National Cyber Emergencies
eBook - ePub

National Cyber Emergencies

The Return to Civil Defence

  1. 270 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

National Cyber Emergencies

The Return to Civil Defence

Book details
Book preview
Table of contents
Citations

About This Book

This book documents and explains civil defence preparations for national cyber emergencies in conditions of both peace and war.

The volume analyses the escalating sense of crisis around state-sponsored cyber attacks that has emerged since 2015, when the United States first declared a national emergency in cyberspace. It documents a shift in thinking in the USA, from cooperative resilience-oriented approaches at national level to more highly regulated, state-led civil defence initiatives. Although the American response has been mirrored in other countries, the shift is far from universal. Civil defence strategies have come into play but the global experience of that has not been consistent or even that successful. Containing contributions from well-placed scholars and practitioners, this volume reviews a selection of national experiences (from the USA, Australia, India, China, Estonia, and Finland) and a number of key thematic issues (information weapons, alliance coordination, and attack simulations). These demonstrate a disconnect between the deepening sense of vulnerability and the availability of viable solutions at the national level. Awareness of this gap may ultimately lead to more internationally oriented cooperation, but the trend for now appears to be more conflictual and rooted in a growing sense of insecurity.

This book will be of much interest to students of cyber security, homeland security, disaster management, and international relations, as well as practitioners and policy-makers.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access National Cyber Emergencies by Greg Austin, Greg Austin in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & National Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2020
ISBN
9781000029062
Edition
1
Topic
Politics & International Relations
Subtopic
National Security
Index
Politics & International Relations

