Cyber Policy Scenario
CYBER SECURITY –
A NEW DIMENSION OF THE NATIONAL DEFENSE
Daniel DUMITRU
Colonel, prof. univ. PhD, “Carol I” National Defense University
George Cosmin IUHAS
PhD student, “Carol I” National Defense University Abstract: Emancipation of the society has led to the development of the technology industry, computers and
computer networks becoming indispensable in everyday life. Their evolution, from the binary computing systems
in the 1940s, to the variety of devices, corroborated by the increasing number of Internet users, have
highlighted the importance of information security and the necessity of software to counteract the vulnerabilities
and attacks of this kind. Information technology development in România, together with the strategic
partnership with the US, it’s importance in the NATO organization and the large number of companies that
allow access to data through portals and digital networks have laid the foundations to the recognition of
cyberspace as an operational defense domain. NATO supports its members in strengthening cyber capabilities
to meet existing and future challenges by redefining defense strategies, defining a partnership with the cyber
security private sector, and facilitating cyber-sharing between allies and other relevant international
organizations.
Keywords: Cyber security, information technology, operational defense, cyber-sharing.
Introduction
The ubiquity of information technology and computer networks are increasingly part of our everyday life. Its continuous development and evolution towards a smart society have changed the perception of security over time. The increasing presence in the various areas of social, economic, political and cultural interest in the virtual environment has defined the Internet as a major communication tool, facilitating the access to a huge amount of information.
The socio-technological ecosystem outlined around the Internet has laid the groundwork for an alert development of the virtual environment, and has broken barriers of social relationships at geographical and ethnical level. The virtual environment is of great importance in the external politics strategy, emphasizing that cyber security is one of the most important military concerns in recent history1.
Revealing the identity through social media channels, streamlining the interaction of the business environment and communication with government institutions, have led to the need of identifying the appropriate security mechanisms circumscribed to the cybernetic domain.
The increasing number of Internet users nationwide by more than 100% in the last decade, from 5,937,257 in 2007 to 12,082,186 in 2017, reinforces the need to ensure the cyber security at national level for the defense of fundamental rights and reinforcement of national values and principles. Taking into account the premises of globalization, the link between cyber space, cybercrime and terrorism rises up to a great importance, which has led
1 P. Rosenzweig, Cyber Warfare: how conflicts in cyberspace are challenging America and changing the world, Praeger Publishing, 2012, pp. 14-15.
176
states to seek government control and counteraction mechanisms, making a common front at European and global level2.
Cyber Security in Europe
The evolution of information technology over the last two decades has determined the coalition of EU Member States against cyber attacks, thus defining a new interstate cyber stress environment. The cross-border emergence of these attacks has triggered the awareness and recognition of the virtual environment as a military operative space.
The increasing complexity of cyber attacks, starting with Morris worm in 1988 that affected Unix Noun systems, led to the establishment of a specialized Emergency Response Team (CERT) in Carnegie Mellon University, with the purpose to prevent and respond promptly to cyber attacks3. Gradually, European countries have become aware of the importance for cyber security organizations, so that in 1995 the first European organization was born in Slovakia. In 1996 another organization of this type was established in Poland as a consequence of the attacks of some young hackers on information systems outside the national borders.
The growth of cyber attacks in the European virtual space prompted European Member States to reflect on the technology addiction and the rapidly growing security risk it poses4. Thus, in 2004, the first European organization to fight against cybercrime was established - European Union Network and Information Security Agency (ENISA)5. Its main role was to collaborate with all EU institutions and Member States in order to create an information and network security culture. The organization's functions extended to both the public and private sectors, bringing together a mixed network of experts, members of state institutions and the private sector, interested in ensuring a secure informational technology environment6.
The magnitude of the cybercrime phenomenon at inter-state and intra-state levels has led, in 2013, to the creation of the European Crime Center at Europol.
