4–6 September, 2018 the 28th Economic Forum is held in Krynica Zdrój (Poland), themed “A Europe of Common Values or A Europe of Common Interests?”. President of the “Borysfen Intel” Center Victor Hvozd during a Forum made a presentation entitled “Cyber Conflict and Geopolitics — the Cold War’s New Front”.
********************************************************************************************************
Introduction
Dear colleagues!
The theme of our debates is extremely important, due to the fundamental geopolitical changes taking place in the world, and their direct impact on cyberspace as a separate environment of confrontation between different subjects of international relations.
First of all, this concerns the transformation of a unipolar model of a world order, led by the United States, which arose after the collapse of the USSR, into a new multipolar system with a few centers of power of different levels.
Report by the President of “Borysfen Intel” Victor Hvozd at the 28th Economic Forum in Krynica Zdrój, Poland, 5 September, 2018 |
The result of such changes was the emergence of new players in the world arena with their interests and lines of confrontation between them, which has made the world more rigid and unpredictable.
In turn, this has led to an escalation of confrontation in cyberspace, which is becoming global and can be compared to world wars with the use of weapons of mass destruction.
Evidence of this is the spread of massive attacks on computer systems of leading and other countries with critically dangerous consequences in the main spheres of their life (including state management and military command, economy, finance, energy and transport).
Besides, the cyber-espionage, the use of cyberspace for interference with electoral and political processes, as well as massive information wars on the Internet are gaining momentum.
At this, there is a real possibility of cyberwars' turning into trade-economic and sanction wars, as well as into a direct armed confrontation.
In particular, an example of this is Washington's sanctions against Russia for the latter's interference with electoral processes in the United States. At the same time, according to the doctrinal principles of the United States, they reserve the right to retaliate with military force in response to cyber attacks.
The main aspects of cyber warfare that require systemic revision
In general, these circumstances require a systemic revision of all major approaches to cyber warfare, including definitions or clarifications:
- subjects or parties to confrontation in cyberspace, as well as allies and adversaries;
- the goals of each of the parties in such a confrontation and the objects of the collision of their interests;
- strategies and tactics of warfare in cyberspace to achieve the goals;
- forces and means of each of the parties involved in confrontation in cyberspace.
Proceeding from this, the forms and methods of actions in cyberspace, both offensive and defensive, can be optimized.
Subjects and parties to confrontation in cyberspace; allies and adversaries
Subjects and parties to confrontation in cyberspace are in varying degrees all participants of international relations that are capable of defending their own interests and having the necessary tools (technologies) for their realization by means of cyberwars. Based on the structure of the modern multipolar system of the world order, they can be divided into a few main groups, which include:
- the most powerful world-class states, namely, the USA and the PRC. In fact, they are the main players on the field of cyber confrontation;
- regional leaders, including the EU in the European region, Russia in Eurasia, India in Southeast Asia, Brazil in Latin America and South Africa in Africa;
- other countries, which realize their interests through cyberspace, but exclusively at the local level and without extensive use of subversive actions. It is this group that Ukraine belongs to;
- pariah states and various extremist and terrorist organizations that use cyberspace to carry out subversive activities against other countries and international organizations, including the leading countries.
Lines of confrontation in cyberspace
Taking into consideration the strategic goals and interests of these subjects, we can identify the main lines of confrontation in cyberspace, which reflect contradictions between them in political, economic, security and other spheres. Based on this, first of all such confrontation takes place between:
- the United States and China, due to the United States' desire to maintain its ultimate world domination;
- the West and Russia, which are in fact in a state of “Cold War” as a result of actions by the USA, NATO and the EU to curb Moscow's neo-imperial policy;
- the United States and their allies on the one hand and the pariah states and extremist and terrorist organizations on the other, within the framework of the USA's counteracting the proliferation of weapons of mass destruction and fight against terrorism.
These assessments are confirmed in the report “Worldwide Threat Assessment” of the US Intelligence Community. According to the document: Russia will continue disruptive cyber attacks against the United States and its allies, including Ukraine; China will use cyber-espionage and cyber attacks to support its national security; Iran and North Korea will also create global threats to US interests through the possibility of cyber attacks against the United States.
