Cyberpeacekeeping - Walter Dorn...Thewidespreadandlarge-scaleDDOSattackcampaignwasunleashed. ... Law Applicable to Cyberwarfare(henceforthTallinnManual,currentlyinversion2.0),thelegalities
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DOI: 10.4018/IJCWT.2019010102
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
KeyWoRdSCyber Operations, Cyberpeacekeeping, Cyberterrorism, Peacekeeping, Tallinn Manual
1. INTRodUCTIoN
1.1. The ChallengeTheworldiseverincreasinglyreliantoninternet-connectivetechnology.Computerspermeatealmosteveryfacetofhumanlifeinmostpartsoftheworld,connectingpeopleinwaysthatcouldnothavebeenimagined,withthedevelopingworldbecomingconnectedatthefastestrate.Theleveloftechnologyandglobalintegrationisstaggeringevencomparedtojust20yearsago.Thisinterconnectivityisacausenotonlyofcelebrationbutalsoofdeepconcernforsecurity,aswhatmakeshumanlifeeasierandmoreefficientalsogivesrisetosignificantvulnerabilitiesandthreats,eventhepotentialforamassivedownfall.
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
20
2018;IndustrialControlSystemsCyberEmergencyResponseTeam,2016).Alreadywehaveseentheinternet,includingthepartsofthedeep/darkweb,usedtoinciteriotsandeventoinfluencethecourseofnationalelections.Forinstance,newevidenceiscontinuallyemergingofRussianattemptsto interfere in numerous elections, including thoseof theUnitedStates andFrance (Greenburg,2017;Pope,2018).ShortlybeforeRussiainvadedGeorgiainAugust2008,itlaunchedabarrageofDistributedDenialofService(DDOS)attack,makingGeorgianmilitarymovementsandoperationssomuchmoredifficultanddangerous(Markoff,2008).TheUnitedStatesandIsraellikelyintroducedmalwaretocausebreakdowninIraniancentrifugesatNatanz.Theseexamplesshowhowcyberattackshavetranslatedintokineticdamage.Oneproblemisthat,despitetheeffects,attributionisdifficultandinternationalmeansforimpartialinvestigationarelacking.Examplesofattacksareplenty,buteffectiveresponsesarefewandmodest.
Atpresent,theworldreliesonnationalsecurityservicesandcommercialcompaniestohandlenational cybersecurity, and there is no internationalbody toprovide some formof internationalcybersecurity.While a fewcountries aredevelopingadvancedcybersecuritymeasures, they stillremainvulnerableandmostcountriesoftheworldhavelimitedcapacitytorespondtocyberthreats.Moreover,therehasnotbeenacoordinatedinternationalefforttoaddresscybersecurityorcreatemeasuresofcommonorcollectivesecurityinglobalcyberspace.Withmanycasesofinternationalandintranationalconflict,cyberattackshavethepotentialofunsettlinganalreadyfragilepeace.Thispaperseekstoexplorenewmeansofaddressingcybersecurity,buildingonthecharacteristicsandsuccessesofpeacekeepinginphysicalspace.ThepaperproposesthattheestablishmentandactivitiesofaUNcyberpeacekeepingunitcouldlessenthethreatofconflicts,helprecovery,maintainbalanceandimprovecyberrelationsinawiderangeofscenarios.Examplesfromthepastthreatscanhelpillustratethethreatsandthetypesofcaseswherecyberpeacekeepingcouldhelp.
