In the light of the current sabre-rattling between the US and its Western allies on one side, and countries like Russia and Iran on the other, each accusing the other of hacking into its computer systems, it is time for international cyber peacekeeping initiatives. Will the UN intervene?
By Nijhum Rudra
According to an old saying, ‘Every development comes at some cost’. And sometimes, the cost can be too high, threatening the lives of individuals and the national security of countries. Over the past 30 years, science and technology have revolutionised our lives. Computers and the global spread of the Internet are often considered to be the biggest boon to mankind. But this boon could turn into a curse if used in the wrong way. Within a span of 10-15 years, the number of Internet users has grown rapidly from an estimated 16 million in 1995 to more than 3.5 billion in 2017, according to Mohan B. Gazula, who is a computer science researcher at Boston University.
The Internet has made states, non-state communities, businesses, academia and individuals interconnected and interdependent, which wasn’t the case 20 years back. Also, the defence and military establishments’ reliance on computer systems and networks has increased exponentially, thus opening up yet another front – a space that needs to be defended, while offering opportunities to spring an attack. So cyber space is the fifth battle front apart from land, sea, air and outer space, remarks Gazula. Therefore, the crucial question is: who will monitor this space in a free and fair manner?
Cyber security: The current scenario and global challenges
Currently, the global cyber security situation is in a state of flux, with covert cyber wars going on between countries and even companies, while ‘cyber peace’ and unbelievable levels of sharing and cooperation are also maintained. Different state and non-state actors are performing covert and overt acts aimed at harming sovereign interests of enemy countries or of other entities in cyber space. There is no international treaty on cyber security. The Convention on Cybercrime of the Council of Europe does not deal with cyber security issues, and the laws or norms of the behaviour of state and non-state actors in cyber space have not been developed yet. The UN Group of Governmental Experts has failed to come to any unanimous decision on the legal principles governing the various forms of cyber threats. Though fresh efforts have started in this regard, it will take some time for these norms to evolve and be accepted as international law. Till then, the hostile acts and activities of various state and non-state actors in cyber space fall under the grey area.
“As countries are expanding their definitions and perspectives of cyber sovereignty, it is imperative that the norms of behaviour concerning cyber war and cyber peace activities become more well-defined. Tallinn Manual 1.0 and Tallinn Manual 2.0 (written by an international group of experts on cyber security) could initially be a starting point. However, they represent only the NATO-centric or Western viewpoint, and do not embody the aspirations and perspectives of developing countries. Work will have to be done in this regard soon,” says Pavan Duggal, senior cyber law expert, Supreme Court of India.
“Due to the dynamic pace at which technology evolves, the modus operandi and ramifications of a cyber attack keep changing. According to the Norton Survey on Global Cyber Security, the average cost to companies worldwide of a data breach is US$ 3.86 million, and the average time it takes to identify a data breach is 196 days. Statistics from the Norton Survey indicate that India was one of the worst hit countries by the WannaCry ransomware that impacted sectors such as banking, finance and manufacturing, last year. The recent attacks on the Baltimore city (USA) authorities by hackers using ransomware is a clear example of how a nation’s critical systems can be severely affected by cyber attacks,” says Karnika Seth, senior cyber law expert, Supreme Court of India. “The biggest challenge faced by nations in curbing cyber crime is the lack of a clear consensus between nations on how to cooperate to combat trans-border cyber attacks. Aspects like dual criminality and the timeline for responses pose a problem until mutual or bi-lateral legal assistance treaties are formulated,” added Karnika.
The role played by the US in cyber warfare
The fast pace at which the Internet has grown, and the central role it now plays in all spheres of our lives, has coincided with the United States being the globe’s lone superpower. Over the past few decades, the creativity and inventiveness of the American people drove the growth of cyber space, which plays an important role in the country’s financial markets too.
Meanwhile, Americans took it for granted that the supremacy of their country in the cyber domain would remain unchallenged. They assumed that America’s vision for an open, interoperable, reliable and secure Internet would inevitably become a reality, according to the report of the National Cyber Strategy of the United States of America.
But now the US itself stands accused of directly or indirectly initiating cyber attacks on countries like China, Russia, Iran, Iraq and India, though the Department of Homeland Security (DHS) and CIA naturally deny any such activities. The American intelligence agencies claim that the US has only been fighting cyber criminals and diabolical foreign actors on a regular basis, for the past 20 years.
