Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma

Amit Sharma, Defence Research and Development Organization, India, [email protected] Sharma, Defence Research and Development Organization, India, [email protected]

The opinions expressed or implied in this paper are solely those of the author, and are based on open sources. Under no circumstances these may be correlated or perceived as the views of Government of India in general and the Author’s organization in particular.

Global Framework for Cyber Defence : Global Framework for Cyber Defence : A Strategic Reckoning for a Global TreatyA Strategic Reckoning for a Global Treaty

Amit SharmaAmit SharmaOffice of Secretary Defence (R&D) and Scientific Advisor of Defence Minister Office of Secretary Defence (R&D) and Scientific Advisor of Defence Minister


““War is thus an act of force to compel our enemy to do our will”War is thus an act of force to compel our enemy to do our will”ClausewitzClausewitz

““One hundred victories in one hundred battles is not the most skillful. One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.”Seizing the enemy without fighting is the most skillful.” Sun Tzu Sixth Century B CSun Tzu Sixth Century B C

“One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.”

Sun Tzu Sixth Century B.C


Sun Tzu Sixth Century B.C


Sun Tzu Sixth Century

Cyber warfare derives the essence of both of these great military theorists as it is a warfare which is capable of compelling the enemy to your will by inducing strategic paralysis to achieve desired ends and this seizing of enemy is done almost without any application of physical force.


The Grand strategic cyber warfare – the triad theory of cyber warfareThe Grand strategic cyber warfare – the triad theory of cyber warfare


Defence Communication Networks, Global Command, Control and communication Networks, C4I2SR, Strategic networks (weapons and comm), Logistic Networks.

Global Positioning Systems/ Navigation networks, Joint force coordination and Air component control Networks. And so on. E.g. SPAWAR, FORCENET, GCCCS, JFACC, JSTARS, CAFMS, TDRS, DSCS, SPOT, Landsat and so on

Critical National infrastructure such as SCADA Networks for utilities, Transportation networks, Air traffic control, Communication system PSTN/mobile/Satellite, Commercial navigation networks, Health information based networks, Commercial networks and services, Stock exchanges, Banking networks, Commercial enterprise, Emergency response networks, Media and public information networks and so on

Law enforcement networks, Emergency response and recovery networks, Network security agencies both public/private, Media hijacking for tarnishing politicians, government and to induce fear and chaos among people, PSYOPS to tarnish political stance at national and international level thus initiating conflicts both inter-nation (by routing attack through victim nation) and intra-nations(by inducing ethnic conflicts by hate propaganda and so on thus resulting in riots and total law and order failure) resulting in a humanitarian crisis.


People are :1. Socially disconnected;2. Politically disengaged; 3. In scientific disbelief;

and are constantly living in an environment of fear,

“This western society is becoming more and more individualistic.”

Bill Durodie“Perceptions overweight the reality”

Ulrich Beck’s “Risk Society”

where chaos, fear, bedlam, anarchy and basic animal instincts of man will prevail resulting in mayhem and complete destruction of nation as a system

the sudden disappearance of almost all of their facilities on which they are hopelessly dependent upon, will result in catastrophic outcomes






In current contemporary world, governments play as political instruments in the trinity bymeans of excising control and gaining mandate of people.

effective law enforcement By providing secure, secular and

democratic environment to people.

The law enforcement and security agencies rely extensively on criminal records and other coordination networks such as emergency response and recovery networks which although act as a force multiplies for them but at the same time make these networks vulnerable to strategic cyber warfare.

