6 December 2021

CYBER, COMMUNICATIONS, EW & TECHNOLOGY (C2ET) DIGEST

Maj Gen P K Mallick, VSM (Retd)



 
Microsoft released its second annual Digital Defense Report, covering July 2020 to June 2021. This year s 134 pages report is quite detailed, with sections on cybercrime, nationstate threats, supply-chain attacks and Internet of Things attacks. The report includes security suggestions for organizations with remote workforces. It has a section describing the use of social media to spread disinformation. The report is a compilation of integrated data and actionable insights from across 




Social Media in Violent Conflicts – Recent Examples

Maj Gen PK Mallick, VSM (Retd)



Introduction

Alan Rusbridger, the then editor-in-chief of the Guardian in his 2010 Andrew Olle Media Lecture, stated, “News organisations still break lots of news. But, increasingly, news happens first on Twitter. If you’re a regular Twitter user, even if you’re in the news business and have access to wires, the chances are that you’ll check out many rumours of breaking news on Twitter first. There are millions of human monitors out there who will pick up on the smallest things and who have the same instincts as the agencies—to be the first with the news. As more people join, the better it will get. ”


The most important and unique feature of social media and its role in future conflicts is the speed at which it can disseminate information to audiences and the audiences to provide feedback.


How HIV and COVID-19 Variants Are Connected

Laurie Garrett

The troubling arrival of a new form of the COVID-19 virus that is rife with mutations—around 50 of them—has world leaders, stock markets, and scientists scrambling in anticipation of a global coronavirus tsunami that some fear could outstrip today’s delta variant pandemic. It’s still too early in the study of the new omicron variant to have dissected all those mutations, deciphering their likely impacts on viral spread, illness severity, the reliability of diagnostic tests, vaccine protection, and the utility of dozens of drugs and treatments. South Africa was the first country to identify the variant, based on cases that had been detected in Botswana. There are indications it was circulating in Europe even earlier, but a genetic analysis of some 200 South African omicron samples by well-known computational biologist Trevor Bedford of the Fred Hutchinson Cancer Research Center in Seattle pushes the date of first emergence in that country possibly back to September.

The evolution of potentially dangerous variants like omicron has been ensured by the wealthy world’s decision not to protect vulnerable populations outside its borders. Put simply, strategies rich countries have implemented to limit the carnage from COVID-19 inside their borders have not been mirrored at a global scale. In European countries, Canada, Japan, and the United States, for example, great pains have been taken to prioritize treatment and vaccination for people with weakened immune systems. But globally, one of the world’s largest concentrations of immunocompromised people—the untreated HIV-positive people of southern Africa—has been all but ignored.

Laos-China Railway Inaugurated Amid Mounting Debt Concerns

Sebastian Strangio

Officials from China and Laos today marked the official launch of the $5.9 billion railway connecting the two nations, officially completing the first link of a long-envisioned rail line connecting southwest China with Singapore.

In a ceremony in Lao capital Vientiane that was attended by Prime Minister Phankham Viphavanh and other high-ranking officials and other guests, Buddhist monks blessed the new rail line and sprinkled holy water on the first of the Chinese-made bullet trains that will soon be flying between Vientiane and Kunming, the capital of China’s Yunnan province.

According to Nikkei Asia, the first passenger run will be made through Laos tomorrow, though it remains unclear when a regular crossborder service between the two countries will begin.

The Laos-China Railway, which broke ground in 2015 and marks the effective extension of China’s high-speed rail system beyond its own borders, is an undeniably impressive undertaking. The standard gauge single-track line cuts through 417 kilometers of rugged terrain from Vientiane to Boten, the country’s main border crossing with China, from whence it continues on to Kunming, the capital of Yunnan province.

What Chinese Dams in Laos Tell Us About the Belt and Road Initiative

Phillip Guerreiro

With nearly $900 billion in investment across nearly 140 countries, China’s Belt and Road Initiative (BRI) has sparked significant debate. Much of this debate has focused on the professed grand strategic aims of the project, leading to greater emphasis on its geopolitical and geoeconomic dimensions, particularly its risks and opportunities. It is in this context that we get arguments between proponents of the “debt-trap diplomacy“ narrative and those who question it.

What is typically overlooked in these debates are the internal drivers of the BRI. Specifically, the BRI is largely about Chinese domestic development, which the Chinese Communist Party (CCP) has connected to social stability and security. This is notably important in China’s interior borderlands, which contain sizable cross-border minority populations and which successive Chinese political entities have struggled to effectively integrate to the greater Chinese polity. For Beijing, developing these areas is crucial for integration and social stability. Analyzing Chinese dams in Laos provides an understudied insight into the local origins and drivers of the BRI, particularly along China’s borderland regions.

China Wants to Write the Tech Rules for 5G. Experts Say That’s a Big Problem

PATRICK TUCKER

You may not know the International Telecommunication Union or the 3rd Generation Partnership Project, but they and similar bodies set security standards for the internet of today and tomorrow. Experts say Beijing has been stacking the boards of such groups to benefit China and undermine the rest of the world’s data privacy and information security.

