Air Commodore (R) Khalid Iqbal TI(M)[*]
This study has been compiled by using mostly American and European sources. Points of view of most of the Asian countries on the Cyber activities referred to is not readily available other than outright denials in the context of cybercrimes. Reality may lie somewhere between the two positions.
(Conflict and competition in Asia over cyberspace is part of a larger shift in the international security environment as power is shifting from Europe and America to emerging powers in Asia. Asian societies have been enthusiastic adopters of the internet and have also made it an important vehicle for political expression within and between Asian nations. Espionage and crime overlap in cyberspace, particularly due to use of proxies. The level of cyber crime is likely to grow in Asia and this will increase instability because of cyber crime’s linkage to espionage and military activities. These activities do not constitute war; but cyber-competition can add to the risks of conflict. It is therefore important to consider possible ways to manage or mitigate the risks of intensified cyber competition or conflict in Asia. These risks can better be managed if cyber conflict is put into a framework of shared understandings on norms of behaviour and the application of international law. Controlling this risk requires establishing rules of the game.)
Cyber conflicts occur on global networks, it is hard to lay quarantine and regionalize them. Conflict and competition in cyberspace is part of a larger shift in the international security environment as power is shifting from Europe and America to emerging powers in Asia and a new multi-polar order is evolving[i]. Espionage and crime overlap in cyberspace, particularly due to use of proxies, who may be indirectly controlled by a government. Espionage is the illicit extraction of information; cyber crime is the illicit extraction of money. Internet shrinks distances and makes borders more porous. Cyberspace connects nations more closely than ever before. These close connections provide new means for both states and individuals to share, influence, intrude and attack[ii].
Asian societies have been enthusiastic adopters of the internet and have also made it an important vehicle for political expression within and between Asian nations. Moreover, as Asia has become a significant venue for global economic activity, so as a corollary, it has also become the hotbed of cyber competition and conflict. Cyber competition and conflict in Asia have a large spectrum[iii]. It encompasses planning for military competition and asymmetric warfare, engagement in economic espionage to gain long-term economic and trade advantages, as well as a new kind of trans-national mass political action.
With nation-state attacks and espionage malware, cyber security is becoming an increasingly essential component of national security. Asia, with its political tensions, vigorous yet volatile economies, and lack of strong multilateral institutions, is a focal point for this competition. The information technology industry is now largely Pacific-based with Asian countries, the United States, and India creating most of digital products. Internet is an enabling technology for global business that has helped propel rapidly growing Asian economies. Rise of China and its extensive cyber capabilities define strategic competition both in Asia as well as globally. Though the United States is likely to remain the only country with global reach, rising Asian nations would continue to expand their expertise and influence[iv]. These emerging powers would sometimes work in cooperation with the US, but at times would compete for influence and enhanced regional leadership roles. Mostly, such competitive ventures will not be just military specific, these would include manoeuvres to contest, influence and control the structures and rules of global finance, business and even politics[v]. The most damaging aspect of cyber-spying is economic espionage, whereby cutting edge technology, confidential business information, and intellectual property can all be stolen[vi].
Asia’s cyber hierarchy
The hierarchy of Asian cyber powers does not always mirror the wider power balance. The United States, China and Russia have the most advanced cyber capabilities. The capabilities of other Asian nations range from nominal to relatively sophisticate. Judging from public sources, ten Asian nations are developing cyber capabilities[vii]. Eight are developing military capabilities and doctrine. These are: Australia, China, North Korea, India, Malaysia, Myanmar, Japan, and South Korea. Brunei and Singapore are developing defensive capabilities. Australia has a unique advantage in cyber capability development given its close intelligence-sharing relationships with the US and UK[viii].
The number of countries developing cyber capabilities is not in itself worrisome. Cyber attack is a new military tool that will eventually be part of every nation’s arsenal[ix]. Cyber espionage will extend current intelligence activates into a new domain. Most countries already monitor domestic telecommunications and those who have active foreign intelligence programs avail themselves of cyber techniques. In itself, this extension of military and intelligence activities into cyberspace will not radically change power relationships among Asian states[x].
Cyber Threat: A Generic Appraisal
Cyber threat has a huge expanse, global reach and is omnipresent. There is widespread concern among states over strategic competition in cyberspace, including cyber espionage and cyber attack. There is continuous interstate competition in cyberspace. However, there has not been any cyber warfare in the classical sense of interstate activity, employing cyber techniques to damage or coerce other nations, in cyberspace. Nevertheless, the constraints that apply to the use of physical force among nation-states also apply to cyber attack. Because of the recent emergence of advanced cyber technologies, the lack of universal agreement on norms, and the potential to equate espionage spree with the opening phase of a military action, cyber conflicts entail a greater risk of miscalculation and inadvertent escalation of conflict[xi].
