Sunteți pe pagina 1din 8

REGIONAL COOPERATION ON CYBER SECURITY : A DEEMED NECESSITY

Anupam Tiwari

Certified Ethical Hacker v8, ,Chartered Engineer, GFSU Certified Cyber Security Professional, CDAC Certified Cyber Security Professional, B.E,M.Tech (Computer Science), PGERP,PGDIS,PGDBM

anupam605@gmail.com

THIS ARTICLE HAS BEEN

Journal,2017,Vol 16, ISSN 0972-4044

---------------------------------------------------------------------------------------------------------------------

India

has a big role to play in this.” - Prime Minister Narendra Modi at inauguration of Digital India

Week, 1st July 2015

ARTRAC

PUBLISHED

IN

PINNACLE

:

The

“Clouds of a bloodless war are hovering over the world. The world is terrified by this

INTRODUCTION

Today cyber threats are bringing on progressively flagitious dangers to the economic system and have been a cause of serious concerns to national security of countries across. Unlike the mundane national security matters which have some kind of tailored and customized solutions based on think tank of country, the cyber warfare threats presents itself as a unparalleled plebeian threat to the globe with no certain solution even envisaged. These threats emerge globally without any limitations of border fences, distances, and demography, not restricted to any country or tribe. The global outreach of internet and panoptic nature of cyber-terrorisms further make the umpteen endeavors to adjudicate crimes only reactive and not proactive. Add to this cross border policies, inter country relations, differences amongst global matters and conflicting boundaries only make the matters worse towards conciliating this giant threat.

Cyberspace has persisted in to expatiate beyond national boundaries, and its penetration and exploitation by various countries have only seen an improving marked maturation. Therefore, associated risks including cyber crimes are getting more grievous, widespread and globalized. Cyber threats thus stand as a pressing global challenge confronting the international community across.

THREAT LIKE NEVER BEFORE

Worldwide Threat Assessment report of US Intelligence Community for 2016 outranks “Cyber and Technologythreats foremost ahead of Terrorism, Weapons of Mass Destruction and Proliferation, Space and Counterspace, Counterintelligence Transnational Organized Crime, Economics and Natural Resources and Human Security[1].

The cyber threat analysis carried out by most of the victim countries are firm on two facets:

Firstly, the Internet and Information Communication Technology (ICT) are mandatory components today in every county for economic and social growth and are chassis to typical

decisive infrastructure that leads the growth in all domains. Reliance on such infrastructure and ICT is only seen increasing day by day as the digital penetration digs deeper into all attributes of human lives. Cyberspace, which originated from such advances in ICT, has become an indispensable platform to support national growth of every country.

Secondly, Cyber threats are increasing at a phenomenal pace and will only continue to evolve. Primarily, a major chunk of these threats still originate from the global criminal actors who have their interest riveted around reaping in economical attributes, but the evolving nature of these threats over past decade has seen vast participation of foreign states and political groups spying and espionage over other countries and states, with pitches of “hacktivism, that involves seditious use of computer networks to promote a political agenda like Anonymous, or destabilization attemptslike Cyber attacks on Estonia which involved a series of cyber attacks in April 2007 and attacked websites of Estonian organizations with Distributed denial of service attacks, including Estonian parliament, banks, ministries, newspapers and broadcasters, amidst the country's dissension with Russia on the relocation of the Bronze Soldier of Tallinn, cyber espionage and sabotagevide the notable Stuxnet .These cases are just a few to mention besides a plethora of cases sensed across the globe vide Flame, Duqu, Regin, APT 28,Carbanak,Equation group, Desert Falcons, Sony Pictures hack etc and the list goes sempiternal. The most intriguing thing till date about each of these attacks is that the source and the origin of these attacks remain unidentified and unproven imputed to increased degree of sophistication techniques involved and easily available opensource applications.

The INDIAN Panorama

While it happens from across the globe, happens across the globe, per se ,in Indian context, the scenario has been no different amidst a multitude of attacks in recent past including few recent one‟s referred below :

DANTI’s Attacks : As per reports released by Kaspersky Labs [2], an Advanced persistent threat(APT) has been active at least since 2015, predominantly targeting Indian government organizations. Additionally, Danti has also been actively hitting targets in Kazakhstan, Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines.