1 From cyber resilience to civil defence

Contested concepts, elusive goals

Greg Austin and Munish Sharma

Leading states, businesses and civil society actors have recently become more deeply concerned about national cyber emergencies. In April 2015, US president Barack Obama declared a “national emergency” as a result of foreign malicious actions in cyberspace. He said that they presented “an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States” (White House 2015). In late December 2016, the national cyber emergency was renewed (White House 2016). That same month, the United States issued a new plan to address a nationally significant cyber incident (DHS 2016: 8). The document, National Cyber Incident Response Plan, defines this as an attack “likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people”. The plan reflects both the familiar focus on the cyber-technical dimensions for protection of critical infrastructure and a new focus on political information warfare conducted through cyberspace, though the document does not distinguish between cyber threats with political impacts as opposed to those with business impacts. Without using the term civil defence, the plan was, up to that time, the most comprehensive public document setting out what cyber civil defence in the United States might mean. In terms of length, detail, and scope, the document probably has no peer in any other country. It explicitly states that “All elements of the community must be activated, engaged, and integrated to respond to a [nationally] significant cyber incident” (6). It sets out a comprehensive agenda for building nationwide capabilities in which local initiative (a hallmark of civil defence) is essential.
The same month, December 2016, Russia (Kremlin 2016) and China (CAC 2016) issued strategies for national information security which were wide ranging at the same time as reflecting a concern for escalating cyber confrontations that would require important new response capabilities. For these two countries, their version of national cyber emergency was premised more on continuing ideological warfare by the United States on their country’s political and moral fabric. For both countries, the concept of social defence of the population was a central element (rhetorically at least). Both countries linked country-wide information security to national security.
For all three of these countries, the scope of the issues now in play went well beyond traditional approaches to cyber security and critical infrastructure protection, with an intensified concentration on non-cyber economic and social effects of such attacks. An important component of the new threat landscape was information warfare of the sort demonstrated by covert Russian use of social media to influence political outcomes in the United States which had intensified through 2016 (United States ODNI 2017). The “emergency” framing by the United States also included threats posed by large-scale Chinese cyber espionage that the US government says has been underway for more than a decade and claims is affecting its national economic viability.
Several middle powers responded to the escalating threats with civil defence planning. In 2016, Germany issued new regulations on civil defence (Zivile Verteidigung) to prepare for a possible armed attack or other disasters (Germany 2016). Apart from military attack and weapons of mass destruction, its main focal points for attention by all government ministries involved in civil defence were “cyber attacks” and “failure or disruption of critical infrastructure”. In 2017, after a delay of two years, Indonesia set up its first national cyber security agency, the State Cyber and Cypher Agency (BSSN for its Indonesian initials), which had as one of its primary tasks ensuring national resilience. At that time, the Ministry of Defence commenced work on a “civil defence concept” (“non-military defence”), to ensure that such practices, including in cyberspace, became an obligation of all government agencies to defend against current threats (Indonesia Monitor 2019). This conformed to the country’s concept of “total defence”, which sees the citizenry as potential combatants, including in cyberspace.
In 2017, Sweden’s National Defence Commission ordered a review of the country’s total defence strategy, including a significant civil defence element: “analyse the ambition levels for various preparedness measures pertaining to the protection of essential public services and infrastructure, population protection, maintenance, psychological defence, and advocacy operations, as well as cooperation and coordination within the total defence” (Sweden 2017a). In December 2017, the government produced “Resilience, The Total Defence Concept and the Development of Civil Defence 2021–2025” (Sweden 2017b). In 2018, Sweden undertook distribution to its entire population of the first civil defence handbook for decades, titled Om krisen eller kriget kommer [If crisis or war comes], published in Swedish and English (Sweden 2018). It contained important elements of response to cyber and information attacks, especially deception.
By 2018, the potential military dimensions of national cyber emergencies came into much sharper focus, with the United Kingdom revealing it was prepared to black out Moscow using cyber attack if there was a crisis that warranted it (Wheeler et al. 2018). The UK introduced a new categorisation system for cyber attacks, which introduced the category of “national cyber incident”, defined as “cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety” (NCSC 2018). The Pentagon issued a range of updates to strategies and doctrines moving military uses of cyberspace into an even more prominent position than previously, including a section in the National Security Strategy on “Information Statecraft” (Austin 2018). In 2019, France issued a new cyber military strategy based in part on the likelihood of massively damaging cyber attacks on the country’s civil sector, and raising the spectre of even more serious events once future technologies like artificial intelligence are brought into play (Parly 2019: 3).
In all cases, the new policies for national cyber emergency were framed both for peacetime and for war, while recognising that the more serious attacks—regardless of the formal state of peace—brought questions of warfare inevitably into play. Terms like “hybrid warfare” and “grey zone” which had emerged out of the Russian intervention in Crimea in 2014 took on a new cogency. They were used increasingly to describe the overlap in information operations between wartime and peacetime and between the military and civilian domains. The shifts in policy and practice between 2014 and 2016 created new political realities and heightened tensions in international affairs, as well as stimulating new institutional responses at the domestic policy level.
In that period, there had been notable policy declarations on the military front that impacted non-military cyberspace interests. In 2015, China declared cyberspace (along with outer space) as the “commanding heights of all international security competition” (China State Council 2015). The United States announced in its new Law of War Manual in 2015 that it may be lawful in wartime to attack the civil nuclear power stations or dams of an enemy (DoD 2015: 247), leaving unsaid that the safest way to do so would be by cyber means. The Manual contained a separate chapter on cyber operations. It observed that military cyberspace operations may include “logic bombs”1 in the infrastructure of adversary states in peacetime as an act preparatory to war: “pre-emplacement of capabilities or weapons (e.g., implanting cyber access tools or malicious code)” (995). But the most influential event of all was Russia’s launch in January 2016 of escalated information warfare operations against the United States and the European Union to weaken these countries without provoking war. Russia had been waging a similar style of war on Ukraine since at least 2014, including through use of attacks on critical infrastructure, not to mention a direct armed insurgency.
Much earlier, however, the first indicators of the shape of things to come were not just the attack on Estonia in 2007 by Russian hackers but the victim government’s response in setting up a Cyber Defence Unit in its national civil defence organisation called the Estonian Defence League (Kaska et al. 2013). The League had a mission of enhancing the population’s preparedness to defend the independence of Estonia and its constitutional order, while the cyber unit’s mission is “to protect Estonia’s high-tech way of life” (Kaska et al. 2013: 11). These civil defence missions, political and social in character, had rarely been considered in cyber national resilience planning of most countries prior to 2016. The chapter discusses the differences between civil defence concepts and national resilience planning later.
This chapter provides some conceptual and historical background to the concept of cyber civil defence, at both national and international levels as it has emerged under the pressure of escalating cyber conflict. That discussion is introduced, albeit in terms that will be familiar to most readers, by a restatement of the need for such measures. The chapter then provides highlights of scholarship on cyber emergencies to help position some of the book’s novel arguments. This is complemented by a brief consideration of some international aspects of civil defence in general and the cyber case in particular. Informed by the scholarship, the chapter then poses a sceptical view: is civil defence a viable or worthwhile proposition?