Potency of Stuxnet, manifested in the havoc created in the Bushehr nuclear power plant of Iran has forcefully brought forth the fact that digital protection is no longer a matter of securing servers and software, company data and continuity, but is now a matter of citizen safety[xii]. Organizations have realized that critical infrastructures like: electric grids; water systems; gas and oil pipelines; air traffic control systems; air travel ticketing systems and hospital networks are all vulnerable to cyber attacks. More so because many critical infrastructures, such as power grids and water systems, are being connected to smart meters and sensors to allow remote monitoring. Moreover, there is a phenomenal rise in nation-state activities, which include espionage where the adversaries are looking for sensitive data and intellectual property that gives respective companies a competitive edge. These types of attacks make cyber security an industry-wide concern.
Popularity of mobile devices and increased adoption of the cloud expose the users to sophisticated and persistent threats; invisible, yet intrusive. Despite the growing concerns about protection of critical infrastructure from cyber attacks, adequate mechanisms are not in place to address the scale and expanse of envisaged threats. It is a complicated task to protect the networks since information is stored in multiple places. In terms of financially driven crime, the focus is generally on blocking off access paths and locking out the attacker[xiii].
The internet eliminates the need for physical proximity or interpersonal exchanges, reducing risk and cost for espionage and crime. It allows the collection of signal intelligence without the requirement for bases, satellites, ships, or aircraft. This provides a global capability to the countries that previously had only a regional or national presence. Hacking incidents against the G-20 and the International Monetary Fund, where confidential information prepared for meetings of world leaders was extracted, highlights the potentially strategic consequences of cyber espionage and crime for global political and economic activities[xiv].
Every present day political, military and economic conflict has a cyber dimension, and defenders have to focus on building up capabilities just as they would prepare for physical warfare. Military planners are used to considering the contribution of intangible factors and clandestine activities to interstate competition and conflict, and to gauging their effect on national power. Cyber activities greatly expand the scope for such intangible operations.
Attempts to target vital national and international defence installations can neither be ruled out nor mitigated successfully without significant cyber security measures. With rising concerns regarding capability and capacity of hacktivism, cyber defence is increasingly playing a pivotal role in the security calculus, at the nation-state and multi-national levels. Cyber infrastructure is also critical to the global economy and hence a playground for interstate competition and potential conflict. However, it is inadequately protected and poorly governed[xv].
An obstacle to managing cyber competition among states is the blurred boundaries between cyber-crime, cyber-espionage and cyber-attack. If the threat of cyber war is exaggerated, the risk of cyber espionage and cyber crime is vastly under-appreciated. From a legal and political perspective, the distinction between a military act, espionage, and crime is very important for decision-making. Crime, even if state sponsored, does not justify a military response under existing international law. Nor does espionage justify an armed response.
Espionage and crime can be very damaging, but countries do not go to war over it. Nations who support cyber crime and engage in cyber espionage appear to be careful to stay below the threshold of what could be considered the use of force or an act of war. However, malicious cyber actions can be trans-national, with an activity carried out by hackers in one country against computers in another. This complicates any potential defensive response to cyber crime or espionage as the person involved in such acts may not be physically present, at times cannot even be precisely identified and often cannot be detained[xvi].
Netizens are another interesting type of threat. Netizens are not hackers; they are individuals who express themselves in chat rooms, online publications and blogs. Unlike hackers, they do not illicitly access other computer networks. Their influence affects policies and, perhaps, political stability. The “netizens” have political influence. More skilled among them can evade the firewall[xvii].
Attacks, which are generated by swarms of computers, called botnets, concentrate data streams that are larger than the internet connections of entire countries. It resembles the technique, which uses a long-known flaw in the internet’s basic plumbing; it is like using a machine gun to spray an entire crowd when the intent is to kill one person. The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. But recently, attackers have come up with a far more powerful strike type that exploits the internet’s core infrastructure, called the Domain Name System, or DNS. A typical denial-of-service attack tends to affect only a small number of networks. But in case of a DNS flood attack, data packets are aimed at the victim from servers all over the world. Such attacks cannot easily be stopped, because victim servers cannot be shut off without halting the internet. Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states. The extent of what is going on is just astonishing. The victims are big companies; one major London based Company recently lost an equivalent of $1.2 billion as a result of a cyber attack from a hostile state.
Some attacks are more of a cyber-rampage. Rob Rachwald, a research director at FireEye, a computer security firm, said of recent attacks on South Korean systems. These attacks were first mentioned publicly in March 2013, by “CloudFlare”, an internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target. “These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare. “It’s so easy to cause so much damage.” Millions of ordinary internet users have experienced delays in services or could not reach a particular Web site for a short time. However, for the internet engineers who run the global networks the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach out to basic internet services, like e-mail and online banking.
