Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma

Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma Office of Secretary Defence (R&D) and Scientific Advisor of Defence Minister The opinions expressed or implied in this paper are solely those of the author, and are based on open sources. Under no circumstances these may be correlated or perceived as the views of Government of India in general and the Author’s organization in particular.

“One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.” Sun Tzu Sixth Century B.C “One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.” Sun Tzu Sixth Century B.C “One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.” Sun Tzu Sixth Century “War is thus an act of force to compel our enemy to do our will” Clausewitz “One hundred victories in one hundred battles is not the most skillful. Seizing the enemy without fighting is the most skillful.” Sun Tzu Sixth Century B C Cyber warfare derives the essence of both of these great military theorists as it is a warfare which is capable of compelling the enemy to your will by inducing strategic paralysis to achieve desired ends and this seizing of enemy is done almost without any application of physical force.

The Grand strategic cyber warfare – the triad theory of cyber warfare

Law enforcement networks, Emergency response and recovery networks, Network security agencies both public/private, Media hijacking for tarnishing politicians, government and to induce fear and chaos among people, PSYOPS to tarnish political stance at national and international level thus initiating conflicts both inter-nation (by routing attack through victim nation) and intra-nations(by inducing ethnic conflicts by hate propaganda and so on thus resulting in riots and total law and order failure) resulting in a humanitarian crisis. Defence Communication Networks, Global Command, Control and communication Networks, C4I2SR, Strategic networks (weapons and comm), Logistic Networks. Global Positioning Systems/ Navigation networks, Joint force coordination and Air component control Networks. And so on. E.g. SPAWAR, FORCENET, GCCCS, JFACC, JSTARS, CAFMS, TDRS, DSCS, SPOT, Landsat and so on Critical National infrastructure such as SCADA Networks for utilities, Transportation networks, Air traffic control, Communication system PSTN/mobile/Satellite, Commercial navigation networks, Health information based networks, Commercial networks and services, Stock exchanges, Banking networks, Commercial enterprise, Emergency response networks, Media and public information networks and so on

“This western society is becoming more and more individualistic.” Bill Durodie “Perceptions overweight the reality” • People are : • Socially disconnected; • Politically disengaged; • In scientific disbelief; • and are constantly living in an environment of fear, Ulrich Beck’s “Risk Society” the sudden disappearance of almost all of their facilities on which they are hopelessly dependent upon, will result in catastrophic outcomes where chaos, fear, bedlam, anarchy and basic animal instincts of man will prevail resulting in mayhem and complete destruction of nation as a system

In current contemporary world, governments play as political instruments in the trinity by • means of excising control • and gaining mandate of people. • effective law enforcement • By providing secure, secular and democratic environment to people. Law enforcement networks, Emergency response and recovery networks, Network security agencies both public/private, Media hijacking for tarnishing politicians, government and to induce fear and chaos among people, PSYOPS to tarnish political stance at national and international level thus initiating conflicts both inter-nation (by routing attack through victim nation) and intra-nations(by inducing ethnic conflicts by hate propaganda and so on thus resulting in riots and total law and order failure) resulting in a humanitarian crisis. The law enforcement and security agencies rely extensively on criminal records and other coordination networks such as emergency response and recovery networks which although act as a force multiplies for them but at the same time make these networks vulnerable to strategic cyber warfare. Another important aspect to gain mandate and control of people is the media. ‘CNN effect’ These Media networks can be hijacked for tarnishing the image of politicians and government of victim nation; and can be used to induce fear and chaos among people. Defence Communication Networks, Global Command, Control and communication Networks, C4I2SR, Strategic networks (weapons and comm), Logistic Networks. Global Positioning Systems/ Navigation networks, Joint force coordination and Air component control Networks. And so on. E.g. SPAWAR, FORCENET, GCCCS, JFACC, JSTARS, CAFMS, TDRS, DSCS, SPOT, Landsat and so on Critical National infrastructure such as SCADA Networks for utilities, Transportation networks, Air traffic control, Communication system PSTN/mobile/Satellite, Commercial navigation networks, Health information based networks, Commercial networks and services, Stock exchanges, Banking networks, Commercial enterprise, Emergency response networks, Media and public information networks and so on • tarnish the political stance of the victim nation at national and international level • thus initiating conflicts both at inter-nation level (by routing attack through victim nation) • and intra-nation level (by inducing political divisions in population by false propaganda resulting in conflicts and total law and order failure) A failed state which has anarchy, fear and chaos which will ultimately result in a humanitarian crisis and failure of the state as a system of systems

