International Agreement for Control of Cyber Weapons

Month: December, 2015

December 2015 Cyber War Coverage

December, the supposed holiday time for most of the world, was filled with substantial coverage of the world’s raging cyber war.  Newsweek Magazine carried a special edition on The Art of (Cyber) War. It noted that a federal government database had been hacked so that the highly personal information for 21 million government employees information was published. It also notes that “by 2018” we can expect that the U.S. Department of Defense will deploy a new cyber defense program that will include a “task force” to protect America. Here is some more information.  The Identity Theft Resource Center reported 641 data breaches in 2015.  It also reported that “more than 175 million [U.S. citizens] people had their information exposed in data breaches in 2015”.

Companies such as Sift Science were reporting rapid growth: “Every day, businesses worldwide rely on Sift Science to eliminate fraud, slash costs, and grow revenue. Our cloud-based machine learning is powered by 5,000+ unique fraud signals and a network of 1,500+ websites (and growing).” Sift uses “large scale machine learning technology” to analyze data and connect “thousands of seemingly unconnected clues left behind by fraudsters.”  Artificial intelligence (AI) is being used to catch Internet fraud. Machine intelligence (The Helix(TM) Security Engine) also is being used by Lookout, a security firm that focuses on the mobile phone market.

Not only the United States is concerned.  Salìh Biçakcī from Kadir Has University in Turkey reports that cyber attacks against Turkey are increasing, and that “the state is not prepared for approaching cyber wars”.  Turkey has been under a Distributed Denial of Service (DDoS) attack for most of December. Biçakcī argues that Turkey’s government is not set up for the type of coordination needed to withstand a determined cyber attack.  Many other governments must be having the same thoughts.  Biçakcī has authored such documents as The Rebirth of NATO between New War and Cyber Security and The role of information technology in responding to Terrorism. Because of ties between Turkey and ISIS, Anonymous attacked Turkey’s banking sector, according to TechWorm. Anonymous warned “Dear government of Turkey, if you don’t stop supporting ISIS, we will continue attacking your Internet, your root DNS, your banks and take your government sites down“.  Anonymous “took 400,000 [Turkish] sites offline for 7 days“.

Anonymous has published a chronology of events in its war against ISIS.  It calls the action “OpISIS”.

In India, Tarun Vijay a member of the Bharatiya Janata Party (BJP) has been demanding that India set up a separate ministry for cyber security. As reported in the Indian Express, “[I]n the last five months 50,000 cyber attacks have been reported and nearly half of India’s internet population was being hit by cyber attackers”.

The above summarizes only a few events in December. As stated earlier, cyber war and cyber weapons are multiplying.  They are one of the most important tools of today’s warfare. A set of Cyber Arms limitation talks are surely needed.

Xi Jinping and Laws for Cyberspace

At the recent World Internet Conference, held in Wuzhen, Zhejiang province, the President of China Mr. Xi Jinping gave a speech setting forth priorities for Internet Governance.  The view of the Government of China is that each country should control its own Internet and set its own rules for cyberspace.

This means that the Chinese government sets a priority on monitoring the Internet to ensure that it is not used for unlawful activity.

It is hard to argue with a government that does not wish for the Internet to be used for unlawful activity.  All governments agree with this view.  The Internet should not be a free zone for criminals.

The only issue, then, is what is criminal activity.  Obviously this varies from nation to nation.  What is protected speech in one country might be illegal in another.  What is protected journalism in one country might be illegal activity in another.

This distinction is a source of conflict in debates over Internet governance.  People on outside of China might criticize Chinese monitoring of the Internet inside China, but in essence what they are criticizing is Chinese law as it is written or interpreted or enforced inside China.

An international issue arises if activities take place on the Internet outside of China, but those activities if carried out inside China would be considered criminal.  In those cases, China reserves the right to block those activities from crossing through the Internet into China.  Again, this is a question of Chinese sovereignty.

And here we are using the example of China, but national sovereignty is an important issue for all nation states.

A complication arises in cases where China cuts off entire services from being provided in the Chinese market.  For example, Facebook is not allowed in China.  This is not a question of Chinese law, but instead is a matter of non-tariff barriers to trade in services.  Many are of the view that it should be condemned because there is no reason why Facebook or any other outside provider of Internet services could not be monitored for criminal activity the same way that services inside China are monitored.

These are issues that need to be considered in negotiations concerning international trade in services.

It also is true that it is illegal to hack in China.  This means that if one is in China and they hack a Chinese website, then a law is broken.  It is not clear if it is a violation of Chinese law if a person inside China hacks a computer that is located outside of China. There might be a potential to further international discussions on this issue.