Besides, there is also a wide range of other lines of confrontation in a cyberspace of situational, regional, local, and other nature. In particular, examples of this are the confrontation between:
- the USA and Europe (the EU and NATO countries) as a result of Washington's protectionist policy;
- China and India on the basis of the struggle for influence in Southeast Asia;
- Israel and Muslim countries as a result of the fundamental civilizational controversy and the struggle for influence, territories and resources in the Middle East.
Separately we should mention the confrontation in cyberspace between Russia and Ukraine and other former USSR's countries of a democratic and European choice due to Moscow's attempts to establish control over them. Of this and Ukraine's European and Euro-Atlantic choice, make our country an objective ally of the United States, NATO and the EU in their confrontation with Russia, including in cyberspace.
Basic principles of the cyber warfare strategy in the new geopolitical situation
The new geopolitical situation in the world also requires changes to the strategy of information wars in cyberspace. The basis for such changes may be the USA's new approach to the principles of the use of armed forces as determined in the updated conceptual documents, in particular in the National Security Strategy (2017) and the National Defense Strategy (2018).
That is why the current cyber warfare strategy should be based on the following main principles:
- organization of confrontation in cyberspace within the framework of general plans of warfare, and also establishment of close coordination with military operations of troops in other environments;
- an adaptive approach to conducting cyberwars against a wide range of adversaries, which means an adequate response to a variety of threats and situations;
- ensuring the ability to maneuver forces and means for: concentrating efforts on the most important directions; optimal use of various components of cyberspace, depending on the situation;
- continuity of cyberwars, including in peacetime. Unlike conventional wars, confrontation in cyberspace does not stop under any circumstances, except for the complete destruction of world computer networks;
- achieving a decisive superiority over the adversary in the technical and intellectual potentials that can be involved in conducting wars in cyberspace;
- moving to network-centric principles, namely, establishment of close interaction between different units of cyber warfare both within one country and the union of countries and with their partners on the basis of joint plans of actions and information exchange.
- comprehensive and regular training of forces and means of cyber warfare for combat operations in this sphere, including active defense, intelligence and preventive offensive operations;
- comprehensive support of actions in cyberspace (including intelligence, scientific and technological, material and technical, personnel, etc.).
Intelligence support of confrontation in cyberspace
As the head of the two intelligence services, I would like to turn attention to the intelligence support of cyber warfare. Thus, the complication of a situation in the world and its becoming more and more dynamic and unpredictable, raises the requirements for intelligence. In fact, without credible, complete and timely intelligence data, it is impossible to effectively implement any of the above-mentioned principles of cyber warfare. First of all, this concerns the following issues:
- threats to the country in cyberspace;
- the adversary's goals, intentions and plans, as well as strategies, tactics, methods, ways and tools for their implementation;
- forces and means of the opposite side of confrontation in cyberspace, including the principles of building its computer systems and their technical characteristics, software, etc.;
- results of attacks on the adversary's computer systems, including the degree of their damage and the possibility of recovery, as well as cyber counterattacks.
The need for such data requires creation of a special system for collection of relevant information, as well as its analysis and preparation of recommendations for the forces and means for cyber attacks and counterattacks.
In particular, such information may be collected:
- by agents through the adversaries' cyberwar units' governing bodies and personnel;
- by actions in cyberspace through breaking the closed databases, as well as e-mail systems;
- by monitoring cyberspace in order to find out the signs of activity, including preparation and start of cyber attacks;
- by studying the leading scientific and technological achievements in the cyber sphere both at the world level and of concrete adversaries.
These data should be analyzed by special units, staffed with highly trained professionals.
At this, within the framework of network-centric approaches, close interaction should be established among different intelligence agencies both within one country and the union of countries and with their partners.
Forces and means of cyberwars
In general, these approaches put forward new requirements to the forces and means of cyber warfare. In particular, among such requirements we may point out as follows:
- unification of forces and means of cyber warfare within the framework of a single centralized command and control system;
- turning such a system into a complex one by adding to its structure the entire list of necessary bodies, including planning, control and coordination; conducting intelligence in cyberspace; carrying out active offensives and defensives; logistics;
- achieving a technical and technological superiority over the adversaries' forces and means of cyberwars.
To date, the above-mentioned approaches are already being actively implemented in practice.
