Development of international norms in cyber warfare a small country's perspective Adriana Dvorak, M.

.A Abstract: National cyber defense strategies evolve in legally weakly defined environment and settle important goals for protection of critical infrastructure. Jus ad bellum and jus in bello are two areas of international law which are particularly important for the development of international norm in cyberspace. Cyber warfare is bringing forward new actors, which are not subject to international law. Thinking in terms of cold war or nuclear deterrence proves inefficient to formulate a theoretical framework to deal with cyber threats because new actors will perform the role of civilian combatants in cyberwarfare. Regional powers and states that strive for bigger role in global governance are involved in many cyber events. The author found out that small states with no offensive foreign policy goals did not resort to offensive cyber warfare even if it would offer new options for achieving foreign policy goals. Two types of asymmetry significantly affect strategic relations in cyberspace: one is the asymmetry of information and another one is the asymmetry of values. Besides the two, institutional structures of the new actors and the public response to cyber attacks reflect the asymmetric nature of cyber conflicts as well. Vulnerabilities became the liabilities which must be taken care of regardless of the development of international norms governing cyber defense and cyber security. Only few of the internet threats become cyber defense threats spreading through social media. State actors will have to enhance the capability of digital engagement with non-state actors to detect the intention of certain groups to carry out hacking attacks. At the same time they will have to obey the basic principles of rule of law and criminal justice.

Keywords: asymmetry, cyber attack, cyber defense, digital diplomacy, increase of options,
non-state actors

Structure of the research paper 1 Actors and new actors in cyber warfare 2 Overlapping cyber crime and national defense rules 3 Evolving international norms 4 Zero sovereignty in cyberspace and asymmetric warfare 5 Influencing cyber activism by digital diplomacy 6 Motives of state actors and non-state actors 7 Conclusions and recommendations focusing on the needs of small countries

Development of international norms in cyber warfare a small country's perspective

1. ACTORS AND NEW ACTORS IN CYBER WARFARE
Recent questions on cyberwar and state malware heated up the discussion on norms in cyberwar, rules of engagement, neutrality, online activism, hacktivism, and privacy concerns. The paper contributes to the current debate from the small country perspective on the asymmetric warfare. National military doctrines build upon the use of cyber capabilities for reconnaissance, information operations, disruption of critical networks and services, cyber attacks as a complement to electronic warfare and information operations. Some countries include specific plans for informational and political operations. Others link cyberwarfare capabilities with the existing electronic warfare planning.1 Cyber warfare brought forward new actors which are not to be found in the classical armed conflicts where one military confronts another. Individuals became important for the cyber security (for example hacktivists, patriot hackers, online activists, organized cyber crime, terrorist organizations, and other autonomous actors), which are not subject to international law. In addition these individuals are not familiar with military ethics, laws of neutrality, might not have clear intent, do not follow the rules of hierarchical organization. In short, the international law has little or no effect on them. The paper will explore one motive for cyber attacks only, e.g. to gain the access to the systems or information important for the national economic or strategic objectives. The motive to gain the access precedes intentional attacks against the confidentiality, the integrity and the availability (CIA) of information communications technology (ICT) of a certain country.

James A. Lewis, Katrina Timlin, Cyber security and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization.

The variety of new actors suggests that they are hardly susceptible to the international law; they seem to be more susceptible to international criminal law which needs a corresponding norm in the national criminal code to be effective, e.g. cyber crime must be criminalised by national criminal codes. Non-specific international norms, which consequently lead to criminalization of widely acceptable behaviour of non-state actors through national criminal codes, increase the feelings of injustice, wrongdoings, and significantly alter the relations among national decision makers and political organisations. Decision makers and law makers will have to take into account that they are loosing popular support because of the wide scope of criminalization and democratic deficit which can finally affect their ability to influence the decision making and political processes as in the case of Anti-Counterfeiting Trade Agreement. There are three groups of actors involved in cybercrime: criminals, hactivists and nation-states. Due to the nature of the actors on one hand and the importance of the target on the other, we can draw a conclusion that specific cyber security strategies should be separated from cybercrime strategies, even if synergies and complementarities exist. The governments are responsible for drafting cyber defense strategies; militaries are responsible to define the objectives and appropriate measures to achieve them. The governments are also hold responsible for success of private-public partnership and cooperation of the stakeholders. The nature of cybercrime and the legal issues are global and we can expect the states to collaborate in the development of international cyber crime norms. Cyber crime affects their economies therefore we can expect that the efforts will be taken to ensure the harmonization of legislation in the individual countries through the international organizations, such as International Telecommunications Union (ITU), INTERPOL, United Nations Office on Drugs and Crime, Groups of States (G20, G8), North Atlantic Treaty organization (NATO), Council of Europe (COE), Organization of American States, Asia Pacific Economic Cooperation, The Organization for Economic Cooperation and Development, Organization for Security and Cooperation in Europe (OSCE), European Union, etc. The author follows Dan Kuehl definition of cyberspace From Cyberspace to Cyberpower: Defining the Problem: Cyberspace is a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via interdependent and interconnected networks using informationcommunication technologies. Cyberpower is the ability to use cyberspace to create advantages and influence events in all the other operational environments and across the instruments of power.