Limitation of the internet is that it has to work, a DNS flood cannot be stopped by shutting down those servers because the machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them. The underlying issue is that many large internet service providers have not set up their networks in a secure way to make sure that traffic leaving their networks is actually coming from their own users. The potential security flaw has long been known to internet security specialists, but it has only recently been exploited in a way that threatens the internet infrastructure. The attacks have changed from espionage to destruction, said Alan Paller, director of research at the SANS Institute, a cyber security training organization. “Nations are actively testing how far they can go before we will respond.”
An abundance of private actors in cyberspace, their access to technology, and their ability to engage in illegal transnational acts from their home location, complicates the analyses of cyber security. Those with hacking skills, the ability to implant malware or access a computer or network without the owner’s permission, are joined by activists who use the internet for political exploits. The line further blurs as many activists have the skill to engage in low level hacking and some high-end hackers also have political agendas. The most dangerous private actors can also operate as proxies.
Scope of Cyber Activities in Asia
China’s use of cyberspace to gain military and economic advantage is one of the primary forces shaping a new Asian strategic environment. The rise of China defines strategic competition in cyberspace. Information technology and cyberspace occupy a central position in Chinese politics, strategy, and economic policy. China has pursued asymmetric military advantages for more than a decade and is modernizing its military forces for “informatized” warfare. Economic espionage in cyberspace is a matter of routine in China and Chinese government agencies, companies, and individuals have increased efforts to illicitly acquire technology or gain business advantage[xviii]. At the same time, China itself is deeply concerned about the risks of malicious activity aimed against its own cyberspace.
In May 2013, International Herald tribune reported: “three months after hackers working for a cyber unit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques[xix]. However, now Unit 61398, whose well-guarded 12-story white headquarters on the edges of Shanghai became the symbol of Chinese cyber power, is back in business. It is not clear precisely who has been affected by the latest attacks[xx]. Reportedly, hackers were behind scores of thefts of intellectual property and government documents over the past five years, according to a report by Mandiant in February that was confirmed by American officials.
“China has repeatedly said that we resolutely oppose all forms of hacker attacks,” said a Chinese ministry spokeswoman, Hua Chunying. “We’re willing to carry out an even-tempered and constructive dialogue with the US on the issue of Internet security. But we are firmly opposed to any groundless accusations and speculations, since they will only damage the cooperation efforts and atmosphere between the two sides to strengthen dialogue and cooperation[xxi].”
In its annual report to Congress on Chinese military capabilities, which was released on May 20, 2013, the Pentagon has claimed that last year, “numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military[xxii].” “From the president down, people in the United States have levelled accusations, and China has already many times answered those accusations,” General Xu said[xxiii]. “Everyone knows that on the Internet, the United States wields absolute advantage and control.” He called for the United States to take the lead on international talks to set rules on cyber espionage[xxiv]. “It should be the United States that sets an example of sitting down for discussions on an equal footing, and setting better rules to reduce the damage, because it’s the United States that has absolute dominance,” he said[xxv].
‘‘Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,’’ said Hong Lei, a ministry spokesman. ‘‘China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities[xxvi].’’ There is no doubt that attacks of all kinds are on the rise[xxvii]. The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December[xxviii]. Some 198 attacks on America’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011[xxix]. Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers. The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry. More recently, the Department of Energy confirmed in, January 2013 that its network had been infiltrated, though it has said little about what damage, if any, was done[xxx].
The prominent “cyber powers” of the Asia-Pacific region are the United States, China, Russia, Taiwan, North and South Korea, and Australia. Other countries, such as Japan, India and even less developed nations like Burma are exploring military dimension of cyber capabilities, making this a crowded field for competition. All are wrestling with how to adjust their policies and practices to new technology and the changes it has unleashed. They are all struggling to maintain and gain space in this newly found turf. For quite some time, the hierarchy of cyber-power will be dynamic and will depend on capacity of continued adaptation[xxxi].
Rampant cyber espionage in Asia is a source of instability. These activities are at the core of malicious activity in cyberspace. The most damaging aspect of cyber-spying is economic espionage. There is perpetual risk of losing technology, research products, confidential business information, and intellectual property[xxxii].
American Express customers trying to gain access to their online accounts on March 28-30, 2013 were met with blank screens; its Web site was under attack. The assault was the latest in an intensifying campaign of unusually powerful attacks on American financial institutions that began in September 2012 and have taken dozens of them offline intermittently, costing millions of dollars. The attacks have changed from espionage to destruction. Security experts who studied the attack said it was part of the same campaign that took down the Web sites of JP Morgan Chase, Wells Fargo, Bank of America and others over the last six months. A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for those attacks. The group says it is retaliating for an anti-Islamic video posted on You Tube last fall. But American intelligence officials and industry investigators say they believe that the group is a convenient cover for Iran. Whether the group is acting on direct orders from the Iranian government is unclear. Government officials and bank executives have failed to produce a smoking gun[xxxiii].
