Civil dimension of security



Download 159.78 Kb.
Page3/5
Date05.05.2018
Size159.78 Kb.
#47432
1   2   3   4   5

Transparency vs. secrecy

19. The relationship between transparency and secrecy remains a key dilemma in the Information Age and has dominated worldwide media, especially since the outbreak of the WikiLeaks phenomenon. On the one hand, there are pro-transparency advocates who argue that the existence of WikiLeaks certifies that transparency of governments and other organisations is publicly desired. According to them, it is precisely the current Internet age that is conducive to institutional reform, increases public trust in government conduct, and enhances co-operation.24 And, as transparency proponents argue, we should not react to this development by limiting the spread of technologies and information, but instead by focusing on adapting the conduct of diplomacy, military affairs and intelligence to the new paradigm.25


20. That said, the Rapporteur believes that even if one is in favour of transparency, military and intelligence operations simply cannot be planned and consulted with the public. Without some secrecy, it would be impossible for governments, and especially security agencies, to perform their functions and to protect citizens. Added to which, transparency can be misused on several levels – by providing unprofessional or poor-quality interpretation of information or documents, by lack of experience on the topic or by pursuing a political agenda. Thus, not everything carried out under the “transparency label” is necessarily good for the government and its people. Moreover, the very ideal of transparency can also force public figures to become more secretive. The Information Age and its transparent nature may, for example, prevent diplomats from conducting “business as usual” such as making off-the-record statements or engaging in frank discussions with their colleagues.26 It also increases pressure on decision makers, who have to identify, assess, and react to information, which is immediately and widely accessible to other governments, organisations, as well as the public.27 This is an unnecessary and possibly dangerous pressure, especially when it comes to the issues of security.


  1. Digital (H)activism

21. This chapter will discuss the phenomenon of emerging borderless communities and networks, most of which are welcome, but some of which are highly dangerous. Virtual communities operating on-line provide new opportunities for civil society, but they have also increased the potential for asymmetrical attacks.



  1. The phenomenon of Hactivism

22. Apart from causing harm, destruction or conducting espionage, some of the most recent cyber attacks have also been used as a means to reach a rather different goal. “Hactivism” is a relatively recent form of social protest or expression of ideology by using hacking techniques. Hactivists use different malware (or “malicious software”) and Distributed Denial of Service (DDoS) attacks to publicise their cause rather than for crime. Such attacks first occurred in 1989 but have gained more prominence over the last decade. In the past hactivists have attacked NASA, the Indonesian and Israeli governments, Republican websites, as well as the University of East Anglia.28


23. One of the most prominent group of on-line hackers - Anonymous - led a campaign against Iran, Australia and the Church of Scientology.29 Their most prominent campaign, however, took off in 2010 after WikiLeaks had released the US diplomatic cables. In its on-line seven-point manifesto, Anonymous announced its engagement in “the first infowar ever fought” and named PayPal as its enemy.30 What followed were DDoS attacks against Mastercard, Visa, PayPal, and other companies that had decided to stop providing services for WikiLeaks (they used to administer online donations for the site), against the Swiss bank PostFinance, that had earlier closed Julian Assange’s bank account, and against the Swedish Prosecution Service.31 The group also attacked Amazon.com, which was previously renting server space to WikiLeaks.32

24. Observers note that Anonymous is becoming more and more sophisticated and could potentially hack into sensitive government, military, and corporate files. According to reports in February 2011, Anonymous demonstrated its ability to do just that. After WikiLeaks announced its plan of releasing information about a major bank, Anonymous hacked servers of the Internet security company HBGary Federal’s sister company and hijacked the CEO’s Twitter account in response to the CEO’s statement that he was about to uncover the identities of Anonymous members. Today, the international group of hackers and activists is said to have thousands of operatives and has no set rules or membership.33 It is certainly a challenge for law enforcement agencies to develop effective countermeasures against such virtual cross-border communities formed and disbanded on an ad hoc basis.



    1. The role of the social media

25. The discourse on the Information Age and new social media gained a new momentum in the beginning of 2011, as numerous countries in North Africa and the Middle East began experiencing popular anti-government uprisings. It was the Internet, in combination with other new and old media such as cell phones and television that has enabled global resistance to authoritarian rule in the region. The sight of protesters holding up signs “Thank you, Facebook!” has become common in Egypt and Tunisia.34 Journalists, experts and politicians are increasingly using terms such as “Facebook Revolution”, “Twitter Diplomacy”, or “Cyber-Activism”.35 Today, Facebook is a community that unites more people than any other country in the world, save for China and India, and if the growth trends keep going as they are, the social network site will soon have more users than India has inhabitants.36


