Total Pageviews

Monday, 6 April 2015

Cyber defence

Last Sunday, VPRO Tegenlicht showed a documentary on the Republic of Estonia, called E-stonia, a start-up country. Since its 1991 independence from the Soviet Union, Estonia made IT its USP and has become well known for digitising its country's public services and also for start-up companies like Skype. More recently, Estonia has been marketing itself as a global service provider for e-identity services. Since its independence its relationship with Russia has always been fragile, similar as many other countries in that region. On 27 April 2007 a large scale cyber attack was launched against Estonia. The Estonian Foreign Minister accused the Kremlin of direct involvement.

In 2004, Estonia proposed a cyber defence centre to NATO, right after joining the Alliance. In 2006 the concept is approved by Supreme Allied Commander Transformation and in 2007 negotiations held between potential Sponsoring Nations. On 28 October 2008 the CCD COE (Cooperative Cyber Defence Centre of Excellence) was activated as an International Military Organisation (IMO) by the decision of the North-Atlantic Council, making it the first IMO hosted by Estonia.

When one would compare modern cyber attacks to classic human warfare then some interesting analogies come to mind. A DoS or DDoS attack could be compared to the beleaguering of a city in order to make them submit to the attackers will. Please refer to this site for a global summary of daily (D)DoS attacks. A virus or worm attack is basically a Trojan horse. Given these analogies with ancient times, one could very well argue that cyber attacks are far from sophisticated yet. It's basically "medieval" warfare as used in the HBO TV series Game of Thrones.

Allegedly, tracking and tracing is difficult in cyber attacks. Yet this blog provides daily, weekly, monthly and total reports on the country of origin of my viewers, their browsers used and their OS used. Since several days I have a large number of Ukraine viewers although I still fail to see the reason why. On another social site, I use a few widgets that monitor the country and even place of origin of my viewers, given the many fake game profiles that are used on that site. This makes me a little skeptic on the alleged difficulty of tracking and tracing cyber traffic.

On 1 April 2015, the US President issued an executive order allowing the government to impose penalties on foreign individuals or entities that engage in cyber attacks that threaten U.S. national security or the economy while declaring: "Cyber threats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them." 

The concept of plausible deniability is the main reason why it's impossible proving that governments are guilty of cyber - or other - attacks (e.g., Malaysian Airlines flight MH17). The flip side of that coin is that economic and/or military counter measures against individuals responsible are not likely to escalate in national conflicts. Hypocrisy has its advantages too. 

Analysing ancient tactics (e.g., beleaguering, Trojan horse) is the key solution for defining a comprehensive counter strategy. The Chinese general, strategist and philosopher Sun Tzu is traditionally credited as the author of The Art of War, an extremely influential ancient Chinese book on military strategy. He once said: “To know your Enemy, you must become your Enemy.”