sábado, 11 de junio de 2011

074 CDS 11 E - INFORMATION AND NATIONAL SECURITY by Lord Baron JOPLING, General Rapporteur

NATO Parliamentary Assembly

I. 

 INTRODUCTION 

II.  THE INFORMATION AGE AND THE NOTION OF SECRECY IN INTERNATIONAL RELATIONS

     A.  THE “CABLEGATE” 

     B.  REACTION TO THE LEAKS 

     C.  TRANSPARENCY VS. SECRECY 

III.  DIGITAL (H)ACTIVISM 

     A.  THE PHENOMENON OF HACTIVISM 

     B.  THE ROLE OF THE SOCIAL MEDIA 

IV.  CYBER ATTACKS AND CYBER DEFENCE   

     A.  TYPES OF CYBER ATTACKS 

     B.  NATO AND CYBER DEFENCE 

V.  INFORMATION AND CYBER SECURITY: OPTIONS FOR THE INTERNATIONAL COMMUNITY AND NATO 

 

____________________________________________________________________________________

 

 


I.    INTRODUCTION 

1.             The ongoing information revolution poses a series of political, cultural, economic as well as national security challenges. Changing communications, computing and information storage patterns are challenging notions such as privacy, identity, national borders and societal structures. The profound changes inherent in this revolution are also changing the way we look at security, often in unanticipated ways, and demanding innovative responses. It is said that because of this revolution, the time it takes to cross the Atlantic has shrunk to 30 milliseconds, compared with 30 minutes for ICBMs and several months going by boat.[1] Meanwhile, a whole new family of actors are emerging on the international stage, such as virtual “hactivist” groups. These could potentially lead to a new class of international conflicts between these groups and nation states, or even to conflicts between exclusively virtual entities.

2.             One of the most fundamental characteristics of the Information Age is its ability to connect. In this regard, the main tool is the Internet and the fact that its storage capacity is currently doubling every 12 months.[2] Interconnectivity is now central to government offices, critical infrastructures, telecommunications, finance, transportation, and emergency services. Even where communication and data exchanges are not routed through the Internet, they still, in many cases, use the same fibre optic cables.[3]

3.             Despite its inherent advantages, this dependence on information technology has also made state and society much more vulnerable to attacks such as computer intrusions, scrambling software programs, undetected insiders within computer firewalls, or cyber terrorists. The Internet is inherently insecure as it was designed as a benign enterprise of information exchange, a decentralized patchwork of systems that ensures relative anonymity. It is ill-equipped to trace perpetrators or to prevent them from abusing the intrinsic openness of the cyber domain. In this context, the key national security dilemma of the Information Age is how to create an effective and transparent government, which, at the same time, is also able to protect its citizens and vital national interests. Furthermore, in this Information Age, the North Atlantic Alliance faces a dilemma of how to maintain cohesion in the environment where sharing information with Allies increases information security risks, but where withholding it undermines the relevance and capabilities of the Alliance.

4.             It is a critical time for the NATO Parliamentary Assembly (NATO PA) to discuss cyber security, as the Allianceis working on a comprehensive cyber strategy to be announced in June 2011. The Rapporteur hopes that some of the questions discussed in this report will be addressed by this forthcoming NATO document.

5.             This report will focus on three facets of the linkage between Information Age and national security. First, it will discuss the changing notion of secrecy in international relations. This issue was brought to prominence by the so-called “Cablegate” scandal. While the publication of classified diplomatic correspondence was not a result of a cyber attack, it is nevertheless directly linked to the information revolution: remarkable advances in data storage technology allowed one person to easily download colossal volumes of data that has taken the print media months, and possibly years, to digest and to publish.

6.             Second, the explosion of Internet usage is creating the phenomenon we refer to as “digital (h)activism”. Social media and other Internet-based communities are creating new, ad hoc and cross-border allegiances that can manifest themselves in a variety of positive (reinforcing civil societies in authoritarian countries) and negative (empowering hacker groups that attack those who do not share their political worldview) ways.

7.             Third, the report will discuss the challenge of direct cyber threats against states and, in particular, NATO’s role in cyber defence as one of the principal topics for the Euro-Atlantic community, particularly in the wake of the Lisbon Summit.

8.             The report will not address the specific issue of cyber crime. While cyber theft and child pornography are issues of grave concern for the international community,[4] they do not have direct national security implications and are addressed by a number of other international organizations, including the UN, EU, OSCE, OECD and G8. The Council of Europe Convention on Cybercrime – which requires its parties to criminalise a number of activities in cyber space relating to infringements of copyright, computer-related fraud and child pornography – is a particularly noteworthy initiative that has yet to be ratified by several NATO member states.[5]

9.             This report also represents the continuing effort by the Committee on the Civil Dimension of Security to discuss the issue of critical infrastructure protection within the Alliance. Cyber technologies are not only key enablers for systems such as energy generation or transport, but can themselves be considered as critical national infrastructure.

