Embed Size (px)
Citation preview
Dr. Elena ChernenkoEditor of the Foreign Desk of the Kommersant newspaper
Nov 17th 2016
� Topic: Is deterrence possible in cyber space?
� 3 teams: Pro, contra, Russian government
� Procedure details via email
� Cyber security used to be a non issue for politicians
and diplomats just a few years ago
� Turning points: Estonia, Stuxnet, Anonymous,
Snowden, Democratic National Committee hack
� Global discussions on cyber today comparable to the
early 1960-s Non-Proliferation Treaty efforts?
� Security of information networks of critical
infrastructure incl. nuclear power stations
� Link between cyber threats and counter-attack options
of countries incl. nuclear response
� Use of existing nuclear security infrastructure for
cooperation on cyber (Nuclear Risk Reduction Centers
of Russia and US)
� Initiatives to use cyber tools for non-proliferation
purposes
� Trigger: relocation of the “Bronze Soldier of Tallinn”
� Attack: Ddos-attacks on websites of Estonian
parliament, ministries, banks and media + defacement
of party websites
� Damage: more psychological than financial
� Aggressor: “Nashi” Youth Organization?
� Effect: Drew attention to the potential of
cyber tools in conflicts between states
� Trigger: conflict over the Iranian nuclear program
� Attack: malicious computer worm infiltrated into the
system operating centrifuges in the Natanz nuclear
facility
� Damage: nuclear program slowed down by a year
(almost 1/5 of centrifuges ruined)
� Aggressor: US and Israel
� Effect: First real use of a cyber
weapon in a conflict between
states?
� Trigger: Pressure on Wikileaks from the US government (Amazon booted the platform from its servers, PayPal, MasterCard and Visa cut off service to the organization)
� Attack: largest worldwide coordinated Ddos
� Damage: websites of PayPal ($5,5 mln), Visa and Mastercard down for a few hours
� Aggressor: politically motivated computer users around the world
� Effect: Showed the potential of hacktivism. Loose and decentralized command – a weak point?
� Edward Snowden is an American computer professional, former Central Intelligence Agency (CIA) employee and contractor for the US government who copied and leaked secret information from the National Security Agency (NSA). His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments.
� Effect: exposed mass surveillance and cyber potential of the US government, Big Brother is real
� The NSA eavesdrops on the phone calls of world leaders
� The NSA intercepts deliveries
� The NSA can spy on PCs not connected to the Internet
� Phone companies must turn over bulk phone data
� The NSA hacked Yahoo and Google data centers
� The NSA collects email and IM contact lists
� The NSA knows how many pigs you've killed in Angry Birds
� The NSA engages in industrial espionage
� Tech companies cooperated with the NSA and then were
asked not to talk about it
� Trigger: US elections
� Attack: email accounts of high ranking DNC staff
hacked, 20 000 emails leaked to Wikileaks
� Damage: reputational damage to DNC and Hillary
Clinton, people lost jobs
� Aggressor: US gov-t believes the attack was
orchestrated by Russian intelligence, Russia denies this
� Effect: Exposed the potential of hacking as a
political/geopolitical tool; deepened confrontation
between Moscow and Washington
� Vladimir Putin, October 2016: “How can we avoid this sort
of thing (interference in political processes)? The only way
is to reach agreement and come up with some rules on
which we will have a common understanding and which
will be recognized at the government level and can be
verified”.
� Barack Obama, September 2016: “Our goal is not to
suddenly, in the cyber arena, duplicate a cycle of escalation
that we saw when it comes to other arms races in the past.
Instead the goal is to start instituting norms so that
everyone [every state] is acting responsibly.”
Cyber security vs. International information security
(protection of data and networks vs. control of content)
� Compromise: Security of the information and
communication technologies and of their USE
(first put on paper in the bilateral agreement between
Russia and the US in 2013)
� Deepening Engagement through Senior-Level
Dialogue
The United States and the Russian Federation created a
new working group, under the auspices of the Bilateral
Presidential Commission, dedicated to assessing
emerging ICT threats and proposing concrete joint
measures to address them. (Stopped working because of
the conflict around Ukraine)
� Links between Computer Emergency Response Teams
To facilitate the regular exchange of practical technical information on cybersecurity risks to critical systems, the US and Russia agreed on sharing of threat indicators
between CERTs, located in the US Department of Homeland Security, and its counterpart in Russia. On a continuing basis, these two authorities must exchange technical information about malware or other malicious indicators, appearing to originate from each other’s territory, to aid in proactive mitigation of threats.
� Exchange of Notifications through the Nuclear Risk
Reduction Centers
The US and Russia recognize the need for secure and reliable lines of communication to make inquiries about cybersecurity incidents of national concern. They decided to use the longstanding Nuclear Risk Reduction Center links established in 1987 between the US and the Soviet Union to build confidence between the two nations through information exchange, employing their around-the-clock
staffing at the Department of State in Washington and the Ministry of Defense in Moscow.
� White House-Kremlin Direct Communications Line
The Kremlin and the White House have authorized a
direct secure voice communications line between the
U.S. Cybersecurity Coordinator and the Russian Deputy
Secretary of the Security Council, should there be a need
to directly manage a crisis situation arising from an ICT
security incident.
� Warns against inflicting damage on each others’ critical infrastructure
� Prohibits knowingly allowing third party illegal cyber activity from a state’s territory
� Assumes a duty to assist in the investigation of cyber attacks and cybercrimes launched from a country’s territory
� Commitment to investigate thoroughly cyber attacks before pointing the finger
� Warns against compromising ICT products with exploits and backdoors (“harmful hidden functions”)
� Main weak point: voluntary non-binding norms
� What about the attribution problem?
� Is a verification mechanism possible at all?
� Not enough political will until a catastrophe
happens?