2. OVERLAPPING CYBER CRIME AND NATIONAL DEFENSE

RULES

The objective of the research paper is to analyse the power of the new actors in the asymmetric warfare. International norms and codes of conduct are under development for the state behaviour and should primarily aim at preventing conflicts between the states in cyberspace. At the moment cyber defense activities are not as heavily criticized in general public as cyber crime activities criminalizing different online and offline behaviour of the individuals. Massive surveillance infringes human rights and privacy rights of citizens. In addition we are experiencing that penalising intellectual property rights (IPR) infringement on massive scale does not enjoy the popular support and it has already altered the political scenery in Europe.

Figure 1. Cybercrime and cyber security strategies, Alexander Seger, Octopus conference 2011, COE

Cyber security stands for protection from intentional attacks against and by means of computers, any crime involving electronic evidence on a computer system. As a principle it is a subject of national criminal laws together with international

criminal law and international norms in the field of communications technology. Punishment comes after the crime has been committed. In opposition to cyber security cyber defense stands for protection of critical infrastructure, not just any computer network.

3. EVOLVING INTERNATIONAL NORMS

General thesis is that the states had been confronted with the zero sovereignty in cyberspace 2 which affected their views on the structure of power in the international relations. They try to overcome the state of zero sovereignty by making proposals and negotiation on the international norms governing the cyberspace (ITU, OSCE, COE, European Union, and NATO). The COE definition in the Convention on Cybercrime is sufficiently flexible to address the technology that goes beyond traditional computer systems. It includes mobile telephones that have the capability to produce process and transmit data, such as accessing Internet, sending e-mail, and transmitting attachments.3 Simultaneously national doctrines emerge which are cutting out the national rules
Politicization of digital tools: Dr. Milton Mueller, professor at the School of Information Studies (Syracuse University), IFRI. 3 Article 2 - Illegal access: the access to the whole or any part of a computer system without right. A Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system. Article 3 - Illegal interception: the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system. Article 4 - Data interference: the damaging, deletion, deterioration, alteration or suppression of computer data without right. Article 5 - System interference: the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data Article 6 - Misuse of devices: the production, sale, procurement for use, import, distribution or otherwise making available of: a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2-5; a computer password, access code, or similar data by which the whole or any part of a omputer system is capable of being accessed, with intent that it be used for the purpose of committing any of the offences established in Article 2-5, and b. the possession of an item referred to in paragraphs (a) (1) or (2) above, with intent that it be used for the purpose of committing any of the offences established in Articles 2-5.
2

based on national values, beliefs, and experiences. Lewis and Timlin reviewed policies and organizations of 133 states and roughly divided them into three groups of states. The first one comprises of 33 state that include cyberwarfare in their military planning and organization, in the second group of 26 states there is no public discussion of a military role in cyberspace, and 12 states plan to create specific military commands dedicated to cyberwarfare.4 The development of the international norms depends on the national cyber doctrines of the big states 5 which are also the forerunners in formulating the national doctrines, as well as at initiating the cyber warfare issues at the international institutions. The big actors behaviour is important for the development of the international norms however attention has to be devoted to the small actors behaviour as well. Cyber attacks and cyber warfare significantly increase the military options of the small states that have to be governed appropriately through multilateral mechanisms. One question is crucial: under which circumstances the state has the right to strike back?

Communications law Communications society

International criminal law Criminal law

Law of Armed Conflict Law of Armed Conflict

Figure 2. Regulation of international and national cyberspace, adopted from Marc-Arno Hartwig and Radomir Jansky, DG Home Affairs, SEDE meeting on 15 June 2011 - cyber attacks

4 James A. Lewis, Katrina Timlin Cyber security and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization, Center for Strategic and International Studies 5 For the purpose of the paper the big states in Europe are those that account for 75% of NATO budget (France, Germany, and United Kingdom). United States, China, Russia, Japan belong to the same group of big states.

Up to now international community has not reached an equivocal interpretation of the existing rules and principles of the international law to the cyberwarfare. However it is possible to single out few areas of the international law that are particularly important for the development of the international norms in cyberspace. 1. Law governing the resort to force between the states (jus ad bellum) will have to illuminate the circumstances under which cyber operations amount for an internationally wrongful threat or use of force, an armed attack justifying the resort to necessary and proportionate use of force in self-defense, or a threat to international peace and security subject to UN Security Council intervention.

