Connect with us

Intelligence

Broad Cyber-Consensus

Published

on

On Friday March 12, 2021, the United Nations adopted the report of the UN Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. The document was supported by consensus and, since all member states were able to take part in the OEWG, we can say that it reflects the views of most of the international community. The report marks the culmination of the OEWG’s two years of work on introducing a new format for negotiations on security in cyberspace launched in 2018 at the initiative of Russia. The successful completion of the group’s work suggests that demand for such a platform exists. This is particularly important, given that the OEWG will continue its activities in the new convocation for 2021–2025.

A Victory for Diplomacy

Andrey Krutskikh, Special Representative of the President of the Russian Federation on Issues of International Cooperation in the Field of Information Security, called the adoption of the report “a triumphant success for the Russian diplomacy,” while the Ministry of Foreign Affairs lauded the significance of the moment in its official commentary.

To better understand why the adoption of the report has exactly seen such a success, we need to take a trip into the recent past. The issue of information security was included in the UN agenda in 1998, after Russia presented its draft resolution “Achievements in the Field of Information and Telecommunications in the Context of International Security” to the First Committee of the United Nations General Assembly. Negotiations have been ongoing since 2004 in the form of closed discussions in Groups of Government Experts (GGEs) involving between 15 and 25 states (the seventh composition of the GGE is expected to conclude its work in May 2021).

The negotiations started to pick up steam in the early 2010s, as three GGE consensus reports have shown. For example, the 2010 GGE report’s recommendations included furthering the dialogue among states on cyber norms, introducing confidence-building measures, exchanging information on national legislation and policies as well as identifying measures to support capacity-building in less developed countries as a means to reduce the risks associated with the use of information and communication technologies (ICT). The 2013 report reflected the OEWG’s conclusion that international law “is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment” (while conceding that a common understanding on the application of these rules needs to be worked out), and that state sovereignty applies to the conduct of ICT-related activities by states. Among other things, the 2015 report sets out the norms, rules or principles of responsible behaviour of states in the context of the ICT use.

The UN negotiating process on cyber threats stalled after 2015. The fifth convocation of the GGE in 2016–2017 failed to accept a consensus report, as the participants disagreed on how international law should be applied to state activities in cyberspace. This led to the United States and Russia putting forward separate initiatives in 2018. The United States and its co-sponsors proposed that the next GGE be convened to continue the discussion in a narrower circle. Meanwhile, Russia called for the negotiating process to be “more democratic, inclusive and transparent.” To this end, Moscow tabled a proposal to create an open-ended working group for all member states interested and hold consultative meetings for all other interested parties, namely business, non-governmental organizations and academia. Two parallel formats were launched as a result – the OEWG and the UN GGE.

The OEWG report is the first tangible result of the UN negotiations on cyber threats since 2015, which was made possible by a number of factors. First, the overwhelming majority of UN member states were interested in such a format (119 nations voted in favour of the Russia-drafted resolution in 2018), as it would avail many of them the opportunity to participate in a GGE for the first time.

Second, those countries that refrained from supporting the OEWG were nevertheless active in its work, and they put no obstacles in the way of adopting the final document. Representatives of 91 states spoke at OEWG meetings during the two years of its work. That is almost half of all UN member states, while one third of them have never been part of the GGE.

Finally, Jürg Lauber, Chairman of the OEWG and Permanent Representative of Switzerland to the UN, was widely praised for the work he did to push the negotiations through. He continued to perform his duties as Chairman even after being transferred from New York to Geneva. It was through Lauber’s chairmanship that an additional link between the OEWG and the GGE was established (one of the criteria for choosing Switzerland was the country’s participation in the closed GGE), which helped avoid competition between the two formats. The coronavirus pandemic posed yet another challenge for the Chairman of the OEWG and its participants. While the original plan was to adopt the OEWG in the summer of 2020, the final session of the Working Group was postponed for several months.

Let the Talks Continue

Content-wise, the report reflects the coordinated assessments of the current situation in cyberspace and, in accordance with the OEWG’s mandate, contains the following topics:

  • Existing and Potential Threats
  • Rules, Norms and Principles for Responsible State Behaviour
  • International Law
  • Confidence-Building Measures
  • Capacity-Building in ICT
  • Regular Institutional Dialogue on ICT

The OEWG participants agree that there is a growing risk of ICT being used in inter-state conflicts and see an increase in the malicious use of ICT both by state and non-state actors as an alarming trend. The report notes the potentially devasting consequences of attacks on critical information infrastructure (CII). Specifically, the COVID-19 pandemic has highlighted the importance of protecting the healthcare infrastructure. Inter-state interaction, as well as interaction between the state and the private sector, is important.

However, the OEWG report does not put forward any practical solutions to a number of information security problems, primarily in inter-state relations. The way international law should be applied in cyberspace largely remains a bone of contention. Despite the successful adoption of the OEWG report, negotiators have yet to find compromises on key issues.

In terms of the regulatory framework, the report essentially reiterates the agreements reached earlier within the framework of the GGE, such as those relating to the applicability of the rules, norms and principles for responsible state behaviour. The OEWG participants conclude the report by stating that additional legally binding obligations may be introduced in the future.

The proposals put forward in the report are, for the most part, of a general nature. States are urged to continue to inform the Secretary-General of their national views on the applicability of international law on the use of ICT in the context of international security, discuss these issues at the United Nations as well as envision confidence- and capacity-building measures.

More practical steps feature the recommendation that states nominate a national Point of Contact responsible for information security at the technical, policy and diplomatic levels who would then be included into a kind of international directory.

A group of over 40 countries led by France and Egypt managed to get an initiative of their own—proposed back in the fall of 2020 and urging to introduce a permanent forum on cybersecurity to replace the OEWG and GGE—included in the recommendations. The initiative, dubbed as the Programme of Action for Advancing Responsible State Behaviour in Cyberspace, appears in one of the paragraphs in the OEWG report, which lends weight to it and serves as the basis for discussions in the next convocation of the group.

