Inside Cyber Warfare

Chapter 16. Cyber Warfare Capabilities by Nation-State.

Minsvyaz is not considered a Russian power ministry because its portfolio covers uncla.s.sified public networks. Nevertheless, Minsvyaz-included on the Security Council"s Interdepartmental Committee on Information Security-works with law enforcement agencies and the security services to suppress political dissent on public networks. Its regulatory body, Roskomnadzor, is particularly useful because it can suppress dissent through administrative actions that carry less baggage than a security service visit.

Presidential Decree No. 724 in May 2008 established Minsvyaz"s current structure and responsibilities. Minsvyaz is responsible for developing and implementing government policy and regulations covering: Information technology (including state information technology for public access) Telecommunications (including the use of radio frequency spectrum) and postal services Ma.s.s communications and media, including electronic media (Internet, television [including digital], radio broadcasting, and new technologies) Publishing and printing Processing of personal data Minsvyaz exercises these responsibilities through several subordinate agencies: Federal Communications Agency (Rossvyaz) Responsible for managing state property, providing public telecommunication and postal services, and developing communication networks, satellite communications systems, television broadcasting, and radio broadcasting.

Federal Agency for Press and Ma.s.s Communications (Rospechat) Responsible for providing public services and managing state property in print media and ma.s.s communications, including computer networks, electronic media, and publishing and printing.

Federal Service for Supervision in Telecommunications, Information Technology and Ma.s.s Communications (Roskomnadzor) Responsible for compliance and supervision of the media-including electronic, ma.s.s media, and information technology-and for processing of personal data and managing the radio frequency spectrum. See the next section, , for more information.

Federal State Unitary Enterprise Scientific Technical Center (FGUP STC) Atlas Responsible for developing and certifying information security and cryptographic technology for the government.[105]

Federal State Unitary Enterprise (FGUP) Communication-Security Responsible for information security of communication systems used by the government and others by contract.

Federal State Unitary Enterprise (FGUP) Research Inst.i.tute Sunrise Responsible for system integration and development of major federal automated information systems, including systems for special applications.

Roskomnadzor

Roskomnadzor issues licenses for telecommunications services, information technology services, and media operations. Roskomnadzor also monitors Russian media for compliance with the Federal Law On Ma.s.s Media. Roskomnadzor"s website (www.rsoc.ru) lists enforcement actions against media organizations. The majority of enforcement actions concern media violations of Article 4, which forbids media incitement or justification of terrorist activity. However, the prohibition includes a nebulous category of "other extremist materials." Enforcement details show most Article 4 violations result from the media questioning government statements concerning terrorist events. Because Article 4 violations can lead to license revocation, Roskomnadzor can suppress political dissent through administrative action.

Roskomnadzor"s posted enforcement actions history is mainly directed against traditional print and broadcast media. However, amendments made in 2006 and 2007 extend the Federal Law On Ma.s.s Media"s reach to the Internet. Article 4 now covers "information in computer files and programs." Article 24 defines any Internet site receiving one thousand visits as ma.s.s media subject to the law. The Russian press points out that this makes popular Internet forums and social media sites "ma.s.s media," subjecting journalists to Roskomnadzor oversight. Article 49 requires journalists to verify information"s accuracy before publication, providing Roskomnadzor with additional ways to suppress Internet comment.[106] Indeed, Russian press states that Roskomnadzor let a contract in April 2011 for a system to monitor extremist content in online media.

The cyber vigilantes

Roskomnadzor efforts to control extremist Internet content is a.s.sisted by the public minded citizens of the Safe Internet League (Liga Bezopasnogo Interneta). Its symbol is shown in Figure 15-5.

Figure 15-5. Safe Internet League symbol A nonprofit partnership, the Safe Internet League was registered in mid-February 2011, with Igor Shchegolev, Minister of Communications and Ma.s.s Media, as Trustee Board Chairman. The League"s address is a box number at Minsvyaz"s Moscow headquarters. The Board of Trustees includes the head of the FSB Information Security Center, Mail.ru"s Chief Executive Officer (CEO), Roskomnadzor"s Director, the heads of the major Russian telecommunications companies, and other Russian Internet figures. The League"s membership includes: Rostelecom Russia"s national telecommunications and Internet provider MTS.