Part of the world's largest regional security organization, the OSCE (Organization for Security and Cooperation in Europe), consisting of 56 states in Europe, Central Asia and North America, and holding the role of chairman of the Security Committee of the OSCE in 2013, Romania has supported the adoption of important cyber security measures. The organization claims that the transnational problem of cyber security could be tackled through cooperation among states, by identifying threats and improving the global digital infrastructure defense capacity. The synergy between Member States in terms of information security expertise is essential in order to combat hybrid attacks that are becoming increasingly present in all areas7.
The independent actions undertaken by the Member States in the areas of IT infrastructure defence, the tracking of IT policy coherence combined with increasing attacks on critical national information infrastructures, personal and commercial data, led the EU to strengthen its new role by publishing the first cyber security strategy in 2013. Its objectives are to improve the coalition and cooperation between Member States against a common risk, 2 https://www.internetworldstats.com/stats.htm. 3 Morris Worm, Frederic P. Miller, Agnes F. Vandome, McBrewster John, 2010, VDM Publishing, p. 35. 4 „Securitatea cibernetică în contextul amenințărilor asimetrice și riscurilor emergente” Comisia pentru Afaceri Europene din Camera Deputaților, 17 martie 2016 https://www.sie.ro/interviu20160317.html 5 Fernando Mendez, The Governance and Regulation of the Internet in the European Union, the Unites States and Switzerland: A comparative Federalism Approach, Florence (2007): pp. 212-213. 6 Fernando Mendez, The Governance and Regulation of the Internet in the European Union, the Unites States and Switzerland: A comparative Federalism Approach, Florence (2007): p. 210. 7 OSCE “Cyber Security for Critical Infrastructure: Strengthening Confidence Building in the OSCE” http://www.osce.org/event/cyber-security-for-critical-infrastructure
177
to increase the investment in the defence sector and national reaction capacity to attack and to lay the foundations of a public-private partnership in research of new technologies for the prevention and cyber security defense, which is currently one of the main priorities of the EU8. On the legislative front, in recent years the EU adopted the Directive on network and information security (NIS), which introduced the obligation to report incidents of the private sector. Strengthening cyber defense was supported by increased research and adoption of a plan for the period 2014 - 2020, supported by a budget of around 1.8 billion euros 9. This plan includes the national infrastructure development and creating public-private partnerships, enabling the Digital Single Market development.
In October 2017, the European Union reported progresses in the implementation of the EU strategy on cyber security and in improving the response capacity at European level. In this regard, the EU intends to increase ENISA's mandate, making it the European Agency for Cyber Security.
Romania – cyberattack barrier
Information technology industry in Romania has experienced a constant evolution in recent years, the development of this industry substantially contributing to the relaunch of the economy. The expertise of the private sector in this area has made Romania a Silicon Valley of Europe. Since 2000, the Romanian private sector has invested substantially in research so that security products developed for the public and private sectors are recognized worldwide.
The necessity for approaching cyber security at national level emerged in 2010, when it was introduced in the National Defense Strategy as a national security objective, being present in all National Defense Strategies after 2010. This defines the concept of cyber security and the framework of action to ensure the protection of cyber infrastructures, taking into account the EU and NATO related policies and concepts, as well as the importance of securing the information network and the vulnerabilities awareness in protecting critical infrastructures10. The large number of cyber attacks and their scarcity aiming to destabilize the national security, the need for constant investment in protection mechanisms, the multitude of channels, and the rapid expansion of the tools by which these attacks are being implemented became one of the most important issues in the european agenda.
