What do we mean by cyber norms? Are they changing?
The purpose of cyber intelligence is to collect information of potential cyber threats, to assess one’s own vulnerabilities, to mitigate riisks created by those vulnerabilities, to assess others’ vulnerabilities and to act upon them as necessary. To do this one must focus on identifying the adversary infrastructure and adversary agents,capabilities, intentions, and ongoing actions. As noted by the Intelligence and National Security Alliance, "effective cyber intelligence will begin to enable predictive, strategic warning regarding cyber threat activities, mitigate risks associated with the threat, enhance our ability to assess the effects of cyber intrusion, and streamline cyber security into a more efficient and cost effective process based on well informed decisions (INSA 2011).
The Cyber Intelligence Community
It’s a not as easy as you might think to decide what professions are part of the cyber intelligence community. Of course it includes government officials and analysts focusing on cyber security. However, it also includes some telecommunication and internet providers, Computer Emergency Readiness Teams, and private companies involved in cyber security. Those who work on cyber intelligence must have the same basic skills as others who work in int intelligence. The intelligence tactics, techniques, and procedures (TTPs) that are used in all types of intelligence are applied to cyberspace as well. However, there are also additional skills such as advanced technical abilities, and these skills must be updated constantly. The government has not been as successful at recruiting people with these types of skill sets. One agency that does have a solid pool of talent is the Information Assurance Directorate (IAD) at the National Security Agency. There has been a good deal of attention to the need for more people with such expertise in cyber security. What is often neglected in the discussion is the need for policy analysts and thought leaders who have those skills but also understand them in the context of global security.
Technical skills alone are important for those working at the tactical level. However, it is crucial at the strategic level we have people who can understand and plan for cyber attacks.As with nuclear specialists or space they need to move beyond how to do something to why and when to do it. Divorcing cyber skills from the broader knowledge needed for strategic thinking will lead to mission confusion, ad hoc decision making and poor communication because the computer guys don’t speak the same language as the policy guys running the show. Scientists and engineers who want to be advanced practitioners must study policy and policy makers who want to truly lead must know the technical side.
Understanding the political and policy l implications requires a solid understanding of political science and international relations. Advanced practitioners need to have studied constitutional rights, national and international court cases, and the tension between cybersecurity and various components of human security
it's important to remember that the goal of cyber intelligence is not just so that a particular government can protect itself, but also so that it can increase its on cyberpower. Degrees of cyberpower may be obtained throuItgh intelligence collection that allows a state to exploit offensive or defensive tools that an adversary may possess or through disruptive technology that deprives the adversary from effectively operating within the environment or domain.
Espionage may be committed by governments such as China through its use of specialized units trained to obtain information which may provide a military or industrial advantage or edge. North Korea and China are fairly well recognized for their direct and indirect acts of espionage. A report issued by the Mandiant Corporation identified approximately 20 groups operating in China that represent an ongoing advanced persistent threat in relation to cyber-espionage. However, perhaps the greatest known threat of espionage is commonly attributed to the People’s Liberation Army of China Unit 61398. The size of the unit, in manpower estimates, runs from the hundreds of personnel to over a thousand (Mandiant, 2013). The attacks attributed to the unit have been so pervasive and wide spread they have established attacks in numerous sectors to include: health care, legal, food and agriculture, chemical, high-tech electronics and navigation just to name a few. Their tools of the trade include malware and the use of distributed networks utilizing command and control servers across the globe.
1. Hackers (structured and unstructured.
2. Industry competitors
4. Terrorist groups
5. Lone Wolf Terrorists
7. Government Agents
One challenge is the lack of clear communication between industry and government when it comes to cyber intelligence. Obviously clearance is an issue but even when industry folks have the correct info they rarely get it in a prompt manner. There are legal and contractual reasons why industries may not be able to share information.
Computer and telecommunications networks are a core part of the national infrastructure and include electric power grids, the flow of financial data, financial markets, military and civilian aviation systems, critical first-response systems, military response systems and information systems. These are obviously key parts of national security that must be protected from cyberattacks. Federal agency and military computer systems are frequently targeted by domestic and foreign sources, as are U.S. lawmakers. Policymakers have implemented a number of programs to protect U.S. information infrastructure, such as the National Strategy to Secure Cyberspace of 2003, the ‘Einstein Program’ of 2003-U.S. Computer Emergency Readiness Team (US-CERT), and the Comprehensive National Cybersecurity Initiative of 2008 (CNCI). The IC is also active in preventing attacks and protecting information infrastructure. Interestingly, there have been reports that the Einstein Program may expand critical infrastructure and monitor private networks for malicious intrusions. This will raise privacy concerns.
People have the right to be left alone and to be excluded from publicity. These are rights that are protected by law in most democracies. Privacy laws include how the state handles personal information. Privacy is closely related to autonomy and freedom, which can naturally be taken away should an individual be suspected of or proven to be involved in criminal and terrorist behaviors. Privacy relates to four areas: 1) Communications, 2) Information, 3) One’s possessions, and 4) One’s body and health.
Legally, the desire for privacy must be expressed, otherwise no desire for privacy is assumed. For instance, if you have a conversation with somebody and you do not ask them to keep it confidential; they are under no inherent obligation to do so. The same applies to trade secrets.
Technology has made it easier to exclude people from accessing information in some cases, such as by the use of passwords, but naturally, technology has also made it easier to access private information. The panopticon phenomenon refers to the feeling of always being watched, and the resultant fear and anxiety that is generated, while the loss of privacy translates to a loss of freedom, dignity and spontaneity.
