Connect with us

Science & Technology

Shrinking Cyber-Universe

Published

on

In 2019, the book «India’s strategic options in a changing cyberspace» written by Cherian Samuel and Munich Charma was published. (New Delhi, Pentagon Press LLP in association with Institute for Defence Studies and Analyses, 2019). In their work, the authors examine the general concept of cyberspace, while extrapolating it to India’s cyberspace dimension.

Cybersecurity problems are tightly included in the new agenda of international relations, which stresses the importance of their comprehensive study, now more relevant than ever. The work raises several issues that appear to be important for a modern understanding of cyberspace. Among the issues raised, we find cyber deterrence, the regulatory framework for cyberspace, the protection of the critical state infrastructure, Active Cyber Defense knowledge, and its attendant legal and ethical issues.

To begin with, the authors illustrate the reasons why the decided to start the book. Firstly, due to the constant change in threats and actors, cyber policy is said to be a moving target. The second problematic lies on the fact that the development of adequate measures becomes difficult for governments, especially international organizations.

The first problem identified by the authors refers to an instrumental nature — namely a lack of technical knowledge, a sophisticated conceptual framework. Trying to analyze the meaning of cyberspace, cybersecurity, cyber warfare, cyber weapons, deterrence in cyberspace, and critical information infrastructure, the authors conclude that each actor understands them in their own way. For example, the concept of “Cybersecurity” is developed in the West. It focuses mainly on the technical side of security. Conversely, the “International Information Security” concept is widespread in China and the CIS and focuses on its political and instrumental use, as well as the compromise “Security in the field of information and security, communication technologies and their use.”

The second problem refers to the lack of access to source data, the presence of conflicting versions of events. According to the authors, the problem would arise due to the lack of the ability to formulate a full-fledged unambiguous conclusion based on the available data. Cyberspace often becomes part of military strategies and doctrines of states. The authors tried to provide the reader with a complete picture of the different countries’ and organizations’ versions, having worked out each of them qualitatively.

The third problem relates to the high politicization of the topic. In the beginning, cyberspace was characterized as common property; its regulation was possible within the framework of international institutions and forums established over the years. Among the more prominent ones we list the United Nations Group of Governmental Experts (UNGGE) and the Internet Governance Forum (IGF). Examples of NGOs’ participation and think tanks are the Global Conference on Cyber Space (GCCS), the Global Commission on the Stability of Cyberspace, and the World Internet Conference.

Over time, however, the tendency to diversify measures to regulate cyberspace has emerged. Only the general trend developed by the Western community remained — to keep cyberspace “open, secure, stable and free.” By declaring Western centricity, the authors refer to the fact that the development and implementation of the latest infrastructure took place from the global West to the East. If the issue of development and implementation has long ceased to be exclusively Western and acquired the outlines of a network structure, now the politicization of the topic lies in ideologically loaded terms. This is expressed in well-established clichés according to which the best hackers who can influence the election results are Russians or Chinese.

Issue number four refers to the fact that the topic of cyberspace is very voluminous. It includes the aspect of global governance in cyberspace, the level of militarization, the legal obligations of each of the parties, and the right to self-defense of the country and the individual. In their book, authors focused on specific areas of cyberspace, like for instance the concept of Active Cyber Defense. After analyzing the approaches of different countries, the authors conclude that the strategy is moving from offensive to defensive, a tendency that intensified after the World War II. Nation-states trying to protect their interests, undertake actions that need to be declared. Any response thereafter is made in accordance with calculations of political benefit, economic leverage, or purely self-defense. In this regard, the authors compared the development of concepts for nuclear weapons and cyber weapons. The development of atomic weapons after the Second World War and artificial intelligence and quantum calculus today depends entirely on the development of technology. Despite some similarities, cyberspace appear to be more complicated due to the inability to establish the source of the attack and the consequences of asymmetrical response.

And, finally, the fifth identified problem is the lack of a clear international legal framework. The author highlights the concepts of different states, from the USA to China and from Russia to the UK. There are two block approaches to the regulation of cyberspace. The first — tentatively referred to as “Western” — assume that in general, the existing body of international law, humanitarian law in particular, already covers cyberspace. It can be applied to issues related to emerging information technology. This approach was most clearly developed in the Tallinn Guidelines for Cyber Warfare and Cyber Operations (developed in two points by the NATO Joint Center for Excellence in Cyber Defense).