2. The law of neutrality will have to illuminate if belligerents can lawfully exploit the telecommunications infrastructure of neutral states for the purpose of cyber attacks. The responsibilities of the states neutral in a war will also have to be clarified in regard to non-state actors conducting attacks exploiting the resources of neutral states for example territory, infrastructure, financial services and individuals taking part in a conflict unwillingly or without informed consent. Dutch Council on International Affairs sought for a solution to shape the international legal concepts of sovereignty and neutrality in the cyberspace. The right of neutrality applies to the use of digital weapons and methods of warfare. It basically prevents the use by belligerent parties of computers or computer systems located on neutral territory, insofar as possible, as well as attacks aimed at computer networks or information systems located on neutral territory. It enables a neutral state to prevent a belligerent party from using computers and information systems that are located on their territory or jurisdiction. The sole transmission of data via a part of the internet located on neutral territory does however not result in violation or loss of neutrality.6 3. Under the law of armed conflict (jus in bello), here referred to as the international humanitarian law, cyber warfare must be distinguished from phenomena that are not governed by humanitarian law, namely cyber crime and
6

Matthijs R. Koot aka @mrkoot. Dutch Council on Int'l Affairs' Advise On Digital Warfare. Internet: http://blog.cyberwar.nl/2012/01/dutch-council-on-intl-affairs-advise-on.html, Jan. 22, 2012 Jan. 22, 2012

cyber terrorism. The focus will be on the rules and principles governing the conduct of hostilities. The rules governing the protection and treatment of persons in the hands of a party to an armed conflict will have to be developed having in mind that new actors will perform the role of civilian combatants in cyber warfare. Legal discourse within the international arena is not the search for some legal truth out there, waiting to be discovered. It is a practice that operates on the basis of common understandings and shared beliefs about the relationship governed by the rules in question. Thus interpretation of the international law is the search for an intersubjective understanding of the norm at hand. Norms governing cyber crime are in focus of several major international organisations, cyber warfare lies within the area of attention and authority of the UN and NATO. In regard to the development of the international norms we must touch upon types of conflict, having in mind the attribution problem. Still, there is a basic state vs. state situation, non-state actor vs. non-state actor, and state vs. non-state actor. Note that non-state actors are in fact new actors about whom we do not know much, who might not be armed in the classical sense, who are mercenaries or who are taking a part in a cyber conflict unwillingly. Because of the variety and unpredictability of new actors it is worth following the life span and other characteristics of the non-state actors that are involved in the most severe cyber attacks. The law of neutrality applies to the first situation state vs. state or to the international armed conflicts and it regulates coexistence of states at war and states at peace. In a way it is the attitude of impartiality adopted by third states towards belligerents and recognized by belligerents creating rights and duties between the impartial states and the belligerents. No declaration of neutrality is required which tells us that individuals and states that refrain from the hostile acts should not be object of the retaliation measures in case of cyber attack. Online activists, business and other non-state actors therefore do not represent the legitimate target as long as they refrain from the hostile acts. It is important however to be aware of the duty of the neutral states to refrain from participating in the conflict. The neutral states ought to implement measures to prevent the citizens to participate in the conflict and to issue the rules of on-line conduct. The state must prevent belligerents from committing violations of the neutrality of the territory, including use of force if necessary. In the authors view it is important to create the institutions that will enable winwin situation for the participating actors based on the need to control unpredictable variety of threats. Motives for cooperation highly depend on the assumption of what are the gains from the unilateral action, estimation of resources at hand, including knowledge available to the actor. Therefore the author recommends to political organizations such as NATO, COE, OSCE, to improve their collective action. Law addresses norms for cyber warfare, the obligations of states regarding

the application of offensive cyber capabilities, and the applicability of existing laws of war and norms on use of force in cyberspace but it does not improve cyber defense capabilities as such.

4. ZERO SOVEREIGNTY IN CYBERSPACE AND ASYMMETRIC

WARFARE

For the small states the asymmetric warfare represents a good part of military and national history. Some of the states have realized only recently that their position in the asymmetry changed.7 They changed sides in asymmetric warfare by joining the alliance and at the same time acquired access to additional resources which taken altogether altered their point of view on global relations. Small states position in the asymmetry is further transposed by growing transnational security threats such as cyber terrorism and cyber crime; whereas we have to note that many analysts consider cyber attack in trans-Atlantic area as a very realistic security threat in 2012. Two types of asymmetry significantly affect strategic relations: one is the asymmetry of information and another one is the asymmetry of values. The institutional structures of the actors involved in the cyber conflicts as well as the type of public response to the cyber attack further reflects the asymmetric nature of cyber conflicts. Cyberspace differs from cyber infrastructure as the cyber infrastructure represents material basis of ICT and legally there is no doubt about the ownership, management and law that applies to the manufacturing, management and security of the physical infrastructure. For the cyber warfare purposes cyberspace can be thought of as the interconnection of human beings through computers and telecommunication, without regard to physical geography. It is however characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. Control over cyber infrastructure lies in the hands of its owners. Obviously cyber networks and cyberspace do not have such clear ownership structure, management rules or rules of conduct and no state is in a position to exert its' own law in the cyberspace. The states entered the cyberspace under equal conditions, which did
7