Isaac R. Porche III, director, acquisition and development programme, Homeland Security Operational Analysis Center (HSOAC), states in his research report that cyber attacks on crucial American systems were carried out by vicious state-backed cyber-criminals. They took advantage of outdated computer equipment and software security to seal millions of computers and basic communication functions, which resulted in interference in operations of international importance.
Porche also states that Russia is one of the biggest threats to the United States’ internal security, the biggest example of which is the alleged hacking of the 2016 US presidential elections. The hacking operations of Russia involve cyber infiltration and influence critical operations. Some Russian agencies have been accused by the CIA of operating under the protection of Russia’s Federal Security Service while others have been fully supported by the Russian foreign intelligence agency, GRU.
The FBI and DHS have accused the Russian authorities of hacking into and spying on US crucial intelligence systems. These systems not only support and store classified data of government entities and energy infrastructure, but also include data on common facilities, like water resource plants and aviation institutions. Unit 26165, Russia’s elite military hacking centre, is a part of GRU’s signals intelligence arm. This specialised hacking unit has the potential of targeting political, governmental, and military organisations with‘spear-phishing’emails and other computer based virus attacks.
“As per news reports, Russia’s role in cyber attacks on the USA was seen in the 2016 US presidential elections, which involved manipulating social media to harm the campaign of Hillary Clinton. The US claims that concrete evidence was found by its intelligence agencies that indicates a direct link between the Russians and the said attacks,” says Karnika Seth.
Back in 2017, a survey by DHS revealed that around 21 states in the US fell victim to Russian cyber attackers who gained access to election systems in 2016. Out of the 21 states, the hackers gained complete access to the election systems of seven states, with the potential to change and wipe out voter registration data.
A couple of months back, the CIA reported in an official statement that along with Russia, China is also emerging as a serious threat, launching cyber attacks in the US and across various parts of the world. The US has banned the business and sales operations of China’s biggest telecommunication firm, Huawei, on charges of spying and infiltration. The US has also targeted the company for its alleged business deals with Iraq, something the US government has prevented multinationals from doing.
The Mueller report, which published the details of the investigation into Russia’s cyber attacks on the 2016 US presidential election, has stated that 12 of GRU’s military intelligence officers broke into the Democratic National Committee’s email servers, stealing information and leaking it through specific online sites as well as through WikiLeaks. Last year, FBI director Christopher Wray spoke of the high chances of possible cyber attacks during the upcoming 2020 presidential elections.
Dr Cherian Samuel, research fellow at the Institute for Defense Studies and Analysis (IDSA), India, says, “Both the US and Russia have formidable capabilities in cyber space, and both try to use the domain to destabilise their counterparts. While the US has been on a slow burn after the manipulation of its election process by the Russians, there are clear indications of some escalation in tit-for-tat activities. Unlike earlier, these actions are being owned up to, as in the recent US announcement that it had penetrated the Russian power grid and placed implants in response to similar Russian activity on its own grids. Whether this will lead to a form of cyber-deterrence or further destabilise the cyber environment remains to be seen.”
USA and Iran: The hotbeds of cyber warfare
Historically, both the countries do not share an amicable or direct diplomatic relationship, according to Gazula. In 1953, Mohammad Mosaddeq, Iran’s first democratically elected leader, was deposed by a coup planned by the US and British intelligence agencies, because the Iranian leader had nationalised the country’s oil assets, which impacted the profits of Western oil companies. In 1988, the relationship worsened further when a US warship shot down an Iranian plane and in 2002, Iran was even accused of carrying out a nuclear weapon test at Natanz. The US accuses Iran of a clandestine nuclear weapons programme, which Iran denies.
A decade of intermittent Iranian engagement with the UN’s nuclear watchdog and other related diplomatic activity followed. The UN ratified four rounds of sanctions against Iran between 2006 and 2010 over the nuclear issue.
Iran’s uranium enrichment plant at Natanz was infected by Stuxnet, a vicious computer virus and supposedly the world’s first digital weapon, in 2010.
About 13 days after the infection, the virus turned itself on and was able to spread via a USB interface. Operationally, it was able to speed up or slow down the centrifuges in the plant, causing them to destroy themselves. The sabotage was so sophisticated that the virus was able to operate without revealing any signs of a problem on the monitoring systems used by officials at the Iranian facility.