That’s not the way those bodies are supposed to work. Their boards are intended to mediate between competing industry proposals in search of the best ideas for everyone. That’s the process that created technical standards for everything from DVDs to WiFi to 2G, 3G, 4G technology and so on.

“While the process is not completely apolitical, considering the stakes involved, the technical standardization process has been traditionally focused on technical, rather than commercial or political, arguments in debating the merits of a standard,” says a paper from the Asia Policy Institute published on Wednesday. “However, China’s increasing engagement in standards development, particularly given its top-down, state-centric approach to standardization, is changing the status quo.”

Forward Defense symposium on deterring Chinese strategic attack

Hans Binnendijk, Rebeccah Heinrichs, and Christopher Twomey

The Atlantic Council’s Forward Defense practice area is delighted to share a symposium of issue briefs on the topic of deterring Chinese nuclear attack by Hans Binnendijk, Rebeccah Heinrichs, and Christopher Twomey. Anchored by our report on Deterring Chinese Strategic Attack: Grappling with the Implications of China’s Strategic Forces Buildup by Scowcroft Center Deputy Director Matthew Kroenig, this symposium explores the recent Chinese nuclear buildup, puts the development in context of China’s overall military and nuclear strategy, and examines possible US responses. In forthcoming issue briefs, it will also consider the implications of China’s nuclear buildup for extended deterrence in the Indo-Pacific.

In only the past few weeks—since these papers were written—China’s nuclear buildup has accelerated. The Department of Defense has increased its estimate of China’s nuclear warhead holdings to one thousand by 2030, China tested a nuclear-capable, fractional orbital bombardment hypersonic vehicle, and researchers discovered that China is building hundreds of new ICBM silos.

In sum, these developments suggest that China is engaged in the most significant nuclear buildup in its history. Read on to see how three experts characterize the threat and suggest that the United States and its allies and partners respond.

TSA issues second security directive to secure pipelines against cyberattacks

MAGGIE MILLER

The Transportation Security Administration (TSA) on Tuesday issued a second security directive meant to strengthen critical pipelines against cyberattacks in the wake of the crippling ransomware attack on Colonial Pipeline earlier this year.

Under the directive, owners and operators of critical pipelines transporting gasoline or other hazardous liquids are required to take specific security measures to protect against ransomware attacks, develop recovery plans in the event of an attack and review their existing cybersecurity plans.

The first security directive was issued by TSA, which falls under the Department of Homeland Security (DHS), in May, and required pipeline companies to report cybersecurity incidents within 12 hours to the Cybersecurity and Infrastructure Security Agency (CISA).

The Border Escalation Between Armenia and Azerbaijan Is Part of a Dangerous Pattern

Murad Muradov Simona Scotti

On November 16, intense fighting broke out between Azerbaijan and Armenia in what is considered to be the most severe escalation since the end of the Second Karabakh War. This time, however, the situation spiraled out of control not in the Karabakh region of Azerbaijan but along the Armenia-Azerbaijan border.

The border clashes involving the use of artillery, armored vehicles, and firearms of various calibers unfortunately produced fatalities. There are reports of about six deaths on the Armenian side, the capture of thirteen Armenian soldiers, and the loss of contact with another twenty-four. Conversely, Azerbaijan confirmed seven casualties and ten wounded during the conflict. On the same day, Armenia and Azerbaijan agreed to a ceasefire mediated by Russian defense minister Sergey Shoigu.

Both sides accuse the other of initiating the conflict. Azerbaijan’s defense ministry blames Armenia for “large-scale provocations against Azerbaijan in the Kalbajar and Lachin regions of the state border,” stating that Armenia unsuccessfully “launched a sudden military operation” to “take more advantageous positions.” Armenia, on the other hand, stated that the Azerbaijani forces attacked its eastern border along the provinces of Zangezur (Syunik) and Basarkechar (Gegharkunik).

Sino-Indian Competition in South Asia: Another Round

Rajeswari Pillai Rajagopalan

In the continuing struggle between India and China for the support of the region’s smaller countries, India appears to have had some successes. Two of India’s smaller neighbors, the Maldives and Sri Lanka, have both demonstrated separately their need for Indian friendship and assistance. While this is not likely to be the last word by any stretch of the imagination, it does indicate that in both countries the shadow struggle will continue and that India’s diplomatic game is improving, probably as a consequence of the competition itself.

In the Maldives, an effort to generate popular opposition against India appears to have suffered a setback. The so-called “Out India” campaign was strongly rebutted by senior government officials, who emphasized that India is the country’s “closest ally and trusted neighbor” and that the social media campaign did not reflect the views of the majority of Maldivians.