The second approach, the Russian one, suggests that although relevant international law applies to cyberspace, the formation of an additional base of legally binding documents is necessary. The Russian approach focuses more on how to prevent information wars, while the Tallinn leadership regulates the rules of war itself. Therefore, the domestic approach does not accept the method of the North Atlantic Alliance, perceiving it as already de facto legalizing cyber warfare. The key document refers to the 2011 Convention on International Information Security, which aims to prevent the misuse of information and communication technologies for political, military, terrorist, and criminal purposes.

Furthermore, the authors devote special attention to a very crucial document, now taken as a kind of consensus between the two designated approaches — the Report of the UN Group of Government Experts (UN GGE) 2015, stating that:

  • States will not attack each other’s critical infrastructure
  • they will no longer insert malicious “bookmarks” into their IT products.
  • refrain from indiscriminately accusing each other of cyber attacks.
  • make efforts in the fight against hackers carrying out computer sabotage from or through their territory.

Per contra, cyber-norms have already dramatically influenced social norms. The role of « norm entrepreneurs » consists in persuasion through the organizational platform.

Going forward, while many States still perceive the evolving norms with a sense of unity, the focus seems to have shifted from negotiations norms among adversaries to shaping patterns with like-minded countries, setting the norm of competition in cyberspace.

At the level of national states, the confidentiality issue arises due to mass surveillance, that is when a democratic state enters a polemic with civil society over the legality of access to encrypted data (for example, a terrorist). Beyond the identity, attribution also extends to figuring out the motivations and intentions of the attacker, and whether he/she is acting alone or on behalf of a state or an entity. The vulnerability of critical infrastructure further exacerbates the situation. Cyberattacks are the equivalent of natural disasters. And to eliminate these disasters and preventive responses, cyberspace offers unprecedented opportunities for public-private partnerships. This would ideally be achieved through more cooperation between government outsourcing their responsibility of being overarching security provider to private companies or acquiescing to private sector demands. Nevertheless, the approaches and laws for data protection have subjective applicability and relevance, like the requirements, digitization, and technology maturity vary across every nation-state.

In the ratio of information security and communication in cyberspace, the author calls encryption a possible key to solving the problem.

Having made cybersecurity one of the priority areas of action, India appears as a flagship cybersecurity country. Critical infrastructure is now much more dependent on cyberspace, and trade-offs can be detrimental. Higher confidence in attribution can justify punishment and strengthen deterrent capability by setting a precedence that threat actors, including nation-states, will have to pay as a response for any hostility. Cybersecurity, as a non-traditional security domain, would require a non-traditional approach to problem-solving and public-private partnerships. Something that, in this case, could help provide solutions to many problems.

If we trace the logic of the authors’ thoughts, we can see that the line moves from the level of international organizations to the individual level, which is of interest. Cyberspace, like nothing else, shows the entry into the world stage of new actors. These actors appear due to objective necessity. States are no longer the only guarantors of personal security. The network system of interaction of actors partly erases state borders. However, boundaries appear as soon as the actor crosses the established red line, the permitted boundary of actions. At the same time, for each actor, this red line remains individual. The combination of the tangible physical world of the infrastructural and virtual world remains too voluminous for operationalization. However, the apparent shrink of the cyber universe is observed.

Dr. Cherian Samuel is Research Fellow in the Strategic Technologies Centre at the Manohar Parrikar Institute for Defence Studies and Analyses. He has written on various cybersecurity issues, including critical infrastructure protection, cyber resilience, cybercrime, and internet governance. Munish Sharma is a Consultant in the Strategic Technologies Centre at the Manohar Parrikar Institute for Defence Studies and Analyses. His research interests include cybersecurity, critical information infrastructure protection, space security, and geopolitical aspects of emerging technologies.

From our partner RIAC

Science & Technology

Is your security compromised due to “Spy software” know how

Published

on

Spy software is often referred to as spyware is a set of programs that gives access to user/ administrators to track or monitor anyone’s smart devices (such as desktop, laptop, or smart phone) from anywhere across the globe.

Spyware is a threat, not only to businesses but individual users as well, since it can steal sensitive information and harm anyone’s network. It is controversial due to its frequent violation to end user’s privacy. It can attack user’s device, steal sensitive data (such as bank account or credit card information, or personal identity) or web data and share it with data firms, advertisers, or external users.

There are numerous online spyware designed for almost no cost, whose ultimate goal is to track and sell users data. Some spy software can install additional software and change the settings on user’s device, which could be difficult to identify.