Recently, the relationship between the US and Iran slumped further when Iran shot down a US surveillance drone on June 20, over the Strait of Hormuz. After a couple of days, the US announced that in retaliation it had successfully crippled Iran’s missile launching systems, which Iran denied.
Dr Samuel adds, “As regards the US and Iran, it was ironically the US that set Iran on the path to enhancing its cyber capabilities because of the Stuxnet attack. Cyber attacks on Iran have proved to be a convenient way for the US to respond to any aggressive actions taken by Iran. This was seen recently when the US military was about to strike Iranian targets and the decision was reversed at the last minute, with a cyber attack on Iranian missile defences taking place instead. Iran and China have also been making noises about uniting on the cyber front, with the Iranian ICT minister making a statement that the two countries will join together “to confront US unilateralism and hegemony in the field of IT.”
|What the experts say|
|“India is a signatory to the 1899 and 1907 Hague Conventions that created the primary body of the law of war. The key principles of ‘distinction’, ‘military necessity’, ‘proportionality’, and ‘unnecessary suffering’ apply to the use of conventional weapons in armed conflicts and also to cyber attacks. The Geneva Convention, 1949, its additional protocols and the Hague Conventions provide guidance on cyber war issues. In the Tallinn Manual, the experts have unanimously agreed that the principles of jus ad bellum (the conditions under which a state can resort to war) and jus in bello (minimising the human suffering in war by protecting and helping the victims of the conflict) apply to cyber operations too. India should consider playing a proactive role in the UN Group of Governmental Experts, and work towards providing technological cooperation between governments and the private sector to protect systems and other critical infrastructure across nations. The UN has been advocating building a strong set of laws on cyber warfare and this work is in progress.”
—Karnika Seth, senior cyber law expert, Supreme Court of India
|“As of now, there are no major legal provisions to regulate acts of countries engaging in cyber war. There is an absence of any legal restrictions, and countries don’t even want to negotiate any legal restrictions as it might limit their capacity to engage in these kinds of activities. Currently, the UN is taking the initiative on these global laws. It will be interesting to see how the new UN Group of Governmental Experts will look at these and other connected issues.”
—Pavan Duggal, senior cyber law expert, Supreme Court of India
India and Pakistan
Since both countries got their Independence in 1947, Kashmir has been the biggest cause for the dispute between them. The two neighbouring countries have witnessed several wars and acts of covert terrorism. Gradually, with the advances in technology, the types of attacks have also changed. Although China, Russia, North Korea and the US are currently well known in the cyber warfare domain, India and Pakistan are also developing strong cyber skills, both to attack the other country and to defend their systems.
In 1998, Pakistani hackers targeted the Indian Atomic Research Center and since then, they have successfully initiated scores of cyber attacks in India. Indian hackers, too, have defaced crucial websites in Pakistan, reports the Zurich based Center for Security Studies.
After the attack on the CRPF (Central Reserve Police Force) personnel in Pulwama in February this year, Pakistani intelligence is said to have hacked 90 Indian websites, reports Times Now. In 2018, Pakistani hackers were reported to have hacked 10 Indian websites, which included National Aeronautics Limited, the Army Institute of Management and Technology, the Defence Institute of Advanced Technology, the Army Institute of Management, and the Board of Research in Nuclear Sciences. Government reports indicated the use of social engineering on social media to gather intelligence and recruit people for anti-national activities.
To combat the growing threats of cyber warfare from a few countries, the National Cyber Security Policy 2013, was framed to build a secure and safe cyber space for India’s citizens and businesses. The policy aims to protect information and the information infrastructure in cyber space, as well as enhance capabilities to prevent and respond to cyber threats through a combination of institutional structures, trained manpower, operations, research and technology. While India quintessentially believes in peace and progress, it needs to be proactive in its cyber defence programmes to protect its people and systems from an increasing number of cyber threats and attacks. India’s intelligence agencies need to work within quick timeframes and with incident response teams to both prevent and combat cyber attacks.
Karnika Seth adds, “As per public records and the Home Ministry’s published reports, India is enhancing its cyber security capabilities, infrastructure, national strategy and manpower training, and deploying robust technology to strengthen its position to combat cyber attacks effectively. India also needs to focus on amending its laws and legal framework, particularly in cases of cyber crime, and make focused efforts to build international cyber alliances with other countries. This will enable quicker sharing of intelligence data and incident response, while improving the country’s capabilities to combat other trans-border cyber crimes.”