The Out India campaign itself is curious because it has not been supported by any public figures and appears entirely confined to social media. Nevertheless, the Out India campaign follows an earlier effort, one supported by public figures, that sought to curtail Indo-Maldivian relations by accusing the Maldivian government of agreeing to allow the stationing of Indian military personnel in the Maldives. This followed the publication of a leaked document allegedly from the Maldivian Ministry of Defense, though the Maldives National Defense Force (MNDF), Ministry of Foreign Affairs and other government officials dismissed the document as forgery. Whatever the source of these efforts to undermine Indo-Maldivian ties, it appears to have done the opposite. Senior Maldivian government officials, including the president, reiterated their desire for close relations with India.

AUKUS and Changing Dynamics in the Indo-Pacific


Andrew Schwartz: Welcome to The Asia Chessboard, the podcast that examines geopolitical dynamics in Asia and takes an inside look at the making of grand strategy. I'm Andrew Schwartz at the Center for Strategic and International Studies.

Hannah Fodale: This week, Mike unpacks recent developments in the US-Australia alliance, including the AUKUS agreement, with Rory Medcalf, professor and head of the National Security College at Australia National University. The two discuss the second addition to Rory's book, Indo-Pacific Empire: China, America and the Contest for the World’s Pivotal Region, and how regional dynamics and geopolitics have changed over the past two years.

Michael Green: Welcome back to The Asia Chessboard. I am joined by a friend and colleague who has taught me a lot over the years, and will all of you listening I'm sure. Rory Medcalf runs the National Security College in Canberra. Rory, welcome. Good to have you on Asia Chessboard.

Rory Medcalf: Fantastic to be with you, Mike.

Michael Green: First thing, what is the National Security College? We got to figure that out first.

U.S. Foreign Policy Under Biden


President Joe Biden took office with an ambitious foreign policy agenda summed up by his favorite campaign tagline: “America is back.” Above all, that meant repairing the damage done to America’s global standing by his predecessor, former President Donald Trump. During his four years in office, Trump strained ties with America’s allies in Europe and Asia, raised tensions with adversaries like Iran and Venezuela, and engaged in a trade war with China that left bilateral relations in their worst state in decades.

In principle, Biden’s agenda is rooted in a repudiation of Trump’s “America First” legacy and the restoration of the multilateral order. That was reflected in his early moves to rejoin the Paris Climate Accords and the World Health Organization, and reestablish U.S. leadership on climate diplomacy. The COVID-19 pandemic has also offered Biden an opportunity to reassert America’s global leadership role and begin repairing ties that began to fray under Trump.

But in practice, some of Biden’s priorities bear a close resemblance to Trump’s agenda. His “foreign policy for the middle class,” which ties U.S. diplomacy to peace, security and prosperity at home, has been described as a dressed-up version of Trump’s emphasis on putting U.S. interests above its global commitments. Biden also followed through on Trump’s deal to withdraw from Afghanistan without consulting or coordinating with Washington’s NATO allies—and has paid a political cost for the collapse of the Afghan government and chaotic evacuation that ensued. And on other issues—like Trump’s his approach to Cuba and his immigration and border policies—Biden has not demonstrated any urgency to make immediate changes, and he only recently lifted controversial tariffs on European steel and aluminum imports, and fully opened the U.S. border to travelers from Europe, Canada and Mexico.

Despite the rhetorical commitment to repudiating Trump, Biden may find it difficult to fully restore a pre-Trump status quo. Countries may no longer be willing to follow the U.S. lead on democracy promotion after the erosion of America’s democratic norms during the Trump era. And Europe, in particular, has recalibrated its relationship with the United States and may no longer be willing to align with America’s approach, particularly the hardening of relations with China and Russia.

The West’s Border Closure Reflex Comes With a Cost

Mel Pavlik

On Nov. 24, two devastating and separate, but ultimately interrelated, incidents took place in far-flung corners of the world. First, at least 27 people perished while attempting to cross the turbulent waters of the English Channel, which separates France from the United Kingdom. The dead were migrants from Africa and the Middle East whose fragile, flimsy raft sank before it reached the U.K.’s shores. This was the deadliest migrant crossing across the channel ever recorded, but it is not an isolated incident. Attempted channel crossings have spiked since 2018, resulting in hundreds of deaths.

On the same day, more than 8,000 miles to the south, scientists in South Africa informed the World Health Organization of a grim discovery: the omicron variant, a new and potentially highly transmissible iteration of the coronavirus that causes COVID-19. Before the end of the month, nearly 60 countries had closed their borders or initiated strict restrictions against travelers from South Africa and many of its neighboring states in sub-Saharan Africa, a knee-jerk reaction that has been decried by many as racist, counterproductive and dangerous.

These two incidents are, at first glance, unrelated. However, they both highlight a bleak political reality: the readiness of Western countries to react to global catastrophes by shutting their doors.

Pentagon’s Global Posture Review emphasizes China, but lacks major strategic changes

ANDREW EVERSDEN

WASHINGTON: After a nine-month deep-dive by Defense Department planners and policy experts billed as a holistic look at where and how America is deployed around the world, the Pentagon has concluded that no major changes to its military posture are needed — and that no public version of the document will be released.