North Korea is considered the most likely source of attacks on South Korea[xxxiv]. The North Korean government has openly declared that it is seeking online targets in South Korea to exact economic damage. The American and South Korean attacks underscore a growing fear that the attacks on banks, oil producers and government entities of these two countries may be originating from Iran and North Korea, not because of their skill but because of their brazenness. The appeal of digital weapons is similar to that of nuclear capability: it is a way for an outgunned, out financed nation to even the playing field[xxxv]. “These countries are pursuing cyber weapons the same way they are pursuing nuclear weapons,” said James A. Lewis, a computer security expert at the Centre for Strategic and International Studies in Washington. “It’s primitive; it’s not top of the line, but it is good enough and they are committed to getting it.”
In a recent intrusion 32,000 computers at South Korea’s banks and television networks were incapacitated. The culprits of these attacks, officials and experts say appear determined to disabling financial transactions and operations[xxxvi]. During the latest attacks on South Korean systems, the attackers engineered malware that could evade top of the line South Korean antivirus products, spread it to as many computer systems as possible, and inserted a “time bomb” to take out all the systems at once for greatest impact. As compared to this, a 2007 Russian attack on Estonia that affected its banks, the parliament, ministries, newspapers and broadcasters looks pale.
In an attack on Saudi Aramco in 2012, the culprits created malware designed for the greatest impact, coded to spread to as many computers as possible. Likewise, the attacks on South Korean banks and broadcasters, during March 2013, were far more sophisticated than coordinated denial-of-service attacks in 2009 that briefly took down the Web sites of South Korea’s president and it’s Defence Ministry; such attacks were annoyances; they did not affect operations.
Western point of view is that Russia and China use proxies to conduct cyber espionage and engage in politically coercive acts[xxxvii]. Hackers and cyber criminal communities in both countries are tolerated, co-opted, and at times assisted in their hacking and criminal activities against other nations. The Russian government utilizes its extensive and deep relationships with criminal groups to gain advantage in cyberspace[xxxviii]. China’s cyber espionage strategy combines both official programmes and the coordination of unruly efforts of thousands of individuals, companies, and civil agencies as intelligence collectors[xxxix]. This cyber espionage collection programme reflects the traditional Chinese approach to intelligence collection. Instead of relying on officers operating under official cover, China’s approach is described as “a thousand grains of sand,” where businessmen, researchers or students are asked to collect information when they visit another country[xl]. The result of this blend of forces is that malicious cyber activity in China encompasses official programmes, independent actions by agencies and companies not directed by the central government, as well as criminal activities by individuals, who also sometimes act at the behest of some larger entity, a company, ministry or the central government etc. The central leadership in Beijing does not control all of these actors and it is not clear that it could control them if it wished to do so, despite strenuous efforts to keep internet freedom in check. The internet has introduced new forces into Chinese politics that lie outside the Party’s control[xli].
China’s netizens can also affect relations among Asian states in destabilising ways not directed or desired by the governments. They form part of a larger political interaction among citizens of China, Taiwan, Korea and Japan[xlii]. The pattern and flow of Chinese politics means that at some times and on some topics, the more extreme voices will be suppressed, but at other times, they will be tolerated or even encouraged. Hacktivist activities can influence or inflame public opinion. This is a source of serious concern in China, which has created its own “Fifty Cent Army” of patriotic bloggers who post positive comments about Chinese policies. However, Russia and China also worry that the proxies they have created for espionage and attack could turn against them[xliii].
Though caution is due with regard to overstating the internet’s effect in places like Egypt or Tunisia, the internet can greatly expand participation in the political process. It could direct, amplify and strengthen political trends in ways that are difficult for authoritarian regimes to manage. This helps explain the neuralgic reaction in both countries to the “Jasmine Revolution” and “Arab Spring,” as the regimes fear the growing but uneven power of “netizens” and how it could affect survival of the regime. The internet provides a platform for trans-national political expression. The internet can be an outlet for nationalist sentiment that in its most extreme form can increase the risk of conflict, as governments feel the need to respond to the domestic political pressure generated by internet activities. This is a new factor in Asian relations and carries unpredictable consequences for regional stability.
Hacktivism is a barometer of public attitudes, but there is also the possibility that these new political actors will complicate efforts to predict or manage national responses during a crisis by injecting intense pressure into policy debates. Most hacktivists do not have the capability to engage in sophisticated cyber exploits, and it is important not to overestimate their political influence. Their effect can be fleeting, with protests springing up quickly and then just as quickly dying down.
