Connect with us

Intelligence

Broad Cyber-Consensus

Published

on

On Friday March 12, 2021, the United Nations adopted the report of the UN Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. The document was supported by consensus and, since all member states were able to take part in the OEWG, we can say that it reflects the views of most of the international community. The report marks the culmination of the OEWG’s two years of work on introducing a new format for negotiations on security in cyberspace launched in 2018 at the initiative of Russia. The successful completion of the group’s work suggests that demand for such a platform exists. This is particularly important, given that the OEWG will continue its activities in the new convocation for 2021–2025.

A Victory for Diplomacy

Andrey Krutskikh, Special Representative of the President of the Russian Federation on Issues of International Cooperation in the Field of Information Security, called the adoption of the report “a triumphant success for the Russian diplomacy,” while the Ministry of Foreign Affairs lauded the significance of the moment in its official commentary.

To better understand why the adoption of the report has exactly seen such a success, we need to take a trip into the recent past. The issue of information security was included in the UN agenda in 1998, after Russia presented its draft resolution “Achievements in the Field of Information and Telecommunications in the Context of International Security” to the First Committee of the United Nations General Assembly. Negotiations have been ongoing since 2004 in the form of closed discussions in Groups of Government Experts (GGEs) involving between 15 and 25 states (the seventh composition of the GGE is expected to conclude its work in May 2021).

The negotiations started to pick up steam in the early 2010s, as three GGE consensus reports have shown. For example, the 2010 GGE report’s recommendations included furthering the dialogue among states on cyber norms, introducing confidence-building measures, exchanging information on national legislation and policies as well as identifying measures to support capacity-building in less developed countries as a means to reduce the risks associated with the use of information and communication technologies (ICT). The 2013 report reflected the OEWG’s conclusion that international law “is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment” (while conceding that a common understanding on the application of these rules needs to be worked out), and that state sovereignty applies to the conduct of ICT-related activities by states. Among other things, the 2015 report sets out the norms, rules or principles of responsible behaviour of states in the context of the ICT use.

The UN negotiating process on cyber threats stalled after 2015. The fifth convocation of the GGE in 2016–2017 failed to accept a consensus report, as the participants disagreed on how international law should be applied to state activities in cyberspace. This led to the United States and Russia putting forward separate initiatives in 2018. The United States and its co-sponsors proposed that the next GGE be convened to continue the discussion in a narrower circle. Meanwhile, Russia called for the negotiating process to be “more democratic, inclusive and transparent.” To this end, Moscow tabled a proposal to create an open-ended working group for all member states interested and hold consultative meetings for all other interested parties, namely business, non-governmental organizations and academia. Two parallel formats were launched as a result – the OEWG and the UN GGE.

The OEWG report is the first tangible result of the UN negotiations on cyber threats since 2015, which was made possible by a number of factors. First, the overwhelming majority of UN member states were interested in such a format (119 nations voted in favour of the Russia-drafted resolution in 2018), as it would avail many of them the opportunity to participate in a GGE for the first time.

Second, those countries that refrained from supporting the OEWG were nevertheless active in its work, and they put no obstacles in the way of adopting the final document. Representatives of 91 states spoke at OEWG meetings during the two years of its work. That is almost half of all UN member states, while one third of them have never been part of the GGE.

Finally, Jürg Lauber, Chairman of the OEWG and Permanent Representative of Switzerland to the UN, was widely praised for the work he did to push the negotiations through. He continued to perform his duties as Chairman even after being transferred from New York to Geneva. It was through Lauber’s chairmanship that an additional link between the OEWG and the GGE was established (one of the criteria for choosing Switzerland was the country’s participation in the closed GGE), which helped avoid competition between the two formats. The coronavirus pandemic posed yet another challenge for the Chairman of the OEWG and its participants. While the original plan was to adopt the OEWG in the summer of 2020, the final session of the Working Group was postponed for several months.

Let the Talks Continue

Content-wise, the report reflects the coordinated assessments of the current situation in cyberspace and, in accordance with the OEWG’s mandate, contains the following topics:

  • Existing and Potential Threats
  • Rules, Norms and Principles for Responsible State Behaviour
  • International Law
  • Confidence-Building Measures
  • Capacity-Building in ICT
  • Regular Institutional Dialogue on ICT

The OEWG participants agree that there is a growing risk of ICT being used in inter-state conflicts and see an increase in the malicious use of ICT both by state and non-state actors as an alarming trend. The report notes the potentially devasting consequences of attacks on critical information infrastructure (CII). Specifically, the COVID-19 pandemic has highlighted the importance of protecting the healthcare infrastructure. Inter-state interaction, as well as interaction between the state and the private sector, is important.