Below are four main types of spyware, each has its unique features to track and record users activity:

Tracking cookies: These are the most common type of trackers, these monitor the user’s internet usage activities, such as searches, downloads, and history, for advertising and selling purposes.

System monitors: These spy software records everything on your device from emails, keystrokes, visited websites, chat-room dialogues, and much more.

Adware: This spyware is used for marketing purpose, it tracks users downloads and browser history, and suggests or displays the same or related products, this can often lead to slow device.

Trojan: This spyware is the most malicious software. It can be used to track sensitive information such as bank information or identification numbers.

Spyware can attack any operating system such as windows, android, or Apple. Windows operating systems are more prone to attack, but in past few years Apple’s operating systems are also becoming vulnerable to attacks.

According to a recent investigation by the Guardian and 16 other media organizations, found that there is a widespread and continuous abuse of NSO’s hacking spyware Pegasus, on Government officials, human rights activists, lawyers and journalists worldwide which was only intended to use against terrorists and criminals.

The research, conducted by the Pegasus technical partner Amnesty’s Security Lab, found traces of the Pegasus activity on 37 out of the 67 examined phones. Out of 37 phones, 34 were iPhones, and 23 showed signs of a Pegasus infection, while remaining 11 showed signs of attempted infection. However, only three out of 15 Android phones were infected by Pegasus software.

Attacks like the Pegasus might have a short shelf life, and are used to target specific individuals. But evidences from past have proved that attackers target large group of people and are often successful.

Below are the most common ways devices can become infected with spyware:

  • Downloading software or apps from unreliable sources or unofficial app publishers
  • Accepting cookies or pop-up without reading
  • Downloading or watching online pirated media content
  • Opening attachments from unfamiliar senders

Spyware can be extremely unsafe if you have been infected. Its damage can range from short term device issue (such as slow system, system crashing, or overheating device) to long-term financial threat.

Here’s what you can do protect your devices from spyware:

Reliable antivirus software: Firstly look for security solutions available on internet (some are available for free) and enable the antivirus software. If your system or device is already infected with virus, check out for security providers offering spyware identification and removal.

-For instance, you can install a toolkit (the Mobile Verification Tool or the MVT) provided by Amnesty International. This toolkit will alert you with presence of the Pegasus Spyware on your device.

-The toolkit scans the backup file of your device for any evidence of infection. It works on both Apple and Android operating systems, but is more accurate for Apple operating system.

-You can also download and run Norton Power Eraser a free virus removal tool.

Update your system regularly: Set up an update which runs automatically. Such automatic updates can not only block hackers from viewing your web or device activity, but can also eliminate software errors.

Be vigilant of cookies compliance: Cookies that records/ tracks users browsing habits and personally identifiable information (PII) are commonly known as adware spyware. Accept cookies only from reliable sites or download a cookie blocker.

Strong authentication passwords: Try to enable Multi-factor Authentication (MFA) wherever possible, or if not possible create different password for all accounts. Change your password for each account after a certain period of time.

-Password breaches can still occur with these precautions. In such case change your password immediately.

Be cautious of free software: Read the terms and conditions on software licenses, before accepting. Free software might be unlimited but, your data could be recorded with those free software’s.

Do not open any files from unknown or suspicious account: Do not open any email attachments or text on mobile from a suspicious, unknown, or untrustworthy source/number.

Conclusion:

Spyware could be extremely dangerous, however it can be prevented and removed by being precautious and using a trustworthy antivirus tool. Next gen technologies can also help in checking and removing malicious content. For instance, Artificial intelligence could aid the organizations identify malicious software, and frequently update its algorithms of patterns similar to predict future malware attacks.

Continue Reading

Science & Technology

Implementation of virtual reality and the effects in cognitive warfare

Published

on

Photo: Lux Interaction/Unsplash

With the increasing use of new technologies in warfare situations, virtual reality presents an opportunity for the domain of cognitive warfare. Nowadays, cognitive skills are treated equally as their physical counterparts, seeking to standardize new innovative techniques. Virtual reality (VR) can be used as a tool that can increase the cognitive capabilities of soldiers. As it is understandable in today’s terms, VR impacts the brain directly. That means that our visual organs (eyes) see one object or one surrounding area, but brain cells perceive and react to that differently. VR has been used extensively in new teaching methods because of the increased probability of improving the memory and learning capabilities of students.