China’s intelligence activities in cyberspace are an element of a larger economic espionage program that focuses on illicit technology transfer. This program began when Deng Xiaoping decided to let foreign companies begin manufacturing in China. China’s economic espionage originally depended on domestic activities including communications monitoring, but cyber capabilities now give the programme a global reach. There are at least three cases of large, complex economic espionage operations aimed at western companies originating from China that have been uncovered in recent years. Often programmes incorporate political motives as well.
China was able to improve its nuclear submarines in about half the time it took the US or Soviet Union to do so. China’s J-20 “stealth” fighter aircraft appeared more rapidly than experts had expected. Aerospace, sensor, naval, and stealth technologies have been targets of Chinese acquisition efforts. A decade ago, for example, foreign hackers intruded into the computer networks at a US military research facility engaged in work on stealth technologies. China was suspected in these intrusions[xliv].
Western analysts trace interesting parallels between China’s five-year economic plans and cyber espionage activities. As part of its larger strategy to create a national information technology industry, China has long sought to acquire the means to develop an indigenous computer central processing unit (CPU). In this context, Intel Corporation, the world’s leading producer of CPUs, was a target of a January 2010 corporate hacking, which also included intrusion into Google.
The head of the British Security Service warned companies that hacking has become a routine business practice in China. Chinese officials tolerate malicious activity against foreigners and routinely use non-governmental hackers as proxies. However, Chinese companies are as much a target as firms in other countries for cyber espionage. China’s generally weak protections for intellectual property have migrated into cyberspace, with consequences for China’s own indigenous innovation efforts and international competitiveness.
As Southeast Asian nations gain access to high-speed networks enabling them access across borders and transferring large amounts of data in a very short time, there is an increase in low-level cyber crime. However, the only other nation that comes anywhere near China in using cyber techniques for espionage and military advantage is the US. The US and China are “near-peers” in terms of some cyber capabilities, though there are crucial differences in application[xlv].
The US approach to cyber conflict treats cyber techniques as traditional tools of statecraft, providing advantage in military and political intelligence, and as a new weapon to strike opponents. The US uses cyber techniques to monitor and assess Chinese capabilities and intentions, and to gain battlefield advantage in the event of conflict[xlvi]. Cyber espionage provides China with an intelligence benefit through an increased understanding of US intentions, strategies, and capabilities, however, it is in economic espionage against the US and other Asian nations where China’s main advantage lies. While the US also gains tremendous intelligence benefits from cyber espionage, the “net balance” of the exchange between the US and China in cyber espionage favours China[xlvii].
The politics of cyber security in China are not monolithic; agencies and interests groups compete with each other to influence policy. Decision-making in China on cyber issues is fragmented, with little coordination among agencies or between the security and economic agencies. The Chinese have no equivalent to the US National Security Council to ensure policy coordination. This lack of coordination increases the risk of miscalculation in any conflict[xlviii].
China’s networks are fabulously insecure. Widespread use of pirated software guarantees that they are easily and routinely penetrated. There is also concern over China’s own exposure to hacking and cybercrime from both domestic and foreign sources. Chinese officials worry that the creation of the US Cyber Command may put them at a military disadvantage and they have a long-standing fear that a reliance on US technology creates vulnerabilities in Chinese systems[xlix]. The Chinese perceive Cyber Command as part of a larger US effort to dominate cyberspace. They believe that the US is developing powerful cyber strike capabilities for use against China. Some Chinese officials compare US cyber security efforts to missile defence, saying that just as missile defence is intended to cancel out China’s nuclear deterrent, US cyber security efforts are intended to provide US forces with “impunity” to attack in cyberspace.
The Chinese are deeply concerned over supply chain security. They are convinced that the US has built “backdoors” into products like Windows and Intel processors. The Chinese were shocked to discover that Microsoft can remotely access any computer in China that is running Windows. They do not believe that the US does not have the same controlling relationship with American companies that the Chinese government has with Chinese IT companies.
China is the most active of the cyber powers in Asia, but the greatest potential source of instability in cyber space for Asian nations may come from the growing capabilities of North Korea. While these capabilities are easy to exaggerate, North Korea has been interested in computer technologies for almost two decades. In the mid 1990s, North Koreans assigned to the United Nations in New York enrolled in programming classes. North Korea acquired American computers despite sanctions, and North Korean technical institutes began work on microprocessors and technology. North Korea appears to have a very different calculation of acceptable risk to most nations. When it acquires advanced cyber capabilities, the likelihood of cyber attacks that result in destruction or damage are likely to increase.
North Korea has used the internet for propaganda and political purposes in the South, using false names to log-on to websites to post pro-North opinions. Yet, North Korea faces many difficulties on its way to becoming a cyber-power. It does not have routine access to advanced technologies. North Korea will not be able to use the proxy strategy followed by China, where private hackers carry out state instructions. Most importantly, North Koreans do not have the unlimited access to the internet that sustains hacking communities and skills. North Korea has begun to take steps to move away from its reliance on external service providers, but its technological and political cultures remain obstacles to developing strong hacking capabilities.
