand by Data Share?

In the recent case of WhatsApp privacy issue and drawing in parallel other organisation a similar platform such as Facebook and Google shared the data to the third party with a lopsided agreement and with continuance of the data trade business industry. In 1996 the internet was free so was perceived as carte blanche , a safe harbour falling under the Section 230 of the Communication Decency Act in the United States but with the evolution of the circumstances the laws in that specifications are also required to change in that respect. In relations to the Indian law under the Information Technology Act, 2000 under the Section 69 the Indian government has the powers to monitor and decrypt any information that’s store in any computer resource but on certain conditions such as in regards to the sovereignty, defence and security of the country.

Cyber-attacks understanding on the International Forums

In terms of Lieber Code of Conduct of 1863 or be it Hague Convention of 1899 there is a need of updating the definitions and where in the cyber army falling under the categorisation  of civilians , not possessing any of the warfare weapons cause the main weapon that they possess is a malware which is invisible but can have deep repercussions leading to destruction of that particular economy altogether .So, in recent evolving circumstances there is an undue importance to for the target country to respond with equal force and having a right to self-defence in this manner regardless of the attack being from a non-state actor from a third country and masquerading under the civilian garb .Henceforth , there a thorough understanding of the complex environment that one is dealing with , there is undue emphasis to change and respectively update with the current world.

Continue Reading

Intelligence

Incidents of Uranium Theft in India: Depleting Nuclear Safety and International Silence

Published

on

Terrorism

In yet another incident of the capture of nuclear-related materials from unauthorized persons in India has made headlines in the Indian media but largely ignored in the international media. On 4th June 2021, as reported in the Indian media, the authorities arrested seven people possessing approximately 6.4 kilograms of Uranium in the Eastern State of Jharkhand. This is the second time in less than a month where Indian authorities have captured such a gang in an attempt to sell uranium illegally. An incident of the same nature was reported just a few days ago in May 2021 where authorities apprehended unauthorized persons, who were trying to sell nearly 7 kilograms of natural uranium on the black market. Notably, Indian authorities themselves believe that these events might be linked to a “national gang involved in illegal uranium trade”. This is a very serious issue because it means two things; first, that Indian local uranium reserves, radioactive nuclear materials, and facilities are not protected and are prone to black marketing. Secondly, this scenario has emerged because India is not adhering to international bindings of nuclear safety and security such as UN resolution 1540 and (Convention on Physical Protection on Nuclear Material) CPPNM under IAEA to secure its materials, reserves, and facilities. But, the most damaging aspect in this scenario is the discriminatory behavior of the international community, which is criminally silent on the violations of norms, practices, and regulations necessary for nuclear safety and security.

Though in both incidents, Uranium was in natural condition, which cannot be used for making bombs; however; it should be of great concern, as even in its natural state the Uranium can spread considerable radioactivity if used with conventional explosives. Moreover, Indian authorities themselves are considering that these activities could be linked with national gangs involved in the illegal supply of uranium. This raises the point that actually how much natural uranium is illegally sold in the black market by India. Since these are only incidents that are being reported in the Indian media, there might be many incidents that have never been reported. Also, this gang was captured from near the area where Indian Uranium mines of Jharkhand are allocated, the likelihood of access of non-state actors to these mines cannot be denied. These incidents are critical for international security and stability because such radioactive material when sold in black markets could be brought by the non-state and states aspiring for nuclearization. Unfortunately, in such a scenario all the efforts currently going on to stop the proliferation of nuclear weapons would be hampered. The recurring of these incidents reflect that India, despite being a member of CPPNM is not ensuring the protection of its nuclear materials from theft and sabotage by proper regulations, stringent mechanisms, and control. Other than CPPNM, India has also signed UN resolution 1540, which makes it mandatory for the states to ensure security regulations, mechanisms, equipment required for the security of Weapons of Mass Destruction (WMD) from the non-state actors. But, surprisingly, so far the UN or any other international organization has not taken notice of these recurring events. Rather, these mishaps by Indian authorities are shoved under the carpet. These incidents have been reportedly re-occurring in India, media reported these events in 2003, 2008, 2009, 2013, 2016, 2019, and now again in 2021. 

Nuclear safety and security is a national matter of any state; however, against the backdrop of the potential damage, which these weapons can bring, they have become an international concern. Specifically, to an extent, where states are sometimes criticized, lauded, and sometimes rewarded for their behavior in this realm. In this regard, India appears as an exceptional case, where the formation of Nuclear Suppliers Group NSG to stop such events in the future has its roots in the Indian so-called peace nuclear explosion (PNE) in 1974. Ironically, a few years down the road, the same NSG gave a waiver to India for conducting nuclear export. Moreover, India was made part of many other regimes such as the Missile Technology Control Regime (MTCR), Australia Group, and Wassenaar Arrangement. Although, these decisions were carried out in lieu of geo-political realities, where the West regards India as a balancer against China but it gave a free hand to India. Even the US-based NTI Report on Nuclear Security Index gives India less score in nuclear safety and security regulations. At a time when many nuclear theft-related incidents have occurred in India in recent years, disgracefully, India still desires to become a member of NSG based on its so-called nuclear record.