The Pentagon’s Global Posture Review comes amid US concerns about confronting China in the Pacific, a build-up of Russian troops on the Ukrainian border and an enduring counterterrorism mission that will continue globally despite the end of the war in Afghanistan.

But rather than a large shift in resources and plans, the review, which looked at US troop locations and capabilities across the globe, ultimately concluded that no major strategic changes are needed, aside from “operational level adjustments we have already announced and a couple of other changes that are still being developed,” a senior defense official told reporters during a Monday briefing. What findings backed up those conclusions, however, is not clear, as the department declined to make a version of the review public.

TSA issues directives to rail sector to strengthen cybersecurity

MAGGIE MILLER

The Transportation Security Administration (TSA) on Thursday issued two security directives requiring rail and rail transit groups to implement steps to strengthen cybersecurity of the sector, including a requirement to report cyber incidents to the federal government.

The security directives require higher-risk freight rail, passenger rail, and rail transit groups to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of detection and to designate a cybersecurity coordinator.

The directives also require these groups to complete vulnerability assessments of their networks and then develop a cybersecurity incident response plan based on security issues discovered. One directive applies to freight rail groups, while the other to passenger rail and rail transit companies, but are identical and will be made public.

The three ghosts haunting US foreign policy

 ANDREW LATHAM

The calls for the U.S. to do something in, about or for Ukraine are growing by the day. The U.S. must stand up to Russia, stand by our Ukrainian “ally,” resist Russian President Vladimir Putin’s bullying tactics and otherwise defend the freedom-loving peoples of eastern Europe — even to the point of deploying troops to the region. Failure to do so, we are told, will not only compromise American interests in the region, but undermine its position in the wider world as well.

Such calls are typically couched in terms of “realpolitik,” or power politics. In reality, however, the impulse to do something – anything – on Europe’s eastern marches has little to do with a clear-eyed understanding of the current distribution of power in the international system, U.S. interests, the limits of American power, actual Russian motives or anything else required by a realpolitik approach properly understood. Rather, that impulse is being driven by something far less rational — and far less realistic. It is being driven by what I will call the ghosts of world orders past.

What I mean is that, to a considerable degree, today’s debates about foreign policy in general and Russia in particular are being shaped by ideas that were born in the unique circumstances of earlier world orders – the interwar period, the Cold War, the post-Cold War “unipolar moment” – and that should have died with the passing of those orders but didn’t.

The War on Meritocracy

Adrian Wooldridge

The meritocratic idea is so fundamental to modern societies that we take it for granted. We expect to be given a fair chance when we apply for a job. And we are outraged at the mere smell of nepotism or favoritism or discrimination. “All Americans have the right to be judged on the basis of individual merit, and to go just as far as their dreams and hard work will take them,” Ronald Reagan proclaimed in 1984. “We believe that people should be able to rise by their talents, not by their birth or the advantages of privileges,” Tony Blair said fifteen years later and an ocean away.

Yet taking something so fundamental to the health of both our economy and our polity for granted is the height of folly. Look at the history of the West and you don’t have to go back very far to find a world where jobs were handed from father to son or sold to the highest bidder. Look at the rest of the world and you can see governments riddled with corruption and favoritism. The meritocratic idea is necessarily fragile: humans are biologically programmed to favor their kith and kin over strangers. We are right to think that the modern world, with its vibrant economy and favor-free public sector, would be impossible without the meritocratic idea. But we are wrong to think that meritocracy will be with us forever if we proceed to douse its roots in poison.

‘We’re talking about a war’: tech competition between the U.S. and China is in a dangerous new phase, says former Google disinformation chief

REY MASHAYEKHI

It’s become apparent in recent years that the U.S. and China now find themselves in a tech-fueled arms race—one with repercussions involving everything from cyber warfare to intellectual-property theft. It is a conflict that author Jacob Helberg describes as a “gray war” in his new book, The Wires of War: Technology and the Global Struggle for Power—and as intimidating as that descriptor may be, Helberg insists that “war” is the right way to phrase it.

“I understand that war is a scary concept, but calling it a competition is a disservice,” Helberg said Tuesday at Fortune’s Brainstorm Tech 2021 conference in Half Moon Bay, Calif. “At the end of the day, if Japan and Germany sell more cars than [U.S. automakers], it’s not the end of the world. Here, the political survival of democracy and equal competition is on the line. We’re not playing tennis; we’re talking about a war, because China is using every tool at its disposal.”

From 2016 to 2020, Helberg led Google’s internal policy efforts to combat disinformation and foreign interference on its platform, including state-backed misinformation efforts from the likes of Russia that sought to undermine U.S. elections. The experience informed Helberg’s understanding of the challenges now facing American companies and the U.S. government alike—and he’s convinced that framing it as a “war” is important to prioritizing the task at hand. “Your overriding objective should be winning the war—that should be your North Star,” he noted.