North Korea continues to invest in building advanced cyber capabilities. It will eventually acquire them. Should the North acquire cyber attack capabilities, these will likely be in reserve primarily as an adjunct to armed conflict. However, there may well be continued acts of calculated provocation, tied to internal DPRK politics and intended to manipulate the US, South Korea or other countries. There will likely be a strong temptation to use cyber techniques – causing blackout or other service disruption, as pin prick activities.
Neither Iran nor North Korea has shown anywhere near the subtlety and technique in online offensive skills that the United States and Israel demonstrated during an effort to disable Iran’s nuclear enrichment plants with an online weapon that destabilized hundreds of centrifuges, destroying many of them. After this operation became public knowledge in the summer of 2010, Iran announced the creation of its own Cyber Corps[l].
When hackers believed by American intelligence officials to be Iranians hit Saudi Aramco, last year, they did not just erase data on 30,000 Aramco computers; they replaced the data with an image of a burning American flag. In the recent assault on South Korea, some affected computers displayed an ominous image of skulls[li].
Amateur cyber operatives in Muslim countries spontaneously respond in the form of attacks, defacing and hacking of internet websites or other social media entities disseminating blasphemous material. However, soon their actions are nullified by the respective service providers and the services are restored. These enthusiasts are likely to continue building their expertise for causing prolonged disruptions. At state level also, some countries, including Pakistan, act to block the blasphemous contents.
Cyber skills in Pakistan are at a rudimentary level. Occasionally, news about hacking of websites makes headlines. During March 2013, the website of the Election Commission of Pakistan was hacked, but was restored soon after. Likewise, a number of public and private sector websites have occasionally been hacked for short durations. In the absence of regulatory laws, service providers do not incorporate adequate security features in their services, whereby most of the internet services in Pakistan are prone to attacks. Internet related crimes are on the rise in Pakistan, however, relevant laws exist for prosecuting the cyber criminals.
Efforts at combating Cyber Crime
Asian nations lag in developing consistent cybercrime laws, although ASEAN and other regional organizations have efforts underway to expand and improve legal structures and law enforcement cooperation and Interpol is creating a “Global Complex” in Singapore to remain one step ahead of transnational criminals by relying upon high-tech crime expertise[lii].” This complex is likely to enhance and strengthen the internet policing worldwide, it would undertake actions at the behest of the state. Asia’s relatively weak institutions for international security cooperation do not bode well for effective discussions on these issues at an inclusive region-wide level[liii]. Existing multilateral vehicles for discussion in Asia like ASEAN Regional Forum, the East Asia Summit, etc. are inadequate for the task. One alternative would be to await global understandings on cyber conflict. Several “global” efforts are already underway to reconsider cyberspace governance and cyber security, including work in governmental expert committees in the ITU and in the UN[liv]. Another alternative would be bilateral discussions between the US and China. A“G-2” approach has some appeal. While bilateral discussions are essential, any understanding will need to be implemented on a regional and global scale[lv]. Cooperative actions among likeminded nations will improve cyber security, but will need to be balanced against the possible expense of increased regional tensions[lvi].
An important obstacle to agreements to manage cyber competition or prevent cyber conflict is differing national priorities with regard to access to information. In negotiating international agreements on cyberspace, democratic nations will seek to limit espionage and crime. Authoritarian countries may instead seek to limit access to information and to social networks which they see as weapons that can be used against them[lvii]. The experience of the Orange Revolution in Ukraine, dissent in Iran, and the more recent “Arab Spring” events in Tunisia and Egypt reinforce the notion that new technology creates political risks[lviii]. One Chinese official went so far as to state in private meetings that “Twitter is an American plot to destabilize Iran”[lix].
A huge cyber security market is mushrooming, the world over. Increased adoption of cloud computing, data centres and wireless communication devices are primary growth drivers for the cyber security market. Organizations are increasingly looking at services, such as managed security, to protect sensitive systems and networks[lx]. The industry will grow by 11.3 percent each year and reach $120.1 billion by 2017. According to Markets and Markets (M&M), a Dallas-based research company and consulting firm, Western Europe and the Asia-Pacific region are estimated to contribute $28.1 billion and $25.9 billion, respectively, to worldwide totals by 2017[lxi]. Out of this public sector and utilities will account for about 30 percent. Western Europe and the Asia-Pacific regions are estimated to contribute $28.1 billion and $25.9 billion, respectively. Latin America, the Middle East, Africa and Eastern Europe are projected as high-growth sub-regions. Latin America, the Middle East, Africa and Eastern Europe are considered high-growth markets in the report.