Damir rnec, Obveevalna dejavnost v informacijski dobi, Defensor, Ljubljana, 2011

not bestow any actor with particular set of rights or powers. Non-state actors and states entered cyberspace with the same amount of sovereignty which is zero, if we understand sovereignty as the exclusive right of an actor to exert certain functions for example having the monopoly over protection and defense of individuals. The right of states to protect their nationals in cyberspace is open for discussion as well as the right to protect so called national territories when it comes to cyberspace. The asymmetric warfare used to be defined as a conflict involving two states with 8 unequal overall military and economic resources; nowadays we should extend the definition to cover unequal resources in general thus covering the asymmetry of information and asymmetry of values. In the asymmetric warfare we can expect non-state actors to enjoy certain advantages because of the asymmetric nature of conflicts in cyberspace due to information and value asymmetry. Cyber attack can be launched from almost any place while disguising the location, the identity or the sponsor behind the attack. Applying the principles of military necessity, proportionality and distinction against terrorist cyber attacks will be especially challenging since the terrorists may be even more heavily embedded in the civilian population than usual when launching attacks.9 With the help of Recorded Future, a start up company headquartered in Cambridge, Masschusetts, we analysed cyber events related to major industrialized countries (G20) reported in online media during 2011 and compared the number of occurrences to the number of cyber events in smaller countries. Recorded Future's intelligence analysis tools help analysts understand trends in big data by harvesting and indexing unstructured content from more than 50,000 open web sources. Recorded Future organizes this information, delineates results over interactive timelines, visualizes past trends, all while providing traceability back to sources.

8 9

Thaza V. Paul, Asymmetric Conflicts: War Initiation By Weaker Powers 20, 1994. Mission impossible? International law and the Changing Character of War, John F. Murphy

Figure 3. States and governments hacked in 2011, Recorded Future, https://www.recordedfuture.com/rf/s/5PX9T7

From the collected data we can draw a conclusion that China, Iran and US lie at the centre of hacking cyber activities let it be from the institutional, legal or cyberwar aspects. All together 14 hacking events in 2011 were related to US and its firms, and 9 to China on the second place, 7 to Islamic Republic of Iran on the third place. United Kingdom, Australia and Canada were related to 2 to 5 hacking events, whereas Netherlands had a kind of a record amongst small states with 5 events.10
In August 2011 Gmail users in Iran were affected by Man-In-The-Middle attacks. MITM attacks are sophisticated attacks, where a third party can effectively eavesdrop and monitor all communication between two parties, without either of them knowing that they are being eavesdropped upon. The
10

Taking into consideration that 60% of internet traffic worldwide traverses through US servers owned by private enterprise confirms the US trend based on the events from 2011. Nevertheless in the asymmetry US count among the advantages: resources as 10 of the worlds 13 root servers are in the US, a technological advantage as operating systems, databases, processors, microchips, network switching, and other core technology are property of American companies, hard power such as weapons development, investment, the training of talent, and the scale of armed forces.11

We can conclude from Figure 3. that the asymmetric warfare puts in the centre of activities big states, especially US, and the regional powers on the rise. American companies are the target number one as reported in online media during 2011. International consensus on the importance of cyber security for the global governance has not been reached yet. There are also significant regional differences in public perception of the importance of cyber attacks for the national economies, importance of privacy issues, and on export regulation of surveillance technologies to non-democratic regimes. Professional community vividly discusses the significance of cyber crime for the economy. Consensus on the importance of cyber security and cyber defense will be formulated earlier in the professional and business community than consensus within the international community. Variety of security threats grew exponentially alongside the probability of cyber attacks. Number of institutions that are entrusted with cyber security is particularly dense in Europe even if they are somehow over-involved with the strong principles of bureaucratic organizations. Structure of modern power is atomized giving disproportional power into the hands of individuals or small groups that can threaten much bigger actors especially if the institutional structures can not overcome the bureaucratic nature of the organization.

attacker Iran was able to get hold of a fraudulent certificate which is used for encrypting, issued by DigiNotar. DigiNotar, a Dutch certificate authority owned by Illinois based security company, filed for bankruptcy a month later. In 2012 Iran arrested many bloggers which might be a follow up of the DigiNotar case. 11 China Defense Daily, quoted by Adams Segal, Can US Deter Cyber War.