One of the main reasons why we have not seen any breakthrough agreements in this regard is because of the sheer number of participants in the discussion on information security issues. On the one hand, this has brought new participants into the negotiations—those endorsing the previously agreed points—thus boosting their international clout. On the other hand, many participants demanded that a common denominator be identified, with all the difficult questions taken off the table. The last leg of the negotiations, in particular, saw a non-consensus draft part of the report published in a separate document, the Chair’s Summary.

The fact that the report was adopted by consensus does not mean that the participants in the negotiations have overcome the differences in their approaches to security in cyberspace. Rather, they have agreed to put fundamental issues on the back burner. Michele Markoff, U.S. cybersecurity negotiator, conceded in her Explanation of Position at the Conclusion of the UN Open-Ended Working Group that the report was “not perfect,” noting that the United States had reservations about the need for a new OEWG to convene. She also stated that the United States could not subscribe to calls for new legal obligations in cyberspace, citing non-compliance on the part of certain states with the existing regulations. That notwithstanding, the United States sees the report as a step forward.

Negotiations after Negotiations

Negotiations on cyber threats have now been going on for decades, broth at the United Nations and on other venues, and they are likely to drag on for many years to come. The OEWG report is an important milestone in the process and a reminder of the importance of multilateral efforts. According to Andrey Krutskikh, the successful completion of the group’s work “opens up huge opportunities for ensuring the success” of the current GGE, the Expert Group on Cybercrime—established during negotiations at the United Nations General Assembly Third Committee at the initiative of Russia—and the OEWG, whose mandate for 2021–2025 has been adopted.

Success or failure of future negotiations in the OEWG will depend on three main components. First, the relations between the key players will define how productive the talks actually are. While Russia and the United States may have managed to put their differences aside in order to reach a consensus on the report, the differences themselves have not gone anywhere. The sides still bang heads over such issues as attribution in cyberspace, the possibility of applying the norms of international humanitarian law to cyberattacks, etc. This is made all the worse by the new trend towards using the ICT for military and intelligence purpose as well as by numerous public accusations and threats emanating from both sides. One such example is the recent New York Times article on U.S. preparations for a retaliatory attack on Russian networks following the large-scale hack of U.S. government departments and corporations (known as the SolarWinds hack), which Russia is said to have carried out. Cybersecurity remains a sore point in U.S.–China relations as well. Tensions between major powers need to be reduced if we are to see any real progress in multilateral relations on this issue.

The second factor is related to the competition between the negotiating platforms. The OEWG has the advantage that is enjoys broad support among UN members, and its mandate has been written into the respective Resolution of the General Assembly. That said, the GGE format is also widely supported within the United Nations, and the “Russian” resolution received fewer votes in the First Committee of the United Nations General Assembly last year than it had in 2018, while the “American” resolution actually received more. What is more, the United Nations does not have a monopoly when it comes to negotiating platforms on cybersecurity, as a number of non-governmental initiatives on cyberspace regulation have appeared in recent years. France is actively pushing the Paris Call for Trust and Security in Cyberspace, which has the support of almost 80 nations as well as of many civil society organizations and companies. Six working groups are to be launched under the initiative in order to advance international norms and develop practical cooperation in cybersecurity. The competitive environment will mean that the OEWG will need to produce more tangible results in areas that are important for the participants.

The third and final factor has to do with preserving the gap between the practical side of ensuring information security and the international discussion surrounding it. Tech companies face cyberthreats on a daily basis, but their expertise in dealing with these challenges is not in demand at these negotiating platforms. The OEWG report talks about the need for public-private partnerships in order to protect the CII. However, the OEWG could take this one step further by examining the lessons of the responses of the business world to large-scale cyberattacks and by speaking their minds when it comes to assessing the efforts of technology leaders to advance rules and norms in cyberspace. The OEWG has the potential to bridge this gap (the new group’s mandate allows it to work with business and other stakeholders), but it has not been exploited to the full thus far. The most active player in the first convocation from the business world was Microsoft, while Trend Micro, Huawei, Fujitsu and others have also taken part in informal consultations. Kaspersky Lab is the only Russian company involved in the discussions. Russia’s Ministry of Foreign Affairs believes it is necessary “to create conditions for attracting the business world to the negotiation process on international information security (IIS), thus giving the public-private partnership an institutional character.” Two problems will first need to be resolved for this to happen: 1) how to motivate Russian businesses to take part in the negotiations; and 2) how to organize the interaction of different stakeholders in the OEWG in the most effective manner. Otherwise, the efforts of all sides will continue to lack the much-needed link to practical experience in this area.

From our partner RIAC

Continue Reading
Comments

Intelligence

Estonia’s national security concept

Published

on

image source: Estonian Defence Forces

The development of regional and global military cooperation is seen as one of the most important pillars of Estonia’s security strategy, while a concerted effort to domestic security focused on resilience and deterrence is seen as another. Considering Estonia’s defence plan mandates that country’s defence could no longer be restricted to military protection only, armed forces will then be merged with non-military competencies to provide a comprehensive collective defence. National security and the accompanying preparedness are believed to be the responsibility of a multitude of sectors and individuals from both the governmental and corporate sectors, as well as from civil society organisations.

Comparison of the previous two National Security Policies shows that the convergence of security domains alongside ministerial distribution of duties is being substituted by a broad task-based strategy, which is likely the most apparent manifestation of Estonia’s emerging comprehensive strategy. [1][2]The 2017 National Security Policy also presents the idea of resilience, which appears significantly throughout the paper and is further explored in a distinct sub-chapter for perhaps the first instance.