However, the OEWG report does not put forward any practical solutions to a number of information security problems, primarily in inter-state relations. The way international law should be applied in cyberspace largely remains a bone of contention. Despite the successful adoption of the OEWG report, negotiators have yet to find compromises on key issues.

In terms of the regulatory framework, the report essentially reiterates the agreements reached earlier within the framework of the GGE, such as those relating to the applicability of the rules, norms and principles for responsible state behaviour. The OEWG participants conclude the report by stating that additional legally binding obligations may be introduced in the future.

The proposals put forward in the report are, for the most part, of a general nature. States are urged to continue to inform the Secretary-General of their national views on the applicability of international law on the use of ICT in the context of international security, discuss these issues at the United Nations as well as envision confidence- and capacity-building measures.

More practical steps feature the recommendation that states nominate a national Point of Contact responsible for information security at the technical, policy and diplomatic levels who would then be included into a kind of international directory.

A group of over 40 countries led by France and Egypt managed to get an initiative of their own—proposed back in the fall of 2020 and urging to introduce a permanent forum on cybersecurity to replace the OEWG and GGE—included in the recommendations. The initiative, dubbed as the Programme of Action for Advancing Responsible State Behaviour in Cyberspace, appears in one of the paragraphs in the OEWG report, which lends weight to it and serves as the basis for discussions in the next convocation of the group.

One of the main reasons why we have not seen any breakthrough agreements in this regard is because of the sheer number of participants in the discussion on information security issues. On the one hand, this has brought new participants into the negotiations—those endorsing the previously agreed points—thus boosting their international clout. On the other hand, many participants demanded that a common denominator be identified, with all the difficult questions taken off the table. The last leg of the negotiations, in particular, saw a non-consensus draft part of the report published in a separate document, the Chair’s Summary.

The fact that the report was adopted by consensus does not mean that the participants in the negotiations have overcome the differences in their approaches to security in cyberspace. Rather, they have agreed to put fundamental issues on the back burner. Michele Markoff, U.S. cybersecurity negotiator, conceded in her Explanation of Position at the Conclusion of the UN Open-Ended Working Group that the report was “not perfect,” noting that the United States had reservations about the need for a new OEWG to convene. She also stated that the United States could not subscribe to calls for new legal obligations in cyberspace, citing non-compliance on the part of certain states with the existing regulations. That notwithstanding, the United States sees the report as a step forward.

Negotiations after Negotiations

Negotiations on cyber threats have now been going on for decades, broth at the United Nations and on other venues, and they are likely to drag on for many years to come. The OEWG report is an important milestone in the process and a reminder of the importance of multilateral efforts. According to Andrey Krutskikh, the successful completion of the group’s work “opens up huge opportunities for ensuring the success” of the current GGE, the Expert Group on Cybercrime—established during negotiations at the United Nations General Assembly Third Committee at the initiative of Russia—and the OEWG, whose mandate for 2021–2025 has been adopted.

Success or failure of future negotiations in the OEWG will depend on three main components. First, the relations between the key players will define how productive the talks actually are. While Russia and the United States may have managed to put their differences aside in order to reach a consensus on the report, the differences themselves have not gone anywhere. The sides still bang heads over such issues as attribution in cyberspace, the possibility of applying the norms of international humanitarian law to cyberattacks, etc. This is made all the worse by the new trend towards using the ICT for military and intelligence purpose as well as by numerous public accusations and threats emanating from both sides. One such example is the recent New York Times article on U.S. preparations for a retaliatory attack on Russian networks following the large-scale hack of U.S. government departments and corporations (known as the SolarWinds hack), which Russia is said to have carried out. Cybersecurity remains a sore point in U.S.–China relations as well. Tensions between major powers need to be reduced if we are to see any real progress in multilateral relations on this issue.

The second factor is related to the competition between the negotiating platforms. The OEWG has the advantage that is enjoys broad support among UN members, and its mandate has been written into the respective Resolution of the General Assembly. That said, the GGE format is also widely supported within the United Nations, and the “Russian” resolution received fewer votes in the First Committee of the United Nations General Assembly last year than it had in 2018, while the “American” resolution actually received more. What is more, the United Nations does not have a monopoly when it comes to negotiating platforms on cybersecurity, as a number of non-governmental initiatives on cyberspace regulation have appeared in recent years. France is actively pushing the Paris Call for Trust and Security in Cyberspace, which has the support of almost 80 nations as well as of many civil society organizations and companies. Six working groups are to be launched under the initiative in order to advance international norms and develop practical cooperation in cybersecurity. The competitive environment will mean that the OEWG will need to produce more tangible results in areas that are important for the participants.