Bad Actors in News Reporting

Christian Johnson, William Marcellino

COVID-19 offered authoritarian regimes, such as China and Russia, an opportunity to manipulate news media to serve state ends. Researchers conducted a scalable proof-of-concept study for detecting state-level news manipulation. Using a scalable infrastructure for harvesting global news media, and using machine-learning and data analysis workflows, the research team found that both Russia and China appear to have employed information manipulation during the COVID-19 pandemic in service to their respective global agendas. This report, the second in a series, describes these efforts, as well as the analytic workflows employed for detecting and documenting state-actor malign and subversive information efforts. This work is a potential blueprint for a detective capability against state-level information manipulation at the global scale, using existing, off-the-shelf technologies and methods. This report is part of RAND's Countering Truth Decay Initiative, which considers the diminishing role of facts and analysis in political and civil discourse and the policymaking process.

The EU Remains the Best Advocate for Global Democracy

Joergen Oerstroem Moeller


Russian president Vladimir Putin enjoys running circles around the European Union (EU). China may cherry-pick partners among EU members. Turkey can destabilize the region by releasing migrants. Even Belarus challenges the EU in a way unthinkable only a few years ago. Events may yet take a turn for the worse in the Caucasus, Bosnia-Herzegovina, and Ukraine with rumors of military action launched by Russia.

Europe’s lack of hard power may be laid bare in the months to come. Europe is not projecting military power, not invading other countries, not threatening neighbors, not waging cyber warfare, and not operating a global intelligence network. It is also not using its considerable economic power to pursue political goals.

These weaknesses, in a strange way, also reveal Europe’s sole strength.

Europe is gradually becoming the last genuine defender of democracy and human rights. A few countries outside of Europe may also claim this title, but they are far between. Europe is not flawless, but compared to illiberal democracies, autocratic or authoritarian regimes, it remains a beacon.

“Wars” of Influence: Expanding U.S. Unclassified Intelligence Reports on China, Russia, Iran, and North Korea and Investing in Other Major U.S. Official National Security Reports

Anthony H. Cordesman

The shift in U.S. strategy from a focus on terrorist threats to a focus on the potential threats from China and Russia, as well as the lesser threats from Iran and North Korea, means the U.S. must look beyond building up deterrent forces and U.S. options for warfighting. So far, however, the U.S. has done far better in strengthening its military forces to compete with China and Russia, and lesser enemies like Iran and North Korea, than it has done to compete in political and gray area terms. A military response to such threats is critical in meeting the Chinese and Russian challenge, but it is only half the battle.

If the U.S. and its strategic partners are to compete successfully with Russia, China, and other major threats, they must also succeed in winning gray area conflicts and “white area” political, diplomatic, and economic competition.

As was the case in the Cold War, U.S. grand strategy must look beyond deterrence and warfighting. It must focus on finding areas of cooperation that reduce tension and the risk of war; on strengthening deterrence by competing for allies and economic partners; and on using diplomacy, trade, investment, and political influence to both support U.S. interests and counter hostile actions and influence building by its major competitors.

Russians Believe Ukrainians Want to Be ‘Liberated’

Natalia Antonova

As Russian forces mass on the border with Ukraine, U.S. analysts and politicians are arguing about what exactly Moscow’s intentions are. When the U.S. secretary of defense talks about “the Soviet Union” potentially invading “the Ukraine,” the mistakes are excusable, but the optics betray a general sense of confusion.

In one crucial way, the Russian approach is equally confused—and dangerously so. Arguments against the possibility of invasion argue that it simply wouldn’t be rational, that Russian President Vladimir Putin must be cognizant of the dangers of a long and bloody war, one in which the West might well get involved.

Yet many in Russia believe the war would be swift and easy—because the Ukrainians themselves would join them. For years now, Russian state propaganda has churned out stories of how nightmarish the lives of Ukrainians are. Ukrainians—who recently elected a Jewish president—are portrayed as having their lives controlled by Nazis, agents of George Soros (a regular target of anti-Semitism), and other evil-doers. These stories are further buffeted by long-standing Russian stereotypes of Ukrainians as their little brothers who are living in an “artificial state”—with the nation portrayed as a byproduct of Soviet bureaucracy, not an organic nation like Russia itself. Ukrainians are Russia’s “fraternal brothers” and the two countries are “one people.”

As Oil Is Waning, the Times Are Changing

Michele Dunne

Every day in the news from the Middle East and North Africa (MENA), one can find evidence of the massive changes that are coming. The signs began gathering even before the pandemic.

The Kuwaiti finance minister announced in August 2019 that his government did not have enough cash on hand to pay public sector wages beyond October, setting off a sharp debate over how far to dip into the Future Generations Fund to cover current expenses. In February 2020, the International Monetary Fund issued a report on fiscal sustainability in Gulf Cooperation Council states, judging that economic diversification was far behind where it should be. It predicted that the region’s current reserves of wealth would be depleted by 2034 unless government spending was cut back.