One of the most important ideas on which Estonia’s national defence policy plans rely is “whole of government” plus “whole of society,” which combine together the two most important parts of the comprehensive strategy framework and the notion of “resilience.” [3]Therefore, it is vital to recognise that such revamped conceptual ideas have garnered a reasonably positive reception from the general public. In addition, the notion that national security should be a shared responsibility of the whole population is widely accepted in Estonia. Consequently, Estonians have high expectations for a complete security and defense architecture, indicating both the intentional robustness of the majority of the people and its ability to adapt to changing circumstances. It is possible to interpret such huge backing for national defence as a byproduct of securitization. In this way, the notion that perhaps a comprehensive strategy towards defence can ensure a country’s security is supported by a large number of people who believe it.

Key Elements

With regard to Estonia, the comprehensive strategy was first embraced as aspect of a progressive European security thought that was gaining popularity at the same time that Estonia was actively integrating into the NATO and European Union. During that time period, it was considered a viable alternative to the classic territorial defence concept. Beginning in 2008, during the course of the August War, incidents in Georgia’s national defence concepts began to take enormous importance. But it was in 2014, following the invasion and occupation of Crimea and the outbreak of violence in eastern Ukraine, until it became clear that these two notions are not in competition with one another[4]. As an alternative, a comprehensive strategy might be seen as an essential supplement towards the territorial defence paradigm in order to achieve greater advantages in terms of resilience as well as deterrence capabilities.

Accordingly, Estonia has adopted a comprehensive strategy to national defence that emphasises the necessity for coordination and cooperation across multiple government agencies in order to develop cohesive response in the event of a crisis. When the breadth of cooperation across nearby but diverse domains is taken into account, the relevance of defence strategy may be appreciated in detail. There are also five other areas being evolved in contrast with military defence, like civilian assistance for national defense, international operations, internal stability, preservation of successive society and the political processes by providing essential services, if not at least, proactive sharing of information and psychological operations. [5]According to the Estonian government, the following ministries are responsible for different tasks: the Defense ministry is instrumental in the advancement of military protection and civil assistance for military defence, the foreign ministry is central to global pursuits, the Interior ministry is responsible for general and internal security as well as the upkeep of the country’s and society’s sustained functions, and the Government is concerned with strategy and psy-ops. These responsibilities are maintained in the revised defence plan as well. It is worth highlighting that, rather than three different laws governing the defence industry in peacetime and conflict, as well as international collaboration, the revised national defence policy, in accordance with the comprehensive strategy rationale, consolidates various regulatory sectors into a single body.

Security Environment & Threats

The Estonian security environment is influenced by the country ‘s global developments and cross-border risks. Estonia’s NSC for 2017 recognises asymmetric risks which do not respect national boundaries and whose origins are impossible to discern. Simultaneously, they have an impact that is comparable to that of conventional security risks. Islamist terrorism has been a persistent concern in the West since the 9/11 bombings on the World Trade center. Middle Eastern and North African countries with unstable governments offer a continual terrorist danger to the West, harming Estonian security. Terrorism is among the greatest security dangers confronting average citizens throughout Europe. Estonia pays attention to European events. Numerous incidents have occurred in Europe during the previous two decades, including bombs in London and Madrid, shooting incident at Frankfurt airport, and Paris terror attacks. As a result of this, Estonia has included global crises and unequal socioeconomic progress as security risks in its policy paper. When Hosni Mubarak was ousted in Egypt, Muammar Gaddafi was executed in Libya, while civil war erupted in Syria and Yemen as a result of the Arab Spring movement, Europe might have been the most adversely affected region. There was an international flood of refugees that will continue for the next decade as a result of the said incidents.[6]

It’s been Russia that has posed the greatest external danger for Estonia during the previous decade. The Russians have employed a variety of strategies to attain their objectives. Additionally, Russia has boosted its troop involvement in the Baltic Region and along the Baltic Countries’ borders.  Confrontational and aggressive Russian acts may be seen for instance in military drills and air boundary breaches as well as threats to use nuclear weapons. As a result, Russia poses a danger to the whole Euro-Atlantic area, as it has the potential and inclination to utilise a wide range of non-military armaments: armed, economic, energy, or informational. War, crises, and conflict have occurred in Russia and the surrounding area on a regular basis. There were two direct transgressions: the 2008 conflict in Georgia and the current conflict between Russia and Ukraine, which continues to this day. The rioting in April 2007 (including the assault on the Estonian Embassy in Russia) and the kidnapping of an Estonian security law enforcement officer in 2014[7] are examples of indirect confrontations that have taken place since. Russia has also demonstrated its digital prowess in a global setting. According to this paper, cyberattacks have indeed been taken into account of factors that affect security because Russia launched a cyberattack against Estonia in April 2007.[8]

While the challenges to Estonia’s security environment have evolved over time, the purpose of protecting the country has remained constant. Keeping Estonia’s national sovereignty, territorial integrity, constitutional order, and national security in tact is essential to the state’s mission. Human rights, basic freedoms, and also the achievement of core human ideals are all intertwined in a country’s security measures. By building civil society and enhancing the country’s worldwide standing, democratic ideals assure the long-term viability and sustainability of society.

Aiming to create solutions that might benefit other nations in the face of global crisis is becoming increasingly important as their impact on Estonia grows. Rule-based world order must be maintained through adhering to international law and the United Nations Charter. As a result, humanitarian assistance and human rights protection are deemed essential. These initiatives have broad worldwide backing. While other Baltic states are more concerned with protecting human rights within virtual environment, Estonia stands out for its emphasis on unfettered Internet access.

Collective Security

Euro-Atlantic collaboration has always been the most important factor in ensuring Estonia’s security, especially prior and afterward entering the EU but also NATO. There is no doubt that NATO is Estonia’s best defence against a potential attack, and thus active participation is a national issue. As a member of NATO, Estonia regards the United States as a vital ally in the country’s security because of its foothold in Europe. [9]Additional collaboration with security-related organisations is crucial to Estonia in order to maintain global and regional equilibrium. There will be a lot of focus on conflict avoidance and the United Nations’ ability to handle global concerns. The Estonian government also endorses the OSCE, which strengthens Estonia’s ability to engage in EU’s Common Foreign and Security Policy. [10]Estonia, on the other hand, has not particularly emphasised enhancing collaboration and actively participating in crafting the security policy of the relevant organisations.