InconsequenceEstonia,whichhadjoinedtheNorthAtlanticTreatyOrganization(NATO)in2004,offeredtohostanewNATOcyberdefencecentre.TheNATOCooperativeCyberDefenceCentreofExcellence(NATOCCDCOE)wasestablishedin2008asamultinationalandinterdisciplinaryhubofcyberdefenceexpertisebasedinEstonia’scapital,Tallinn.1AlthoughthecentrewascreatedtohelpmeetthecollectivedefenceneedsforitsNATOmembers,theNATOCCDCOEdevelopedtheworld’sfirst,andmostin-depth,analysisontheinternationallawapplicabletocyberattacksinanarmedconflictsituation.2DespitetheimportantcommentaryintheTallinn Manual on International Law Applicable to Cyberwarfare(henceforthTallinnManual,currentlyinversion2.0),thelegalitiesofwhatconstitutesacyberattackandappropriateresponseshavenotbeenfullyflushedoutyet.AndtheNATOCOEcannotbeconsideredanimpartialinvestigatororupholderofanyinternationalcyberlaw,especiallysinceitisbiasedinfavourofNATOandWesterncountries.
A small but more important legal step had been made earlier in Europe. The Council ofEurope drew up in 2001 the Budapest Convention on Cybercrime, the first international treaty
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
Theconsequencesofcyberattackscanbedire,evencripplingforanattackedstate.Andtheyare happening against NATO member states. But because of the lack of an immediate physicalthreat,NATOiswaryoftriggeringtheorganization’sArticle5,whichcallsforNATOmemberstocometothecollectivedefenceofoneormorememberswhenareunderattack.So,cyberattacksonNATOcountriesandmoregenerallyhavebecomeamoresubtlewayofcausinghavocwithoutmuchchanceofretaliation(Mustonen,2015).This,ofcourse,isthechallengeofmaintaining,orbuilding,peaceandlawenforcementbetweentostates.Impartialinvestigationandprosecutionfollowedbyenforcementislacking.
Otherregionalorganizationsarewrestlingwithmeanstosecurethecyberdomain,andsmallstepshavebeentaken.In2004,theOrganizationofAmericanStates(OAS)adoptedaresolutiontitled“TheInter-AmericanIntegralStrategytoCombatThreatstoCyberSecurity,”whichplacedcybersecurityundertherealmoftheOAS’Inter-AmericanCommitteeagainstTerrorismandcalledforgreaterregionalcooperation(OrganizationofAmericanStates,2004).TheOAScreatedComputerSecurityIncidentResponseTeams(CSIRTs)thathandle“alert,watch,andwarning”responsibilitiesineachmemberstate(OAS,2018).Similarly,fortheShanghaiCooperationOrganization,whichiscomprisedofChina,Kazakhstan,Kyrgyzstan,Russia,Tajikistan,Uzbekistan,IndiaandPakistan,aimstoimprovethepolitical,economicandsecurityrelations,includingcybersecurity,amongstitsmembers.In2009,theSCOcametoan“AgreementonCooperationintheFieldofInternationalInformation Security” (Shanghai Cooperation Organization, 2008). This Agreement lays thefoundationsfortheSCOtocounterdestructivecyberattacksononeofitsmemberstates.Onceagain,itisnotanimpartialinternationalbodybutagroupingofstates,heavilyinfluencedbyregionalpoliticalagendasandseekingsomemeasuresforcyberdefence.
Thoughnotapproachingtheproblemgloballyorimpartially,theincorporationofcyberdefenceinsuchmultilateralallianceshighlightstheseriousnessofcyberthreats.Infact,smallcyberattacksmightevencausewidercyberwars,iftheattacksescalatetoalliance-levelresponses.Thereisalsothe realpossibility that amajor cyberattackcould incite a conventionalmilitary response in thephysicalworld,particularlyincaseswherecyber-kineticweaponslikeStuxnet(W32.Stuxnet,2017)aredeployed.Meansandmodelsforcyber-de-escalationneedtobeconsidered.Undoubtedly,someofthelessonsandpracticesfromconflictmanagementbetweennationsandbetweenarmedpartiescanapplyincyberspace.Oneproposaltoexploreispeaceoperationsincyberspaceorcyberpeacekeeping.
