Eng | Pyc

 

   

Oleg Zhdan. The US and NATO strategy in the field of cyber security

Approaches of George W. Bush and B. Obama to cyber security. In 2003 George W. Bush approved first “National Strategy to Secure Cyberspace” in the XXI century [1]. In 2006, the US Joint Chiefs of Staff adopted the doctrine of “Information Operations” [2]. In 2010, the Cyber ​​Command was established in the USA [3].

The current US strategy in the field of cyberspace was publicized on April 17, 2015 under the administration of Barack Obama [4]. It was prepared by the Department of Defense (DoD) and coordinated with the Department of Homeland Security (DHS). This cyber strategy contains an indication of five comprehensive strategic objectives.

  1. Build and maintain ready forces and capabilities to conduct cyberspace operations. The Pentagon intends to create a unified operational platform for cyber operations, accelerate the introduction of defense technologies and assess the capacity of the armed forces responsible for cyber operations for processing multiple situations simultaneously.
  2. Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions. To create single security architecture that includes the issues of cyber security in MIC in order to counter intellectual property theft.
  3. Be prepared to defend the S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence.
  4. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages. The Pentagon intends to develop cyber-opportunities to achieve key security objectives based on accuracy, and to minimize loss of life and destruction of property.
  5. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.

The Strategy identifies potential adversaries of the United States:

  • Russia secretly creates a cyber weapon, but its intentions are difficult to identify;
  • China abducts intellectual property from global business and undermines US competitiveness;
  • Iran and the DPRK have less developed cyber capabilities, but demonstrate hostile intentions toward the US in cyberspace;
  • ISIS uses cyberspace to recruit fighters and spread propaganda;
  • Criminal actors pose a significant threat in cyberspace, especially for financial institutions;
  • Ideological groups use hackers to achieve their political goals.

Presenting this Strategy within the walls of Stanford University, Defense Minister Ashton Carter drew attention to a number of its features.

Firstly, he said, the United States would respond without any hesitation to cyber attacks, using military force if necessary.

Secondly, it is about protecting not only the information infrastructure of the Pentagon, but also of other parts of American society.

Thirdly, within the framework of the new cyber strategy, a separate command is created, which will be responsible for cyber security (this is, in total, 133 units and more than 6 thousand people).

Fourthly, since private sector owns and operates over 90% of the entire computer networks in the US, companies must also invest in protecting their cyberspace [5].

 

Trump administration and the problems of cyber security. Nevertheless, the discontent with the implementation of this Strategy gradually accumulated. This discontent came out during the presidential campaign in the US, when the topic of possible Russian interference in the US elections was being discussed. In this regard, the Washington Center for Strategic and International Studies (CSIS) prepared a report on future cyber security policies for the new US administration [6]. Russian experts note that the Board of Trustees of this Center includes new US Secretary of State Rex Tillerson [7].

The authors of the report state that DHS has not turned into a real center of cyber security, so the new president should determine the mission of DHS, make cyber security an independent, operational component and provide DHS with adequate resources. In this regard, CSIS invited the new administration to take the following important steps in the field of cyber security:

  • to intensify the negotiation process on the Budapest Convention on Cybercrime, which Russia has not signed;
  • to expand the data exchange on potential criminals from non-cooperative countries between the United States and its allies;
  • to create Division of Data Protection within the Federal Trade Commission (FTC), which will conduct an audit of commercial and government structures for the protection of data from cyber attacks;
  • to entrust the National Institute of Standards and Technology with the task of developing common standards and guidelines for all federal agencies on user data protection;
  • to require DHS, in conjunction with the National Governors Association, to establish an interagency group on monitoring cyber attacks in state and local governments;
  • to form a body on the basis of the Cyber Threat Information Integration Center under DHS that will disseminate information about cyber attacks on other federal agencies;
  • to request Congress to significantly increase the resource allocation for the FBI for creation of new encryption algorithms, encryption and decoding tools to access the foreign intelligence ciphers;
  • to involve units of the National Guard in the protection of the United States from cyber threats, etc [8].

