1. The ongoing information revolution poses a series of political, cultural, economic as well as national security challenges. Changing communications, computing and information storage patterns are challenging notions such as privacy, identity, national borders and societal structures. The profound changes inherent in this revolution are also changing the way we look at security, often in unanticipated ways, and demanding innovative responses. It is said that because of this revolution, the time it takes to cross the Atlantic has shrunk to 30 milliseconds, compared with 30 minutes for Intercontinental Ballistic Missiles (ICBMs) and several months going by boat.1 Meanwhile, a whole new family of actors are emerging on the international stage, such as virtual “hactivist” groups. These could potentially lead to a new class of international conflicts between these groups and nation states, or even to conflicts between exclusively virtual entities.
2. One of the most fundamental characteristics of the Information Age is its ability to connect. In this regard, the main tool is the Internet and the fact that bandwidth and storage capacity is currently doubling every 12 months.2 Interconnectivity is now central to government offices, critical infrastructures, telecommunications, finance, transportation, and emergency services. Interconnectivity is also central to culture and education. Even where communication and data exchanges are not routed through the Internet, they still, in many cases, use the same fibre optic cables.3
3. Despite its inherent advantages, this dependence on information technology has also made state and society much more vulnerable to attacks such as computer intrusions, scrambling software programmes, undetected insiders within computer firewalls, or cyber terrorists. The Internet is inherently insecure as it was designed as a benign enterprise of information exchange, a decentralised patchwork of systems that ensures relative anonymity. It is ill-equipped to trace perpetrators or to prevent them from abusing the intrinsic openness of the cyber domain. In this context, the key national security dilemma of the Information Age is how to create an effective and transparent government, which, at the same time, is also able to protect its citizens and vital national interests. Furthermore, in this Information Age, the North Atlantic Alliance faces a dilemma of how to maintain cohesion in the environment where sharing information with Allies increases information security risks, but where withholding it undermines the relevance and capabilities of the Alliance.
4. It is a critical time for the NATO Parliamentary Assembly (NATO PA) to discuss cyber security, as the Alliance has recently adopted its new comprehensive Cyber Security Policy and Action Plan. The details of this document are not publicly available for understandable reasons. Since the cyber domain is extremely dynamic and increasingly complex, cyber security and defence strategies of the Alliance as well as of individual Allies will be in a constant need of updating and revisiting.
5. This report will focus on three facets of the linkage between Information Age and national security. First, it will discuss the changing notion of secrecy in international relations. This issue was brought to prominence by the so-called “Cablegate” scandal. While the publication of classified diplomatic correspondence was not a result of a cyber attack, it is nevertheless directly linked to the information revolution: remarkable advances in data storage technology allowed one person to easily download colossal volumes of data that has taken the print media months, and possibly years, to digest and to publish.
6. Second, the explosion of Internet usage is creating the phenomenon we refer to as “digital (h)activism”. Social media and other Internet-based communities are creating new, ad hoc and cross-border allegiances that can manifest themselves in a variety of positive (reinforcing civil societies in authoritarian countries) and negative (empowering hacker groups that act against those who do not share their political worldview) ways.
7. Third, the report will discuss the challenge of direct cyber threats against states and, in particular, NATO’s role in cyber defence as one of the principal topics for the Euro-Atlantic community, particularly in the wake of the Lisbon Summit.
8. The report will not address the specific issue of cyber crime. While cyber theft and child pornography are issues of grave concern for the international community4, they do not have direct national security implications and are addressed by a number of other international organisations, including the UN, EU, OSCE, OECD and G8. The Council of Europe Convention on Cybercrime – which requires its parties to criminalise a number of activities in cyber space relating to infringements of copyright, computer-related fraud and child pornography – is a particularly noteworthy initiative that has yet to be ratified by several NATO member states.5
9. This report also represents the continuing effort by the Committee on the Civil Dimension of Security to discuss the issue of critical infrastructure protection within the Alliance. Cyber technologies are not only key enablers for systems such as energy generation or transport, but can themselves be considered as critical national infrastructure.
10. The report also builds upon the contribution by other NATO PA Committees, particularly the 2009 Sub-Committee on Future Security and Defence Capabilities report NATO and Cyber Defence [173 DSCFC 09 E bis] by Sverre Myrli (Norway) and the 2007 Science and Technology Committee report Transforming the Future of Warfare: Network-Enabled Capabilities and Unmanned Systems [175 STC 07 E bis] by Sen. Pierre Claude Nolin (Canada).
The Information Age and the notion of secrecy in international relations
11. This chapter will discuss the challenges of protecting classified information in the age of Internet. It will also outline the political and security implications of the “Cablegate” scandal that highlighted the inter-agency and international co-operation versus sensitive information security dilemma.