Parallel Warfare in Cyber Space for Rapid Dominance PSYOPS for Inter/Intra Nation conflicts Parallel Warfare in Cyber Space for Rapid Dominance Cascade Effect and Strategic Paralysis PSYOPS for Inter/Intra Nation conflicts Including Economy PSYOPS for Inter/Intra Nation conflicts Parallel Warfare in Cyber Space for Rapid Dominance

Cyber Defence – A conventional fallacy

Cyber Defence – A conventional fallacy Defence in Depth- Need for Public Private Partnership

The current conventional wisdom on cyber defence relies on • The notion of ‘defence in layers’ • International legal regulations especially by drawing • similarities between cyber attacks and armed conflicts • and then applying the law of armed conflict The notion of ‘defence in layers’ is a tried and tested dictum which is extensively used to protect both the commercial and the defence networks. It relies on installing multiple layers of defences so as to make the penetration almost near to impossible. such a system is as strong as its weakest link. no guarantee that the system security is fool-proof at least assures one aspect that the penetrator will require time to defeat multiple layers of security, it is this time which is crucial for defenders for taking necessary action to thwart the threat. minimum deterrence, but nevertheless is not a complete and fool-proof solution

Law enforcement networks, Emergency response and recovery networks, Network security agencies both public/private, Media hijacking for tarnishing politicians, government and to induce fear and chaos among people, PSYOPS to tarnish political stance at national and international level thus initiating conflicts both inter-nation (by routing attack through victim nation) and intra-nations(by inducing ethnic conflicts by hate propaganda and so on thus resulting in riots and total law and order failure) resulting in a humanitarian crisis. CYBERLABS Defence Communication Networks, Global Command, Control and communication Networks, C4I2SR, Strategic networks (weapons and comm), Logistic Networks. Global Positioning Systems/ Navigation networks, Joint force coordination and Air component control Networks. And so on. E.g. SPAWAR, FORCENET, GCCCS, JFACC, JSTARS, CAFMS, TDRS, DSCS, SPOT, Landsat and so on www.dsci.in Data Security Council of India (DSCI) Critical National infrastructure such as SCADA Networks for utilities, Transportation networks, Air traffic control, Communication system PSTN/mobile/Satellite, Commercial navigation networks, Health information based networks, Commercial networks and services, Stock exchanges, Banking networks, Commercial enterprise, Emergency response networks, Media and public information networks and so on

Cyber Defence – A conventional fallacy Legal framework – Domestic and International

DOMESTIC LAWS – IT ACT 2000 and 2008 Amendments INTERNATIONAL LAWS – LOAC. DOMESTIC LAWS • The Information Technology Act, 2000 (No. 21 Of 2000) Of India • The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the LokSabha on 22-12-2008 and by the RajyaSabha on 23-12-2008. • It received Her Excellency President’s assent on 5th February, 2009.

Cyber Terrorism is defined in Section 66F: • Whoever threatens the unity, integrity, security or sovereignty of India or strike terror in people by: • Denying access to computer resource; or • access computer resource without authority; or • Introduce any computer contaminant • and causes death or destruction of property; or • Penetrates restricted computer resources or information • affecting sovereignty, integrity, friendly relations with • foreign states, public order, decency, contempt of court, defamation or to the advantage of foreign state or group of persons. • It is punishable with imprisonment upto life. Section 69B: For cyber security, Government may order any intermediary to allow access to any computer resources and violation results in imprisonment upto 3 years with fine.

SALIENT FEATURES • Jurisdiction is not bounded by Country’s boundaries if the • target is a computer resource located in India. Section 4(3) • Any act done anywhere in the world is an offence if the said act, if committed in India is an offence. Explanation (a) to Section 4 • Voluntary concealment of existence of a design by encryption or any other information hiding tool is an offence. • Sec.72A provides for punishment for disclosure of information in breach of lawful contract extending upto 3 years or fine to the tune of Rs. 5.00 Lacs or with both. • Impersonation with the help of computer or communication device will result in 3 years imprisonment and fine upto Rs.1.00 Lac (Section 66D)

? LACK OF INTERNATIONAL TREATY…. EXTRATIDITION ISSUES….. GLOBAL INCOHERENCE OF CYBER LAWS…. AND SO ON…..