5. INFLUENCING CYBER ACTIVISM BY DIGITAL DIPLOMACY

Social media are affected by the common internet threats such as frauds, scams, spam, phishing, whaling, identity theft, malvertising and infections etc. Even more important they are also becoming the new tool of choice for the open source intelligence, state and non-state actors infiltration, social engineering, psychological warfare, surveillance and target acquisition (as demonstrated in Libya and during the Arab Spring). Social media platforms themselves have become a major infection vector and at the same time a digitalized weapon, even some sort of a battlefield, consequently a primary target for offensive mind. Social networks are intrinsically based upon a sense of trust between their members, their authentication methods are weak and true identity is not verified. Because of mobile devices and the consumerization of ICT which is spreading also among the military traditional defenses became less reliable. Members of social networks, users of services offered by internet companies are highly vulnerable for hostile purposes against people or ICT of a certain state. Attacks performed through the social networks are mostly performed at the semantic level, well above firewalls and malware defense. For example, in January 2012 #opmegaupload attacks were carried out by spreading a link on Twitter that, when clicked on, repeatedly redirected any computer to the target website. This tactics known as a DDoS attack is commonly used and the link was shared among unknowing international Twitter users at a rate of four times a second, often with no explanation other than that it relates to #operationmegaload. Only few of the internet threats become cyber defense threats spreading through social media. When they do, new issue becomes very important: are the state actors capable of digital engagement with non-state actors to detect the intention of certain groups to carry out hacking attacks. Digital diplomacy constitutes a part of public diplomacy, widening the diplomatic reach and influence by direct communication with civil society, governments and influential individuals. 12 For a small country it might pay off to include digital diplomacy in the overall cyber security and cyber defense strategies as one of the elements in the mix of cyber security activities.

12 Virtual diplomacy is social, economic and political interactions that are mediated through electronic means rather than face-to-face communication. Richard H. Solomon, The Information Revolution and International Conflict Management in Peacework n18, September 1997, United States Institute of Peace.

Cyber attacks on critical infrastructure are carried out via different hacking techniques13 and spread through social media. It is a challenge for military cyber commands to come up with appropriate mix of cyber activities that would provide an early warning. Objective of such endeavors is to minimize damage to the property with the help of social networks at the early stage. Besides simple tasks ambitious governments of regional powers could design far fetching political programmes based on digital engagement, perhaps establishing national freedom councils, mimicking virtual embassies, establishing phony LinkedIn groups and so on. Any technique or tactics must take into consideration that non-state actors are not aware of their role and the cooperation with the sponsor is happening without their consent regardless of the sponsors offensive or defensive role. In the past researchers tried to understand non-violent political actions described as swarming; seemingly amorphous, but deliberately structured, coordinated, strategic way to perform military strikes from all directions.14 The findings may serve well to plan cyber activities for defensive and offensive purposes. Let us remind that the actors do not share the methods of recruitment,15 militaries and ad hoc groups do not share constrains imposed by the institutional structure, and the states are missing the advantages of non-national characteristics of cyberspace. Only few organized individuals have the right to defend a country, let alone to carry weapons and legally use them. Cyber activism challenges this old privilege, blurs boundaries between the combatants and non-combatants, private public, neutral - belligerent. Political actors will further explore methods to find target audiences, inform them with differentiated content and engage them with messages and links directed against the final target websites or the computer networks.

6. MOTIVES OF STATE ACTORS AND NON-STATE ACTORS

Principles of threat deterrence, proxies, unilateral strike, and other preemptive measures occur in cyber defense doctrines. In case of preemptive strike, punishment is based on the circumstantial evidence or assumption that the act of
13

Such as broadband hacking, browsers hacking, email hacking, IP address tricks, Java scripts hacking, Linux hacking, mobile hacking, network hacking, phishing, remote administration, SEO softwares, server hacking, spoofing, SQL injections, Stealers, Trojans, USB hacking, virus & anti-virus, Windows hacking, wireless cracking, wireless hacking, backtrack hacking... 14 Swarming and the Future of Conflict by John Arquilla, David Ronfeldt, RAND 2005 15 Israeli army recruited patriotic hackers in 2011 whereas cyber jihadism in Europe had been active for longer period of time and follows different patterns of digital and real life engagement.