The panopticon phenomenon exists because e-mails can be intercepted, people can be monitored, databases are frequently merged by organizations, and people’s private information is shared amongst organizations. Store cards track people’s spending patterns, hackers break into computer systems, identity fraud is increasing, and attempts to prevent digital information from being decoded are made. Moreover, infopreneurs trade in private and personal information.
Importantly, people have a right to be free from intrusion and interference. However, if private or personal information has been made public, it is no longer legally seen as private. Finally, people must have the opportunity to verify information that was obtained about them, no unnecessary information should be gathered, and information that is no longer necessary for the purposes it was collected for, should be destroyed. Information must be kept confidential.
According to the European Convention on Human Rights (ECHR), that the right to privacy is a qualified right that depends on circumstances of public interest such as national security, public safety, protection of the rights and freedoms of others, and the prevention of disorder. Due to the fine balance between rights and security, the ECHR further outlines that with respect to the right of privacy, exceptions can be made as long as intrusions are legal, proportional, the last resort, accountable whereby they are authorized and monitored, and records are kept, and have finality in that the information is used for the purposes it was obtained for.
Information operations (IO) disrupt enemy information systems and protect U.S. information systems. Due to technological developments across the globe, terrorists and foreign spies use computer network attacks, such as hacking and cyberattacks, to attack the United States. While these technological attacks against the U.S. have become prolific, domestic and international laws have not kept up. While the U.S. obviously needs to patrol these kinds of attacks in order to prevent them, the lack of debate and legal development have resulted in the ethical and societal issues being faced today around public privacy and civil liberty rights.
Every facet of life today relies on technology. From food production and delivery, to water treatment and financial systems, society relies on technological information systems. National security thus extends far beyond just military concerns, and includes the business, government and civilian services we take for granted on a daily basis. Naturally, the military and all national security matters also rely heavily on high-tech systems.
Weapons systems, communications systems, command and control systems, targeting systems, laser range finders, vision enhancement and global positioning, all depend on high technology systems. The military Secret Internet Protocol Router Network (SIPRNET) and the Non-classified Internet Protocol Router Network (NIPRNET) allow for the global and instantaneous distribution of vital information across U.S. operations. These capabilities however, also pose an immense threat and operational vulnerability to the U.S.
Critical Infrastructure Protection
The need to protect these technological systems is obviously of utmost importance to the whole nation, not just to national security agencies. The nation’s complete dependence on technology makes it a prime target for terrorists and other enemies.Information assurance (IA) is the part of IO that protects U.S. information systems against threats. The National Information Infrastructure (NII) was created by President Clinton’s 1996 Executive Order 13010, to protect critical U.S. information technology systems.
Critical Infrastructure Protection warns about and responds to infrastructure attacks. The FBI is responsible for coordinating NII protection in government, civilian and industrial organizations. The National Infrastructure Protection Center (NIPC) was established by the FBI to coordinate national responses to cyber-crime.
Information Operations comprises five primary capabilities that are used for offense and defense
Offensively, these capabilities are used to influence enemy decision makers and achieve certain objectives. Perception management action use OPSEC, PSYOPS and military deception to limit the information enemies have about U.S. plans through classifying and safeguarding information. Perception management causes enemies to respond in desired ways by influencing their perceptions. This is achieved by feigning military maneuvers, concealing actual military maneuvers, and distributing false information and propaganda, such as hacking into websites and distributing leaflets. EW is used to destroy enemy information systems and to degrade enemy capabilities.
Defensively, these capabilities are used to coordinate personnel, technology, policies, procedures and operations, in order to protect friendly information systems and infrastructure. Network monitoring and defense and counterintelligence operations, as well as enemy perception management are also used in defensive IO.
Ethical and Legal Issues
Civilian and military targets have largely become indistinct, because the Department of Defense’s communications, as well as those of enemies, use communication systems that are owned and operated by civilians. These systems can thus be referred to dual-use systems, which obviously lead to a number of legal and ethical problems in which security demands and civil rights clash.
High-tech systems have also blurred the line as to what military targets are. For instance, enemies use technology to target utilities and other civilian facilities, while the U.S. must grapple with the ambiguous, complex onslaught of terrorism that uses unconventional methods of attack, in the context of both a peacetime and wartime framework.
The Ethics and Legalities of Wartime Information Operations
Information Operations in the context of wartime is easier to delineate, because in wartime, the U.S. has far less restrictions on its ability to diminish the enemy’s capacity to conduct war, and the U.S. population is far more likely to support its actions. The U.S. would be justified in attacking enemy utilities and facilities, and could use IO to render them inoperative rather than physically destroying them. This is a huge advantage when enemies use noncombatants to shield strategic targets, just as Saddam Hussein did in the Gulf War. Moreover, once the war is over, the facilities can be repaired far more easily than if they were physically destroyed. Thus, enemies could realize that the U.S. does not wish to destroy their country, but that it rather aims to end hostilities.
However, the United Nations Resolution 2284-10 November 1975 states that technology should not be used to violate the territorial integrity and sovereignty of states, while Article 54 of Protocol 1 states that a nation may not interfere with objects that are indispensable to civilian survival such as water and food supplies. The values that nations hold determine how they utilize non-lethal technology weapons to pressurize enemies.
It has also been argued that it is legally easier to use lethal force than non-lethal IO actions, which currently require substantial legal authorizations before they are permissible. Moreover, the rules of engagement as they refer to IO are underdeveloped, and need to be debated and instituted on an international level. Currently, nations are only restrained by their ethical and moral values.
INSA. 2011. Cyber Intelligence: Setting The Landscape For An Emerging Discipline.