Estonia believes it is critical to limit conventional firearms in Europe, therefore it wishes to join international arms reduction treaties. It highlights the critical role of the country in preventing the trafficking or unlawful movement of weapons of mass destruction including their parts through their borders. Estonia has cordial ties with the Nordic states, the NSC affirms. Close collaboration with these nations has benefited Estonia’s economy and bolstered the country’s defence capabilities. Estonia seems to be eager to develop Nordic-Baltic military cooperation on a regional and global scale and also desires an open discussion with Russia as well as practical collaboration.

Protecting Living Environment

The state of the natural environment and general wellbeing in Estonia, as well as the socio-economic scenario, contingency planning, uninterrupted access to essential services, food, and potable water, and the potential of societal cohesion to effectively deal independently in the situation of a prolonged disruption of essential services are the primary factors influencing the security of the Estonia’s environment. Storms and floods are the most common natural disasters that create crises in Estonia, with storms accounting for the majority of incidents. Active civil assistance is being established in order to cope with crises, which strengthens society’s preparedness to manage with emergency situations that may be fairly expected and planned for. To do this, it is necessary to improve public knowledge of possible threats as well as available mitigation methods. Improved environmental conditions are encouraged in Estonia by promoting environmentally sustainable principles and behavioural habits among the population. This is accomplished through the management and execution of pollution countermeasures, the efficient utilisation of natural resources, and waste minimization. Estonia is putting in place measures to avoid the spread of ecologically dangerous chemicals as well as to detoxify polluted land and water areas. Social and economic concerns have an impact on the living environment as well. As early as 2004, the NSC stressed the need of addressing labour market issues, implementing a viable social security structure that incorporates at-risk populations, and training a qualified workforce in significant numbers to assure sustained economic growth.[11]

Tracking, controlling risk, and coping with the repercussions of climate change are all examples of strategies for reducing the hazards associated with climate change. Cooperative efforts are created with the worldwide community, local governments, the corporate and nonprofit sectors, as well as the scientific community, in order to achieve this goal International collaboration also involves marine traffic management and maritime pollution monitoring, among other things.

Estonia, like its surrounding countries, is cognizant of the potential dangers posed by radiation. Nuclear power stations with in Baltic Sea region that are more than a decade old are regarded to be potentially risky. Estonia engages in worldwide efforts to improve radiation protection in the Baltic Region, being part of a global effort. [12]Early warning systems are in place to identify radioactive mishaps in adjacent nations at an early stage, allowing for faster response times.

International Conflicts and Crises Response

Engagement in crisis response and peacekeeping operations is a significant component of Estonia’s national security strategy. The goal was to design a crisis management framework that would take into account military, regulatory, and financial concerns, among other things. Involvement in international combat operations and civilian initiatives provides the country with an excellent chance to gather valuable expertise. Meanwhile, they represent vows to make a positive contribution to the improvement of regional stability within the immediate area and throughout the globe. When there is an internal emergency, the first responsibility is to secure the survival of the populace. Specifically, the state believes that emergencies may be avoided and their repercussions minimised by collaboration with the general public, local municipalities, government entities, corporate and non-profit organisations, and other organisations and individuals. The duty of the state is to strengthen the information management system of the people and to offer instructions for appropriate conduct in emergency circumstances to the public through various communication channels, including radio and television. All types of exercises have already been extensively researched and designed with the goal of incorporating the greatest number of people feasible. Aside from this, assistance has been granted for voluntary initiatives that try to avoid dangers and deal with the early indications of calamities.

The functioning of critical services is tied to the occurrence of emergencies. The state conducts a rigorous investigation into the interruptions of critical services and the dangers that might result in the suspension of services. To mitigate this, public awareness campaigns are created, and trainings incorporating as many participants as feasible are carried out as a preventative strategy. In order to assure the effective service delivery, effective collaboration between the government with the private sector is essential. Examples include electronic network infrastructure, services supplied, and vital information platforms that are mostly owned and operated by private companies.

The government must be prepared to manage the humanitarian catastrophe while also providing development assistance. In order to do so, it is critical for Estonia to engage in NATO and EU emergency management operations, as well as the activities of the NATO Response Force and its EU Battlegroups, among other activities. Through development assistance, Estonia enables nations that create a social structure that is tolerant of democracy and human rights, in compliance with its skills and resources. According to the National Security Council’s 2017 report, activity in the fields of development assistance and human rights protection contributes to the creation of an atmosphere that minimises the possibility of conflict and promotes security. So the emphasis is placed on the avoidance of global wars and crises, with the goal of reducing the negative effects on Estonia with its allies as a result of these events. As a matter of fact, Estonia endorses the expansion of the EU and NATO, that will contribute to the strengthening of the Western value sphere both in Eastern and central Europe. Because of the same rationale, Estonia is committed to maintaining positive ties with all of its neighbours.