aggression will be committed. Such an offensive doctrine corresponds to cyber warfare doctrine and it separates the states in defense from the states on offense. All offensive states with the aggressive foreign policy goals obtained new and might tool to expand their policy options. Development of international norm should ensure that criminal justice and rule of law principles are taken into account, also in cyber defense strategies. Bilateral agreements might be more effective on the operational level however multilateral agreements as usual protect the weaker and should therefore promote acceptable safeguards rules for de-escalation of cyber conflicts, rules for prevention of Pearl Harbor, abuse of a national cyber infrastructure by another state actor for the cyber attack and alike. Governments ought to evaluate the challenges posed by asymmetric warfare and take the necessary measures to reduce their vulnerabilities. Vulnerabilities will always be an interesting target for the asymmetric actors, whether they are enemy states or non-state actors. When governments plan working partnerships, national share of responsibilities, intelligence activities, defensive doctrine and set up the institutional framework, attribution problem does not affect their strategies. Attribution problem matters only in case of retaliation and it should not stop them from planning national cyber defense systems as it affects the organization of a cyberpower within a state. Even if cyber activities offer new tools in the foreign policies of small states we can not conclude from Figure 3. that small states are leading the way in the international arena in regard to the formulation of international norms for cyber crime or cyber defense. In addition, data from European Intelligence Unit (EIU) sponsored by Booz, Allen, Hamilton indicates that big states are leading the way in the legal and regulatory framework. EIU considers cyberpower as the ability to withstand cyber attacks and to deploy the critical digital infrastructure needed for a productive and secure economy. Perhaps in the future it will include the small states in the research on cyberpower index as 2011 data covers activities of G20 states only. For comparison, SDA and McAfee published a report according to which small states Finland, Israel and Sweden rated very high in cyber-readiness. France and South Korea are on the 6th and 7th place of EIU cyber resilience list but we did not detect any major hacking event in these two countries in 2011.16 They seem to be stronger in terms of cyberpower and less involved in cybercrime. On the other hand, China, Russia, and India are lower on the cyber resilience list and higher on the list of cyber events. They seem to be more involved in cybercrime then they are able to withstand the cyber attack.

16

Frances finance ministry was targeted by cyber spies in December 2010 and the objective of the attack was to gain access to information related to the G20 meeting in 2011.

Medium sized regional powers are often involved in the cyber attacks described as hacking events as seen in Table 1. This is true for China and Russia. Keeping an eye on the BRICS activities in cyberspace looks a reasonable task for NATO cyber defense in the future. At the same time we must acknowledge that the cold war proxy concept will not help us to understand the cyber trends globally.

TABLE 1: CYBER EVENTS 2011

Non-state actors (mentions) Google 11 Sony Corp 11 DigiNotar 7 Lulz* 6 Facebook 4 Lockheed Martin 4 RSA 4 Twitter 3 Comodo 2 Huawei 2 VASCO Yahoo Adobe Anon* AntiSec* Cyworld DigitalOne Gannet McAfee Microsoft Sophos Wonderland Five * 2 2 1 1 1 1 1 1 1 1 1 1

States (mentions) United States China Islamic Republic of Iran United Kingdom Australia The Netherlands Canada Norway Mexico Japan Syria Russia Egypt United Arab Emirates Libya

6 6 6 3 2 2 1 1 1 1 1 1 1 1 1

Top 20 actors included in government and hack in 2011, Recorded Future * Anonymous association

Non-state actors from the Recorded Future database are mostly companies involved in hacking attacks either as victims or security companies. Data from Table 1. also leads to conclusion that further regulation of cyber security firms is substantiated by the sheer number of attacks on this group of non-state actors. Four

groups of anonymous agents have been identified. The author suggests more attention is devoted to different autonomous actors who use the same self descriptor Anonymous. What represented economical strength of a state, became an easy target in an asymmetrical war. Information communication technology affects the perception of reality, the perception of security threats, enables cyber crime in a way it affects the security of individuals, groups and states. Vulnerabilities became the liabilities which must be taken care of regardless of the development of international norm governing cyber crime or cyber security. Even symbolic value of civilian structures figures as a liability in cyberspace whereas assets are far less numerous. ICT contribute to acquisition and analysis of data in private and public domain and appropriate or even superior use of ICT for these purposes might account for an asset in cyberspace. In this case the power of information technologies augments the information power of a society and affects the power of an actor. Again small states seem to profit proportionally more from the ICT then big states as they can increase the information power or soft power of a state on account of weaker hard power.

7. CONCLUSIONS AND RECOMMENDATIONS FOCUSING ON

THE NEEDS OF SLOVENIA

There is a need to reconsider cyber security concepts and to bring together cyber defense and cyber crime strategies. The author recommends the embedded expertise approach for cyber defense strategy as human resources are insufficient in the small states to form effective cyber troops that would receive appropriate training for military purposes only. Additionally the author recommends that national security priorities for 2012-2015 take an account of cyber threats in the international community. Some of the priorities could be formulated around situation awareness, crisis management, pooling and sharing with EU and NATO, national maritime and aerial security as a part of EU maritime and aerial security, and creation of military cyber defense command. On the policy level synergies and complementarities between the cyber defense strategies and cyber crime strategies have to be pursued in the National Security Council. This body is also responsible to initiate the process of formulating the strategies. Membership of the National Security Council should be further expanded to other stakeholders, namely to private sector, including security firms and professionals, management of private and public critical infrastructures,