Besides its theoretical teaching approach and improvement of learning, VR can be used systematically towards more practical skills. In medicine for example students can have a full medicine lesson on a virtual human being seeing the body projected in 3D, revolutionizing the whole field of medicine. If that can be used in the medical field, theoretically it will be possible to be used in combat situations, projecting a specific battlefield in VR, increasing the chances of successful engagement, and reducing the chance of casualties. Knowing your terrain is equally important as knowing your adversary.

The use of VR will also allow us to experience new domains relating to the physical health of a person. It is argued that VR might provide us with the ability to effectively control pain management. Since VR can stimulate visual senses, then it would be safe to say that this approach can have higher effectiveness in treating chronic pain, depression, or even PTSD. The idea behind this usage is that the brain itself is already powerful enough, yet sometimes when pain overwhelms us we tend to lose effectiveness on some of our senses, such as the visual sense. An agonizing pain can blurry our vision, something that we cannot control; unless of course theoretically, we use VR. The process can consist of different sounds and visual aids that can trick the mind into thinking that it is somewhere that might be the polar opposite of where it is. Technically speaking, the mind would be able to do that simply because it works as a powerful computer, where our pain receptors can override and actually make us think that we are not in such terrible pain.

Although the benefits of VR could be useful for our health we would still need to deal with problems that concern our health when we use a VR set.  It is possible that the brain can get overloaded with new information and the new virtual environments. VR poses some problems to some people, regarding the loss of the real environment and creating feelings of nausea or extreme headaches. As a result, new techniques from cognitive psychologists have emerged to provide a solution to the problem. New technologies have appeared that can desaturate colors towards the edge of the headset in order to limit the probability of visual confusion. Besides that, research shows that even the implementation of a virtual nose when someone wears a VR headset can prevent motion sickness, something that our brain does already in reality.

However, when it comes to combatants and the implementation of VR in soldiers, one must think of maybe more effective and fast solutions to eliminate the problems that concern the confusion of the brain. Usage of specific pharmaceuticals might be the key. One example could be Modafinil which has been prescribed in the U.S. since 1998 to treat sleep-related conditions. Researchers believe it can produce the same effects as caffeine. With that being said, the University of Oxford analyzed 24 studies, where participants were asked to complete complex assignments after taking Modafinil and found out that those who took the drug were more accurate, which suggests that it may affect higher cognitive functions.

Although some of its long-term effects are yet to be studied, Modafinil is by far the safest drug that can be used in cognitive situations. Theoretically speaking, if a long exposure to VR can cause headaches and an inability to concentrate, then an appropriate dose of Modafinil can counter the effects of VR. It can be more suitable and useful to use on soldiers, whose cognitive skills are better than civilians, to test the full effect of a mix of virtual technology and pharmaceuticals. VR can be a significant military component and a simulation training program. It can provide new cognitive experiences based on foreign and unknown terrains that might be difficult to be approached in real life. New opportunities arise every day with the technologies, and if anyone wanted to take a significant advantage over adversaries in the cognitive warfare field, then VR would provide a useful tool for military decision-making.

Continue Reading

Science & Technology

Vaccine Equity and Beyond: Intellectual Property Rights Face a Crucial Test

Published

on

research coronavirus

The debate over intellectual property rights (IPRs), particularly patents, and access to medicine is not new. IPRs are considered to drive innovation by protecting the results of investment-intensive R&D, yet arguably also foster inequitable access to affordable medicines.

In a global public health emergency such as the COVID-19 pandemic, where countries face acute shortages of life-saving vaccines, should public health be prioritized over economic gain and the international trade rules designed to protect IPRs?

The Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPs), to which all 164 member states of the World Trade Organization (WTO) are a party, establish minimum standards for protecting different forms of IPRs. 

In October 2020, India and South Africa – countries with strong generic drug manufacturing infrastructure – invoked WTO rules to seek a temporary waiver of IPRs (patents, copyrights, trade secrets, and industrial designs) on equipment, drugs, and vaccines related to the “prevention, containment or treatment of COVID-19.” A waiver would mean that countries could locally produce equipment and vaccines without permission from holders of IPRs. This step would serve to eliminate the monopolistic nature of IPRs that give exclusive rights to the holder of IPRs and enable them to impose procedural licensing constraints.

Brazil, Japan, the European Union (EU), and the United States (US) initially rejected the waiver proposal. That stance changed with the rise of new COVID-19 mutations and the associated increase in deaths, with several countries facing a public health crisis due to vaccine supply shortages. The position of many states began shifting in favor of the India-South Africa proposal, which now has the backing of 62 WTO members, with the US declaring support for the intent of the temporary waiver to secure “better access, more manufacturing capability, more shots in arms.” Several international bodies, the World Health Organization (WHO), and the UN Committee on Economic, Social and Cultural Rights have voiced support.