Another important aspect to gain mandate and control of people is the media. ‘CNN effect’ ‘CNN effect’ These Media networks can be hijacked for tarnishing the image of politicianstarnishing the image of politicians and government of victim

nation; and can be used to induce fear and chaos among people.

tarnish the political stance of the victim nation at national and international level thus initiating conflicts both at inter-nation level (by routing attack through victim nation) and intra-nation level (by inducing political divisions in population by false propaganda resulting in

conflicts and total law and order failure) A failed state which has anarchy, fear and chaos which will ultimately result in a humanitarian

crisis and failure of the state as a system of systems


Including Economy

Parallel Warfare in

Cyber Space for

Rapid Dominance

Parallel Warfare in

Cyber Space for

Rapid DominancePa

ralle

l War

fare

in

Cybe

r Spa

ce fo

r Ra

pid

Dom

inan

ce

Cascade

Effect and

Strategic

Paralysis

PSYOPS for Inter/Intra Nation conflictsPSYOPS for In

ter/Intra Nation conflicts

PSYOPS for Inter/Intra N

ation conflicts


Cyber Defence – A conventional fallacyCyber Defence – A conventional fallacy



Defence in Depth- Need for Public Private PartnershipDefence in Depth- Need for Public Private Partnership


The current conventional wisdom on cyber defence relies on The notion of ‘defence in layers’‘defence in layers’ International legal regulations especially by drawing similarities between cyber attacks and armed conflicts and then applying the law of armed conflict

The notion of ‘defence in layers’ is a tried and tested dictum which is extensively used to protect both the commercial and the defence networks.

It relies on installing multiple layers of defences so as to make the penetration almost near to impossible.such a system is as strong as its weakest link.

no guarantee that the system security is fool-proofno guarantee that the system security is fool-proof

at least assures one aspect that the penetrator will require time to defeat multiple layers of security, it is this time which is crucial for defenders for taking necessary action to thwart the threat.

minimum deterrence, but nevertheless is not a complete and fool-proof solution






Data Security Council of India (DSCI)

www.dsci.in

CYBERLABS

http://www.dsci.in/

http://www.dsci.in/



Legal framework – Domestic and InternationalLegal framework – Domestic and International


DOMESTIC LAWS

• The Information Technology Act, 2000 The Information Technology Act, 2000 (No. 21 Of 2000) Of India(No. 21 Of 2000) Of India

• The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the Lok Sabha on 22-12-2008 and by the Rajya Sabha on 23-12-2008.

• It received Her Excellency President’s assent on 5th February, 2009.

DOMESTIC LAWS – IT ACT 2000 and 2008 Amendments INTERNATIONAL LAWS – LOAC.


Whoever threatens the unity, integrity, security or sovereignty of India or strike terror in people by:

• Denying access to computer resource; or• access computer resource without authority; or• Introduce any computer contaminant• and causes death or destruction of property; or• Penetrates restricted computer resources or information

affecting sovereignty, integrity, friendly relations with foreign states, public order, decency, contempt of

court, defamation or to the advantage of foreign state or group of persons.

It is punishable with imprisonment upto life.

Cyber Terrorism is defined in Section 66F:

Section 69B: Section 69B: For cyber security, Government may order any intermediary to allow access to any computer resources and violation results in imprisonment upto 3 years with fine.


• Jurisdiction is not bounded by Country’s boundaries if Jurisdiction is not bounded by Country’s boundaries if the the

target is a computer resource located in India. Section 4(3)target is a computer resource located in India. Section 4(3)

• Any act done anywhere in the world is an offence if the Any act done anywhere in the world is an offence if the said act, if committed in India is an offence. Explanation said act, if committed in India is an offence. Explanation (a) to Section 4(a) to Section 4

• Voluntary concealment of existence of a design by encryption or any other information hiding tool is an offence.

• Sec.72A provides for punishment for disclosure of information in breach of lawful contract extending upto 3 years or fine to the tune of Rs. 5.00 Lacs or with both.

• Impersonation with the help of computer or communication device will result in 3 years imprisonment

and fine upto Rs.1.00 Lac (Section 66D)

SALIENT FEATURES


?


Outer Space Treaty

Cyber Space TreatyThe Outer Space Treaty, formally known as the Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies, is a treaty that forms the basis of international space law.