The third and final factor has to do with preserving the gap between the practical side of ensuring information security and the international discussion surrounding it. Tech companies face cyberthreats on a daily basis, but their expertise in dealing with these challenges is not in demand at these negotiating platforms. The OEWG report talks about the need for public-private partnerships in order to protect the CII. However, the OEWG could take this one step further by examining the lessons of the responses of the business world to large-scale cyberattacks and by speaking their minds when it comes to assessing the efforts of technology leaders to advance rules and norms in cyberspace. The OEWG has the potential to bridge this gap (the new group’s mandate allows it to work with business and other stakeholders), but it has not been exploited to the full thus far. The most active player in the first convocation from the business world was Microsoft, while Trend Micro, Huawei, Fujitsu and others have also taken part in informal consultations. Kaspersky Lab is the only Russian company involved in the discussions. Russia’s Ministry of Foreign Affairs believes it is necessary “to create conditions for attracting the business world to the negotiation process on international information security (IIS), thus giving the public-private partnership an institutional character.” Two problems will first need to be resolved for this to happen: 1) how to motivate Russian businesses to take part in the negotiations; and 2) how to organize the interaction of different stakeholders in the OEWG in the most effective manner. Otherwise, the efforts of all sides will continue to lack the much-needed link to practical experience in this area.

From our partner RIAC

Intelligence

USA and Australia Worry About Cyber Attacks from China Amidst Pegasus Spyware

Published

on

Pegasus Spyware Scandal has shaken whole India and several other countries. What will be its fallout no one knows as we know only tip of iceberg. Amidst Pegasus Spyware Scandal USA and Australia both have shown serious concerns about Cyber Attacks on US and Australian interests. Both say that China is hub of malware software and both face millions of such attacks daily.

I am trying to understand why a software is needed to spy on a particular individual when all calls, messages, data, emails are easily accessible from server. In most of cases these servers are located in USA and some cases these are located in host country. In certain sensitive cases Government Agencies have their own server like Central Intelligence Agency and hundreds of other agencies and military establishment world over including India. Now point is who installs those servers.

A couple of years back I had talked to Mr Mike Molloy who is Chief Executive Officer of Orion Global Technologies previously known as Orion SAS. He had explained me how his company installs servers in host countries on request of private or gov bodies. He talks about contract and trust. That means even when a company or Gov buys a server or software for designated uses the “Secrecy” Factor remain on discretion of company which has supplied server or software.

Now  if all data, e-mail, chat, messages, calls are accessible to Gov as per law and technology (Through Server all components of Communication are accessible and thats why  me and you see start seeing call recording of a person even after many years later), I am unable to understand why a Gov will be needing a software to Spy on any one.

Now coming to where Australia and USA wants to carry the whole debate.

Australian Foreign Minister Sen Marise Payne said, “Australian Government joins international partners in expressing serious concerns about malicious cyber activities by China’s Ministry of State Security.

“In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia. These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain”, She further added.

She opined, ”The Australian Government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government”.

She warned China by saying, “Australia calls on all countries – including China – to act responsibly in cyberspace.  China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage”.

On other hand USA’s The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a Cybersecurity Advisory on Chinese State-Sponsored Cyber Operations. National Security Advisor said, ”Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives”.

The information in this advisory builds on NSA’s previous release “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities.” The NSA, CISA, and FBI recommended mitigations empower our customers to reduce the risk of Chinese malicious cyber activity, and increase the defensive posture of their critical networks. 