Some countries disagree about the specific IPRs to be waived or the mechanisms by which IPRs should be made available. The EU submitted a proposal to use TRIPS flexibilities such as compulsory licensing, while others advocate for voluntary licensing. The TRIPS Council is conducting meetings to prepare an amended proposal to the General Council (the WTO’s highest-level decision-making body in Geneva) by the end of July 2021.

The crisis in India illustrates the urgency of the situation. India produces and supplies Covishield, licensed by AstraZeneca; and Covaxin, which is yet to be included on the WHO’s Emergency Use Listing (EUL). Due to the devastating public health crisis, India halted its export of vaccines and caused a disruption in the global vaccine supply, even to the COVID-19 Vaccines Global Access (COVAX) program. In the meantime, the world’s poorest nations lack sufficient, critical vaccine supplies.

International law recognizes some flexibility in public health emergencies. An example would be the Doha Declaration on TRIPS and Public Health in 2001, which, while maintaining the commitments, stresses the need for TRIPS to be part of the wider national and international action to address public health problems. Consistent with that, the body of international human rights law, including the International Covenant on Economic, Social and Cultural Rights (ICESCR), protects the right to the highest attainable standard of health.

But as we race against time, the current IPR framework may not allow for the swift response required. It is the rigorous requirements before a vaccine is considered safe to use under Emergency Use Authorizations and procedural delays which illuminate why IPR waivers on already approved vaccines are needed. Capitalizing on the EUL’s approved vaccines that have proven efficacy to date and easing IPR restrictions will aid in the timely supply and access of vaccines.

A TRIPS waiver may not solve the global vaccine shortage. In fact, some argue that the shortages are not an inherent flaw in the IP regime, considering other supply chain disruptions that persist, such as the ones disrupting microchips, pipette tips, and furniture. However, given that patent licensing gives a company a monopoly on vaccine commercialization, other companies with manufacturing capacity cannot produce the vaccine to scale up production and meet supply demands.

Neither does a temporary waiver mean that pharmaceutical companies cannot monetize their work. States should work with pharmaceuticals in setting up compensation and insurance schemes to ensure adequate remuneration.

At the College of Law at Hamad Bin Khalifa University, our aim is to address today’s legal challenges with a future-oriented view. We see COVID-19 as a case study in how we respond to imminent and existential threats. As global warming alters the balance of our ecosystem, threats will cascade in a way that is hard to predict. When unpredictable health emergencies emerge, it will be human ingenuity that helps us overcome them. Even the global IP regime, as a legal system that regulates ideas, is being tested, and should be agile enough to respond in time, like the scientists who sprang into action and worked tirelessly to develop the vaccines that will soon bring back a semblance of normal life as we know it.

Continue Reading

Publications

Latest

Tech News1 hour ago

Deloitte Acquires Industrial Cybersecurity Business aeCyberSolutions from aeSolutions

Deloitte Risk & Financial Advisory announced today its acquisition of the industrial cybersecurity business (aeCyberSolutions) from Greenville, S.C.-based Applied Engineering...

New Social Compact3 hours ago

Violence in schools leads to $11 trillion in lost lifetime earnings

 A new report from the World Bank and the End Violence Partnership / Safe to Learn Global Initiative shows that...

Reports6 hours ago

Case Study on Data Markets in India and Japan Show What Is Possible

The World Economic Forum’s Data for Common Purpose Initiative (DCPI) completed the first stage of two case studies demonstrating how...

South Asia8 hours ago

Turkey’s role in Afghanistan

North Atlantic Treaty Organization (NATO) on Thursday launched a training program in Turkey for Afghan military personnel. This is the...

Eastern Europe11 hours ago

Ukraine’s Chance for Rational Behaviour

From the point of view of international politics, the most important thing in the recently-published article by the President of...

South Asia13 hours ago

North-East India Towards Peace and Prosperity: Bangladesh Paves the Way

Bangladesh has always been one of the brightest examples of religious harmony and peace. “secularism” is not only a word...

Defense15 hours ago

Russia in Libya and the Mediterranean

There are several myths about Soviet/Russian involvement in Libya in particular and the Mediterranean in general. Unfortunately, such “political stories”...

Trending