Theproposal is relativelynew (Dorn, 2017)3 but therewas already somemovement in thisdirectionatUNheadquarters.In2013,theUNGeneralAssemblyexaminedtheincreasingsecurityriskofinformationandcommunicationtechnologies(ICT)affectingthesecurityenvironment(UnitedNationsGeneralAssembly,2013).Alsoin2013,theChiefExecutivesBoardforCoordinationadoptedsevenprinciplestohelpmemberstates“respondtocybercrimeandcybersecurityneedsintheMemberStates”and“focusonassistingtheMemberStatestotakeevidence-basedaction”(ChiefExecutivesBoardforCoordination,2014).4
TheUN’sOfficeofInformationandCommunicationsTechnology(OICT)createdin2016a“DigitalBlueHelmets”(DBH)unitto“enhancecybersecuritypreparedness,resilienceandresponse,”mostlyforprotectionof theUnitedNationsanditsagencies(UnitedNations,2017a).TheOICTconductedresearchintopossiblecyberthreatstotheUN’sSustainableDevelopmentGoals.Ithasenvisioned DBH centres to provide the necessary “interdisciplinary cyber-security support andteachingcentres[to]bringtogetherspecialistsfromaroundtheglobetoaddressavarietyofIT-relatedissues”(UnitedNations,2017b).WiththeDBHnameincorporatingtheterm“BlueHelmets”(i.e.,aninformalnameforpeacekeepers),itforetellsofpossibilitythattheunitcouldpossiblyprevent,mitigateanddealwithglobalcyberattacksinthefuture.
AsoutlinedbyRobinson,etal(2018,p.3),afutureDBHteamcouldbecomprisedofpersonnelassigned by Cyber-Contributing Countries (CCCs), Cyber-Contributing Organizations (CCOs),volunteerexpertsandUNcyberstaff.Thismixofcyberstaffloanedandvettedfromvariouscountries,internationalorganizations,theprivatesector,non-governmentalorganizationsandacademiacouldengage in selected projects according to their expertise and impartiality. Although the pool ofpotentialpersonnelmayappearlarge,findingwelltrained,andspecialisedstafffromcountriesandorganizationsmaybeachallenge.However,theUnitedNationshasovercomesuchproblemsinthepastwhenassemblingpeacekeepingoperations,fact-findingmissionsandinspectionbodies.
In the future, as cyberpeacekeepers gain experience and help from advanced cyber nations(includingexpertsonloan,asisdoneinphysicalpeacekeeping),theycouldhelpinreal-timetostopcyberattacks,mitigatetheimpactofsuchattacksandassistinre-establishingnormalcybyreversingtheeffectsoftheattacks.Cyberpeacekeeperscouldalsomonitortheircyberareaofresponsibilityto
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
TheUNwouldhave todefine theparameters of the cyberpeacekeeping force and its cyberareas of responsibility, which could change with demand. It would have to define the how thecyberpeacekeepingunit“couldoperateinconflictandnon-conflictareasincyberspace”(Akatyev&James,2017,p.33).TheUNcyberpeacekeepingforcecouldbeexpandedtoinvestigatemassbot-generatedpropaganda.Inanycase,theforcewouldneedthecooperationofkeyUNmemberstatesandnationalorganizations.
Of course, oneof the limitationsof the international order, and an avenue that needs tobedevelopedfurther,isenforcement.Adefensivecyberforcewouldrequirerulesofengagementthatmayormaynotbelimitedtothedigitalrealm.AdefensiveactioncouldbetosimplyblockattackscomingfromacertainIPaddressorgroupsofIPaddresses,butitcouldalsomeandealingwiththeattackersincyberspaceoreventhephysicalseizureoftheircomputerequipmentthroughnationallawenforcementagenciesafterdeterminingtheattack’spointoforigin.AnoverviewofthepotentialrangeofcyberpeacekeepingtasksisgiveninFigure1.
AUNcyberpeacekeepingforcecanassistintrackingdownthevectorsofattackandevenpointoforiginandcreatetheframeworkforlegalordiplomaticaction.Thethreat,andrealityof,cyberattacksare a global threat and reality. States should bear a degree of responsibility if an internationalcyberattack, like any attack, originates from their state (Couzigou, 2018).But great expertise isneededtopinpointthecourseofattacks.