Telecommunication component of AFK Sistema Vimpelcom Telecommunication provider Megaphone Mobile telecommunication provider Mail.ru Group Russia"s largest Internet company and social media host Kaspersky Labs Russia"s largest Internet security company Axis-TD Group of programmers and psychologists devoted to safe Internet Entensys Russian Internet security company Internet Development Fund Nonprofit supporting Internet development ROCIT.

Russia"s oldest Internet industry organization Friendly Runet Internet promotion organization According to its website, the Safe Internet League is a voluntary a.s.sociation of citizens devoted to helping law enforcement organizations. Its volunteers monitor the Internet for violations, and report those violations to law enforcement. The site posts detailed information on the Ministry of Internal Affairs (MVD) Directorate K-the MVD component responsible for Internet crime-and provides a direct email link for reporting violations. In the league"s view, violations include child p.o.r.nography, p.o.r.nography accessible to children, promotion of drug and alcohol abuse, and violent or "extremist" content.

Despite the prominent role a.s.signed to countering child p.o.r.nography, the league"s actual focus is social media.[107] The league"s website awards its members ranks based on the social networking sites they identify that contain malicious content. Social networking sites are already heavily monitored for p.o.r.nographic content; however, political comment runs rampant. Indeed, Russian press points out that the Safe Internet League"s creation coincides with the prominent role a.s.signed to social media during the 2011 Arab Spring uprisings. In the press" view, the league is actually an attempt to extend law enforcement"s monitoring to match social media"s expansion.

Ostensibly, the Safe Internet League is funded by the Saint Basil the Great Foundation (www.ruscharity.ru), which is headed by Konstantin Malofeyev. Mr. Malofeyev is also managing partner for the Russian private equity fund Marshall Capital Partners. Marshall Capital Partners" major accomplishment is losing millions of dollars for Western private equity funds investing in Russia. In recognition, Mr. Malofeyev was appointed to Rostelecom"s board. When interviewed by Russian press, Mr. Malofeyev declined to name the ultimate funding source for the Safe Internet League.

The Safe Internet League is probably created and backed by Russian security services. The Russian Law On Operational Search Activities, NZ 144-03, details the methods available to Russian law enforcement and security services in "obtaining information about events or actions that threaten the state." Article 6 states that search activities on technical communication channels "are carried out using the operational and technical capabilities of the Federal Security Service." Article 15 states that bodies authorized to conduct search activities can establish "on a free or paid basis, collaborative relationships with persons who have agreed to a.s.sist the authorities on a confidential basis, carrying out operative-search activity." In short, the MVD and FSB can back the Safe Internet League and remain entirely within the bounds of Russian law.

[105] FGUP STC Atlas was formerly subordinate to the Federal Security Service (FSB). The FSB has legislative responsibility for Russia"s overall information security, and it controls cryptographic technology. As a result, STC Atlas and the FSB continue a close relationship. STC Atlas also certifies foreign technology for Russian use.

[106] The Federal Law On Ma.s.s Media provides numerous ways for the creative mind to suppress dissent. Article 43 establishes a right of reply, allowing citizens to refute media allegations. Article 44 establishes the modalities for publishing refutations.

[107] Russian press interviewed the League"s financial backer Konstantin Malofeyev and pointed out that his business websites hosted erotic content.

Further Research Areas

So far we have discussed only the top-line structure of Russia"s information security apparatus. Operating beneath is a robust network of technical centers, academic ent.i.ties, and commercial companies-many spinoffs of state structures-working on information security. At the national level, Scientific Technical Center (STC) Atlas,[108] formerly subordinate to the FSB, maintains a network of facilities across the country with major development centers in St. Petersburg, Moscow, and Nizhniy Novgorod. The MOD"s Scientific Research Inst.i.tute for Automation (NIIA) works on information security for strategic command and control. The FSB also maintains several Scientific Technical Centers focused on information security.