26. Social media, and most prominently Facebook, have helped activists in many of these countries to organise anti-government protests, evade surveillance, discuss issues that have been taboo for decades such as torture, police violence or media censorship, and provided a platform for trading practical tips on how to stand up to rubber bullets and organise barricades.37 Recognising that new social media have had an important share in the success of public resistance, two days after demonstrations started in Egypt, Facebook, telephones, and Internet all over the country were switched off. A few days later, when the Internet connection was restored and Facebook users regained access to their accounts, they found that the regime attempted to use this tool for disseminating pro-Mubarak propaganda. Most recently, Facebook pages, groups and blogs attempting to mobilise protesters have appeared in Algeria, Bahrain, Morocco and Syria. As a show of support for the protestors, the online group Anonymous attacked websites of the Tunisian and Egyptian government, Mubarak’s National Democratic Party and the Tunisian stock exchange, making them unavailable for certain periods of time.38
27. Proponents of social media argue, that “merely knowing about social dynamics changes social dynamics”. The authority of one’s peers has been proven to have substantial influence on the decisions made and thanks to these new social media peer influence has evolved into multiple, nation-wide protests. However, others argue that the influence of new social media in respect to the 2011 revolutions has been overrated. Critics say that social media can only provide fast co‑ordination of masses but do not deliver the narrative or resolve that are essential for starting and sustaining any popular movement.39 As an example, in Egypt the protests started growing significantly after the government had shut down the Internet. The social media also do not prevent popular protests from being contained by governments and security services. In other words, they do not determine the outcome.
28. In the wake of popular uprisings in North Africa and the Middle East, social media representatives have reacted very differently to the events. Facebook’s representatives declined to discuss Facebook’s role in the uprisings and provided only a short statement: “We’ve witnessed brave people of all ages coming together to effect a profound change in their country. Certainly, technology was a vital tool in their efforts but we believe their bravery and determination mattered most.” Twitter and YouTube (owned by Google), embraced their roles in the protests more openly. As opposed to Facebook, they took a proactive approach after the Internet was shut down in Egypt by assisting protesters in setting up a new service, "speak2tweet", that would allow people to communicate and organise.40 WikiLeaks founder, Julian Assange, was even more eager to attribute the success of these recent resistance movements to his site. According to him, it was the US diplomatic cables leaked by WikiLeaks that gave the army ‘the confidence that they needed to attack the ruling political elite’..41
29. Most recently, in June, Europe’s last dictatorship was also struck by a wave of anti‑government rallies. Due to severe shortage of dollar and euro reserves, the Belarusian government devaluated its national currency, which resulted in overnight pressure on living standards. As a consequence, opponents of these measures started anonymously organising themselves through social networking sites such as Facebook and its Russian equivalent vKontakte.42 After initial arrests, organisers opted for so-called “silent” forms of protest. By posting instructions on-line, they called on people to fill up parks or squares without doing anything apart from clapping their hands, having their phones buzz or play music at an agreed time, or simply drive slowly through Belarusian towns playing the popular Soviet-era song called “We Are Waiting for Change”.43 So far the state police have been unable to identify those posting instructions via social media. The new concept of “silent demonstrations” is making it difficult for the police to know who is actually taking part in the protest. The demonstrations have not yet managed to mobilise large numbers of supporters or pose any real threat to the ruling elites. They have, however, managed to utilise social media to involve several thousand people of all professional backgrounds as well as different age-groups.44


  1. Cyber Attacks and Cyber Defence

30. As mentioned above, the Information Age has brought about an environment that has made the state and society more vulnerable to digital attacks. They are vulnerable because we no longer keep our files and data on a shelf, but in a virtual world accessible from any of the world’s corners. As in the case of WikiLeaks, these files can be physically removed from a computer, handed over to adversaries, or simply made public. Apart from that, however, one of the greatest strengths as well as weaknesses of the Information Age is that files can also be accessed and on-line services disrupted from afar by various “cyber attacks”. The term “cyber attack” represents a myriad of activities ranging from stealing passwords, to accessing accounts, disrupting critical infrastructure of a country or spying on an enemy.45 As cyber experts testified to the members of two NATO PA Sub-Committees during the visit to The Hague on 18-20 April 2011, there is still no agreement within the international community as to which of these cyber activities constitute a crime. NATO C3 Agency’s Principal Scientist Brian Christiansen suggested that the existing legislative “black holes” should be addressed in a multinational manner due to the transnational nature of the threat and this argument has been supported by many cyber security specialists.46