While the Arab countries, particularly the wealthy Gulf states, might long have considered themselves insulated from global trends, recent events show that this is no longer true, if indeed it ever was. Mass protests, the pandemic, and climate change are all buffeting the region. Rising temperatures and water shortages will make some areas uninhabitable and create food insecurity. Among the climate-related trends most consequential for MENA is the changing world energy picture: the role of oil and gas is gradually diminishing compared with renewable sources.

NATO Must Adapt to an Era of Hybrid Threats

JOHN R. DENI

As the foreign ministers of the NATO allies met this week in Riga, Latvia, they did so against the backdrop of an increasingly tense geopolitical situation in Eastern Europe. Large numbers of Russian forces remain deployed not far from Ukraine’s borders, postured for offensive military action. And Minsk announced on November 29 that it was prepared to conduct large-scale exercises with Russia near Ukraine’s border.

Although Ukraine is not a NATO ally—and therefore not covered by the alliance’s mutual defense clause—another Russian invasion there would greatly destabilize Central and Eastern Europe. NATO allies Poland, Romania, and the Baltic States would all perceive a renewed existential threat. They would very likely call for NATO to respond with efforts to bolster the alliance’s eastern flank.

To its credit, NATO has done much over the last several years to prepare for and deter a traditional attack from Russia. A reinvigorated NATO defense planning process has improved allied capabilities, readiness initiatives have shortened alliance response times, and allies have re-embraced territorial defense. It is likely that a Russian military assault against Estonia or Lithuania, for instance, would result in a strong, unified response that would ultimately defeat and expel the invading force.

Putting Gender Equality First

Josep Borrell and JuttaUrpilainen

Rarely in the world have women’s and girls’ rights been challenged as they have been in Afghanistan. The latest developments give cause for great concern. The EU has made it clear that future EU development assistance to Afghanistan will depend on the respect for the international legal framework and for norms on human rights, including women’s and girls’ rights. The EU is determined and committed to continue to support the women and girls of Afghanistan and worldwide, sticking to our values and beliefs.

Together with human rights, freedom, and democracy, equality represents one of the core values that make the European Union what it is. It enriches our societies and strengthens their resilience. Gender equality is a core part of peace, security, economic prosperity, and sustainable development. Moreover, defending and promoting gender equality is required by the EU treaties.

That is why working politically, operationally, and financially to promote and safeguard progress on gender equality is a political priority and a key objective for the EU. The EU Gender Action Plan III and the new EU external action budget provide a roadmap for global action toward a gender-equal world. We work closely together with multilateral, regional, and bilateral partners, including civil society organizations, to achieve those objectives. We still have a long way to go; there is no room for complacency. However, we are stronger together while many challenges remain.

Are Russia and Ukraine Once Again on the Brink of War?

Alexander Baunov

Once again, the world is discussing the possibility of Russia waging war against Ukraine. This time, however, the circumstances are extraordinary.

Back in the spring, the buildup of Russian troops for military drills close to Ukraine’s borders ended in a series of communications between the U.S. president and the leaders of Russia and Ukraine, followed by the summit this summer between Russian President Vladimir Putin and U.S. President Joe Biden. At the time, that flare-up in tensions was explained as being down to the desire to put the Donbas conflict firmly on the agenda of the new U.S. president and to force new talks on the issue.

Although the current escalation appears similar to that of the spring, a whole host of new circumstances has been thrown into the mix. The Russian Foreign Ministry has broken a diplomatic taboo by publishing confidential correspondence with Germany and France over Ukraine: something that would have needed to be approved at the very top.

Speaking at the Foreign Ministry soon after this, Putin called for “serious, long-term guarantees that ensure Russia’s security in this area [its Western borders], because Russia cannot constantly be thinking about what could happen there tomorrow.”

Cybersecurity for Idiots

Derek Bambauer

One of cybersecurity’s major challenges is cyberstupidity. So the internet security firm SolarWinds’s decision to use “solarwinds123” as the password for its software updates server was rather inept. Unsurprisingly, hackers guessed the password and were able to upload files to the server, which were then distributed to SolarWinds clients. Similarly, after the Missouri Department of Elementary and Secondary Education failed to check a Web application for a software vulnerability that has been known for at least a decade, its incompetence exposed the Social Security numbers of at least 100,000 teachers. Missouri Governor Mike Parson expanded the bungling by threatening to prosecute the journalist who discovered the flaw rather than focusing on the department’s utterly inadequate security. And when Wyndham Hotels used weak passwords, stored guests’ credit card data unencrypted, and did not bother to use firewalls to protect its network, it invited disaster. Hackers accessed information on more than 600,000 customers in total on at least three occasions; in at least two of those attacks, Wyndham did not even detect the intrusion for months.