In the United States and elsewhere, plans to combat the threat have raised privacy concerns and accusations that governments are overreacting[lxii].
However, Britain’s intelligence services, working alongside security experts from private companies, are setting up a secret control centre in London to combat what the head of country’s domestic spy agency has described as “astonishing” levels of cyber attacks. A team of security analysts at an undisclosed location will monitor attacks on large screens and provide details in real-time of who is being targeted. The British initiative, which also includes the creation of a social network-style Web portal to facilitate information exchange, is the latest in a series of international measures to combat what is seen as the growing threat of cyber attacks to both business and government networks.
President Obama has recently signed an executive order to increase information sharing about cyber threats between the government and private companies. “We have seen a steady ramping up of cyber security threats,” Mr. Obama said in a recent interview. “Some are state sponsored; some are just sponsored by criminals.”
Some 160 companies including financial, defence, energy, telecommunications and pharmaceutical sectors have joined a pilot program for the British government’s information sharing initiative since it was launched last year[lxiii]. The European Union, meanwhile, is studying proposals for greater information sharing following a series of high-profile cyber attacks directed at eBay, PayPal and Diginotar, a Dutch Internet certificate company. “A reminder is in order,” Thomas Rid wrote in “Foreign Policy” in March 2013: “The world has yet to witness a single casualty, let alone fatality, as a result of a computer attack.” Mr Rid, a London University war studies expert, said that private computer security companies were keen to pocket government money earmarked for cyber security. “And hype is the means to that end.”
Cyber criminals go where there is money. As Asian countries become wealthier, fraud and extortion committed over the internet will increase. These activities do not constitute war; but cyber-competition can add to the risks of conflict. It is therefore important to consider possible ways to manage or mitigate the risks of intensified cyber competition or conflict in Asia. These risks can be better managed if cyber conflict is put into a framework of shared understandings on norms of behaviour and the application of international law. Controlling this risk requires establishing rules of the game. Amongst the cyber-capable nations of Asia, there are some shared interests alongside many areas of potential competition. The strategic cyber challenge in Asia should be addressed in multiple ways. The possession of advanced cyber attack capabilities has tended to instil caution in nations. Because of recent emergence of technological breakthroughs in cyber technology, lack of agreement on norms, and the potential to mistake cyber espionage for military action, there are serious risks of miscalculation during escalation phases of interstate tensions. Hence there is a need to pursue cooperative approaches like: agreement on norms for responsible state behaviour in cyberspace and reaching a common agreement on the applicability of international laws of peace and war in the arena of cyberspace. Cooperation among Asian countries in combating cybercrime may be, in some ways, easier to obtain than cooperation in other areas of cyber security that are more closely linked to state power and competition, but the utility of cyber crime as a proxy for pursuing state goals could also limit the scope of any agreement and compliance with it.
[*] The author is a Consultant at the Islamabad Policy Research Institute (IPRI) on Policy and Strategic Response and is a former Assistant Chief of Air Staff, Pakistan Air Force.
[i] United Nations Institute for Disarmament Research, “Cyber security and Cyber warfare: Preliminary Assessment of National Doctrine and Organization,” 2011.
[iv] “US China Commission, Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage.”
http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsand. CyberEspionage.pdf ( accessed on April 12. 1023)
[vii] UNIDIR, Cybersecurity and Cyberwarfare: Preliminary Assessment of National Doctrine and Organization7 Gary Waters (ed.), Australia and Cyber-warfare, Australian National University,
http://epress.anu.edu.au/sdsc/cyber_warfare/pdf/whole_book.pdf6 (accessed on April 10, 2013)
[xi] James Lewis, “Hidden Arena: Cyber Competition and Conflict in Indo-Pacific Asia”, Prepared for the Lowy Institute MacArthur Asia Security Project, http://kms1.isn.ethz.ch/serviceengine/Files/ISN/134215/ipublicationdocument_singledocument/9b169842-9151-
454e-a469-44ac39346672/en/pdf-1-92-9045-011-J-en.pdf3 (accessed on March 31, 2013).
[xv] “INTERPOL Global Complex in Singapore to enhance and strengthen policing worldwide,”
https://www.interpol.int/Public/ICPO/PressReleases/PR2010/PR052.asp4 (acessed on March30, 2013).
[xviii] “Hackers From China Resume Attacks on U.S. Targets,” International Herald Tribune, Global Edition Asia Pacific, May 19, 2013. David E. Sanger reported from Washington, and Nicole Perlroth from San Francisco. http://www.nytimes.com/2013/05/20/world/asia/chinese-hackers-resume-attacks-on-us-targets.html?src=me&ref=general&_r=0 (Accessed on May 21, 2013).