researchers in the relevant fields of academia, and CERT. On the operational level CERT might obtain additional tasks from National Security Council in order to provide new services to national situation awareness team. National Security Council ought to decide weather to handle cyber attack on the national level or to ask for support from the international organizations. As laid down by NATO Policy on Cyber Defense the alliance will provide coordinated assistance if an ally or allies are victims of a cyber attack reiterating that any collective defense response is subject to decisions of the North Atlantic Council. Official request to NATO should be authorized by Parliament. Any cyber attack carried out by Slovenian nationals should get parliamentary approval provided that the minimum requirements for cooperation are achieved. CERT within Ministry of Defense should be established by June 2012. Critical infrastructures should be identified by end of 2012 but the list probably will not be public.17 It is highly recommended that Slovenia participates at the NATO exercise Cyber Coalition 2012. To sum up, Slovenias legislature will have to undergo certain changes in communications law and criminal law. The scope of civil-military partnerships might change in the cyber defense area whereas new forms of cooperation should be fostered between the military and academia. National cyber strategy will have to go beyond pure science and technology. It must serve as a basis for the development of capabilities to operate in cyberspace and at the same time it must enhance national cyberpower in support of national security.

Acknowledgement The author would like to thank Christopher Ahlberg and Chris Holden from the Recorded Future for their generous offer to explore the Recorded Future application.
17

Ale Kotnik. Conference Informacijska varnost odgovori na sodobne izzive, Topic: Gronje in ranljivost kritine infrastrukture iz fizinega in kibernetskega prostora, Fakulteta za varnostne vede, Univerza v Mariboru, Ljubljana, Jan. 20, 2012.

References [1] Anderson Kent E. International Intrusions: Motives and Patterns 1994,1996Th is paper appeared in the Proceedings of the 1994 Bellcore/Bell South Security Symposium May 1994. [2] Arquilla John, Ronfeldt David. Swarming and the Future of Conflict by John Arquilla, David Ronfeldt, RAND 2005. [3] Burnett Jonny, Whyte Dave. Journal for Crime, Conflict and the Media 1 (4) 1-18 ISSN 1741 1580, Embedded Expertise and the New Terrorism Jonny Burnett University of Leeds Dave Whyte University of Stirling. [4] rnec Damir. Obveevalna dejavnost v informacijski dobi, Defensor, Ljubljana, 2011. [5] Denning Dorothy E. The Ethics of Cyber Conflict Draft of March 27, 2007 Introduction. [6] European Intelligence Unit, Booz, Allen, Hamilton. Cyberpower Index. [On-line]. http://www.cyberhub.com/CyberPowerIndex [February 8, 2012]. [7] Hartwig Marc-Arno, Jansky Radomir. CYBER ATTACKS A new threat to EUs security. DG Home Affairs European Parliament Security and Defence Subcommittee Meeting. 15 June 2011. [8] Hughes Rex B. NATO and Cyber Defence Mission Accomplished?, 2009. [9] Jensen, Eric Talbot, Sovereignty and Neutrality in Cyber Conflict (November 1, 2011). Fordham International Law Journal, Forthcoming. [10] Johnstone Ian. Security Council Deliberations: The Power of the Better Argument, 14 EUROPEAN JOURNAL OF INTERNATIONAL LAW 437, 44043 , 2003. [11] Koot Matthijs R. aka @mrkoot. Dutch Council on Int'l Affairs' Advise On Digital Warfare. Internet: http://blog.cyberwar.nl/2012/01/dutch-council-on-intl-affairs-adviseon.html, Jan. 22, 2012 [February 8, 2012]. [12] Kastelic Toni. Computer Investigation Centre, National Cyber Security Center. [Online]. Slovenia. http://elivinglab.org/CrossBordereRegion/DeRc/Presentations/Kastelic_Cyber security.pdf. [February 8, 2012]. [13] Kotnik Ale. Conference Informacijska varnost odgovori na sodobne izzive, Topic: Gronje in ranljivost kritine infrastrukture iz fizinega in kibernetskega prostora, Fakulteta za varnostne vede, Univerza v Mariboru, Ljubljana, Jan. 20, 2012. [14] Kragelj Primo. Cyber Security in a Cloud with Insight on the Slovenian Situation. [On-line]. Joef Stefan Institute Joef Stefan International Postgraduate School http://www.wseas.us/eJamova 39, 1000 Ljubljana Slovenia library/conferences/2011/Paris/ECC/ECC-49.pdf. [February 8, 2012]. [15] Lewis James A., Timlin Katrina. Cyber security and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization Center for Strategic and International Studies. [On-line]. http://www.unidir.org/pdf/ouvrages/pdf-1-92-9045011-J-en.pdf [February 8, 2012]. [16] Libicki Martin C. Cyberdeterrence and cyberwar, Project Air Force (U.S.), Rand Corporation, 2009 [17] Melzer Nils. Cyberwarfare and International Law. [On-line]. http://www.unidir.ch/pdf/ouvrages/pdf-1-92-9045-011-L-en.pdf. [February 8, 2012]. [18] Mueller Milton. Politicization of digital tools. [On-line]. Dr. Milton Mueller, professor at the School of Information Studies (Syracuse University), analyzes the politicization of digital tools, at an Ifri seminar on "The Internet in China and Russia", IFRI, http://www.ifri.org/?page=contribution-detail&id=6744&id_provenance=79&lang=uk. [February 8, 2012]. [19] Murphy John F. Mission impossible? International law and the Changing Character of War. In Pedrozo Raul A. Pete, Wollschlaeger Daria P. International Law Studies.