LAW ENFORCEMENT MODEL LAW OF WAR MODEL • Amalgamation of Domestic and • international laws. • Extradition and Legal coherence • in cyber laws across national • boundaries. • European Cyber Crime • Convention with appropriate • reservations to guarantee • National Sovereignty • Drawing similarities with Armed Conflicts and then applying appropriate laws such as Geneva conventions, Addl Protocol I and II. • Or To base the legal framework for cyber warfare in tandem with legality of the use and threat of nuclear weapons- which like the case of nuclear weapons will be a long debated notion and has an incoherent international opinion visible extensively in the ICJ’s opinion over the use of nuclear weapons. • Or a treaty in tandem with the Convention of Chemical weapons CAUSAL ANALYSIS CONSEQUENCE ANALYSIS

Outer Space Treaty Cyber Space Treaty The Outer Space Treaty, formally known as the Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies, is a treaty that forms the basis of international space law. It exclusively limits the use of the Moon and other celestial bodies to peaceful purposes and expressly prohibits their use for testing weapons of any kind, conducting military maneuvers, or establishing military bases, installations, and fortifications (Article IV) Article II of the Treaty states that "outer space, including the Moon and other celestial bodies, is not subject to national appropriation by claim of sovereignty, by means of use or occupation, or by any other means". The state is also liable for damages caused by their space object and must avoid contaminating space and celestial bodies.

Responsibility forActivities in Space Cyber Space Treaty • Article VI of the Outer Space Treaty deals with international responsibility, stating • "the activities of non-governmental entities in outer space, including the moon • and other celestial bodies, shall require authorization and continuing • supervision by the appropriate State Party to the Treaty" • States Parties shall bear international responsibility for national space activities • whether carried out by governmental or non-governmental entities. Article IX of the Outer Space Treaty: "A State Party to the Treaty which has reason to believe that an activity or experiment planned by another State Party in outer space, including the Moon and other celestial bodies, would cause potentially harmful interference with activities in the peaceful exploration and use of outer space, including the Moon and other celestial bodies, may request consultation concerning the activity or experiment."

Cyber Defence – A conventional fallacy Cyber Deterrence – A viable option

Making cyber deterrence credible and known to the enemy. This phase also involves the creation of a Cyber Triad capability, equivalent to a Nuclear Triad which will have capability for orchestrating a second strike in case of failure of the deterrence. Regular defence and civilian assets (offensive and defensive) and networks A loosely connected network of cyber militia involving patriotic hackers; commercial white hats and private contractors which can be initiated after the initial strike or in case of early warning of a potential strike. Isolated conglomerate of air gapped networks situated across the friendly nations as part of cooperative defence, which can be initiated as credible second strike option

The Author believes that This credible second strike capability assures the dictum of Mutually Assured Destruction (MAD) in cyber space and hence an option for defence in terms of deterrence • This capability should be made known to the potential advisories as part of cyber countervailing strategy to warn them of undesired consequences and punitive costs they may bear in event of a cyber conflict • deterrence by punishment • deterrence by denial • preemptive cyber strikes on the adversary’s cyber offensive capabilities Although in scenarios of state actors this policy may result in further escalation of conflict hence utmost care and thought process should be put before initiating such a strike, but in case of non state actors these preemptive cyber strikes offer a credible deterrence mechanism from thwarting these threats.

LAW ENFORCEMENT MODEL LAW OF WAR MODEL ONLY VIABLE CYBER DEFENCE STRATEGY RESPONSIBILITY “DEFENCE IN LAYERS” CREDIBLE CYBER DETERANCE BASED ON CYBER TRIAD BASED ON PUBLIC PRIVATE PARTNERSHIP TRUST Cyber Space Treaty LEGAL INSTRUMENTS OF INTERNATIONAL AND DOMESTIC LAWS CAUSAL ANALYSIS CONSEQUENCE ANALYSIS

Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma Office of Secretary Defence (R&D) and Scientific Advisor of Defence Minister The opinions expressed or implied in this paper are solely those of the author, and are based on open sources. Under no circumstances these may be correlated or perceived as the views of Government of India in general and the Author’s organization in particular.

Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma

Global Framework for Cyber Defence : A Strategic Reckoning for a Global Treaty Amit Sharma

Presentation Transcript

Global Environmental Politics

Managing in the Global Environment

Best Practices for Planning, Managing, and Executing a Global SAP BW Project

Global warming and CO2―Are we headed for global catastrophe in the coming century? Don J. Easterbrook

Global Issues in Strategic Management

IEEE’s Approach and Experience in Global Accreditation 2009 Global Colloquium on Engineering Education

Chapter 4: Global Opportunities

Tropical weather systems within a global data assimilation and forecasting framework

Global Dimming

Global Mental Health: Focus on Latino Populations

Supervisory Framework for Risk Assessment and Risk-based Solvency

Chapter 10: Global Inequality

Global Warming

G.O.D. IS GREAT

Global Economy and Global Warming

GLOBAL WARMING or GLOBAL COOLING?

Global Compact Asia

Global Outlook

Global PR

The Global UAV Market Size, Share, Trends, Industry, Growth