These discussions on Internet censorship and control, and its connection to national sovereignty are interesting and important, but are outside the scope of consideration regarding cyber weapons.  The reality is that development of cyber weapons will always be legal within a nation state the same way the development of any other type of weapon is legal.  Cyber weapons are an integral part of the right of self-defense of a nation.

There is a cyber arms race now, and people need to be thinking about how to control the proliferation of cyber weapons.


Lomonosov University Information Security Institute

Lomonosov University in Moscow is more commonly known as Moscow State University. It is named for Mikhail Vasilyevich Lomonosov (Михаи́л Васи́льевич Ломоно́сов) who lived from 1711 to 1765 and discovered the atmosphere of Venus and the Law of Mass Conservation in chemical reactions.  He was a polymath (πολυμαθής), a person who masters a significant number of different subject areas.

The Information Security Institute (Институт проблем информационной безопасности) has been working on a number of information security issues.  In April of 2015, it held a Forum in Garmisch-Partenkirchen, near Munich.  One of the topics on the agenda was on Proposals on Frameworks for Adaptation of International Law to Conflicts in Cyberspace.  Other discussions focused on critical infrastructure security.  Of interest was a workshop on “Countering the threat of the use of social media for interference in the internal affairs of sovereign states (extremism, radicalization).”

The Information Security Institute managed to put to bring together a number of institutions in previous forms including (1) Lomonosov Moscow State University (LMSU) Institute of Information Security Issues; National Academy of Sciences of Belarus the United Institute of Informatics Problems; Internet Society of Bulgaria; China Association for International Friendly Contact (CAIFC); E-Government Division Ministry of Finance (Israel); Indian Institute of Information Technology in Allahabad; Cybercrime Research Institute (Germany); “MFI SOFT” LLC (Russia); State University of New York (SUNY, USA); Global Cyber Risk LLC CEO (USA); Tokai University (Japan) SPIRIT; EastWest Institute (USA); Defence Research & Development Organization (DRDO), Ministry of Defence, Government of India; PayPal Inc. (USA), Qafqaz University (Azerbaijan); The SecDev Foundation (Canada); Insubria Center on International Security – ICIS (Italy); Institute of Information Security and Cryptology (IIS&C) at the Gumilyov Eurasian National University (Kazakhstan); Institute of Electronics and Telecommunications under Kyrgyz State Technical University (the Kyrgyz Republic).

We are awaiting the results of the discussion on an international convention, or on international law.


Cyber War or Propaganda War?

On December 15th, 2015, the Republican party held its last debate of the year.  It is near Christmas, followed by New Years, and this is a time of year when people do not pay much attention to politics.  So the candidate heading into this season with the highest poll numbers is more than likely to win at least the first few primary votes.

The United States has a complicated electoral system for electing its President.  There is nothing else like it in the world.  Each party must hold “primary” elections in each individual state.  In those primaries, delegates go to a meeting and vote on the candidate they want to represent them in the general election.  Republicans have one primary, Democrats have another.  It is an intensely local process. Then these delegates from each state go to a national convention and then vote again and confirm the nominee of their party, and then there are two candidates for the national “general” election.

During the debate, several issues regarding cyber warfare came up.

Chris Christie, Governor of the State of New Jersey

Chris Christie was asked about what should be the response of the United States to state-sponsored hacking from the People’s Republic of China.  His answer was that the United States should launch a counter-attack.  This sounds logical, tit for tat.  But what is interesting is the type of attack he suggested.

He suggested that information should be taken that shows the corruption of Chinese officials.  “The Chinese people need to be shown just what a corrupt government they have.  How the government leaders and a series of industry leaders all over the country are stealing from the Chinese people.”

There is no verification that Chinese leaders are stealing.  Whether they are is not the point here.  The interesting thing about Christie’s idea is that state-sponsored hacking can be used to collect embarrassing information about a foreign government, then the information can be leaked to the international press and used to discredit the government, leading to possible civic unrest.

This may be the first this type of cyber war strategy ever has been suggested by a political leader in the United States, potentially anywhere. It is the opposite of a kinetic strike.

Is secretly releasing information regarding the criminal activities of a foreign leader a type of cyber war, even if the information is true, but if the information has been stolen through hacking.

Donald Trump, Entrepreneur

During the debate, Donald Trump was criticized for “wanting to shut down the Internet” in response to the growth ISIS.  His response was that he never suggested shutting down the Internet, but that “ISIS is using the Internet better than we are”.  He also stated that it would be a good idea to shut down the Internet in places where ISIS is originating its hateful propaganda and recruitment efforts.

Then he said that it might be even better if the Inter were used to penetrate ISIS and find out about them “so that they can be destroyed”.

Both of these candidates offer interesting views of cyber space and how it is part of war.  Indeed, cyber weapons are on the menu for everyone.