31. Due to its decentralised nature, the Internet per se is in fact extremely robust and resilient as it was designed to withstand nuclear war. However, separate parts of this network of networks are vulnerable to cyber threats. The most disquieting feature of the cyber domain is that the attacker has the advantage over the defender. Perpetrators need only one weak point to get inside the network, while defenders have to secure all vulnerabilities. These attacks also take place at the speed of light which leaves little or no time react to attacks. Furthermore, the inherent nature of the Internet allows an attacker to forge the sender’s address or to use botnets (zombie computers often located in different countries), thereby disguising the true identity of an attacker and leading to misattribution of the source of an attack.47It is estimated that roughly 1,200 botnets reside on US soil alone.48
32. The problem of attribution is widely recognised as the biggest obstacle for effective cyber defence. Professional hackers can easily cover their tracks and thus avoid penalties. Deterrence, a critical element of a traditional defence paradigm, is problematical in cyber space. In addition to which, most cyber attacks are performed by civilian hacker groups so it is very difficult to prove government involvement. For instance, experts suggest that the thriving Chinese hacker community is not directly supervised by respective government authorities but merely encouraged financially or through ‘patriotic’ education mechanisms such as the People's Liberation Army's militia and reserve system. It makes it difficult to blame Beijing for the attacks such as the one in 2007, when some 25-27 terabytes of information (equivalent to roughly 5,000 DVDs) were illegally copied from the Pentagon.49
33. According to Kenneth Geers of the NATO Co-operative Cyber Defence-Centre of Excellence (CCDCOE) in Estonia, who spoke on the issue at the CDS Committee’s Spring Session in Varna, Bulgaria, 27-30 May 2011, the internet and computer programmes are so complex that they are almost impossible to secure. It is not, however, entirely impossible to track down cyber attackers. Firstly, in order to attribute successfully cyber attacks, we need to develop a system of international co‑operation among governments and experts, possess a network of effective human intelligence and conduct thorough police investigations. All these steps are essential because simply outlawing hacking or only employing cyber means when tracing attacks is insufficient. According to Kenneth Geers, NATO, being a powerful alliance of members with high tech capabilities and great financial assets, is the right organisation to tackle the issue. Secondly, we might be able to solve the problem of attribution thanks to the new Internet Protocol version 6 (IPv6), which has built in authentication technology and makes it possible to limit interaction only to confirmed ID ‑ white‑listed – users into your network. This technology limits internet connectivity but, on the other hand, it provides a new level of protection.
34. At the moment, however, sources of cyber attacks are almost impossible to trace. Nevertheless, when it comes to the involvement of states in cyber attacks, Russia and China are said to be the usual suspects.50 From what we know today, terrorist groups such as al-Qaeda do not yet have the capability to carry out such attacks. However, terrorists are increasingly acquainted with the possibilities offered by the Internet. Extremists have long used the Internet to spread their ideals as well as details of tactics, techniques and procedures used in terror attacks. Since 2001, many internet sites have been monitored and shut down in the United States.51 But sites are constantly changing and security officials need to be agile in locating them. Furthermore, chat-rooms and online publications are used not only to spread their violent message amongst supporters but to radicalise and recruit new members also. Of note is al-Qaeda’s ‘Inspire’ web publication which was reportedly recently hacked itself by British security officials.52
35. As noted, the cyber domain is extremely dynamic and rapidly developing, making it difficult for cyber security experts to always react adequately and speedily to novelties. For instance, one of the newest trends is the emergence of the so-called ‘cloud computing’. Cloud computing is network-based computing where software, data storage and other resources are provided over a shared network. It allows users to access their company’s business applications securely through the ‘cloud’.53 Governments as well as the private sector benefit from cloud computing, which helps to increase productivity, cut costs (according to Brookings Institute’s estimates, the US government can save up to 25-50% of its IT costs), keep pace with technology innovation, and become more transparent with their citizens.54 Nevertheless, the process also raises some key data security concerns, which include: vendors using ineffective security practices, agencies not able to examine the security controls of vendors, cybercriminals targeting data-rich ‘clouds’, and agencies losing access to their data if the relationship with a vendor ends.55 Thus, standards to regulate this new cyber space need to be set and implemented.56 According to Gregory Wilshusen, Director of Information Security issues at the US Government Accountability Office (GAO), however, US agencies are moving their data to the ‘cloud’ before government-wide security strategy has been developed by responsible agencies. As he continued, “these risks generally relate to dependence on the security assurances and practices of a service provider and the sharing of computing resources.”
36. There are, however, also voices that believe cloud computing will improve security. According to Mike Bradshaw, Director of Google Federal, “Cloud computing vendors store data on multiple servers in multiple locations, making it difficult for cybercriminals to target one location”. Also, vulnerabilities can be managed more rapidly and uniformly.57



  1. Download 159.78 Kb.

    Share with your friends:
1   2   3   4   5




The database is protected by copyright ©ininet.org 2024
send message

    Main page