Energy Security

A tiny yet open economy, Estonia’s economy is strongly reliant on global economic growth. National security, according to the 2004 NSC, relies on effective development and accountability of economic connections as well as a stable influx of foreign investments. As a result of its deep ties to the global economy, the state is very vulnerable to downturns and volatility in other economies. The high reliance on non-Estonian (Russian) monopolised energy systems and sources poses a significant risk to the country as a whole.[13]

Estonia’s energy security depends on the safety of its supply chain and its infrastructure. To break free of energy monopolies, countries in the EU must link their energy grids and increase the variety of energy sources they use. Improving domestic energy efficiency is critical to reducing reliance on foreign energy imports. According to NSC 2017, Europe’s energy policy, which seeks to make the most of available resources inside the EU, will be heavily relied upon in the next years. Estonia intends to increase its use of renewable energy sources for power and heating in the far future.[14]

With the ongoing Ukraine-Russian crisis which has resulted in an altered security scenario for Estonia, ceasing to finance Russia’s military complex will require the state to develop a replacement to Russian gas. The construction of a floating LNG import facility, which has been in the works for more than a decade, might help Estonia lessen its reliance on Russian gas imports. A pier plus an additional LNG ship is part of Alexela’s (energy firm) proposal for the Paldiski harbour on the Baltic Shoreline. The Estonian proposal would ultimately need a state assurance and financial support.[15]

Conclusion

Estonian security policy is rife with ambiguity, both conceptually and practically. Two parallel conceptions of comprehensive security and unified defence have emerged in Estonia, a departure from the typical comprehensive approach. Estonia is able to maintain its well-trodden course of complete defence because to the split among these two terms. Even the decision makers of defence policy generally define Integrated Defense in this manner.

As a result of this misunderstanding, Estonia’s strategic decisions prioritise complete defence and asymmetric warfare. This has repercussions for Estonian perceptions of and definitions of threats. Aside from that, the greatest danger to Estonian security is conventional, which is one that Russia has been more likely to influence in its actions in the post-Soviet realm, for example. A parallel idea of resilience exists in Estonia as a result of this misperception. It appears to mean various things for the Estonian defense community’s uniformed and civilian members. This contrasts with how resilience is understood by the military, which views the concept of resilience primarily through the lens of total defence. Using the Estonian method of resilience in conjunction with a comprehensive approach demonstrates how the military versus civilian sides of the security debate focus on distinct areas of security. As a result of Estonia’s current dual strategy, it is difficult to establish broad societal agreement on the most probable levels of uncertainty, operational methods in such conditions, and long-term investments for the country.

Creation of domestic institutions which are adept in participating actively in international security architecture, as well as mobilisation of the regular military force, are required. This includes clearly defining the responsibilities and duties of all organisations in Estonia engaged in comprehensive national security, as well as accurately analysing the nation’s defense capabilities and conveying the findings to Estonia’s military partners.


[1]National Security Concept of Estonia – Kaitseministeerium,” 2004. https://www.files.ethz.ch/isn/156841/Estonia-2004.pdf.

[2] “National Security Concept of Estonia – Kaitseministeerium,” 2010 https://www.files.ethz.ch/isn/156839/Estonia%20-%20National%20security%20concept%20of%20estonia%202010.pdf

[3] “National Security Concept of Estonia – Kaitseministeerium,” 2017. https://kaitseministeerium.ee/sites/default/files/elfinder/article_files/national_security_concept_2017.pdf

[4] Raik, Kristi, Mika Aaltola, Katri Pynnöniemi, and Charly Salonius-Pasternak. “Pushed Together by External Forces? the Foreign and Security … – FIIA.” The Finnish Institute of International Affairs, 2015. https://www.fiia.fi/wp-content/uploads/2017/01/bp167.pdf.

[5] “National Security Concept of Estonia – Kaitseministeerium,” 2017, p.3 https://kaitseministeerium.ee/sites/default/files/elfinder/article_files/national_security_concept_2017.pdf

[6] Marnot, Diana. “Comparison of Security Policy Documents of the Baltic States,” 2020. https://digiriiul.sisekaitse.ee/bitstream/handle/123456789/2568/2020%2010%20julgeolekupoliitika%20ENG_WEB.PDF?sequence=1.

[7] Fisher, Max. “This Is Bad: Russia ‘Abducts’ Estonian Officer after Obama Says Us Will Defend Estonia.” Vox. Vox, September 5, 2014. https://www.vox.com/2014/9/5/6110037/estonia-russia-officer-kidnapped.

[8] “2007 Cyberattacks on Estonia.” Wikipedia. Wikimedia Foundation, May 1, 2022. https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia.

[9] “National Security Concept of Estonia – Kaitseministeerium,” 2017, p.3 https://kaitseministeerium.ee/sites/default/files/elfinder/article_files/national_security_concept_2017.pdf.

 

[11] National Security Concept of Estonia – Kaitseministeerium,” 2004, p.19 https://www.files.ethz.ch/isn/156841/Estonia-2004.pdf.

[12] “National Security Concept of Estonia – Kaitseministeerium,” 2017, p.18 https://kaitseministeerium.ee/sites/default/files/elfinder/article_files/national_security_concept_2017.pdf.

[13] National Security Concept of Estonia – Kaitseministeerium,” 2004, p.19 https://www.files.ethz.ch/isn/156841/Estonia-2004.pdf.

[14] “National Security Concept of Estonia – Kaitseministeerium,” 2017, p.16 https://kaitseministeerium.ee/sites/default/files/elfinder/article_files/national_security_concept_2017.pdf.

[15] Tammik, Ott. “Estonia May Build LNG Terminal to Cut Russia Energy Dependence.” BloombergQuint, March 23, 2022. https://www.bloombergquint.com/onweb/estonia-may-build-lng-terminal-to-cut-russia-energy-dependence.

Continue Reading

Intelligence

Taking the India-Singapore Cyber Partnership Forward

Published

on

On the sidelines of the recently concluded Special ASEAN-India Foreign Minister’s meeting, Singapore and India agreed on the need to give their relationship a new impetus. The two countries have a robust political and defence partnership with regular engagements. For India, Singapore has been the top source of Foreign Direct Investments (FDIs), and India’s FDI in Singapore has observed an uptick in recent years. The relations between India and Singapore are based on shared values, economic interests, and convergence of perspectives on key strategic issues. Since last year, both have sought to consolidate relations through increased collaboration in information technology and cybersecurity. In February 2022, the two signed a Memorandum of Understanding (MoU) for deepening cooperation in science, technology, and innovation.