[xxi] Keith Bradsher, “China Blasts Hacking Claim by Pentagon”, International Herald Tribune (New York) Global Edition, Asia Pacifie, May 7, 2013. Chris Buckley contributed reporting from Hong Kong, and Patrick Zuo contributed research from Beijing. http://www.nytimes.com/2013/05/08/world/asia/china-criticizes-pentagon-report-on-cyberattacks.html?ref=asia (accessed on May 21, 2013).
[xxv] Keith Bradsher, “China Blasts Hacking Claim by Pentagon”, International Herald Tribune (New York) Global Edition, Asia Pacifie, May 7, 2013. Chris Buckley contributed reporting from Hong Kong, and Patrick Zuo contributed research from Beijing. http://www.nytimes.com/2013/05/08/world/asia/china-criticizes-pentagon-report-on-cyberattacks.html?ref=asia (accessed on May 21, 2013)
David E. Sanger, David Barboza and Nicloe Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking Against U.S”. International Herald Tribune (New York) Global Edition, Asia Pacifie, February 18, 2013. http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?ref=asia&_r=0 (accessed on May 21, 2013).
[xxxi] Office of the National Counterintelligence Executive, “Foreign Spies Stealing Us Economic Secrets in Cyberspace, October 2011, http://www.dni.gov/reports/20111103_report_fecie.pdf9 (accessed on March 15, 2013).
[xxxiv] James A. Lewis, “Speak Loudly and Carry a Small Stick: The North Korean Cyber Menace,”
September 7, 2010, http://38north.org/tag/cyber-war/ 11 (accessed on March 03, 1013).
[xxxvii] Northrop Grumman Corporation, “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation”,
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf and Inkster, Nigel, “Chinese Intelligence in the Cyber Age, IISS”,
[xxxviii]Soldatov, Andrei “Vladimir Putin’s Cyber Warriors,” http://www.foreignaffairs.com/articles/136727/andreisoldatov/vladimir-putins-cyber-warriors5 (accessed on April, 05, 2013).
[xxxix] Northrop Grumman Corporation, “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation”,
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf and Inkster, Nigel, “Chinese Intelligence in the Cyber Age, IISS”,
[xliv] “China’s Emerging Cyber War Doctrine,” Journal of Defence Studies,” Institute for Defence Studies and Analysis, 2008.
[xlv] “Foreign Spies Stealing Us Economic Secrets in Cyberspace”, Office of the National Counterintelligence Executive, October 2011, http://www.dni.gov/reports/20111103_report_fecie.pdf9 (accessed on March 23, 2013)
[xlvi] The White House, “International Strategy for Cyberspace,” May 2011,
http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf12 (accessed on May 03, 2013). “Tang Lan” Let us join hands to make Internet safe,” China Daily, February 7, 2012,
http://www.chinadaily.com.cn/usa/epaper/2012-02/07/content_14551811.htm (accessed on March 25, 2013)
[l] Nicloe Perlroth and David E. Sanger, “Cyber attacks Seem Meant to Destroy, Not Just Disrupt”, International Herald Tribune, Global Edition, March 28, 2013. http://www.nytimes.com/2013/03/29/technology/corporate-cyberattackers-possibly-state-backed-now-seek-to-destroy-data.html?pagewanted=all (accessed on May 22, 20134)
[lii] “INTERPOL Global Complex in Singapore to enhance and strengthen policing worldwide,”
https://www.interpol.int/Public/ICPO/PressReleases/PR2010/PR052.asp4 (acessed on March30, 2013).
[liv] The White House, “International Strategy for Cyberspace,” May 2011,
http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf12 (accessed on May 12, 2013).
[lvii] Deepak Sharma, “China’s Cyber Warfare Capability and India’s Concerns,” Institute for Defence Studies and Analysis, June 2009, www.idsa.in/system/files/jds_5_2_dsharma.pdf (accessed on May 12,2013)
Centre for Strategic and International Studies, ‘Significant Cyber Incidents Since 2006,” http://csis.org/publication/cyber-events-200613 (accessed on March 31, 2013).
[lxi] James Lewis, Hidden Arena: Cyber Competition and Conflict in Indo-Pacific Asia
Prepared for the Lowy Institute MacArthur Asia Security Project, United Nations Institute for Disarmament Research, “Cyber security and Cyber warfare: Preliminary Assessment of National Doctrine and Organization,” 2011, http://kms1.isn.ethz.ch/serviceengine/Files/ISN/134215/ipublicationdocument_singledocument/9b169842-9151-
454e-a469-44ac39346672/en/pdf-1-92-9045-011-J-en.pdf3 (accessed on March 12,2013)
[lxiii] “Government launches information sharing partnership on cyber security”, Press release, cabinet office, March 27, 2013. https://www.gov.uk/government/news/government-launches-information-sharing-partnership-on-cyber-security (accessed on May 22, 2013).