On March 10, 2017, the US Defense Science Board task force published a report stating that critical American infrastructure will remain vulnerable to catastrophic cyber attacks from Russia and China for at least 10 years, and other foreign nations place malicious software inside computer networks used to control the U.S. electric grid. The report also says that the Russian Federation tried to influence the outcome of the US presidential elections of 2016. The report recommends military to develop offensive cyber capabilities in order to deter a cyber attack against infrastructure [9].

In January 2017, D.Trump intended to sign Executive Order that would centralize the government’s efforts to ensure cyber security, close interaction of the executive power with the owners and operators of critical infrastructure, and develop a strategy to counter potential adversaries [10]. Nevertheless, on January 31, 2017, Deputy Press Secretary of the US Head of State, S. Grisham, reported that President D. Trump had indefinitely postponed the signing of this Order on cyber security. At the same time, he did not mention the reasons for postponing the document signing, the time frame when the president will sign it, and whether he intends to do it [11].

Against this background, on March 7, 2017, WikiLeaks website published leaks from the CIA under the code Vault 7, which revealed that the CIA used TVs, telephones, network devices and even antiviruses for espionage. According to WikiLeaks, as of the end of 2016, there were more than 5,000 employees in the special unit of the CIA, which deals with computer hacking and software development [12]. It also became known from the leaks that the CIA has five secret “listening posts” called “Pocket Putin”, and that US intelligence can, if necessary, arrange cyber attacks under the guise of Russians.

In this regard, Julian Assange stated: “The CIA lost control over its entire cyber weapons arsenal. What do I mean by cyber weapons: those are weaponized viruses, Trojans and malware designed to penetrate the smart phones, smart TVs, computer systems of the world and then control them, disable them, insert information to them, extract information from them. Now this is a historic act of devastating incompetence to have created such an arsenal and store it all in one place and not secure it. WikiLeaks discovered the material as a result of it being passed around a number of different members of the US intelligence community out of control in an unauthorized fashion” [13].

On March 7, the FBI and the CIA began an investigation to find out how the documents got to WikiLeaks [14]. Experts from the New York Times note that the CIA is urgently trying to contain the damage from documents published by WikiLeaks [15]. First of all, the official representative of the CIA, H.F.Horniak, accused WikiLeaks of the fact that such disclosures jeopardize US personnel and operations. At the same time she stressed that the CIA actions were not directed against American citizens [16]. “A small group of contractors”, who had previously worked for the CIA, fell under suspicion [17].

In general, this leakage story had a very negative impact on the global situation, as many countries (including US allies) were once again convinced that Washington established surveillance on them. In this regard, the “Bloomberg” expert L.Bershidsky writes that the CIA revelations on the WikiLeaks “look like a dud”. According to him, the leak “reveals a somewhat lower level of technological sophistication than can be expected from a U.S. intelligence agency – unlike Snowden’s NSA cache. It gives foreign intelligence services an insight into the specific methods used by the CIA and probably sets off a distracting, morale-destroying hunt for the leaker. It puts the CIA on the defensive, makes it look weak and thus helps President Donald Trump in his public battle with the intelligence community. Since the CIA documents appear genuine, it’ll only strengthen a sense that Russia – and perhaps other foreign powers – have penetrated the U.S. intelligence community and disarmed its cyber operations” [18].

Indeed, on March 9, 2017, Chinese Foreign Ministry Spokesperson Geng Shuang said that China is concerned about the CIA’s leaked materials on cyber intelligence and urged US to stop surveillance of other countries [19]. On the same day, Russian Foreign Minister S.Lavrov said that experts consider the information on the CIA’s hacker arsenal “quite and quite plausible”, and that Moscow is forced to take this into account [20]. S.Lavrov recalled that while Russia is accused of cyber attacks in the US on the basis of “fingerprints”, which point to the source of the attack, WikiLeaks documents indicate that the CIA had the opportunity to mask its hacker attacks and create the appearance that they were carried out by foreign states, including the Russian Federation. S.Lavrov also said that he tries not to take mobile phone with him to negotiate sensitive issues in order to prevent the possibility of wiretapping [21].