As a global data hub, Singapore has a high stake in the cyber domain. It has paid close attention to efforts for maintaining its reputation in cybersecurity and has worked towards a comprehensive national cybersecurity strategy. As a city-state, Singapore has sought to utilize diplomacy as deterrence to ensure its interests in the cyber domain. Today, Singapore is considered a cyber diplomacy pioneer among the ASEAN countries. It plays an active role in discussions on cyber in the United Nations and other platforms.  Singapore has put emphasis on becoming the ‘conversation starter’ for acceptable behaviour in cyberspace and has taken a lead in the war against cybercrime. To this end, the city-state has taken steps to build regional and global alliances for cooperation and experience sharing and has emphasized regular cyber exercises for staying ahead of the emerging cyber threats curve.

  According to International Telecommunications Union’s Global Cyber Security Index report, Singapore has focused heavily on national cyber defence and has not taken recourse to any known disruptive actions. This highlights Singapore’s commitment to peaceful cyberspace and projecting its image as a law-abiding nation. For enabling safe and secure cyberspace, Singapore has focused on building resilient infrastructure. It seeks to utilize research and development in the cyber domain as a source of ‘competitive advantage’, with the possibility of turning Singapore into an international hub for cybersecurity innovation.

In recent years, Singapore’s cyber insurance market has created a space of its own in Asia. The global cyber insurance market is estimated to exceed USD 20 billion, by 2025, with the Asia-Pacific market expected to witness almost 35 per cent Compound Annual Growth Rate (CAGR) between 2019 and 2025. It has been argued that the cyber insurance industry stands to witness exponential growth in the emerging climate of record ransomware attacks and cyber incidents.

Singapore updated its cyber security strategy in 2021, which goes beyond critical sectors and seeks a more proactive stance toward cyber threats. While focusing on cyber resilience and capability development for detecting and analysing malicious cyber activities, the plan looks at developing a ‘Made in Singapore’ solution for creating Singapore’s cybersecurity ecosystem. Further, the strategy also underlines the need for addressing ‘dilemmas of digitalization’, such as geopolitical tensions in cyberspace.

Notwithstanding Singapore’s military capabilities, Singapore (like its ASEAN counterparts) believes that escalating cyber incidents might not be beneficial for small states [PDF], as they would want to avoid cyberspace conflicts spilling over beyond the virtual domain. However, while the ASEAN seeks neutrality in the emerging tech rivalry between the US and China, Singapore’s emphasis on ‘ASEAN centrality’ is far from elementary.

Singapore is referred to as the anchor of the US naval presence in Southeast Asia and enjoys long-standing defence ties with the Quad countries. In August 2021, Singapore inked an MoU with the US for expanding information sharing and training to combat cyber threats. However, along with a deep partnership with the US, Singapore balances strong ties with China. While the US remains vital for regional security dynamics, especially in the shadow of increasingly aggressive Chinese maritime manoeuvres, Beijing stands as Singapore’s most important trade partner.

Thus, for Singapore, any partnership which falls outside the ambit of the great power rivalry will have a central role in its strategic thinking. As an emerging tech powerhouse, India possesses natural viability for strategic partnership with Singapore.

For India, there are several dimensions where Singaporean experiences are valuable. The delay in finalising a National Cyber Security Strategy has regularly highlighted New Delhi’s difficulty in opting for the best available policy options in cyberspace. It is argued that India needs to review its cyber-defence policies and should give equal attention to building cyber-offensive capabilities for deterrence. New Delhi’s narrow focus on cyber threats from Pakistan and China, has also been pointed out by some as a constrained approach.

Like Singapore, India has balanced the Western and the Eastern views on cyber diplomacy tables. India seeks to safeguard its strategic autonomy and cyber sovereignty while adopting a multi-stakeholder approach. However,  the recent laws like the mandate on the Virtual Private Networks (VPNs) for storing customer metadata, highlight the increasing significance of keeping unrestricted and undesired cyber activities in check. It has been reported that as the tech sector grows in India, cyber incidents like ransomware attacks, which affected a staggeringly high 68 per cent of India’s organizations in 2021, will necessitate a mature cyber insurance market for organisations and businesses at all levels.

The tech neutrality sought by the ASEAN countries has been visible on the 5G issue. While the US has sought to influence countries across the globe to avoid Chinese firms like Huawei over security and espionage-related concerns, governments in Southeast Asia have voiced their discomfort in choosing between the two sides.

The Singaporean PM had downplayed the security concerns over Huawei, saying that it is not ‘a black and white issue’, and that Singapore will carefully study the impact of 5G technology to decide. Unlike most  Southeast Asian countries, India has decided to go ahead with indigenous alternatives. For India, a successful 5G experience can consolidate its tech leadership credentials further.

As a global tech war accelerates and a digital divide between the two super cyber powers and the rest of the world emerges, middle powers will be compelled to seek convergence for safeguarding their national interests. As leaders in tech and innovation, India and Singapore stand as natural partners in the Indo-Pacific, as well as beyond.   

(Views are personal)

Continue Reading

Intelligence

Unmasking India’s IB and RAW

Published

on

India’s prime minister Narendra Modi granted a year-long extension in service to retiring heads of India’s Intelligence bureau (Arvind Kumar) and the Research and Analysis Wing (Samant Kumar Goel). Both officers are specialists in the art of disinformation and insurgency.  They masterminded the so-called Blakote strikes inside Pakistan. Besides, they mounted a world-wide Pakistan-bashing campaign that resulted in Pakistan’s isolation in comity of nations. Pakistan FATF woes could veritably be attributed to the machinations of the said two officers. They are protégé of India’s national security czar Ajit Doval. Doval himself boasts of having carried out covert activities in Pakistan for about eleven years. He did not care a fig for violating the diplomatic norms while posted in Pakistan.