Continue Reading

Intelligence

Afghan issue can not be understood from the simplistic lens of geopolitical blocs

Published

on

pakistan-terrorism

Authors: Tridivesh Singh Maini  and Varundeep Singh*

On July 14, 2021 a terror attack was carried out in Khyber Pakhtunkhwa (KPK) province in which a number of Chinese engineers, working on the Dasu hydropower project (a project which is part of the China Pakistan Economic Corridor) were killed. The attack predictably evinced a strong response from China. The Chinese foreign minister, Wang Yi speaking before a Shanghai Cooperation Organisation (SCO) Foreign Minister’s meeting asked the Taliban to disassociate itself from ‘terrorist elements’ and in a meeting with Pakistan Foreign Minister, Shah Mehmood Qureshi, asked Pakistan to bring the perpetrators to book. Earlier in April 2021, a car bomb attack took place at Serena hotel in Quetta which was hosting China’s Ambassador to Pakistan (four people were killed and twelve were injured)

Wang Yi significantly praised the Ashraf Ghani government, for its attempts towards building national unity and providing effective governance. Beijing clearly realizes that its economic investments in the country as well as big ticket infrastructural projects can not remain safe if there is no security. Afghanistan also criticized Pakistan for its role in sending 10000 Jihadis to Taliban, this is important in the context of the region’s geopolitics.

 Like all other countries, Beijing and Islamabad, would have expected uncertainty after the US withdrawal of troops but perhaps over estimated their capabilities in dealing with the turbulence which had been predicted by many.

Importance of Chinese Foreign Minister’s statements

Wang Yi’s statements are important because days earlier a Taliban spokesman, Suhail Shaheen had praised China and welcomed its role in the country’s reconstruction. He had also assured China that those involved in the insurgency in Xinjiang would not be given refuge in Afghanistan (one of China’s major concerns has been the support provided by Taliban to the East Turkmenistan movement)

While Beijing may have opened back channels with the Taliban and realized that it needs to adapt to the changing geopolitics, recent developments would have increased its skepticism vis-à-vis the Taliban. On the other hand, Russia has been more favorable towards the Taliban. Russia’s Deputy Chief of Mission in India, Roman Babushkin argued that the Taliban are a reality which needs to be accepted, and also that any military activities without a political process are insufficient.

Babushkin did make the point that for successful negotiations, Taliban needed to end violence.

‘that Taliban should deal with the problem of terrorism and other related issues in order to become legitimate, in order to [get] delisted [at the UN Security Council], in order to go ahead with the future Afghanistan and creation of the inclusive government

It would be pertinent to point out, that Zamir Kabulov, Russian President’s Afghanistan envoy went a step further and said that the Afghan government was not doing enough to make talks with Taliban a success.

China’s statements subtle warning to the Taliban, indicating its reservations, and praise of Ghani indicate a possibility of greater understanding between Washington and Beijing (even though Beijing has repeatedly attributed the current troubles in Afghanistan to Washington’s decision to withdraw troops).

Can US and China find common ground

 It remains to be seen if Biden who has exhibited dexterity on a number of complex issues reaches out to Xi Jinping to find common ground with regard to Afghanistan. Significantly, while US-Turkey relations had witnessed a downward trajectory and Biden has been critical of Turkish President Recep Tayyip Erdogan’s authoritarian tendencies and Human rights record, both leaders met on the sidelines of the NATO Summit in June 2021. During the meeting Turkey agreed to secure Kabul Airport. US National Security Advisor Jake Sullivan while commenting on Turkey’s assurance said

‘The clear commitment from the leaders was established that Turkey would play a lead role in securing Hamid Karzai International Airport, and we are now working through how to execute to get to that,’

Taliban earlier this week warned Turkey of ‘consequences’ if the Middle Eastern nation increased its troop presence in Afghanistan.

Conclusion

Russia’s statements with regard to the Taliban indicate that it is not totally on the same page as China (its prior experience in Afghanistan has made it more cautious and circumspect), and that the Afghan issue can not be understood from the simplistic lens of geo-political blocs and traditional lenses. All major stakeholders in Afghanistan, both within the region and outside, seem to be understandably befuddled by the turn of events. It is not just the US, but even China which would be worried not just from an economic stand point but the overall security implications of the turmoil in Afghanistan. The terror attack in KPK indicates that other CPEC related projects could also face threats from militant groups. Beijing would thus need to be quick to react to the overtures from the Taliban in order to secure its economic assets and lives of Chinese workers in neighbouring Pakistan.

 It is especially important for Washington, Beijing and other important stakeholders in the region to work together for dealing with the near term turbulence as well as long term challenges Afghanistan is likely to face.

*Varundeep Singh is an Independent Policy Analyst.

Continue Reading

Intelligence

Pegasus: Human rights-compliant laws needed to regulate spyware

Published

on

The UN human rights chief on Monday said the apparent widespread use of Pegasus spy software to illegally undermine the rights of those under surveillance, including journalists and politicians, was “extremely alarming” and confirmed “some of the worst fears” surrounding the potential misuse of such technology. 