The “Cablegate”
12. According to the 11 September attacks investigation, the US government failed to ensure adequate information sharing, which could have prevented the attacks (FBI failed to share details connected to an al-Qaeda operative, who later proved to be key in uncovering the plot). As a result, representatives of the political elite, the military, and the financial world all pressed for wider sharing of classified information in order to increase operational efficiency in protection of the country. Therefore, the US government adopted a policy of information sharing, which it applied to numerous US governmental institutions and agencies including the Department of Defense (DoD) and the State Department (DoS).
13. This policy resulted in an exponential number of people obtaining access to classified information. Approximately 854,000 people now possess top-secret security clearances.6 For almost 10 years now, embassy cables have been distributed through the SIPRNet (Secret Internet Protocol Router Network operated by the DoD), which has made them accessible to DoS employees all around the world, to all members of the US military and contractors with necessary security clearance. Eventually, several millions of people ended up having access to materials such as US diplomatic cables.7 According to information-security experts familiar with the SIPRNet, the data-sharing system was not programmed to detect unauthorised downloading by anyone who had access to this pool of data. Thus, those in charge of the network design relied on those who had access to this sensitive data to protect it from abuse. These users were never scrutinised by any state agency responsible for the data-sharing system.8
14. The US government’s post-9/11 policy on information-sharing received the most serious blow when the “anti-secrecy” organisation WikiLeaks started publishing documents of different levels of confidentiality. Its first major release (April 2010) was a video of a US helicopter shooting into a crowd in Bagdad in 2007 which killed 18 people, including two Reuters journalists. Shortly after, the release of 77,000 documents allegedly revealing the realities of the Afghan war were made public, as well as almost 400,000 secret Pentagon documents on the Iraq war.9 In November 2010, WikiLeaks started releasing about 250,000 US diplomatic cables, many of which were classified. The cables provided US diplomats’ candid assessments of terrorist threats and the behaviour of world leaders.10 Currently, the US authorities suspect that the material was leaked by Private Bradley Manning stationed in the Persian Gulf, who had downloaded the information from a computer in Kuwait. He then allegedly passed these files on to the “whistleblower” organisation, which made them public.
Reaction to the leaks
15. WikiLeaks has spurred public debate with each of its releases. Nevertheless, the November 2010 release of US diplomatic cables got the most aggressive reactions from politicians world-wide. In anticipation of the leaks, Secretary of State Hillary Clinton and her diplomats warned foreign officials about the upcoming leak days before the November 2010 release happened. Following the release, the White House11 as well as the DoS were quick to denounce the leak and, as Secretary of State Clinton put it, characterised the cable disclosure as an “attack on both the United States and the entire international community”.12 Consequently, countries including Turkey, Iraq, Afghanistan, China as well as NATO were quick to condemn the leak.13
16. On the day of the release, the White House ordered government agencies to review security procedures and ensure that only the necessary users had access to their documents.14 Soon after, the President’s Office also appointed an Interagency Policy Committee for WikiLeaks, which was to assess the damage caused by the leaks, co-ordinate agencies’ reactions, and improve the security of classified documents.15 The US DoD conducted an internal 60-day review of security procedures. It also disabled the usage of different storage media and the capability to write or burn removable media on DoD classified computers.16 The Defense Information Systems Agency has also launched a new Host-Based Security System, which is meant to monitor software and policy rules in order to spot suspicious behaviour and alert responsible authorities. For example, the software should set off an alarm if large quantities of data are being downloaded. Today, approximately 60% of SIPRNet is protected by the software. In order for it to be bullet-proof, however, it will probably require additional compartmentalisation of information.17 A similar tracking mechanism is being adopted by US intelligence agencies (referred to as “enhanced automated, on-line audit capability”).18
17. The DoS has limited the number of people with access to the Net Centric Diplomacy database, which contains diplomatic reports19 suspended the access to SIPRNet and to two classified sites ClassNet and SharePoint, as well as prohibited the use of any removable data storage devices.20 Following the leaks, the US Air Force has blocked its employees’ access to at least 20 websites containing the leaked documents such as “The New York Times” and “The Guardian”. The Pentagon prohibited its employees to access the WikiLeaks website on government computers “because the information there is still considered classified”.21 Eventually, the administration banned hundreds of thousands of federal employees of the Department of Education, Commerce Department, and other government agencies from accessing the site. The Library of Congress, one of the world’s biggest libraries, also issued a statement saying that it would block WikiLeaks.22
18. As far as the WikiLeaks website was concerned, following the leak it suffered repeated distributed denial of service attacks, which prompted it to move its server. Companies such as Visa, Mastercard or Paypal suspended all their services to the organisation, which relies heavily on online donations from its supporters worldwide.23
Share with your friends: |