SmeshApp : Media disclosures[3] were made about Pakistan Army snooping on Indian army personnel‟s phones and computers through a malicious cloaked malware app called „SmeshApp,‟ which was though removed from the Google play store after little damage was done.

Suckfly Espionage : Symantec published a blog on Suckfly[4], an advanced cyberespionage group that conducted attacks wherein primary targets were individuals and organizations primarily located in India.

North East Exodus : Thousands of panic-struck masses of the northeast India based in Banglore boarded trains to head to Guwahati, in August 2012, following bruits of violence targeting them

triggered vide social Media sites and applications [5].The mass panic triggered thus led to chaos and violence on streets in an otherwise peaceful Bangalore city. Only as a reactive measure though belated, Department of Electronics & Information Technology, Government of India blocked that more than 245 Web pages and related links including uploaded pages on Facebook, Google and Twitter[6].

Above mentioned cases are just a few to mention though, the number of attacks and subsequent effects have only seen an extrapolated increase in last decade, which has at times seen nation buzzing to chaos and riots in few states.

The Brobdingnagian Battleground

The references above are minuscule with respect to the exact state of occurrences actually taking place. As per a Kaspersky Lab report[7], the number of new malware files found in year 2016 increased to a mindboggling 323,000 per day which is a step up from just 70,000 per day identified in 2011.Besides 45,169,524 unique malicious URLs, 12,657,673 unique malicious objects including scripts, exploits, executable files, etc, 1,198,264 kinds of online banking malwares, 821,865 unique ransomwares, 116,469,744 unique malicious and potentially unwanted objects were detected as malicious by web antivirus components. The quantified numbers here are merely being seen from perspective and capabilities of detection of one leading vendor, thus quantifying the complete cyberspace to encompass all other vendors detections and also include millions of undetected zero day threats will produce a irrepressible state of one sided battle, so to say. Cyber threats today thus have gained massive proportions in sizes which are inconceivable to process manually. The battlegrounds that exist virtually encompassing the entire globe, with no boundaries between states, present a global antagonist ready with fully loaded arsenal firing and hitting hard already.

Necessitated Regional Cooperation

The unparalleled cyber threat menace for every region as it stands today magniloquent and getting as grievous by the day is a severe cause of concern for each government across. Attacks on one state whether part of a hacktivism or attempted to break into systems of other states for monetary gains needs a definite common solution that can only be deciphered once the regional cooperation is made forgetting other boundary or political conflicts issues.

Be it the case of Estonia or North east exodus or any other case, time and again the power of Cyber warfare has proved that there is no other way round than to forget the regional boundaries and demographics to respond effectively and strongly to this threat. To this effect, a large number of national and International bodies are working to counter cyber security threats but the attempts have been limited between two countries or more, utmost forming a small group to coord with each other towards adjudicating such threats.

Resolving the cyber warfare threat actually doesn‟t end up at formation of a international body wherein all states and countries sign up some MOU and promise to cooperate with each other but goes beyond this to demand and call for uniform standards to include the following aspects :

- Logs Management : Any cyber incident that needs to be deciphered to nab the criminals is required to be reverse engineered back to the origin which is possible only through in-depth analysis of Logs generated vide devices and software systems effected. Maintaining logs at each node, each system needs a standardized configuration to assist which is usually not the case. Either intentionally or unintentionally, the effected systems, the effected ISPs or the intermediary devices involved may not be configured right as desired, which may just hit the investigation right at the onset. Further, these logs, if configured to be generated need to be stored to timelines i.e. to be kept as backlogs as deemed, if at all, any case requires during investigation. Keeping regional and international users in mind, these logs need to be compatible for reading and analysis across the globe. Whilst framing policies, regional languages and applications should specifically be configured for easy translation onto a common platform for analysis, as may be required, later.

- IT Infrastructure Management : Simply having the intent and mutual consent for cooperation between countries to fight cyber crime would not suffice easy resolves but would deem committed and supported IT infrastructure to be built up internal to the countries as well as external to meet global connectivity. Once the basic IT Infrastructure framework is planned, necessary new generation technologies would need to be coordinated for implementation that may include Big data analytics, Blockchain for ensuring near real time intelligent predictions of attacks in future to come.

- Common policies at regional level : A common body or organization, as may be deemed , to be setup for coordinating regional cooperation would require having a common Terms of Reference to move ahead. A large number of infringing issues would invade in while framing policies, based on privacy and information sharing matters which need to be resolved mutually and timely towards common interest of the goals set.

- Compatibility of Interfaces: Once moving towards a common goal ,issues pertaining to compatibility of logs, system languages, tools, distros ,training staff, penetration testing access controls etc need to be mutually decided to attain inter country investigation ease and controls. Access controls and framework need to be decided to meet these criterions.

- Common Trained Staff to handle investigations : The staff involved to discuss the inter country investigations need to be standing at the same level of understanding for expediting investigations lest the investigations only get stuck at the onset for want of investigation procedures and solving technical terminologies.

- Reducing digital divide by creation of Securely connected Infrastructure : Cyber criminals regrettably stand out today leaps ahead of investigating agencies in terms of speed and technology, the approach on the other side has only been reactive and not pro- active, thus the IT infrastructure being planned to be setup for regional cooperation should be deliberately planned in a multilayered hardened approach to counter cyber attacks securely in future. All measures to set up a hardened and secure IT infrastructure should be in place.

- Funding and resources : All countries will not be at the same platform with respect to funding and establishing IT infrastructure setup. Ways need to be induced to provision and assist such countries in monitory as well as for technology transfer ease. A country might have a huge user base based on COTS device and technology penetration but just not might have the knowhow of the technicalities behind that might be outsourced again to an outside firm without any major government intervention. So in such cases, deliberate government intermediary needs to be bought in and setup vide regional cooperation for smooth functioning.

- Inter country rotation of staff to better interpret each other environs : Once setup, such deputations and rotation of staff between countries would facilitate better understanding at regional levels about regional working environs, that would go a long way in bettering the cooperation index.

- Following up on timelines : Planning today and ensure adherence to the time lines with respect to coordination & implementation of the proposed body would hold the key to reduced cyber crimes and quick resolves of cyber crime incidents. Undesired delays attributed to anything will only lead to more damage and leaving the globe more vulnerable, with the kind of threat evolving and improving by the day.

- Implementation of real-time and dynamic responses to cyber incidents : The regional cooperation should be able to facilitate near real-time monitoring and responses for investigation agencies.

- Information sharing : The information sharing between the inter countries investigation agencies should be configured for facilitating ease of investigations rather than creating a road block for each other. To quote an example, Whatsapp and such other umteen mobile apps have nearly no formal way to share info with the investigation agencies. Lakhs of reported case of cyber abuse are simply held up for coordination from the app designer company based in other country quoting geographic boundaries and legal limitations.

- Increase awareness-raising activities : To ensure proper cyber incident responses from investigation agencies, relevant echelons need to have an discernment of basic cyber security knowhow which requires adequate availability of trained technical staff.Not just the awareness of the staff,the other most important awareness needs to be at the level of user who should know the repercussions of each act he does on the web and related devices. This would require governments to conduct awareness campaigns of maintaining basic cyber hygiene across the country starting from school and educational institutes, to each citizen, to corporate houses etc ie to encompass each digital user surfing on the web vulnerable. A well versed and aware user might just reduce the threat base thus effecting to a reduced cyber incidents.

- Common labs for Research and Development : The advanced, sophisticated and ever evolving cyber threats , need to be continuously taken on with countermeasure techniques that match and negate the threat levels met. An efficient way of meeting such a requirement is to coalesce each country‟s technological potencies and work in concert towards setting up common research labs instead of setting up different islands of research labs spread across globe mostly duplicating efforts and work.

- Formulation of International Standards : Universally accepted, agreed upon and established means of determining how things should work would interpret to a better and transparent working towards a common resolve. Setting up of standards to define each aspect as discussed above would only lead to easy adaption and quick expediting for investigation agencies involved. As cyber security systems are progressively traded internationally, maintaining technological standards of such systems is growing in its importance so as to ascertain their compatibility with each other and security levels.

Presnt Regional Endeavors

The need for regional cooperation has not just risen overnight, various attempts between countries vide inter-country MOUs or creation of groups of countries to follow suits towards resolving cyber security incidents have been inked over years but these work as basic islands of cooperation not towards a global cause but limited to certain countries that ink to resolve, that too in very limited capacities and technically vague commitments. Few of these are briefly bought out below :

OECD: The Organization for Economic Co-operation and Development focuses on the development of better policies to ensure that cyber security and privacy foster economic and social prosperity in an open and interconnected digital world. The OECD member countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland,

Portugal, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States.

ASEAN : The Association of Southeast Asian Nations is a regional organization comprising ten Southeast Asian states which promotes intergovernmental cooperation and facilitates economic integration amongst its members. ASEAN Member States called for closer cybersecurity cooperation among ASEAN countries, stronger coordination of regional cybersecurity capacity building initiatives, and strengthening of ASEAN discussions with a specific focus on cyber security at the Ministerial and Senior Official

levels[8]

TSUBAME Project : TSUBAME is a packet traffic monitoring system to observe suspicious scanning activities in the Asia Pacific and other regions. It aims to promote collaboration among mainly Computer Security Incident Response Teams with a national responsibility in the Asia Pacific and other regions by using the common platform and raise capacity of global threat analyses by incorporating 3D visualization features to the common platform[9]. As on date 26 countries are members of this project.

IWWN : The International Watch and Warning Network was established in 2004 to foster international collaboration on addressing cyber threats, attacks, and vulnerabilities. It provides a mechanism for participating countries to share information to build global cyber situational awareness and incident response capabilities[10].

APCERT : APCERT (Asia Pacific Computer Emergency Response Team) is a coalition of CSIRTs , from 13 countries across the Asia Pacific region and is working to create a Safe, Clean and Reliable cyber space in the Asia Pacific Region through global

collaboration[11].

EASIER SAID THAN DONE!!

Cyberspace, which came up from progressions in ICT has become an indispensable platform to support national growth across countries and with this increasing reliance ,more complicated and sophisticated cyber-attack techniques are being used by the cyber criminals further leading to expansion of cyber attack targets. Cyberspace has continued to evolve beyond national boundaries, and its use and application by cyber criminals have grown apace with increased and deeper penetration. Consequently, associated risks are becoming more severe, widespread and globalized. Cyber threats thus emerge as pressing global challenge facing the international community as a whole. Thus the need for Regional cooperation in Cyber security gains immense importance for the global community as a whole rather than being specific to any particular state or nation. The aspects bought out to be included for regional cooperation above are though not exhaustive but still demand a collative effort which is not going to be easy. The need of the hour is to immediately get on to work UBIQUITOUS from every country and state nodes. There will be severe teething issues when all countries work together but they need to be resolved on

priority which would only be possible when each of us realizes the potential of threat and repercussions in our future.

References :

1.

https://www.dni.gov/files/documents/SASC_Unclassified_2016_ATA_SFR_FINAL.pdf

2.

https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-

threats/

3.

https://www.hackread.com/google-removes-smeshapp-india-pakistan-spying/

4.

https://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks

5.

http://www.firstpost.com/india/mystery-of-the-ne-exodus-why-bangalore-419876.html

6.

http://pib.nic.in/newsite/mbErel.aspx?relid=86355

7.

https://www.helpnetsecurity.com/2016/12/08/malware-detected-daily/

8.

https://www.csa.gov.sg/news/press-releases/asean-member-states-call-for-tighter-

cybersecurity-coordination-in-asean

9. http://www.apcert.org/about/structure/tsubame-wg/

10. Critical infrastructure protection By David A. Powner Page 52,Table 13

THIS ARTICLE HAS BEEN PUBLISHED IN PINNACLE : The ARTRAC Journal,2017,Vol 16, ISSN 0972-4044

---------------------------------------------------------------------------------------------------------------------