Despite frequent EU efforts, a number of internal and external challenges persist, such as the lack of public awareness of cyber attacks, the reduced capacity of the private sector to cope with the involvement of more governmental organizations such as the Ministry of Communications and Information Society, the Directorate for Investigating Organized Crime and Terrorism (DIICOT), the Romanian Integrity Service, the Ministry of Defense, the National Supervisory Authority for Personal Data Processing, in strengthening the security of the digital infrastructure. In June 2011, a first draft framework project defining a cyber security strategy was brougt to debate at the Ministry of Communications and Information Society. In May 2013, the CSAT Decision no. 16/2013 and HG no. 271/2013 were approved, defining the National Cyber Security Strategy of Romania. According to this, the fast development of modern technologies has had a major impact on the current society, generating in a very short time the interpenetration of the virtual environment in all economic, political and cultural areas, making it imminent to ensure its security at national level11. Along with the undeniable benefits of involving information technology in everyday life, which entails the potential vulnerabilities, the security of cyberspace needs to be seen as 8 Cybersecurity Strategy of the European Union Brussels, 2013, p. 14. 9 http://ec.europa.eu/epsc/publications/strategic-notes/building-effective-european-cyber-shield_en 10 Strategia Nationala de Aparare 2010. 11 HG 271/2013 privind strategia nationala de securitate cibernetica a Romaniei.
178
a concern for all parties involved. Thus, at governmental level, arises the responsibility of developing a legislative framework adapted to the constant progress in this field that allows the development of coherent policies. Also, there is a need to involve the population in cyber security, by developing cyber security culture, providing enough information about the risks and possible solutions to counteract possible threats of this kind. It is established a national system for monitoring the implementation of cyberattacks measures against public and private companies cyberattacks, SNSC, the National Cyber Security System, with the role of coordinating the activity of the authorities and institutions having the capabilities in this field. The National Cyber Security Strategy of Romania also includes the establishment of an independent structure with expertise in the prevention and counteraction against cyber security incidents, subordinated to the Ministry of Information Society and capable of identifying, analyzing and reacting in due time, the Center National Cyber Security Incident Response - CERT-RO12. The role of the new institution has been seen since its first year of activity, counteracting approximately 43 million alerts, mostly consisting of Bootnet alerts and vulnerabilities13. In recent years, the focus on virtual environment, through the gradual migration of all areas of public and private interest to this environment, has led to an increasing growth of vulnerabilities that can be exploited, so in 201614, CERT-RO succeeded to collect and process over 80 million alerts. The institution activity consists of interventions in the case of cyber threats with the emphasis on their prevention, both at national level - by organizing debates and specialization trainings for the public and private environment as well as internationally – by coordinating together with other teams to respond to the information security incidents, involvement in multinational programs such as GLACY and partnerships with companies that have a rich security experience like Fidelis Cybersecurity and Microsoft. The institution has also been actively involved in a series of European projects such as eCSI, Enhanced National Cyber Security Services and Capabilities for Interoperability (eCSI) and CyberSOPEX 2018, organized by ENISA. CyberSOPEX 2018 is the first project of a number of such exercises to increase awareness of the major impact due to the lack of cyber security, strengthen operational collaboration among EU CERT entities, understand the attributions of each center and create a common barrier on European level, for example close collaboration with the teams of Slovakia and Cyprus.
The growing activity from the cryptocoin market (cryptocoinis are virtual currency used as a means of payment which are using cryptography that makes it almost impossible to forge), and the increasing interest in trading it has also attracted a number of cryptomining attempts. The device's CPU memory is used in the minig process, in order to solve complicated math problems and generate new computing algorithms that helped generate other coins. As result of CERT-RO intervention, approximately 150 domains were detected, domains that used the power of visitors to process different cryptocoins and around 2.400 sites with the same puropse were identified worldwide.
The increased private sector involvement in cyber security has led to the emergence of private CERT entities that complement CERT government teams with experts in complex technologies. Their activity is present both in the production area of computer components, but especially in the software development area, organized into teams aimed to detect vulnerabilities in business processes, reactive services or to assure the quality of developed products. Their need is justified by the exponential expansion of business in the virtual environment and the growing development of private networks, governmental organizations being incrisingly confronted with challenges in ensuring the security of private networks. The presence of CERT experts in private companies has the role of proactively act in the field of 12 HG 271/2013 privind strategia națională de securitate cibernetică a Romaniei. 13 https://cert.ro/vezi/document/raport-alerte-primite-cert-ro-2013. 14 https://cert.ro/vezi/document/Report-2016.