Nominally, cybersecurity has been a top policy priority for presidential administrations of both parties since 1997. But even within the federal government “little progress has been made,” according to an April 2021 report by the Government Accountability Office. The private sector is not in much better shape. At least part of the problem lies with shortcomings in the legal regulation (and the lack thereof) for cybersecurity. Regulators tend to focus on process over substance, are overly timid about regulating technology, defer too readily to judgments by regulated entities, and opt for politically safe but largely ineffective measures such as information sharing. Even the Federal Trade Commission (FTC), which has emerged as the de facto national cybersecurity regulator in the United States, employs mostly holistic-style, amorphous assessments of firms’ systems, rather than (as an attacker would) looking for weak points.

How the NotPetya attack is reshaping cyber insurance

Josephine Wolff

In June 2017, when the NotPetya malware first popped up on computers across the world, it didn’t take long for authorities in Ukraine, where the infections began, to blame Russia for the devastating cyberattack that would go on to do $10 billion of damage globally. NotPetya was a component of the ongoing conflict between Russia and Ukraine, but even though it was designed to infiltrate computer systems via a popular piece of Ukrainian accounting software, the virus spread far beyond the borders of Ukraine, causing an incredible amount and variety of damage.

One of the most consequential and as-yet-unresolved legacies of NotPetya centers on Mondelez International, the multinational food company headquartered in Chicago that makes Oreos and Triscuits, among other beloved snack foods. NotPetya infected the computer systems of Mondelez, disrupting the company’s email systems, file access, and logistics for weeks. After the dust settled on the attack, Mondelez filed an insurance claim for damages, which was promptly denied on the basis that the insurer doesn’t cover damages caused by war. The ensuing dispute threatens to not only remake the insurance landscape, but also has major implications for what companies increasingly at risk of being hacked can expect from their insurer.

Cookies under attack

Mondelez couldn’t have less to do with the tensions between Russia and Ukraine, but the company’s computer systems were still affected by NotPetya as it spread around the world. For Mondelez, the total damages were estimated at more than $100 million. So Mondelez filed a claim for the costs with its insurer, Zurich—only to then have that claim denied on the grounds that NotPetya was a warlike action and therefore excluded from Mondelez’s property and casualty insurance coverage. The ensuing lawsuit between Mondelez and Zurich over whether NotPetya was actually sufficiently “warlike” to trigger the exception in Mondelez’s policy will have far-reaching consequences for both buyers and sellers of cyber insurance policies. While the case remains undecided, insurance carriers and policyholders alike remain in a state of some uncertainty about what types of cyberattacks their coverage does and does not apply to, and policymakers have been slow to provide help to either side by, for instance, defining what types of assistance they might be willing to provide or what they expect from insurers by way of clarification.

Because it caused so much damage and was driven by broader political motivations, NotPetya is one of the most closely studied cyberattacks in history. Andy Greenberg at Wired, for example, has explored the malware in terrific detail, so when he declared in August of 2018 that “​​the release of NotPetya was an act of cyberwar by almost any definition,” it encapsulated the thinking of insurers like Zurich. Just two months earlier it had denied Mondelez’s claim for $100 million in NotPetya-related damages under its Zurich all-risk property insurance policy, pointing to the warlike nature of NotPetya. The June 1, 2018, letter to Mondelez denying their claim pointed to Exclusion B.2(a) in the company’s policy that specifically excluded coverage for any losses or damages resulting from “hostile or warlike action in time of peace or war, including action in hindering, combating or defending against an actual, impending or expected attack by any … government or sovereign power.” Cyberwar, the company argued, didn’t fall under the purview of its property insurance policies.

But was NotPetya really warlike? It was certainly perpetrated by a government, but that alone may not be enough to qualify it as an act of war. By the time Zurich issued its claim denial, several governments, including the United States, the United Kingdom, Canada, and Australia, had issued coordinated statements in February 2018 attributing NotPetya to the Russian government. It was perhaps the most extensively and authoritatively attributed cyberattack ever, especially in the context of breaches which often give rise to disagreements about attribution and how definitively it can be performed. But many cyber intrusions and breaches are perpetrated by governments, and if all of those are viewed as being beyond the purview of cyber insurance coverage then cyber insurance could become largely useless for many policyholders dealing with a wide range of incidents from espionage to ransomware.

That’s why the decision in the Mondelez case is so crucially important—for both insurers and their customers. If Mondelez wins that means insurers will either have to cover a much broader range of cyberattacks or rewrite their coverage to exclude new categories of damages that go beyond warlike actions. On the other hand, if Zurich wins the case then policyholders may decide that there’s little point in purchasing cyber insurance, forcing insurers to craft new language for their policies to reassure customers that at least some government-sponsored cyberattacks will still be covered.

The future of cyberinsurance

Major insurers are already reshaping the language in their policies to prepare for the consequences of victory for either side of the dispute between Mondelez and Zurich . For instance, research by Daniel Woods and Jessica Weinkle has shown that insurers are increasingly building into their policies coverage for “cyber terrorism,” while still excluding hostile or warlike actions. The cyber terrorism coverage inclusion is presumably intended to reassure policyholders that they will be able to file claims for government-sponsored massive cyberattacks, despite the war exclusions in their policies. But the definitions of war and cyberterrorism are so ambiguous—and in many cases so overlapping—that it’s hard to see how this development does anything other than pave the way for more long legal battles like the one between Mondelez and Zurich.

