Pages

5 October 2017

CyFy

CYFY

On 3rd October I attended CyFy conference held at Delhi, organised by ORF. 

There was a session on The Militarisation of Cyberspace. Experts from Israel, NATO, Japan, UK, China, Italy and USA were there. Surprisingly there was no representation from India!

The deliberations were disappointing from such a star studded panel. Some of the issues discussed are given below.

There has been no consensus on norms, behaviour and international laws on cyber space. Speed, size and persistence of cyber attacks are increasing every year. In the year 2017, frequency of attacks by highly effective malware is more than usual. Massive attack campaigns like Ransomware are increasing. Fresh grounds like interfering with elections of presidency, robbing of central government banks like Bangladesh are new sources of revenue generation. Now there is a threat of EMP attacks. Some attacks like Ransomware are disruptive in nature. There is a serious threat to the supply chain. Major attacks like Wanacry will impact global economy. It would undermine people’s confidence in cyber space. There will be more regulations in the name of cyber security. Developing countries must develop capabilities on their own. 

Data is being encrypted, cannot be recovered. Encryption is not limited to military. It has serious repercussions. There is debate on privacy versus security, GG discussions are not reaching any consensus. 

There is a requirement of responsible state behaviour in cyber space. It should be voluntary, non binding, emphasis on resilience, more importance to HRD, training to develop capability to understand technical issues and strategic political issues. It would help in making strategic decisions. 

Attribution is a big issue. It is not that it cannot be done. It is difficult but possible. Use of big data analytics and other recent techniques can provide reasonable clue to identify. Attribution can be done by the government by its own resources, be it technical or non technical. Non technical means include: diplomatic, intelligence, law enforcing agencies, financial, economic, trade etc. 

Whether attribution is certain is difficult to say. However, governments do come to know. It is a separate question whether governments will say know or don’t know. Gathering of evidence would require cooperation by governments hosting the hackers. It is incumbent on state’s hosting them to take responsibility. Questions come, how come everybody became reasonably certain that North Korea was behind Sony attack. 

How do we bring International Community together: 

--- Cooperation with private sector crucial 

--- technology 

--- exercising by the government 

--- exchange of classified information 

--- no country is alone. Have bilateral, regional, diplomatic and intelligence level alliances. 

--- Presently alliances are slacked. 

Military Domain

Armed forces are not immune. Lines between war and peace are getting blurred. Today attacks are hybrid in nature. Lawyers are raising the issue: soldiers are getting secured and citizens are getting attacked. 

Resilience in military domain is to be increased by: 

Measured informed approach 

Invest in defence and resilience 

Pledge at strategic level, get the organisational structure in place 

Keep the channels of communications open 

Employ the best practices 

Military should be prepared to operate in contested and degraded environment. They must review their training, equipment and collaboration with other agencies on cyber space.

Forty different countries are developing offensive cyber war capabilities. By themselves, armed forces cannot handle everything. Private sector and academia have to be incorporated. Capability of first responders is to be augmented, should have designs to limit the loss in cyber space. 

Deterrence 

If you don’t take action against bad actors doing bad things, they will do bad things again. How do we deter? Has to be done by credible measures. There should be doctrine of deterrence.

Deterrence can be achieved by: defence, retaliatory capability and internet legal regime. Internet legal regime will take at least ten years. 

Deterrence can be created by counter measures when cyber attacks takes place. It is complex because of attribution and political issues. To develop cyber capabilities countries would need :

Operational intelligence, tools need to be installed in adversaries system, human resources to operate sophisticated tools, partnership with other stakeholder agencies, look at technical weakness of adversaries etc etc. 

How do we define deterrence? UNGG can look at that. Deterrence works at two levels: 

Have strong capability, technical issue, punish the target 

For less develop countries it is a political problems. If you do not have capability, how do you deter? 

For critical infrastructure, deterrence is by denial. Must improve protection measures, resilience, have collective responsibility, share best practices, take concrete steps to augment defence. 

Mr Carl Bildt, former Prime Minister of Sweden and special representative, Global Commission on the stability of cyber space had a stern word of caution regarding development of offensive cyber capabilities. He said, “If you employ offensive measures, you won’t know how it will end. It is a very very dangerous domain. We are not aware what capabilities your adversaries have. It is always better to strengthen your cyber defensive capabilities”

The Implications of India’s Right to Privacy Decision



Last month, India's Supreme Court affirmed that the country's constitution enshrines a right to privacy. The implications of the decision will reverberate around the world.

Village women stand in a queue to get themselves enrolled for Aadhaar, a controversial identification database in February 2013. Mansi Thapliyal/Reuters

CHINA’S MEGA FORTRESS IN DJIBOUTI COULD BE MODEL FOR ITS BASES IN PAKISTAN

COLONEL VINAYAK BHAT (RETD)

It is called a ‘logistics base’ but the 200-acre facility built by China can accommodate a brigade and has unprecedented security arrangements

The People’s Liberation Army (PLA) of China has opened its first overseas base at Djibouti in the strategically located Horn of Africa. China began negotiations with Djibouti in early 2015 that culminated into a 50-year lease for what is being termed as a logistical support base.