Cyber incidentscanalsoaffectcountries thathostUNpeacekeepingmissions.For instance,cyberattacks started in the late1990sbetween IndiaandPakistan,whichhost inKashmiraUNobservermission(Vatis,2001),whichitselfmustbeprotected.Theattacksbetweenthenationsinthe1990smaybesimpleandcrudecomparedtowhatishappeningnowglobally,butIndianandPakistanihackershavecontinuedtohonetheirskills.InJanuary2017,IndianhackersarebelievedtohaveattackedMultanInternationalandKarachiairportwebsitesandeveninstalledransomware,amalwarethatencryptsacomputer’sharddriveuntilaransomispaid,usuallyinbitcoinsorotherdigital currency (Shekhar, 2017).This should cause concern, because if an international airportweretobelockedoutoftheircomputerserversitwouldcausehavocandincreasesignificantlythechanceofcasualties.Thenboththephysicalandthecyberpeacekeepingforcewouldneedtoactinaconcertedfashion.Inaddition,apeacekeepingmissioncouldalsofinditselfsubjecttoattack,soastaunchcyberdefencewillbeneeded.
Oneofthemainconcernsofpoliticiansandsecurityofficialsisamajorcyberattackthatcripplesthe country’s power grid, causing many additional catastrophes. A glimpse of this was seen inDecember2015,whenacyberattackonUkrainianutilitiesresultedinapoweroutagethataffectedmorethan225,000customers.TheUSgovernmentlaterconcludedthatthepowergridshutdownwasacyberattack.iSightpartners,nowFireEye,concludedthatitwascarriedoutbyaRussiangroup,AdvancedPersistentThreat,referredtobythecybersecuritycommunityas“Sandworm”(Volz,2016).AstudydonebytheElectricityInformationSharingandAnalysisCenter(2016,p.5)concludedthattheperpetrators“perform[ed]long-termreconnaissanceoperationsrequiredtolearntheenvironmentandexecuteahighlysynchronized,multistage,multisiteattack.”Thisattackwasplannedforsometimebeforeitwasexecuted.Regardless,theverificationprocessofwhichactorcarriesoutthese,orfuture,cyberattacksisessential.
This might be mitigated by a cyberpeacekeeping force as it will provide assurances to theinternationalsystemthatthereisacheckandbalancetotheseattacksandanavenuetopursue,and
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
28
ReFeReNCeS
Akatyev, N., & James, J. I. (2017). Legislative Requirements for Cyber Peacekeeping. Journal of Digital Forensics.Security and Law,12(3),23–38.
Brenner,S.(2007).AtLightSpeed:AttributionandResponsetoCybercrime/Terrorism/Warfare.The Journal of Criminal Law & Criminology,97(2),379–475.Retrievedfromhttps://scholarlycommons.law.northwestern.edu/jclc/vol97/iss2/2
ChiefExecutivesBoardforCoordinationforCoordination.(2014,January13).SummaryofConclusions,SecondRegular Session of 2013. UN Doc. CEB/2013/2. Retrieved from https://www.unsceb.org/CEBPublicFiles/Chief%20Executives%20Board%20for%20Coordination/Document/REP_CEB_201311_CEB2013-2.pdf
CommunicationsSecurityEstablishment.CanadianCentreforCyberSecurity.(2018).Government of Canada.Retrievedfromhttps://www.cse-cst.gc.ca/en/backgrounder-fiche-information
Couzigou, I. (2018).Securingcyber space:TheobligationofStates topreventharmful internationalcyberoperations.International Review of Law Computers & Technology,32(1),37–57.doi:10.1080/13600869.2018.1417763
Dorn, A. W. (2017). Cyberpeacekeeping: A New Role for the United Nations? Georgetown Journal of International Affairs,18(3),138–146.doi:10.1353/gia.2017.0046
ElectricityInformationSharingandAnalysisCenter.(2016,March18).AnalysisoftheCyberAttackontheUkrainian Power Grid. Retrieved from https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