Policymakers in several states and countries have taken an active interest in cyber insurance in the years since Mondelez’s suit against Zurich was filed, but they have done little to resolve the persistent uncertainty over what types of cyberattacks fall under insurance policy war exclusions. Nor have they helped clarify the extent to which existing government insurance backstops for terrorism, as laid out in the Terrorism Risk Insurance Act (TRIA) passed after the attacks of Sept. 11, might apply to cyberattacks like NotPetya, though the Treasury Department has begun soliciting feedback on how to do that. These clarifications might not resolve all of the ambiguity in existing cyber insurance policy language, but they could serve as an important first step in framing how the government defines cyber terrorism and cyber war. Those definitions would give insurers a clearer template to work from in writing their own policies and also provide policyholders with some language to compare their coverage against. Ideally, assuming the government is able to carve out a subset of cyberattacks covered under TRIA, that would also provide a clear boundary where private insurance coverage should apply: namely in all the circumstances where government coverage does not.

Regulators can do more than provide clearer definitions of cyber war and cyber terrorism; they can also help by being more careful in the way they talk about cyberattacks more generally to help avoid fueling similar legal disputes. When Senator Dick Durbin referred last year to the SolarWinds cyber espionage campaign as “virtually a declaration of war,” this is precisely the kind of quote that insurers and their lawyers seize on in lawsuits over whether or not incidents like Pearl Harbor or airplane hijackings that occur outside the timeframe of formal, legal war declarations can be considered warlike actions for insurance purposes. The results of those older legal disputes over insurance war exclusions can still be seen in the language built into policies like Mondelez’s today. The explicit designation in the Zurich policy of excluding any “hostile or warlike action in time of peace or war,” for instance, reflects changes made to insurance policies following Pearl Harbor, when some insurers denied life insurance claims on the basis that those who died at Pearl Harbor died due to an act of war. The families of those soldiers then challenged those claim denials on the grounds that the United States did not officially declare war on Japan until the day after Pearl Harbor. Accordingly, insurers began to expand their war exclusions to cover events that happened “in time of peace or war” so that they would not be restricted to only excluding events within the confines of official, legal declarations of war.

NotPetya, like Pearl Harbor before it, is already changing the ways that insurance exclusions are being written. But this time insurers are faced with the conflicting goals of trying to get themselves off the hook for coverage of catastrophic cyberattacks while still persuading their customers that most intrusions and breaches will still be covered. These conflicting pressures have led to even more confusing—and at times contradictory—language being inserted into cyber insurance policies in ways that do little to resolve any of the important and pressing issues raised by the Mondelez case. If policymakers are still hopeful that insurance will play a crucial role in helping organizations manage cyber risk, they should be actively engaging with carriers over how to establish clearer, better founded definitions of which types of cyberattacks should be covered by insurers, which types by government backstop programs, and which ones by the victims themselves.

Commercial and Military Applications and Timelines for Quantum Technology

Edward Parker

This report provides an overview of the current state of quantum technology and its potential commercial and military applications. The author discusses each of the three major categories of quantum technology: quantum sensing, quantum communication, and quantum computing. He also considers the likely commercial outlook over the next few years, the major international players, and the potential national security implications of these emerging technologies. This report is based on a survey of the available academic literature, news reporting, and government-issued position papers.

Most of these technologies are still in the laboratory. Applications of quantum sensing could become commercially or militarily ready within the next few years. Although limited commercial deployment of quantum communication technology already exists, the most-useful military applications still lie many years away. Similarly, there may be niche applications of quantum computers in the future, but all known applications are likely at least ten years away. China currently leads the world in the development of quantum communication, while the United States leads in the development of quantum computing.

‘Confusion’ emerges as new weapon class for Air Force cyber warriors

Mark Pomerleau
Source Link

WASHINGTON — Shooting down an aircraft or blowing up a target might not be the pinnacle of winning in future conflicts. Rather, sowing confusion among adversaries might be more associated with triumph on the battlefield, according to an Air Force official.

“I would argue, in this 21st-century battlespace that we’re preparing for, infusing that doubt, hesitation, that confusion is winning for us,” Brig. Gen. Tad Clark, director of the electromagnetic spectrum superiority directorate at the Air Force, or A2/6L, said during a presentation at the Association of Old Crows Symposium Nov. 30. “If we get the adversary … to stop for a moment, reassess if the odds are in their favor, try to determine if they can make a move or not and if it’s an advantageous time for them to do so or not, we’re slowing their decision matrix down.”

Achieving this type of confusion, however, is critically dependent upon superiority in the electromagnetic spectrum, Clark said, adding that superiority in the spectrum underpins every core mission within the military.