 

Cyber strategy of NATO. The problems of cyber security have long been at the forefront of the NATO leadership. In October 2007, NATO countries began to develop policies in the field of cyber security. In early 2008, this policy was formulated and adopted. At the meeting of NATO Ministers of Defense (2008), the Federal Republic of Germany, Slovakia, Latvia, Lithuania, Italy and Spain decided to establish a Cyber security Center in Tallinn, which began operating in August[22]. According to some experts, the work of this Cyber security Center in Estonia is “much more useful for NATO than the Estonian army, consisting of several thousand people with extremely limited mobilization potential” [23].

In the wake of accusations against the Russian Federation over its possible interference in the US and Europe electoral processes, NATO sharply intensified its policy in the field of cyber security. In particular, on Jan. 19, 2017, NATO Secretary-General J. Stoltenberg said that in 2016, an average of 500 dangerous cyber attacks per month were  reported on the servers of the agencies of NATO member countries, which is 60% more than in 2015.  In his opinion, the majority of hacks were committed not by individuals, but by order of government agencies of third countries. In the opinion of the NATO Secretary-General, cyber attacks are a potential threat because they can damage energy supply and health facilities, other strategic infrastructure facilities and put at risk the defense capabilities of NATO countries. J. Stoltenberg stressed that cyber attacks can lead to the implementation of Article 5 of the NATO Treaty [24].

On March 3, 2017, the Deputy Supreme Allied Commander Europe Gen. A.Bradshaw, said that “fake” news, cyber attacks and political influence on any NATO country could fall under Article 5 of the NATO Treaty on Collective Defense, which states that the attack on one of the alliance member is an attack on the entire NATO bloc. Therefore, NATO should work more closely with the EU on coordination in the field of diplomacy, politics, economics and information. Otherwise, the risk of a military conflict increases: “This is not just a question of military deterrence. We need hybrid containment [25]”.

However, already on March 4, 2017, former US ambassador to the Russian Federation M. McFaul stated that the cyber attack against one of NATO members could be considered as a reason for application of the collective defense of the alliance in accordance with Article 5 of the NATO Treaty, but there are no precedents. Even though when Estonia wanted to call the Allies for help in 2007, they decided that they did not want to get involved in a war with Russia because of cyber attacks [26].

Conclusions and generalizations. Analysis of cyber strategies of the United States and NATO allows us to draw a number of conclusions. First, the United States and NATO are paying increasing attention to cyber security. Secondly, the US and NATO are striving to doctrinally formalize their official views on the problems of cyber security. Thirdly, the US and NATO reinforce the military component of cyber security and create appropriate units in their Armed Forces. Fourthly, the US and NATO allow a military response to foreign cyber attacks directed against strategically important facilities of their critical infrastructure.

_____________________

[1] National Strategy to Secure Cyberspace. February 2003 //https://www.us-cert.gov/sites/default/files/publications/cyberspace_strategy.pdf.

[2] Information Operations. Joint Publication 3-13. Washington D.C.: Joint Chiefs of Staff, 13 Feb. 2006. //http://www.carlisle.army.mil/DIME/documents/jp3_13.pdf.

[3] Кабасакалова М. «Информационные войска»: невидимый фронт национальной безопасности //http://www.iarex.ru/articles/53668.html.

[4] The DoD Cyber Strategy. THE DEPARTMENT OF DEFENSE. CYBER STRATEGY. April 2015 //https://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf.

[5] Зельдин Дж., Галло У. Пентагон разработал новую кибер-стратегию //http://www.golos-ameriki.ru/a/pentagon-new-cyber-streategy-warns-adversaries-us-will-hit-back/2732607.html.

[6] Cyber Policy Task Force Working Group Discussion Papers //https://csis-prod.s3.amazonaws.com/s3fs-public/170110_CSIS_Cyber_Policy_Discussion_Papers.pdf

[7] Хетагурова Э. 9 кибер-шагов: Трампу готовят новую стратегию борьбы с русскими хакерами //https://life.ru/t/%D0%BF%D0%BE%D0%BB%D0%B8%D1%82%D0%B8%D0%BA%D0%B0/956945/9_kibier-shaghov_trampu_ghotoviat_novuiu_stratieghiiu_borby_s_russkimi_khakierami.

