Relevance:

• GS 3 || Security || Internal Security Threats || Cyber Security

Why in the news?

In December 2020, the ‘SolarWinds hack’, a cyberattack discovered in the United States, emerged as one of the biggest ever targeted against the US government, its agencies and several other private companies.In fact, it is likely a global cyberattack. This has again brought focus on cyber vulnerability & security of many nations.

Background:

• A hacker group believed to be affiliated with the Russian government gained access to computer systems belonging to multiple US government departments including the US Treasury and Commerce.
• The hack was detected by a cyber-security firm called “FireEYE”
• The attack involved hackers compromising the infrastructure of SolarWinds (A company that produces a network and applications monitoring platform called Orion) and then using that access to produce and distribute trojanized updates to the software’s users.
  • SolarWinds has 425 of the US Fortune 500 companies as customers which includes top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide.
• The observation:
  • Although, former U.S. President Donald Trump refused to acknowledge the attack’s provenance but S. intelligence community certainly believe that Russia and its SVR intelligence agency launched it.
  • United States has world-leading cyber security and technical capabilities. It can determine “attribution” easily and take counter actions.

What is cyber security?

• Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
• Implementing effective cyber security measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

UN and cyber security:

• The Economic and Social Council (ECOSOC), one of the principal organs of the UN, has been increasingly dealing with cybercrime. Cybercrime has also been addressed in the UN Congress on Crime Prevention and Criminal Justice (UNCPCJ), which takes place every five years and plays a major role in international standard-setting and policy-making in crime prevention and criminal justice.
• UN organisational platforms such as the UN Institute for Disarmament Research (UNIDIR) and the UN Interregional Crime and Justice Research Institute (UNICRI).
• Additionally, the broader cyber security debate is dealt with in the Working Group on Countering the Use of the Internet for Terrorist Purposes which operates under the UN Counter-Terrorism Implementation Task Force.
• United Nations, act to address this new international security challenge. Increasingly, more-sophisticated cybertools allow states to attack the control systems of critical infrastructure.
• These tools, coupled with a widespread uncertainty about the rules that would govern state behavior in cyberspace, have raised the risk of cyber conflict between states.
• It was therefore of crucial importance that the UN find common ground to address these challenges by affirming and clarifying the application of international law to state behavior in cyberspace and by recommending confidence-building measures.
• Three kinds of cyber-specific crisis communication channels were established: a channel between computer emergency response teams (CERTs) from the two countries to discuss malware stemming from each other’s territory, a link between nuclear risk reductions centers for cyber incidents of national security importance, and a telephone hotline

Risks, Threats, Vulnerabilities

• Lack of understanding of application: Several factors make the situation in cyberspace particularly difficult to control. In addition to the absence of a common understanding on the applicable international rules for state behavior in that domain, many of the tools in cyberspace can be used for both legitimate and malicious purposes.
• States and non-state actors are carrying out increasingly sophisticated exploitations of vulnerabilities in ICT. Attribution to a specific perpetrator continues to be difficult, increasing the risk of “false flag” attacks—that is, attacks by a state, group, or individual under an assumed identity.
• Spread of disruptive cyber activities: Global connectivity, vulnerable technologies, and anonymity facilitate the spread of disruptive cyber activities that may cause considerable collateral damage, for example, by spreading malware into computer networks or digital control systems that were not the primary target of the original attack.
• Critical infrastructure: The expert’s group report highlights the specific risks stemming from the widespread use of ICTs in critical infrastructure, particularly through so-called ICT-enabled industrial control systems such as those used in nuclear power plants and other critical infrastructure.
• Major cyber attack in recent time:
  • cybersecurity company FireEye earlier this month revealing that it became a target of hackers
  • Russian hackers installed a malware in the Orion software
  • 24 big companies including tech giants like Intel, Cisco, VMware and Nvidia installed the software laced with malicious code

Information Security Hall of Fame:

• Many cybercriminals use their hacking skills to steal information and damage computer systems.
• To improve the protection of its Information Communications Technology resources, the United Nations encourages individuals and organizations to assist with its efforts by disclosing vulnerabilities in the UN publicly accessible information system.
• The United Nations Information Security Hall of Fame acknowledges these “white hat hackers” that have helped the Organization in improving the security of its systems, data, and ICT resources by reporting security.
• Recognizing that confidence-building measures and the exchange of information among states are essential to increasing predictability and reducing the risks of misperception and escalation through cyberthreats, the experts group agreed on a range of voluntary measures to promote transparency and confidence among states in this area.
• The measures are aimed at increasing transparency and creating or strengthening communication links in order to reduce the possibility that a misunderstood cyber incident could create international instability or a crisis leading to conflict.

International convention for cyber security:

• The Budapest Cybercrime Convention: an international treaty aimed at combating Internet and computer crime (cybercrime) by harmonising national legislation, enhancing investigation strategies and growing cooperation between nations. On 1 July 2004, it came into effect. This Convention does not have India as a signatory.
• The North Atlantic Treaty Organisation (NATO) conducted an internal assessment as a cybersecurity and infrastructure defense. As a result of this, cyber defense policy was created, along with the creation of the NATO Cooperative Cyber Defence Centre of Excellence(CCDCOE). It was followed by the development of the Tallinn Manual 1

How will Cyber-WHO help?

• Develop norms about behavior in cyberspace
• Establish attribution as soon as possible
• Share knowledge about threats and attacks
• Share best practices
• Provide technical support in cyber building

Conclusion:

The UN has taken a big step toward shaping an urgently needed international framework for legitimate and prosperous activities in cyberspace while offering the entire UN membership the tools to prevent a hasty militarization of the domain. Yet, this is only a beginning. Member states must make sure to undergird this framework with state practices fully in line with the general purpose criterion to make cyberspace “peaceful, secure, open and cooperative,” the goal articulated in the expert’s group report.

Mains oriented question:

Cybercrime is not limited to any region or country but it is global issue and should be solved at global platform. Comment. (200 words)