The need

Cyber assets2 are now ubiquitous to every industry and service, with only a few exceptions—for poor rural, remote, or many indigenous communities. These assets fulfil the information and communication needs of national and international infrastructure, whether it is related to hardware (computing or communication devices) or software (information systems, data collection, data processing). Cyber assets also deliver social, political, economic, and news content, ranging from disaster alerts to disinformation campaigns.
While recognising a view that much critical infrastructure, as “scale-free networks”, may be resilient to random failures (Barabási and Bonabeau 2003), targeted attacks could be catastrophic when the attacks are directed at hubs of the network. Scale-free networks are not connected in a random or even fashion, but are composed of many “very-connected” nodes known as hubs that are responsible for shaping the way the network operates (Tolba 2007: 2). Akin to complex systems, scale-free networks are quite resilient against accidental failures, but more vulnerable to attacks, and, in particular, a coordinated attack against the hubs which could disrupt the network topology (Barabási and Bonabeau 2003: 59). A scale-free network completely fails only when the hubs are wiped out, and therefore the defence of the scale-free network lies in the protection of the few hubs and not the thousands of nodes forming the network.
Critical infrastructures, as networked systems, have complex relationships with a myriad of upstream and downstream systems, both inside an enterprise and often well beyond it. It is extremely challenging to map the complexity and randomness of these networks of dependency without reliance on software simulations. In the face of coordinated attacks against the hubs, scale-free networks can degrade quickly, as witnessed in the case of electricity grid outages, which are core to the functioning of every other sector.
All national economies and modern global society are highly dependent upon information and communication systems to execute essential daily functions. National infrastructures, be they electricity grids, banking services, telecommunications, roadways, railways, or healthcare, are interconnected and interdependent. Their interlinkages and interdependencies—sometimes across the physical or political borders—are often unforeseen. A small disruption in one infrastructure can have a crippling effect on others, and even cascading consequences beyond the infrastructure into the social and economic life of a community. Electricity grid outages in Europe (2006), India (2012) and Ukraine (2015) brought several essential services and transportation systems to a standstill, although the root causes were different, varying from load imbalance to coordinated attack. During the global WannaCry ransomware attack in May 2017, the unavailability of affected equipment—workstations, operation theatres, and diagnostics—interfered with the critical operations of the National Health Service hospitals across the United Kingdom.
Military forces also depend on cyber assets with increasing frequency and intensity, ranging from command and control, intelligence, and surveillance, to weapons control or even logistics and supply chain management. Any “compromise, degradation in quality of performance, loss or unavailability of a cyber asset” could lead to disruptions in the flow of militarily significant information or even functionality of weapons systems. Several states actively plan to exploit these vulnerabilities in technologies, processes, and people during a political crisis or wartime. Their goal might be to challenge the target state to contain the cascading non-cyber effects of the attack, recover from the incident, and restore the services. Another goal might be to simply disrupt the combat operations of an enemy. Apart from “cyber paralysis”, as Amit Sharma (2010) has argued, another goal might be strategic decapitation (the severing of national command and control authorities from direct contact with national security actors), either in the purely military domain or in civilian agencies as well.
The fallouts of large-scale cyber incidents (their cascading consequences) are not easy to predict, forecast, or simulate, particularly in the face of coordinated multi-actor or multi-vector cyber attacks, persistently carried out over a long time period.
Cyber incidents can take a very large number of forms. They could arise out of a machine error, an accident, misuse, infiltration attack, or sabotage, at the hands of either an insider or an unauthorised external actor. They are almost always unannounced, usually unstructured, but very often demanding intense crisis management (Ernst & Young 2017: 3). Defensive preparations for such emergencies at the national level need to be multi-dimensional, involving technology, people, processes, and efforts at organisational, sectoral, state, or provincial, national, ...

Table of contents

  1. Cover
  2. Half Title
  3. Series Page
  4. Title Page
  5. Copyright Page
  6. Table of Contents
  7. List of figures
  8. List of tables
  9. List of boxes
  10. Notes on contributors
  11. Acknowledgements
  12. List of abbreviations
  13. Introduction
  14. 1 From cyber resilience to civil defence: contested concepts, elusive goals
  15. 2 US policy: from cyber incidents to national emergencies
  16. 3 India and China: warnings ignored?
  17. 4 Civil defence and cyber security: a contemporary European perspective
  18. 5 National cyber emergency policy for Australia: critical infrastructure
  19. 6 Mind the gap: Western military theory of victory vs cyber attack
  20. 7 Weaponised information systems for political disruption
  21. 8 Dezinformatsiya: recognising the national cyber emergency in Australia
  22. 9 Alliance attribution of global cyber attacks: the European Union
  23. 10 Preparing for the cyber storm: a survey of simulation
  24. 11 Wargaming national cyber emergencies
  25. 12 Enhancing strategic-level wargaming with artificial intelligence
  26. 13 Design it, build it, defend it: using cyber exercises in the education of cyber forces
  27. Index