Greenburg, A. (2017, May 9). The NSA Confirms It: Russia Hacked French Election “Infrastructure.”Wired. Retrieved from https://www.wired.com/2017/05/nsa-director-confirms-russia-hacked-french-election-infrastructure/
IndustrialControlSystemsCyberEmergencyResponseTeam.(2016).Year inReviewFY2016PieChart.Retrieved from https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_IR_Pie_Chart_S508C.pdf
Jensen,E.T.(2017).TheTallinnManual2.0:HighlightsandInsights.Georgetown Journal of International Law, 48(3), 735-778. Retrieved from https://www.law.georgetown.edu/international-law-journal/wp-content/uploads/sites/21/2018/05/48-3-The-Tallinn-Manual-2.0.pdf
Organization of American States. (2004, June 8). Adoption of a Comprehensive Inter-American Strategyto Combat the Threats to Cybersecurity: A Multidimensional and Multidisciplinary Approach to Creatinga Culture of Cybersecurity. Retrieved from http://www.oas.org/xxxivga/english/docs/approved_documents/adoption_strategy_combat_threats_cybersecurity.htm
Perlroth,N.(2012,September30).Attackson6BanksFrustrateCustomers.New York Times.Retrievedfromhttp://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html
Shanghai Cooperation Organization. 2018. Agreement between the Government of the Member States ofthe Shanghai Cooperation Organization on Cooperation in the Field of International Information Security(Unofficial English Translation). Retrieved from http://www.ccdcoe.org/sites/default/files/documents/SCO-090616-IISAgreement.pdf
International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019
30
Vatis, M. A. (2001). Cyber Attacks During the War on Terrorism: A Predictive Analysis. Hanover, NewHampshire:Institute for Security Technology Studies at Dartmouth College.Retrievedfromwww.dtic.mil/cgi-bin/GetTRDoc?AD=ADA395300&Locat
Volz,D.(2016,February25).U.S.governmentconcludescyberattackcausedUkrainepoweroutage.Reuters.Retrieved from https://www.reuters.com/article/us-ukraine-cybersecurity/u-s-government-concludes-cyber-attack-caused-ukraine-power-outage-idUSKCN0VY30K
2 TheCOEledandfacilitatedthedraftingoftheinfluentialTallinn Manual on the International Law Applicable to Cyber Operations(version2.0,CambridgeUniversityPress,2017).Formoreinformation,see:NATOCOECCD.“TallinnManualProcess.”AccessedFebruary8,2017.https://ccdcoe.org/tallinn-manual.html
3 See:NikolayAkatyevandJoshuaI.James,“CyberPeacekeeping,”inDigital Forensics and Cyber Crime,ed.JoshuaL.JamesandFrankBreitinger(Cham:Springer,2015),126-39.MichaelRobinson,HelgeJanicke,andKevinJones,“AnIntroductiontoCyberPeacekeeping,”Computers and Society,October2017.Accessedathttps://arxiv.org/pdf/1710.09616v1.pdf.Dorn,A.W.2017.Cyberpeacekeeping:ANewRolefortheUnitedNations?.Georgetown Journal of International Affairs,18(3),138-146.doi:10.1353/gia.2017.0046
4 Thesevenprinciplescanbeparaphrasedasfollows:(1)Cyberincidentsshouldbedealtwithinaholisticmannerthroughcriminaljusticeandinternationalcooperation;(2)UNentitiesshouldaimtorespondtocybercrimeandcybersecurityneedsinMemberStateswithintheirrespectivemandates.(3).AllUNprogrammingshouldrespecttheprinciplesoftheruleoflawandhumanrights;(4)UNprogrammingshouldfocusonassistingMemberStatestotakeevidence-basedaction;(5)Programmingshouldfostera“whole-of-government”response.(6).SupporttoMemberStatesshouldaimtostrengtheninternationalcooperation; (7)Programming should include efforts to strengthen cooperation between governmentinstitutionsandprivate-sectorenterprises.