Difference between the Intelligence Bureau and RAW

The common belief is that the IB and the RAW have separate domains. But, in actual fact, the both organisations coordinate their activities. Like the RAW, the IB also has its offices abroad. In his book, RAW: A History of India’s Covert Operations, Yatish Yadav make startling disclosures about activities of India’s intelligence agencies. In a chapter titled “Hunting the RAW traitor”, he reveals the career of the RAW agent Rabinder Singh, an ex-Army man who sold national secrets to the CIA for money. Singh was outwardly a religious person who had a penchant for quoting from Hindu religious book Bhagwad Gita. He led parallel lives and passed on classified information to the foreign power. Although given asylum in the U.S., he was soon forsaken by the CIA and met with an unexplained road accident there. The accident was masterminded by the RAW.

The Intelligence Bureau (IB) is the national domestic internal security and counter-intelligence agency that works under the Ministry of Home Affairs. It was formed as the ‘Central Special Branch’ on December 23, 1887, which was later renamed as ‘Intelligence Bureau’ in 1920. The organisation mainly focused on National Security activities. According to an article published in Jagaran Josh, the Intelligence Bureau (IB) is said to be the oldest surviving intelligence organisation in the world.

About Research and Analysis Wing (RAW)

Initially, the IB was only responsible for India’s internal and external intelligence, but in 1968, it was bifurcated and left with internal intelligence only. While it’s external branch was handed over to the newly created Research and Analysis Wing (RAW).

The bifurcation took place after IB lapse in the intelligence about the Sino-Indian War of 1962, and India-Pakistan War of 1965. So the Research and Analysis Wing (RAW) was founded in 1968 to counter external security threats. The RAW provides intelligence to policymakers and the army and it keeps a close eye on the activities of the neighbouring countries (China, Pakistan, Sri Lanka, Myanmar, etc.) of the nation.

Generally, the IB is the national internal intelligence agency that maintains the internal security of the nation, while RAW is an external intelligence agency that keeps an eye on international threats. The main functions of the IB include counterintelligence, counterterrorism, VIP Security, anti-secession activities and intelligence collection in border areas. RAW on the other hand collects secret information about the activities of neighbouring countries. IB functions under the governance of the Ministry of Home Affairs, while RAW has been placed directly under the Indian Prime Minister’s office. IB gets its employees from the Indian Police Service, law enforcement agencies and the military, while RAW has its own service cadre known as the Research and Analysis Service (RAS). Initially RAW was also dependent on the services of trained intelligence officers from the military, police and other services for its candidates.

Objectives

The RAW’s objectives include:

Monitoring the political, military, economic and scientific developments in countries which have a direct bearing on India’s national security and the formulation of its foreign policy. Mould international public opinion and influence foreign governments. Covert Operations to safeguard India’s National interests. Anti-terror operations and neutralizing elements posing a threat to India.

To control and limit the supply of military hardware to Pakistan, from mostly European countries, America and more importantly from China.

RAWS exploits

The RAW stoked insurgency in East Pakistan that led to dismemberment of Pakistan. The Indian army and other agencies acted in tandem.

Another event shows that Indian diplomats developed deep ingress in Islamabad. On May 29, 1988, a senior official of the Pakistan Intelligence Bureau was abducted in Islamabad. India alleges that his abductors were personnel from the Inter-Services Intelligence Directorate (ISI). According to their own account of the incident, narrated in the news magazine Herald, they beat up the IB official until he revealed the location of a secret telephone exchange that was monitoring calls made by Zia-ul-Haq.

Kalbushan Jhadav’s story speaks volumes on how India penetrates even its serving officers to carry out sabotage and subversion in Pakistan.

Disinformation

‘Disinformation’ (Russian deziinformatzia) is a concept that finds mention in Sun Tzu’s Ping Fa (Principles of War). Even before Sun Tzu, Kautilya in Arthashastra supported disinformation as a civil and military warfare tool within his concept of koota yuddha (unprincipled warfare as distinguished from dharma yuddha, righteous warfare).

Tzu’s and Kautliya’s principles were used not only in World War II but also in the Cold War period (to hoodwink own and foreign people). Richard Deacon says, ‘Truth twisting…unless it is conducted with caution and great attention to detail, it will inevitably fail, if practiced too often… It is not the deliberate lie which we have to fear (something propaganda), but the half-truth, the embellished truth and the truth dressed up to appear a something quite different’ (The Truth Twisters, London, Macdonald & Company (Publishers) Limited, 1986/1987, p. 8).  He gives several examples of disinformation including subliminal disinformation by which the truth can be twisted so that the distortion is unconsciously absorbed, something which both television and radio commentators have subtly perfected’ (Ibid., p. 9).  In the USA, the Creel Committee, through false anti-German propaganda turned pacifist Americans against Germans.

Disinformation influenced even independent-minded Americans who laid down a constitution, beginning with words `we the people’. Yet Chomsky says the American masses are like a “bewildered herd” who have stopped thinking (Noam Chomsky, Media Control: The Spectacular Achievements of Propaganda, p.16). He asserts that in a “properly functioning democracy”, there is a “small percentage of the people”, a “specialised class of citizens” who … analyse, execute, make decisions and run things in the political, economic, and ideological systems”. Chomsky reminds, ‘Woodrow Wilson was elected President in 1916 on the platform “Peace without Victory”, right in the middle of World War I.  The American population was extremely pacifistic and saw no reason to become involved in a European War.  The Wilson administration established a government propaganda commission, called the Creel Commission [Committee], which succeeded, within six months, in Chomsky reminds, ‘Woodrow Wilson was elected President in 1916 on the platform “Peace without Victory”, right in the middle of World War I.  The American population was extremely pacifistic and saw no reason to become involved in a European War.  The Wilson administration established government propaganda commission, called the Creel Commission, which [through fake news, films, etc.] succeeded, within six months, in turning a pacifist population into a hysterical, war-mongering population which wanted to destroy everything German, tear the Germans limb from limb, go to war and save the world….  After the war, the same techniques were used to whip up a hysterical Red Square…’ (ibid.page 12).