179
security and collaborating with government entities, the exchange of experience between the two sectors providing a strong and well-prepared barrier against the growing complexity of the security threats.
The partnership between the public and private sectors
The cooperation between the private and public environments in order to ensure cyber security is a major priority direction of the National Defense Strategy for the period 2015- 2019, with emphasis on Romania's cooperation with the international organizations in this field. A good partnership between the two environments implies a series of guidelines:
Trust-based cooperation between the state and business at all levels; Increased level of protection of cyber infrastructures by correlating the taken
measures with the available resources from the public and private sectors15. The evolution of technology to globalized environments and the trend towards
centralized data structures serving multinational hubs expose the private environment to cyber vulnerabilities. The obligation to regularly audit systems and analyze the degree of protection against the penetration of the IT network in the banking environment makes it one of the most developed areas in terms of IT security. Their association with state entities in the matter of cyber security has generated considerable progress in this area, banking environment being an example of cooperation and collaboration between private companies and governmental entities. SMEs risk awareness is much lower, being encouraged by the lack of legislation inforce which could impose a minimum standard of information security. Considering the economic climate and its numerous confrontations, governmental institutions have a key role to play in enhancing collaboration between the two sectors, but also in creating cyber security tools by which the private sector can develop in a competitive and sustainable way.
Conclusion
The evolution of the society in recent years led to a growing dependence on technology. The presence of technology at all levels, from simple phone use to complex defense systems designed to prevent potential threats, has increased the need to ensure virtual environment security. Easy access to information, coroborated with anonymity provided by the Internet, has transformed it into an environment conducive to hybrid threats, which laid the foundation for its recognition as an active military operational environment, counteracting the strategic network penetration attacks becoming a national target.
The migration of the business environment to the virtual environment and the expansion of the private information networks together with the increasing number of cyber attacks at national and European level determined Romania and the European Union to develop defense strategies designed to provide a legislative and functional framework for the entities involved in the fight against cyber threats.
The current geopolitical context fosters nationwide cyber-attacks, and their concealment can be achieved only through a sustainable coalition between the private and public environments. In this respect, it is necessary to allocate budgets meant to support the partnership between the two sectors and to provide the military institutions with access to the latest technologies. Continous training and preparation, but especially the use of military tactical expertise based on the experience in operational areas are indispensable in ensuring national cyber security.
Collaboration with OSCE and ENISA member states and active participation in international projects opens the opportunity for proactive defense. Considering the global
15 Strategia Natională de Apărare 2015-2019.
180
political context, the recent paradigm shift and the excessive development of darkweb as a possible threat on national security and safety that affects all EU states, ensuring cyber security becomes one of the more important national targets.
BIBLIOGRAPHY
1. Rosenzweig, Paul. Cyber warfare: How Conflicts in Cyberspace Are Challenging America and Changing the World. Santa Barbara: Praeger, 2013.
2. Internet World Stats. December 31, 2017. https://www.internetworldstats.com/stats.htm (accessed February 17, 2018).
3. Asociația Națională pentru Securitatea Sistemelor Informatice. Cod de bune practici pentru Securitatea Sistemelor Informatice și de Comunicații. Bucuresti, 2012.
4. Miller, Frederic P., Agnes F. Vandome, și John McBrewster. Morris Worm: Computer worm, Internet, Computer Fraud and Abuse Act, Robert Tappan
Morris, Weak password, Unintended consequence, Denial of service. Alphascript Publishing, 2010.
5. Mendez, Fernando. „The Governance and Regulation of the Internet in the European Union, the Unites States and Switzerland: A comparative Federalism Approach.” European University Institute. European of Political and Social Sciences, March 2017.