And then there are the unacknowledged components. The network of youth groups, inst.i.tutes, and pseudo-NGOs that sp.a.w.n bloggers and websites supporting the government and protecting Russia"s "spiritual life." These are the people who can form cyber mobs and conduct DDoS attacks when needed, the ones who will fill Facebook and Twitter with pro-Putin pages and tweets.

[108] STC Atlas receives source code on Microsoft products from Microsoft for certification so Microsoft products.

Chapter 16. Cyber Warfare Capabilities by Nation-State.

This is a comprehensive overview of nation-states that are involved in standing up a cyber operations capability; however, there are now so many states enabling this capability that it became impossible to list them all in the time provided to write this chapter. This chapter features a survey of the majority of them.

Australia

In a 2009 Australian Defense white paper, the Australian government is taking initiatives to develop and enable a new cyber warfare capability.[109] It states that the new department will "consist of a much-enhanced cyber situational awareness and incident response capability, and the establishment of a Cyber Security Operations Centre to coordinate responses to incidents in cyber s.p.a.ce."[110] The words "response" and "defense" are used many times in the paper, with no specific mention to offensive capability. However, it does suggest it will be present with the text "maximize Australia"s strategic capacity and reach in this field."[111]

To accomplish this, Australia welcomed the opportunity to increase cooperation with the UK on cyber issues. In January 2011, Australia and the UK announced they will use their existing joint work on cyber security for the foundation of a sophisticated cyber partnership by further expanding the collaboration of their cyber security agencies and departments.[112]

A few months later, in March, the Australian Security and Intelligence Organization opened a new cyber investigations unit, tasked with investigating and advising on state-sponsored cyber attacks involving Australia.[113] The close cooperation of the Australian Computer Emergency Response Team (CERT) and the Defense Signals Directorate"s Cyber Security Operation Centre (CSOC) allow for identification of threats and the scale of response to be determined timely and effectively.

[109] Andrew Davies, "Intelligence, Information Technology and Cyber Programs," Security Challenges 5, no. 2 (Winter 2009), accessed August 29, 2011, Department of Defence, Defending Australia in the Asia-Pacific Century: Force 2030 (Canberra: Commonwealth of Australia, 2009), para. 9.8788.

[111] Ibid.

[112] "Australia-United Kingdom Ministerial Consultations," Joint Communique, Australian Minister of Foreign Affairs, January 18, 2011, accessed August 29, 2011, Johanna Morden, "Australian Govt Reveals New Cyberspooks Unit," FutureGov Asia Pacific, March 14, 2011, accessed August 29, 2011,

In September 2010 the Brazilian Army signed an agreement with Panda Security to a.s.sist in the training of the Army"s cyber forces. Panda Security will also use endpoint software to protect 37,500 computers that are organic to the Army"s Military Commands.[114] In addition to Panda Security"s a.s.sistance, Brazil has established a Center for Cyber Defense (CDCiber) in Brasilia, with General Jose Carlos dos Santos as commander.[115] CDCiber operates under the President of Brazil"s Cabinet of Inst.i.tutional Security (GSI), and military officers from Brazil"s armed forces will staff it. Training is provided through coursework at the Military Inst.i.tute of Engineering in Rio de Janeiro. A war room is under construction, which will provide incident response, malware a.n.a.lysis, and the ability to conduct cyber war games.

[114] "The Brazilian Army and Panda Security join forces to combat cyber-warfare," Panda Security Press Center, September 27, 2010, accessed August 29, 2011, Isabel Estrada, "Cybers.p.a.ce Becomes Newest Battlefield for Brazil"s Armed Forces," Dialogo, March 8, 2011, accessed August 29, 2011,

In October 2010 the Canadian government formally published its strategy to combat cyber attacks.[116] The strategy is built upon three pillars: securing government systems, partnering to secure vital cyber systems outside the federal government, and helping Canadians to be secure online. The strategy emphasizes that it will strengthen cyber sharing with its intelligence partners-including the United States, United Kingdom, and Australia-as well as work with NATO.

The Canadian Security Intelligence Service is instructed to a.n.a.lyze and investigate domestic and international threats. The Foreign Affairs and International Trade Canada will develop a cyber security foreign policy that will relate to Canada"s involvement abroad. The Department of National Defense and Canadian Forces are instructed to strengthen their capacity to defend their own networks and exchange information with allied militaries.[117] The strategy does not discuss offensive capabilities or the Canadian Cyber Incident Response Center (CCIRC).