Conceptual documents of leading states and international organizations regarding confrontation in cyberspace
For example, based on geopolitical changes taking place in the world, amendments are made to conceptual documents of the leading countries and international organizations regarding confrontation in cyberspace. In particular, among such steps we may mention:
in the United States, specification of the US Department of Defense’s Strategy for Operating in Cyberspace (Cyber Strategy) and of the US Department of State’s International Cyberspace Policy Strategy;
Documents:
- define cyberspace as one of the main environments of the US Department of Defense in providing national security to the United States of America;
- provide the USA with the right to conduct all types of military operations in cyberspace to defeat an adversary and prevent threats to the country;
- determine the strategy and tactics for offensive and defensive cyber attacks;
- outline a list of cyber threats to the USA in the economic, military, social and humanitarian spheres;
- demonstrate the USA's readiness to use all possible means, including military actions to protect its cyberspace;
- determine the directions of the USA's cooperation with other countries on joint cyber warfare.
In NATO, adoption of the Enhanced NATO Policy on Cyber Defence (2014) and Cyber Defence Pledge (2016);
Documents:
- consider cyberspace a sphere of NATO's operations and operational responsibility;
- define the cyber defense as one of the main tasks of NATO;
- enshrine extension of Article 5 of the North Atlantic Treaty on collective defense in cyberspace;
- include a plan for developing a cyber strategy for the Alliance.
in Russia — preparation of Cyber Security Strategy of the Russian Federation.
Provides: definition of strategic directions of actions to ensure Russia's cyber security and responsibilities of state and non-state bodies.
Forces and means of cyberwars of the leading countries
According to conceptual documents of the leading countries and international organizations, the improvement, development and formation of their forces and means of cyber warfare is also being carried out. In this regard, the most illustrative are:
in the USA — the elevation of the status of the Cyber Command to the level of a unified combatant command (2017);
Due to this, the US Cyber Command was withdrawn from the US Strategic Command and received a status equal with other combatant commands.
The main tasks of the US Cyber Command:
- planning, developing and conducting intelligence, defense and offensive operations in cyberspace;
- security of information networks of the US Department of Defense and the national intelligence community;
- operational control of forces and means allocated from the brunches of armed forces;
- coordination of the work of specialized cyber security units of the US Department of Defense.
The US Cyber Command includes Cyber Commands of the Army, Navy, Air Forces and Marine Corps.
in NATO — introduction of new bodies, including the NATO Communications and Information Agency, the NATO Cooperative Cyber Defence Centre of Excellence (Tallinn) and the NATO Cyber Operations Centre (planned to be deployed);
The main tasks of these bodies are:
- Communications and Information Agency — building a centralized cyber defense system within NATO;
- Cooperative Cyber Defence Centre of Excellence — assistance to NATO member countries in developing their own cyber defense;
- Cyber Operations Centre — planning, organizing and conducting wars in cyberspace.
in Russia — creation of the Information Operations Forces within the Ministry of Defense (2013) and the Cyber Command of the General Staff of the RF Armed Forces (2014).
The main tasks of these bodies are:
- centralized conducting of the information operations;
- protection of military computer networks, command and control systems.
Cooperation between NATO and the Alliance's Partners
At the same time, cooperation in the cyber sphere is being developed between NATO and the EU, and with their partners, including Ukraine. Examples of this are:
NATO-EU — signing in 2016 of the Technical Agreement between the NATO Computer Incident Response Capability Center (NCIRC) and the Computer Emergency Response Team of the European Union (CERT-EU).
It provides for joining NATO and EU capabilities for detecting and responding to cyber attacks.
NATO-Ukraine:
- adopting in 2016 the NATO Comprehensive Assistance Package for Ukraine, including the protection of critical infrastructure from cyber attacks;
- considering by the US Congress of the draft of the “Ukraine Cybersecurity Cooperation Act”, which provides for assisting our state in improving the national concept of cyber security, as well as taking measures to protect the government computer networks and reduce Ukraine's dependence on Russian information and communications technologies.
Suggestions for improving the NATO Cyber Defence system
Despite the steps being taken by NATO and its partners to improve the system of cyber warfare, it is still not complete. This reduces the ability to implement and protect common interests in cyberspace.