10.         The report also builds upon the contribution by other NATO PA Committees, particularly the 2009 Sub-Committee on Future Security and Defence Capabilities report “NATO and Cyber Defence” [173 DSCFC 09 E bis] by Sverre Myrli (Norway) and the 2007 Science and Technology Committee report “Transforming the Future of Warfare: Network-Enabled Capabilities and Unmanned Systems” [175 STC 07 E bis] by Sen. Pierre Claude Nolin (Canada).

II.  THE INFORMATION AGE AND THE NOTION OF SECRECY IN INTERNATIONAL RELATIONS

11.         This chapter will discuss the challenges of protecting classified information in the age of Internet. It will also outline the political and security implications of the “Cablegate” scandal that highlighted the inter-agency and international co-operation versus sensitive information security dilemma.

     A.  THE “CABLEGATE” 

12.         According to the September 11th attacks investigation, the US government failed to ensure adequate information sharing, which could have prevented the attacks (FBI failed to share details connected to an al-Qaeda operative, who later proved to be key in uncovering the plot). As a result, representatives of the political elite, the military, and the financial world all pressed for wider sharing of classified information in order to increase operational efficiency in protection of the country. Therefore, the US government adopted a policy of information-sharing, which it applied to numerous US governmental institutions and agencies including the Department of Defense (DoD) and the State Department (DoS).

13.         This policy resulted in an exponential number of people obtaining access to classified information. Approximately 854,000 people now possess top-secret security clearances.[6] For almost 10 years now, embassy cables have been distributed through the SIPRNet (Secret Internet Protocol Router Network operated by the DoD), which has made them accessible to DoS employees all around the world, to all members of the US military and contractors with necessary security clearance. Eventually, several millions of people ended up having access to materials such as US diplomatic cables.[7] According to information-security experts familiar with the SIPRNet, the data-sharing system was not programmed to detect unauthorized downloading by anyone who had access to this pool of data. Thus, those in charge of the network design relied on those who had access to this sensitive data to protect it from abuse. These users were never scrutinized by any state agency responsible for the data-sharing system.[8]

14.         The US government’s post-9/11 policy on information-sharing received the most serious blow when the “anti-secrecy” organization WikiLeaks started publishing documents of different levels of confidentiality. Its first major release (April 2010) was a video of a US helicopter shooting into a crowd in Bagdad in 2007 which killed 18 people, including two Reuters journalists. Shortly after, the release of 77,000 documents allegedly revealing the realities of the Afghan war were made public, as well as almost 400,000 secret Pentagon documents on the Iraq war.[9] In November 2010, WikiLeaks published about 250,000 confidential US diplomatic cables, which provided US diplomats’ candid assessments of terrorist threats and the behaviour of world leaders.[10] Currently, the US authorities suspect that the material was leaked by Private Bradley Manning stationed in the Persian Gulf, who had downloaded the information from a computer inKuwait. He then passed these files on to the “whistleblower” organization, which made them public.

     B.  REACTION TO THE LEAKS 

15.         WikiLeaks has spurred public debate with each of its releases. Nevertheless, the November 2010 release of US diplomatic cables got the most aggressive reactions from politicians world-wide. In anticipation of the leaks, Secretary of State Hillary Clinton and her diplomats warned foreign officials about the upcoming leak days before the November 2010 release happened. Following the release, the White House[11] as well as the DoS were quick to denounce the leak and, as Secretary of State Clinton put it, characterised the cable disclosure as an “attack on both the United States and the entire international community”.[12] At a meeting with Secretary of State Clinton the day after the release, the Turkish Minister of Foreign Affairs (the largest number of cables came from the US Embassy in Turkey ) thanked Secretary Clinton for briefing him in advance about the leaks. The Iranian President, Mahmoud Ahmadinejad, hinted that a part of theUS government might have been responsible for releasing this sensitive material to satisfy its political objectives. The Iraqi Minister of Foreign Affairs expressed concern about the possibly destabilizing effect of the leaks on the already fragile political situation in Iraq. Both Afghan and Chinese political elites emphasized that the leaks will not damage their countries’ relations with the United States.[13]

16.         NATO condemned the leak and described it as “irresponsible and dangerous”.[14] In fact, the word “dangerous” dominated leaders’ press releases following the leaks in November 2010. They feared that publicizing identities of those co-operating with the US and NATO in unstable regions might compromise their cover and jeopardize their lives. Also, ongoing military operations and co‑operation between countries might be put at risk.[15] It is yet to be seen what the actual effect of the November 2010 cables leaks will be. It is hoped, however, that the released cables will not pose any more danger than the Afghan logs, which, according to Defense Secretary Gates, “had not revealed any sensitive intelligence sources and methods”.

Posted via email from apm35's posterous

No hay comentarios:

Publicar un comentario

 
Locations of visitors to this page