6. Whittaker, Jason. The Cyberspace Handbook. New York: Routledge, 2004. 7. Wolfgang Zellner (co-ordinator), Threat Perceptions in the OSCE Area.
http://www.osce.org/networks/118080?download=true, OSCE Network of Think Tanks and Academic Institutions, 2013.
8. European Commission. „Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace.” https://eeas.europa.eu. 7 February 2013. https://eeas.europa.eu/archives/docs/policies/eu-cyber- security/cybsec_comm_en.pdf (accesat 2 17, 2018).
9. European Commission. http://europa.eu. 7 February 2013. http://europa.eu/rapid/press-release_IP-13-94_ro.htm (accesat February 15, 2018).
10. European Commission. http://ec.europa.eu. 8 May 2017. http://ec.europa.eu/epsc/publications/strategic-notes/building-effective-european- cyber-shield_en (accesat February 5, 2018).
11. Adminstrația Prezidențială. „Strategia Națională de Apărare a Ţării pentru perioada 2015 ‐2019.”www.presidency.ro.2015. http://www.presidency.ro/files/userfiles/Strategia_Nationala_de_Aparare_a_Tarii _1.pdf (accesat January 18, 2017).
12. Administrația Prezidențială. „Strategia Națională de Apărare 2010.” www. ccpic.mai.gov.ro. 2010. http://ccpic.mai.gov.ro/docs/Strategia_nationala_de_aparare.pdf. (accesat January 10, 2018).
13. Long, William. http://www.computerweekly.com. September 2014. http://www.computerweekly.com/opinion/What-to-expect-from-European-NIS- Directive (accesat February 5, 2018).
14. Guvernul României. „Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică a României şi a Planului de acţiune la nivel naţional privind implementarea plementarea.” Monitorul Oficial, 2013.
181
15. Centrul Național de Răspuns la Incidente de Securitate Cibernetică. „Raport cu privire la alertele de securitate cibernetică primite de CERT-RO în cursul anului 2013.” https://cert.ro. 2013. https://cert.ro/vezi/document/raport-alerte-primite- cert-ro-2013 (accesat January 10, 2018).
16. Centrul Național de Răspuns la Incidente de Securitate Cibernetică. „REPORT on cyber security alerts processed by CERT- RO in 2016.” https://cert.ro. 2016. https://cert.ro/vezi/document/Report-2016 (accesat January 10, 2018).
17. Ministerul Comunicațiilor și Societății Informaționale. www.comunicatii.gov.ro. 25 May 2016. https://www.comunicatii.gov.ro/cert-ro/ (accesat February 17, 2018).
18. Centrul Național de Răspuns la Incidente de Securitate Cibernetică. Minarea de criptomonedă - o nouă metodă de monetizare a atacurilor asupra site-urilor și
aplicatiilor web. 12 January 2018. https://cert.ro/citeste/criptomoneda-minare- webiste-romania-coinhive (accesat February 17, 2018).
19. Centrul Național de Răspuns la Incidente de Securitate Cibernetică. CERT-RO lansează proiectul “Enhanced National Cyber Security Services and Capabilities
for Interoperability – eCSI”. 14 February 2018. https://cert.ro/citeste/cert-ro- lanseaza-proiectul-enhanced-national-cyber-security-services-and-capabilities- for-interoperability-ecsi (accesat February 17, 2018).
20. Centrul Național de Răspuns la Incidente de Securitate Cibernetică. CERT-RO a participat la exercițiul cibernetic european Cyber SOPEx 2018. 31 January 2018. https://cert.ro/citeste/cert-ro-cyber-sopex-2018 (accesat February 17, 2018).
21. Singer, Peter Warren, și Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. New York: Oxford University Press, 2014.
182
Reproduced with permission of copyright owner. Further reproduction prohibited without permission.