[8] Cyber Policy Task Force Working Group Discussion Papers //https://csis-prod.s3.amazonaws.com/s3fs-public/170110_CSIS_Cyber_Policy_Discussion_Papers.pdf

[9] Pentagon: Russia, China Able to Launch Catastrophic Cyber Attacks on U.S. Infrastructure for Next 10 Years. Defense Science Board calls for new cyber deterrence plan targeting foreign leaders //http://freebeacon.com/national-security/pentagon-russia-china-able-launch-catastrophic-cyber-attacks-u-s-infrastructure-next-10-years.

[10] Statement by Press Secretary Sean Spicer //https://www.whitehouse.gov/the-press-office/2017/01/31/statement-press-secretary-sean-spicer.

[11] Дивеева Ю. Трамп отложил подписание указа о кибербезопасности. Причины, по которым президент изменил решение, не называются //http://www.kp.ru/online/news/2643323.

[12] Vault 7: CIA Hacking Tools Revealed //https://wikileaks.org/ciav7p1/#PRESS.

[13] Julian Assange: CIA ‘Lost Control Of Its Cyber Weapons Arsenal’ | MSNBC //https://www.youtube.com/watch?v=2jrbbhjun84.

[14] Басисини А., Сивичев Д. ЦРУ смотрит в мир: что стало известно из новых публикаций WikiLeaks //http://www.rbc.ru/politics/09/03/2017/58c179589a7947b22dad0792.

[15] C.I.A. Scrambles to Contain Damage From WikiLeaks Documents //https://www.nytimes.com/2017/03/08/us/wikileaks-cia.html?_r=0.

[16] CIA Statement on Claims by Wikileaks March 8, 2017 //https://www.cia.gov/news-information/press-releases-statements/2017-press-releases-statements/cia-statement-on-claims-by-wikileaks.html/

[17] В утечке документов ЦРУ заподозрили недовольных программистов //http://vz.ru/news/2017/3/12/861493.html.

[18] Wikileaks’ CIA Revelations Look Like a Dud for Now //https://www.bloomberg.com/view/articles/2017-03-08/wikileaks-cia-revelations-look-like-a-dud-for-now.

[19] Манукян Ж. Китай обеспокоен материалами Wikileaks по киберразведке ЦРУ //https://ria.ru/world/20170309/1489586037.html.

[20] В МИД РФ считают правдоподобной информацию о хакерском арсенале ЦРУ //https://www.pnp.ru/politics/2017/03/09/v-mid-rf-schitayut-pravdopodobnoy-informaciyu-o-khakerskom-arsenale-cru.html.

[21] Зарубежные дипломаты обеспокоены утверждениями WikiLeaks о хакерских возможностях ЦРУ //http://www.golos-ameriki.ru/a/wikileaks-foreign-react/3757452.html.

[22] В Таллинне создается информационно-аналитический Центр кибербезопасности НАТО //http://www.golos-ameriki.ru/a/a-33-2008-05-16-voa4/600408.html.

[23] Курилкин А. Как кибервойска и хакеры меняют реальность //http://eurasia.expert/kak-kibervoyska-i-khakery-menyayut-realnost.

[24] NATO-GENERALSEKRETÄR: «Cyberangriffe können Bündnisfall nach Artikel 5 auslösen» //https://www.welt.de/politik/article161307855/Cyberangriffe-koennen-Buendnisfall-nach-Artikel-5-ausloesen.html.

[25] В НАТО заявили, что «фейковые» новости могут приравнять к атаке на альянс //https://ria.ru/world/20170303/1489245080.html.

[26] Макфол: призвать на помощь НАТО из-за кибератаки не получится //https://russian.rt.com/inotv/2017-03-04/Makfol-prizvat-na-pomoshh-NATO.