According to an October 2010 interview with the director general of National Cyber Security at Public Safety Canada, the CCIRC is the first responder of cyber attacks but does not have the authority to direct response. Instead, the CCIRC acts as a triage of sorts to bring in other agencies to coordinate and determine which agencies have the lead for a response.[118]

[116] "Canada"s Cyber Security Strategy," Public Safety Canada, accessed August 29, 2011, Ibid.

[118] Chris Thatcher, "Cyber strategy: Defining roles in a federated model," Vanguard, accessed August 29, 2011, Republic

In August 2011 the Czech Republic released its version of a cyber strategy for the years 20112015.[119] The doc.u.ment states that this present strategy is to be used as a foundation upon which to build Czech cyber capabilities. While this may not display that a former strategy was absent, it does indicate that the former policy was either inefficient or did not possess the authority to const.i.tute effective action.

The strategy includes the involvement of all sectors pivotal to an effective security. It also stresses the importance of cooperation and mutual trust between the government and private sector. It does not, however, provide much incentive to the private sector to cooperate, only that the government and the private sector should coordinate to create cyber security standards. Moreover, the strategy dictates that international cooperation is key, specifically the European Union and NATO. The paper makes it clear that cyber security issues are the responsibility of the Ministry of Interior, but the Czech Republic is likely experiencing jurisdiction problems in that department, as are many other countries that are working to establish cyber security programs. Section 11 under legislative framework mentions that laws need to be put in place indicating which agencies will coordinate and what their respective duties will entail. It is also worthy to note that like many other national strategies, a Computer Emergency Response Team will be created to mitigate threats as they are presented.

In the cyber response arena, the strategy discusses the need for a national cyber threat early-warning system, which will have response options that are not yet specifically detailed. However, section 22 does indicate that the government will test response options and countermeasures to such security risks based on international cyber defense exercises. To accomplish this, the government will encourage state departments, the private sector, and academic facilities to support research and engage in training domestically and abroad in the arts of cyber security. The strategy, not unlike others published, establishes a basic break down of the proposed capabilities, the legal frameworks, and the education required to execute these tasks.

[119] "Cyber Security Strategy of the Czech Republic for the 20112015 Period," European Network and Information Security Agency, accessed August 30, 2011, People"s Republic of Korea

DPRK President Kim Jong Il is approaching age 72 and has suspected health problems. His son, Kim Jong Un, has been named his successor, and at 28 years old, Jong Un has been raised in a more technological generation. It is likely he will continue to push the DPRK toward cyber capabilities when he a.s.sumes the presidency.[120]

In 2007 a DPRK military officer who defected reported that North Korea has approximately 30,000 electronic warfare specialists under two electronic warfare brigades.[121] Out of these personnel, there are roughly 600 specialized hackers. Mirim College-also known as Kim Il Political Military University, or secret college-trains some 100 hackers a year via distance learning and Russian training that has been pa.s.sed along in a train-the-trainer mentality.[122]

The army is seeking out young prodigies to train as hackers from an early age. When a child is identified as a potential recruit, he is given the best environment possible. If that child graduates with top grades, his family is moved to Pyongyang as a reward.[123] After studying at local universities, those prodigies are given the chance to study abroad, complete with a generous stipend for living expenses. These hackers are a.s.signed to various units under the General Bureau of Reconnaissance (GBR). Republic of Korea intelligence authorities believe there are approximately 1,000 cyber warriors in the GBR based out of China and the North.

A specific unit under the GBR is Office 121, which is a cyber warfare unit that possesses world-cla.s.s hacking abilities.[124] In May 2011, Im Chae Ho, the vice president of the KAIST Cyber Security Research Center, commented that North Korean hackers had 10 times the strike capability of their South Korean counterparts, and are at a stage where they can directly attack South Korea"s infrastructure through cyber terrorism.[125] North Korea has expressed interest in damaging South Korea"s infrastructure, including nuclear power plants and stock market systems, via the Internet.[126]

© 2024 www.topnovel.cc