[20]

[21]

[22] [23]

[24]

[25]

[26] [27]

[28] [29]

[30] [31] [32]

[33] [34] [35] [36]

[37]

[38]

Volume 87. International Law and the Changing Character of War. Naval War College Newport, Rhode Island. 2011. Papanastasiou, Afroditi, Application of International Law in Cyber Warfare Operations (September 8, 2010). [On-line]. Available at SSRN: http://ssrn.com/abstract=1673785. [February 8, 2012]. Pedrozo Raul A. Pete, Wollschlaeger Daria P. International Law Studies. Volume 87. International Law and the Changing Character of War. Naval War College Newport, Rhode Island. 2011. Rauscher Karl Frederick, Korotkov Andrey. Working Towards Rules for Governing Cyber Conflict Rendering the Geneva and Hague Conventions in Cyberspace, 2011. Rubin Michael. Thoughts on the meaning of asymmetric threats. [On-line]. C.A.Primmerman, MIT, 2006, Lincoln Laboratory. http://www.aei.org/files/2007/05/31/20070502_AsymmetricalThreatConcept.pdf. [February 8, 2012]. Schjolberg Stein. The History of Global Harmonization on Cybercrime. [On-line]. Legislation The Road to Geneva December, 2008 http://www.cybercrimelaw.net/documents/cybercrime_history.pdf [February 8, 2012]. Seger Alexander. Cybercrime and cyber security strategies. [On-line]. Octopus conference 2011, Discussion paper: Cybercrime Strategies Prepared by Global Project on Cybercrime, Octopus Conference on Cooperation against Cybercrime, (Strasbourg, 21-23 November 2011). COE www.coe.int/octopus. [February 8, 2012]. Solomon Richard H. The Information Revolution and International Conflict Management in Peacework n18, September 1997, United States Institute of Peace. SDA, McAffee. Cyber- Security: The vexed question of global rules. [On-line]. http://www.mcafee.com/hk/resources/reports/rp-sda-cyber-security.pdf?cid=WBB048 January 27, 2012 [February 8, 2012]. krubej Janez. Hladna vojna in bitka za informacijsko tehnologijo. Pasadena, Ljubljana, 2008. Report to Congress on Foreign Economic Collection and Industrial Espionage, Office of the National Counterintelligence Executive. [On-line]. October 2011 http://www.dni.gov/reports/20111103_report_fecie.pdf. [February 8, 2012]. Thaza V. Paul, Asymmetric Conflicts: War Initiation By Weaker Powers 20, 1994. Watts, Sean, Combatant Status and Computer Network Attack (August 3, 2009). Virginia Journal of International Law, Vol. 50, No. 2, p. 392, 2010 . China Defense Daily, quoted by Adams Segal, Can US Deter Cyber War, http://thediplomat.com/flashpoints-blog/2012/01/12/can-u-s-deter-cyber-war/. [February 8, 2012]. Defending the networks. The NATO Policy on Cyber Defence - 4 Oct. 2011. The UK Cyber Security Strategy. Protecting and promoting the UK in a digital world. 2011. Council of Europe. Convention on cybercrime. [On-line]. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm. [February 8, 2012]. Council of the European Union. Conclusions on Critical Information Infrastructure Protection, Achievements And Next Steps: Towards Global Cyber-Security, Brussels, 2011. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection. Protecting Europe from Large Scale Cyber-Attacks and Disruptions: Enhancing Preparedness, Security and Resilience, 2009. European Commission. Brussels, Communication from the Commission to the European Parliament and the Council, First Annual Report on the Implementation of the EU Internal Security Strategy, 25.11.2011.

[39] International Strategy For Cyberspace.

Prosperity, Security, and Openness in a Networked World, May 2011. [On-line]. http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cy berspace.pdf. [February 8, 2012]. [40] Wamala Frederick. International Telecommunication Union National Cyber security http://www.itu.int/ITU-D/cyb/cyber Strategy Guide. [On-line]. security/docs/ITUNationalCyber securityStrategyGuide.pdf [February 8, 2012]. [41] Kuehl Dan. From Cyberspace to Cyberpower: Defining the Problem. Information Resources Management College/National Defense University [On-line]. http://www.carlisle.army.mil/dime/getDoc.cfm?fileID=181 [February 8, 2012].