It exclusively limits the use of the Moon and other celestial bodies to peaceful purposes and expressly prohibits their use for testing weapons of any kind, conducting military maneuvers, or establishing military bases, installations, and fortifications (Article IV)

Article II of the Treaty states that "outer space, including the Moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means".

The state is also liable for damages caused by their space object and must avoid contaminating space and celestial bodies.


Article IX Article IX of the Outer Space Treaty: "of the Outer Space Treaty: "A State Party to the Treaty which has reason A State Party to the Treaty which has reason

to believe that an activity or experiment planned by another State Party in outer to believe that an activity or experiment planned by another State Party in outer

spacespace, including the Moon and other celestial bodies, would , including the Moon and other celestial bodies, would cause potentially cause potentially

harmful interference harmful interference with activities in the peaceful exploration and use of outer with activities in the peaceful exploration and use of outer

space, including the Moon and other celestial bodies, space, including the Moon and other celestial bodies, may request consultation may request consultation

concerning the activity or experconcerning the activity or experiment."iment."

Article VI Article VI of the Outer Space Treaty deals with of the Outer Space Treaty deals with international responsibilityinternational responsibility, stating, stating

• ""the activities of the activities of non-governmental entities non-governmental entities in outer space, including the moon in outer space, including the moon

and other celestial bodies, and other celestial bodies, shall require authorization and continuing shall require authorization and continuing

supervision by the appropriate State Party to the Treatysupervision by the appropriate State Party to the Treaty" "

• States Parties States Parties shall bear shall bear international responsibility international responsibility for for national space national space

activities activities

whether carried out by governmental or non-governmental entities.whether carried out by governmental or non-governmental entities.

Responsibility for Activities in Space Cyber Space Treaty



Cyber Deterrence – A viable optionCyber Deterrence – A viable option


Making cyber deterrence crediblecredible and knownknown to the enemy.

This phase also involves the creation of a Cyber Triad Cyber Triad capability, equivalent to a Nuclear Triad which will have capability for orchestrating a second strike in case of failure of the deterrence.

Regular defence and civilian assets (offensive and defensive) and networks

Isolated conglomerate of air gapped networks situated across the friendly nations as part of cooperative defence, which can be initiated as credible second strike option

A loosely connected network of cyber militia involving patriotic hackers; commercial white hats and private contractors which can be initiated after the initial strike or in case of early warning of a potential strike.


The Author believes that This credible second strike capability assures the dictum of Mutually Assured Destruction (MAD) in cyber space and hence an option for defence in terms of deterrence

This capability should be made known to the potential advisories as part of cyber countervailing strategy to warn them of undesired consequences and punitive costs they may bear in event of a cyber conflict

deterrence by punishment deterrence by denial

preemptive cyber strikes on the adversary’s cyber offensive capabilities

Although in scenarios of state actors this policy may result in further escalation of conflict hence utmost care and thought process should be put before initiating such a strike, but in case of non state actors these preemptive cyber strikes offer a credible deterrence mechanism from thwarting these threats.


“DEFENCE IN LAYERS”

LEGAL INSTRUMENTS OF INTERNATIONAL AND DOMESTIC LAWS

CREDIBLE CYBER DETERANCE BASED ON CYBER TRIAD BASED ON PUBLIC PRIVATE PARTNERSHIP

ONLY VIABLE CYBER DEFENCE STRATEGY

Cyber Space Treaty

RESPONSIBILITY


The opinions expressed or implied in this paper are solely those of the author, and are based on open sources. Under no circumstances these may be correlated or perceived as the views of Government of India in general and the Author’s organization in particular.

Global Framework for Cyber Defence : Global Framework for Cyber Defence : A Strategic Reckoning for a Global TreatyA Strategic Reckoning for a Global Treaty

Amit SharmaAmit SharmaOffice of Secretary Defence (R&D) and Scientific Advisor of Defence Minister Office of Secretary Defence (R&D) and Scientific Advisor of Defence Minister

Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma

Documents

Transcript of Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma