Security and Privacy in a Networked World/Cyberwars

NOTEː This text uses links to Wikipedia for further reference (and also to outline the public nature of the information provided here).

The Online Battlefield

edit

In the information age, waging war also changes. Formal, declared wars between nations and states are replaced by sponsored crime, terrorism and 'special operations'. Special forces and non-lethal weaponry become more important, as do psychological operations, propaganda and manipulation/control of media.

Using IT in a military context today involves various applications, for example

  • cryptography
  • propaganda and disinformation (including controlling the public on both sides of the 'front')
  • communication interception (cyberespionage, both domestic and international)
  • communication disruption and sabotage (cyberattacks on infrastructure using e.g. DDOS)

Cryptography has a history that spans far before the Internet age. So does propaganda, albeit the information warfare has gained many new measures with the advent of social media (as exemplified by "Facebook revolutions" worldwide). Cyberespionage has its predecessors in various technologies of the mid-20th century. While communication disruption and sabotage have some ancestors in the pre-IT era, its true potency has only been realized recently - the first widely published case was likely w:en:Stuxnet. However, current threat analyses point out actual attack vectors towards critical infrastructure, e.g. the power grid (the central website of the US Office of Electricity Delivery and Energy reliability, energy.gov, has an extensive section on cybersecurity).

It's been a long way

edit

While military cryptography can be traced back to the antiquity (e.g. w:en:Scytale), the connection with IT was probably first made with w:en:Enigma machine - as many chapters of early history of computers, e.g. the work of w:en:Alan Turing as well as one of the pretenders to the title of the first modern computer, w:en:Colossus computer, were linked to them.

In cyberespionage and surveillance, the recent scandal of NSA has its roots in the w:en:Quadripartite Agreement (1947) (UKUSA) of 1947 and the development of w:en:ECHELON in the 1960s. Earlier, a kind of unspoken rule had dictated avoidance of spying after a country's own subjects - the UKUSA found an elegant bypass in mutual surveillance and subsequent exchange of collected information. It also strived to cover the whole world by assigning areas of responsibility to every participating country (a version of the scheme can be found at http://cryptome.org/jya/echelon-bw.htm).

ECHELON was originally meant to intercept and collect information transferred over short wave radio, but went on to keep pace with evolving technology, gradually also covering telephone, fax, mobile phones and different channels of Internet communication.

Prominent examples of technological surveillance include

It should also be noted that the US surveillance systems are occasionally also used to help US companies against competitors (some cases are mentioned e.g. here: https://www.fas.org/irp/program/process/991101-echelon-mj.htm).


China and Russia

edit

These two countries deserve a special notice for largely defining the state of cyberwar in recent times (along with the US). Both have a long authoritarian state tradition with long history of propaganda and indoctrination at all levels of society, making it easy to turn ordinary citizens into 'cyber-soldiers' (examples include the w:en:Honker Union and w:en:Red Hacker Alliance in China as well as various Russian initiatives like those seen in Estonia in 2007, Georgia in 2008 and currently in Ukraine). Both have also conducted direct operations on other countries' infrastructure (notably w:en:Moonlight Maze by Russians as well as w:en:Titan Rain and w:en:Operation Aurora by Chinese).

It should also be noted that authoritarian regimes have an inherent advantage in information warfare against democratic states - they can freely engage in disinformation under the premise of free speech, while keeping their own subjects more or less effectively within the information sphere of the government. Perhaps the most prominent example is the w:en:Golden Shield Project in China (also known as 'The Great Firewall of China') that filters out information that is deemed unsuitable by government, as well as performs surveillance of traffic.

edit

Also in Estonian:

  • MÄGI, Harri, VITSUT, Lauri. Infosõda: visioonid ja tegelikkus. Eesti Ekspressi kirjastus 2008.

Study & Blog

edit
  • Study a published case of cyberwarfare and write a short report.


Back to the main course page