To sum up the situation, the occurrence of back-to-back nuclear theft-related incidents has further exposed India’s nuclear credentials and its non-adherence to international practices of nuclear safety and security. If legal bindings such as CPPNM and 1540 would not be implemented in the future by India, the South Asian stability, as well as the international security, would be undermined. Moreover, if the international non-proliferation continues to remain lenient towards states like India, the rest would likely regard the international non-proliferation mechanism not just as discriminatory but even as hoaxing. Many states might prefer to proliferate for their own interests, which would not serve the non-proliferation mechanism and regime. A very candid example is that today even after two years of the last NPT review conference, the next has not been conducted and chances are that it might not be conducted this year.

Continue Reading

Intelligence

Uranium is being traded freely in the open market in India

Published

on

Terrorism

The Times of India has reported that a special police team arrested seven persons and recovered 6 Kgs of Uranium from them following raids at different parts of the city on Thursday. Bokaro SP Chandan Kumar Jha said, “We have seized the yellow substance and will send it to experts for tests. Uranium is a highly radioactive substance used at nuclear facilities.”

Police said the accused, suspected of being part of a national gang involved in the illegal uranium trade, searched for customers and fixed its price at Rs 50 lakhs per kg. Notably, a kilogram of Uranium sells for around Rs 18 crores in the global market, sources said. For the first time, Uranium has been seized in this industrial town, but in other parts of India, similar cases were reported several times recently.

Those arrested have been identified as Bapi Da alias Bapi Da alias Bapi Chandra, Anil Singh, Deepak Kumar, Krishna Kant, Hare Ram Sharma, Mahavir Mahto, and Pankaj Mahto. They are residents of different parts of the district. Deepak and Bapi have a criminal history. It is illegal to possess Uranium without a license in India, and violation of the Atomic Energy Act, 1962, can attract stringent punishment.

Jha said police received information that some criminals are preparing to sell Uranium. A nine-member team headed by Chas DSP Mukesh Kumar and City DSP Kuldeep Kumar were involved in the raids. “It is still unclear how they got their hands on the radioactive metal. During interrogation, they mentioned West Bengal, Giridih, and a few other places. Seven mobile phones and a motorcycle were also seized from them,” he said.

Notably, Jharkhand is among a few states in the country that has uranium mines. Uranium Corporation of India Limited (UCIL) also has a uranium processing plant at Jaduguda, about 150km from Bokaro city.

Sources said police are also investigating to ascertain whether the arrested accused have any links with a similar racket busted by Maharashtra Anti- Terror Squad (ATS) on May 5 after it nabbed two persons. A total of 7.1 kg of natural Uranium worth Rs 21.3 crore was seized from the duo identified as Jigar Jayesh Pandya (27) and Choudhary (31).

It is a severe failure of the Government that hazardous materials are accessible by common people. It is the state’s responsibility, and the state must ensure the safety of the ordinary people. However, PM Modi has different priorities and over-engaged in non-issues. His focus to undermine minorities and the illegal occupation of Kashmir has made him over busy and left no time to safeguard the public interest. His extremist policies and brutalities against minorities are strongly condemned.

It is not the first time that Uranium has been traded like a regular commodity in the open market. It can be dangerous for India as well as the whole world. The law and order situation in India has deteriorated adversely, and criminals may avail this opportunity. The worst scenario will be if the RSS Hindu extremists got access to Uranium, then, definitely, the subcontinent is a one case. The fanatic RSS members are so vulnerable that they can go to any extent without considering the consequences.

Therefore it is appealed to the International community, the International Atomic Energy Agency (IAEA), and the UN to take serious notice and place preventive measures on the ground.

Being the next-door neighbor, Pakistan is under threat and has a responsibility to highlight such severe violations and may involve the international community to avoid similar cases in the future.

Pakistan on Friday, describing the reports of yet another incident of attempted illegal sale of Uranium in India as a “matter of deep concern,” reiterated its call for the thorough investigation of such incidents and measures for strengthening the security of nuclear materials to prevent their diversion.

In a statement, FO Spokesman Zahid Hafeez Chaudhri said the similar incident in Maharashtra last month and other such reports in the past “are a matter of deep concern as they point to lax controls, poor regulatory and enforcement mechanisms, as well as the possible existence of a black market for nuclear materials inside India.”

The UN Security Council Resolution 1540 and the IAEA Convention on the Physical Protection of Nuclear Material (CPPNM) make it binding on states to ensure stringent measures to prevent nuclear material from falling into the wrong hands, the statement noted.

“Pakistan reiterates its call for [a] thorough investigation of such incidents and measures for strengthening the security of nuclear materials to prevent their diversion,” it added.

The press release said it was “equally important to ascertain the intent and ultimate use of the attempted uranium sale given its relevance to international peace and security as well as the sanctity of global non-proliferation regime.”

Uranium is used in several areas, including nuclear explosives and medical techniques. The very fact that some people stole or illegally mined Uranium raises concerns about nuclear safety and security in India. It also indicates the possibility of a nuclear market existing in India that could be connected to international players.

Pakistan had voiced serious concern last month, too, after reports of the Maharashtra seizure emerged, pointing to gaps in state control mechanisms there.

“We have noted with serious concern the reports about the seizure of more than 7kg natural uranium from unauthorized persons in India,” Chaudhri had said at the time.“Security of nuclear materials should be the top priority for all countries,” he added.

“There is a need for a thorough investigation of the matter as to how such sizeable quantity of uranium could become available outside any state control and identify the gaps which made this possible.”

Continue Reading

Publications

Latest

Trending