One of the solutions to this problem may be:
- adoption of a comprehensive NATO cyberspace strategy of NATO and its partners;
- elevation of the status and extending the functions of the NATO Cyber Operations Centre to the level of the North Atlantic Alliance's NATO Cyber Command;
- subordination of cyber commands or cyber forces of NATO member countries and the Alliance's partners;
- bringing the cyber warfare units of the Alliance's partners in line Compliance with NATO standards;
Optimization of functions and tasks between the bodies of the cyber warfare of the members of NATO and the Alliance's partners, taking into account their capabilities and interests, their role and place in global and regional computer networks, as well as specific threats from the actions of adversaries in cyberspace.
Possible forms of Ukraine's participation in the NATO Cyber Defence system
In particular, such functions and tasks of the cyber warfare forces of Ukraine as NATO's partner may include:
- protecting national cyberspace and objects of critical infrastructure from cyber attacks by Russia and all kinds of terrorists and extremists. As noted above, this task is already being fulfilled with NATO's active support;
- blocking the use of the Ukrainian information space (servers, communication channels, etc.) by other countries for cyber attacks against NATO member states. This is important because through Ukraine goes one of the channels of electronic traffic to Europe;
- supporting NATO's actions in cyberspace by involving Ukrainian computer systems and networks;
- active informational influence on the population of Russia and inhabitants of the occupied territories of Ukraine through e-media. As Ukrainians understand Russia better, it will be more effective than such an activity by Western information agencies.
For today, an example of successful cooperation between Ukraine and NATO in this sphere is the Alliance's assistance in the cyber defense of Ukrainian critical infrastructure. In particular, there are systematic joint trainings on protecting critical infrastructure, including with the participation of the NATO Energy Security Centre of Excellence (Vilnius).
Besides, there is active cooperation in counteracting cybercrime. In particular, in August 2018 Ukrainian law enforcement agencies detained a group of Ukrainian citizens on suspicion of involvement in the hacking group Fin7. The victims of hackers of this organization have become more than 100 American companies.
Common security in the global cyberspace
And in conclusion, I would like to raise one more question. I have already said that wars in cyberspace can be compared with the use of weapons of mass destruction and threaten the whole mankind.
In view of this, the urgent need is to achieve international agreements on the rules of conduct in cyberspace, including:
- adoption at the UN level of relevant international legislation on joint responsibility for security in cyberspace;
- establishment of international control over the situation in cyberspace;
- defining international mechanisms for detecting and prosecuting violators of the rules of conduct in cyberspace.
The initiator of this issue could be the North Atlantic Alliance, which has international reputation. In this regard, it would be important for NATO and the Alliance's partners to have a clear common position to support the rules of responsible behavior of all countries in cyberspace and measures for building confidence in the cyber sphere.
NATO's putting forward such initiatives will let the Alliance strengthen its role and importance in resolving the problems in maintaining international cyber security and prevent Russia's gaining an edge in this sphere. At the same time, dialogue with Moscow on the above-mentioned issues may also be established.
In particular, during the 73rd Session of the General Assembly of the United Nations in the second half of September 2018, Russia is planning to submit two draft resolutions on cyber security, namely:
- “Developments in the Field of Information and Telecommunications in the Context of International Security” (developed on the basis of the SCO's “International Code of Conduct for Information Security”);
- “Countering the Use of Information and Communication Technologies for Criminal Purposes”, which calls on the UN member states to adopt a convention to counter world cybercrime.
Both the documents provide for a ban on the use of information and computer technology to interfere with internal affairs of other states in order to undermine their political, economic and social stability. At the same time, their initiation by Russia, in fact, aims to cover its own actions to influence other countries through computer networks. Today, this issue is of particular relevance to Moscow because of the US sanctions imposed against it for interference with American elections.
Conclusion
Of course, the above-mentioned suggestions are conceptual in nature and at this stage are only subject to discussion to determine prospects. At this, their practical implementation will require resolving a number of complex political, legislative, technical and financial problems both at NATO's general level and at the national level of the Alliance's partners.
In particular, Ukraine will face the necessity of creating qualitatively new forces of cyber warfare, including cyber troops or cyber command, which already exist in other countries. In turn, this will require appropriate political decisions of the leadership of Ukraine, allocation of necessary funds, training of professionals, etc.
At the same time, the experience of cooperation between Ukraine and NATO testifies to the possibility of successful implementation of such plans that will be of mutual benefit.