“Various parts of the UN Human Rights system, including my own Office, have repeatedly raised serious concerns about the dangers of authorities using surveillance tools from a variety of sources supposed to promote public safety in order to hack the phones and computers of people conducting legitimate journalistic activities, monitoring human rights or expressing dissent or political opposition”, said High Commissioner Michelle Bachelet in a statement

According to reports, the Pegasus data leak allegations which surfaced through a consortium of media organisations over the weekend, suggests widespread and continuing abuse of the software, which the manufacturers insist, is only intended for use against criminals and terrorists. 

The Pegasus malware infects electronic devices, enabling operators of the tool to obtain messages, photos and emails, record calls, and even activate microphones, according to the consortium’s reporting. The leak contains a list of more than 50,000 phone numbers which reportedly belong to those identified as people of interest, by clients of the company behind Pegasus, including some governments.  

‘Indispensable role’ 

Surveillance software has been linked to the arrest, intimidation and even killing of journalists and human rights defenders, according to the senior UN official.  

Reports of surveillance also trigger fear and cause people to censor themselves.   

“Journalists and human rights defenders play an indispensable role in our societies, and when they are silenced, we all suffer”, she said, reminding all States that surveillance measures can only be justified in narrowly defined circumstances when necessary and proportional to a legitimate goal.  

‘Deep intrusions’ 

Given that Pegasus spyware, “as well as that created by Candiru and others, enable extremely deep intrusions into people’s devices, resulting in insights into all aspects of their lives”, the UN rights chief underscored, “their use can only ever be justified in the context of investigations into serious crimes and grave security threats.” 

If recent allegations about the use of Pegasus are even partly true, she maintained that the “red line has been crossed again and again with total impunity”. 

‘Due diligence’ 

Companies developing and distributing surveillance technologies are responsible for avoiding human rights abuses, she said, and they must take immediate steps to mitigate and remedy the damage their products are causing, or contributing to, and carry out “human rights due diligence” to ensure that they no longer play a part in “such disastrous consequences” now, or in the future. 

States also have a duty to protect individuals from privacy rights abuses by companies, she added.  

One key step in this direction is for States to require by law that the businesses meet their human rights responsibilities by becoming more transparent in their design and use of products and by putting in place effective accountability mechanisms. 

Better regulation key 

Reports also confirm “the urgent need to better regulate the sale, transfer and use of surveillance technologies and ensure strict oversight and authorization.” 

Governments should not only immediately stop using surveillance technologies in ways that violate human rights, but also “take concrete actions” to protect against such invasions of privacy by “regulating the distribution, use and export of surveillance technology created by others”, the High Commissioner said.  

Without human rights-compliant regulatory frameworks, Ms. Bachelet upheld that there are “simply too many risks” that the tools could be used to intimidate critics and silence dissent.

Continue Reading

Publications

Latest

Americas1 hour ago

Sea Breeze 2021: U.S. is worryingly heading closer to conflict with Russia in the Black Sea

On July 10th, the 2021 iteration of the joint military exercise, Sea Breeze, concluded in the Black Sea. This exercise,...

Russia3 hours ago

Russian Foreign Ministry sees elements of show in “Navalny poisoning”

Russian Foreign Ministry’s press secretary Maria Zakharova has yet again dwelled with her usual sarcasm on last year’s reports about...

Africa Today13 hours ago

Partnership with Private Sector is Key in Closing Rwanda’s Infrastructure Gap

The COVID-19 (coronavirus) pandemic has pushed the Rwandan economy into recession in 2020 for the first time since 1994, according...

st st
Economy15 hours ago

Carbon Market Could Drive Climate Action

Authors: Martin Raiser, Sebastian Eckardt, Giovanni Ruta* Trading commenced on China’s national emissions trading system (ETS) on Friday. With a...

Development17 hours ago

10 new cities chosen for World Economic Forum circular economy initiative

The World Economic Forum’s Scale360° initiative announced today the 10 city-based hubs joining its Circular Shapers programme. Scale360° leverages innovation...

Middle East19 hours ago

A New Era in US-Jordan Relations

King Abdullah of Jordan is the first Arab leader who met American President Joe Biden at the White House. The...

Green Planet21 hours ago

Reusing 10% Will Stop Almost Half of Plastic Waste From Entering the Ocean

It is possible to prevent almost half of annual plastic ocean waste by reusing just 10% of our plastics products....

Trending