NUCLEAR HISTORY Waiting for the Bomb: PN Haksar and India’s Nuclear Policy in the 1960s

By Yogesh Joshi


A recent article in The National Interest (TNI) presented archival evidence to argue that India intended to develop a full-spectrum nuclear weapons capability as early as 1969. However, other archival sources related to Indian nuclear history raise doubts about the purported provenance and significance of this source. 
Contrary to analysis of a note found in PN Haksar's files, the Indian government did not decide to pursue a full-fledged nuclear weapons program in 1968. A preponderance of archival evidence produced across the Indian government between 1964 and 1970 indicates that the note cited by TNI was not reflective of the Indian government’s nuclear weapons policy at that time.

Lessons Learned From 15 Years in Afghanistan

By Phil Hegseth

The Congressionally mandated Special Inspector General for Afghanistan Reconstruction (SIGAR) issued a detailed report evaluating the current challenges facing the Afghan National Defense and Security Forces (ANDSF) and the lessons learned from America’s nearly 15-year campaign in the country. The report argues that security priorities guiding US decisions early in the war effort negatively impacted the current priorities of building ANDSF long-term sustainability capabilities.

Pakistan’s sixth population census: Expected and surprising figures on urban growth


By Hina Shaikh

Many have observed that Pakistan’s cities are growing fast, but until now that change has not been captured with the exacting data of a census. They would be surprised to find that according to provisional results of the new census, Pakistan is now only 36 percent urban despite a 30 percent increase in the urban growth rate since 1998.

The results have sparked debate around the integrity of this data and its implications on policymaking, political representation, and resource allocation in cities. Social scientists, economists, and urban experts strongly endorse revisiting the definition of the term “urban” to enable policy decisions that are grounded in reality. They also believe definitional anomalies remain the predominant reason for why urban population estimates appear out of sync with expectations.

Burma’s Northern Shan State and Prospects for Peace


BY: David Scott Mathieson 

Armed conflict between the Burmese Army and various ethnic armed organizations continue to threaten the peace process of the National League for Democracy government led by Aung San Suu Kyi. This Brief focuses on conflict dynamics to provide an overview of resurgent conflict patterns in northern Shan State over the past two years, outlines the armed groups involved, their competing interests, the human rights effects on the civilians in the area, and how the fighting has affected the nationwide ceasefire. 

Does Reconciliation Prevent Future Atrocities? Evaluating Practice in Sri Lanka

BY: Kate Lonergan 

What are atrocity crimes, why and when do they arise, and how can peacebuilding practice help to prevent them? This report delves into the conceptual foundations of reconciliation and atrocity prevention in the context of Sri Lanka’s history of conflict and ongoing reconciliation process, analyzing institutional-level reconciliation efforts and drawing from a randomized field experiment in an interpersonal reconciliation program. It suggests that by understanding the conditions under which reconciliation is most effective, peacebuilding practice will be better placed to achieve its goals after violent conflict. 

Terror Has Gone Low-Tech

BY CORRI ZOLI

After the fifth low-tech terrorist attack this year alone in the U.K. — not to mention a spate of attacks across Europe since 2014, and earlier — it is time for governments to reevaluate their approach. At the core of this self-assessment should be a simple recognition, which itself requires separating facts from appearances when it comes to terrorism.

Chaos in Catalonia An unconstitutional vote on independence turns nasty


THEY were scenes the Spanish government did not want to see. Across Catalonia, in north-eastern Spain, tens of thousands of people turned out to cast votes in an unconstitutional referendum on secession organised by the regional government. Spain’s conservative prime minister, Mariano Rajoy, had vowed that the referendum would not take place. Spanish riot police shut down over 300 polling stations, causing many injuries, though most of them minor. But several thousand others were functioning, albeit slowly, as a cyberwar unfolded in the background over internet access to the voter roll.

Cyber Weapon Market to Reach US$521.87 Billion by the end of 2021


According to TMR, the global cyber weapon market stood at US$390 bn in 2014. Rising at a CAGR of 4.4% CAGR, the market is expected to reach US$521.87 bn by the end of 2021. With a share of 73.8%, the defensive cyber weapon segment dominated the market by type in 2014. Regionally, North America accounted for the leading share of 36% in the global market in 2014.


Cyber Blitz: Army’s military hide-and-seek tests cyber, EW tools

By: Mark Pomerleau

The Army has been taking a series of steps through experimentation and exercise to better understand how to employ technological, non-kinetic capabilities in a future fight against a near-peer adversary.

One example of this is Cyber Blitz, an exercise put on by the Army Communications-Electronics Research, Development and Engineering Center, or CERDEC.

Hypersonic Missiles Could Trigger a War

BY JOHN KESTER

Imagine if a foreign country launched a nuclear attack on the continental United States and the Pentagon had only six minutes to respond. That’s the potential of a new generation of weapons on the horizon, according to a recent Rand Corp. report.

Don’t let the CIA run wars

By Stephen Kinzer

Espionage is sometimes called the cloak-and-dagger business. That term no longer applies to the Central Intelligence Agency. It was established to collect and analyze information, and — at times — quietly subvert enemies. Now its main job is killing. Instead of running agents, it launches drone attacks. The CIA is becoming a war-fighting machine: no cloak, all dagger.

Army Looks to Integrate Aircraft Technology Faster

By Vivienne Machi and Stew Magnuson

The “future operations team” will focus on “identifying new technologies that the S&T community is working on and quickly transitioning them into capabilities for the warfighter,” said Brig. Gen. Thomas Todd during an event at the Association of the United States Army in Arlington, Virginia. It could allow the service to synchronize its efforts with industry to develop capabilities that improve the reach, protection and lethality of its aerial platforms, he said.