The Russian military occupation of Crimea headlines this week, with Moscow showing considerable restraint so far in the use of cyberattacks against Ukraine. Considering that crippling DDoS attacks have become a staple of conflicts involving Russia and its smaller neighbours such as Estonia and Georgia, one commentator has rightly asked: where are the cyberattacks?
Ukrainian hackers are highly proficient (and patriotic) operators, so the fear of retaliation could have dissuaded Russia from the use of cyberattacks. If so, this highlights the value of offensive information warfare capabilities as an effective deterrent, a point that cyber operations centres around the world should note.
For a look at Russia and Ukraine’s cyber capabilities, as well as what has been deployed so far, check out this post on the Lawfare blog, and this piece in Foreign Policy. The key challenge in this crisis is to avoid mis-attribution and escalation, as the ability of both sides to inflict harm in the cyberdomain is tried and tested.
A significant announcement was made in China last week as President Xi Jinping was declared head of the new leading group on ‘internet security and informatization’. The announcement received considerable local attention, airing as one of the lead stories on CCTV’s evening news. The group’s goals include drafting a national cybersecurity strategy and coordinating cybersecurity across government sectors. During the inaugural meeting, President Xi said ‘efforts should be made to build our country into a cyberpower’. See Adam Segal’s commentary for an excellent analysis of the broadcast.
Activists in the Philippines are protesting against the 2012 cyber crime protection law that makes cybersex, pornography and file-sharing illegal. Among netizens, the most contentious part of the law seems to be a provision making online libel (defamation) a crime. A similar debate is happening in Indonesia with regards to the Electronic Information and Transaction (ITE) law that’s been in place since 2009.
2013 was a year plagued by significant commercial security breaches and constant revelations about government surveillance. The recent RSA Conference 2014 was overshadowed by those events with one commentator drolly noting that ‘last year’s impregnably secure business looks like this year’s Swiss cheese’. Another observed that many conversations during the conference boiled down to a ‘trust deficit’ between government and business, as well as between companies and users. Tying up the conference with a keynote address was satirist Stephen Colbert. ‘Many of you see me as a champion of privacy,’ quipped Colbert, ‘which I know because I read your e-mails’.
Organisers of TrustyCon, an information security conference that runs simultaneously to the RSA conference, have released footage from the event—available here.
Finally, US Cyber Command head General Keith Alexander testified for the last time in that role to the Senate Armed Services Committee. In his statement he acknowledged that some key capability gaps, including that some weapons systems were not as ‘cyber robust’ as they need to be, have left the US military at risk.
Simon Hansen is an intern in ASPI’s International Cyber Policy Centre.