Fifth-generation war is believed to be a vague term. George Orwell (Politics and the English Language) suggested that that trying to find a clear-cut definition of fifth-generation or hybrid war would reveal exactly that kind of vagueness, with the use of important-sounding, pseudo-technological words to impress readers and convince them that this war is being fought at a level the layperson cannot comprehend. However, India has proved that it understands the dimensions of the fifth generation war or fake news. It knows how to apply its techniques to achieve its objectives. It is time for Pakistan to wake up

EU Lab belatedly discovered a world-wide network that spread disinformation against Pakistan. Even prestigious Indian newspapers sometimes publish reports or articles that smack of being pieces of state-sponsored disinformation.  Harvard’s criteria for detecting fake news could be applied to disinformation bloomers. Harvard suggests `everyone should vet a publisher’s credibility first and then check all the sources and citations’. James Carson offers tips in his article `Fake news: What exactly is it – and how can you spot it‘? (Telegraph January 31, 2019)

Disinformation camouflaged in Op-Eds is hard to detect as they do not usually quote their sources of information. A case in point is Shishir Gupta’s article ‘In Imran Khan’s 18-point Kashmir plan for Aug 5, outreach to Turkey, Malaysia and China’, published in Hindustan Times dated July 28, 2020.

RAW officers speak many languages such as Chinese, Russian, Arabic, Sinhalese, German, Polish and Urdu. By the time of Morarji Desai, RAW had a staff of “more than five thousand on its payroll”. Desai turned out to be inhospitable to RAW and Kao, and K. Sankaran Nair left the organisation. N.F. Suntook took charge and “saved the agency”. RAW “recruited trained and deployed informers and covert action teams in the USA, Iran and several European countries as well as in India’s immediate neighbours. It also employed analysts, polygraph examiners, cartographers, linguists, economists and political analysts to defend the country from internal foes and external enemies. While the I.B.’s mandate was essentially within the country, it also opened offices at times on foreign soil. As is to be expected, the two agencies joined hands, and at times fought over turf to the detriment of the common cause.

In Bangladesh, RAW combated the influence of the CIA and Pakistan. The assassination of Sheikh Mujibur Rahman was a big blow and a much-chastened RAW regrouped to regain its lost influence in Bangladesh. By November 1988, RAW’s station head, code-named Krishna Patwardhan, had set up the necessary network in Bangladesh, to target elements that were hostile to India.

RAW saw spectacular action in other theatres as well. On March 20, 1988, RAW operative Anupam Malik began to carry out Mission Fiji’, “aimed to disrupt and dismantle Fiji’s military regime” that threatened to upset the ethnic balance in Fiji. Attempts were being made by this regime to deny political rights to ethnic Indians, most of whom had been immigrants to the country during the British Raj. Deporting all ethnic Indians to India’ was a distinct possibility. By the 1990s Sitiveni Rabuka, the strongman, was honey-trapped and compromised by RAW agents in Fiji and had to abdicate political power.

Similarly, RAW’s involvement in Afghanistan, we learn, began with the Soviet Union’s invasion of the country. The agency’s operatives carried out missions right through the chequered regimes of Tarki, Amin and Karmal encountering opposition from Pakistan’s Zia ul-Haq and the Taliban at different times.

In Sri Lanka, RAW propped up the Liberation Tigers of Tamil Eelam (LTTE) and had to follow the contradictory path of support and opposition following the dictates of the political masters in Delhi.

In the chapter titled “Shadowy War in Washington”, we see the RAW operative code-named ‘Blue Sky’ track down the Khalistani leader Jagjit Singh Chouhan and successfully penetrate the World Sikh Organisation, the International Sikh Federation and the Babbar Khalsa International. While the traditional rivalry between the I.B. and RAW continued, according to RAW operative Krishna’s candid opinion, “the I.B. proved to be far superior in the Canadian theatre than the RAW.”

Concluding reflections

RAW’s cover officers, including RK Yadav and B. Raman, make no bones about India’s involvement in Bangladesh’s insurgency. They admitted that India’s prime minister Indira Gandhi, parliament, RAW and armed forces acted in tandem to dismember Pakistan. Raman reminds us that the Indian parliament passed a resolution on March 31, 1971, to support the insurgency.

Indira Gandhi had then confided with RAW chief R.N.Kao that in case Sheikh Mujib was prevented ruling Pakistan, she would liberate East Pakistan from the clutches of the military junta.

In order to sabotage the China Pakistan Economic Corridor (CPEC) a cell had been established in RAW with the sole objective of disrupting it and the cell worked ‘under the supervision of the Indian Prime Minister’.

Yet another book (Terror in Islamabad) has been published by an officer Amar Bhushan who happened to have served as a diplomat at the Indian High Commission Islamabad. Before being posted to Islamabad, Bhushan had served as an officer of India’s premier intelligence agency Research and Analysis Wing, Border Security Force Intelligence, and State Special Branch for a quarter of a century. His book mentions another RAW officer, Amit Munshi (real name Veer Singh) posted as Cultural Attache.

Since times immemorial diplomats have enjoyed immunity in countries where they are posted. International conventions govern their conduct in host countries. If a diplomat is caught red handed violating norms of diplomatic conduct, he is declared a persona non grata. Bhushan’s book reveals that Singh’s assignment was to “identify potential Pakistanis for subversion”. The familiar elements of intelligence craft are espionage, sabotage and subversion. India added one more element “insurgency” to the intelligence craft if we go through another RAW officer’s book The Kaoboys of R&AW: Down Memory Lane. B. Raman makes no bones about India’s involvement up to the level of prime minister in Bangladesh’s insurgency.

Continue Reading

Publications

Latest

Trending