REGIONAL COOPERATION ON CYBER SECURITY : A DEEMED NECESSITY

Anupam Tiwari
Certified Ethical Hacker v8, ,Chartered Engineer,
GFSU Certified Cyber Security Professional,
CDAC Certified Cyber Security Professional,
B.E,M.Tech (Computer Science), PGERP,PGDIS,PGDBM
anupam605@gmail.com
______________________________________________________________________________
THIS ARTICLE HAS BEEN PUBLISHED IN PINNACLE : The ARTRAC
Journal,2017,Vol 16, ISSN 0972-4044
---------------------------------------------------------------------------------------------------------------------
“Clouds of a bloodless war are hovering over the world. The world is terrified by this... India
has a big role to play in this.” - Prime Minister Narendra Modi at inauguration of Digital India
Week, 1st July 2015

INTRODUCTION

Today cyber threats are bringing on progressively flagitious dangers to the economic system and
have been a cause of serious concerns to national security of countries across. Unlike the
mundane national security matters which have some kind of tailored and customized solutions
based on think tank of country, the cyber warfare threats presents itself as a unparalleled plebeian
threat to the globe with no certain solution even envisaged. These threats emerge globally
without any limitations of border fences, distances, and demography, not restricted to any
country or tribe. The global outreach of internet and panoptic nature of cyber-terrorisms further
make the umpteen endeavors to adjudicate crimes only reactive and not proactive. Add to this
cross border policies, inter country relations, differences amongst global matters and conflicting
boundaries only make the matters worse towards conciliating this giant threat.

Cyberspace has persisted in to expatiate beyond national boundaries, and its penetration and
exploitation by various countries have only seen an improving marked maturation. Therefore,
associated risks including cyber crimes are getting more grievous, widespread and globalized.
Cyber threats thus stand as a pressing global challenge confronting the international community
across.

THREAT LIKE NEVER BEFORE

Worldwide Threat Assessment report of US Intelligence Community for 2016 outranks “Cyber
and Technology” threats foremost ahead of Terrorism, Weapons of Mass Destruction and
Proliferation, Space and Counterspace, Counterintelligence Transnational Organized Crime,
Economics and Natural Resources and Human Security[1].

The cyber threat analysis carried out by most of the victim countries are firm on two facets:

Firstly, the Internet and Information Communication Technology (ICT) are mandatory
components today in every county for economic and social growth and are chassis to typical
decisive infrastructure that leads the growth in all domains. Reliance on such infrastructure and
ICT is only seen increasing day by day as the digital penetration digs deeper into all attributes of
human lives. Cyberspace, which originated from such advances in ICT, has become an
indispensable platform to support national growth of every country.

Secondly, Cyber threats are increasing at a phenomenal pace and will only continue to evolve.
Primarily, a major chunk of these threats still originate from the global criminal actors who have
their interest riveted around reaping in economical attributes, but the evolving nature of these
threats over past decade has seen vast participation of foreign states and political groups spying
and espionage over other countries and states, with pitches of “hacktivism”, that involves
seditious use of computer networks to promote a political agenda like Anonymous, or
“destabilization attempts” like Cyber attacks on Estonia which involved a series of cyber
attacks in April 2007 and attacked websites of Estonian organizations with Distributed denial of
service attacks, including Estonian parliament, banks, ministries, newspapers and broadcasters,
amidst the country's dissension with Russia on the relocation of the Bronze Soldier of Tallinn,
“cyber espionage and sabotage” vide the notable Stuxnet .These cases are just a few to mention
besides a plethora of cases sensed across the globe vide Flame, Duqu, Regin, APT
28,Carbanak,Equation group, Desert Falcons, Sony Pictures hack etc and the list goes
sempiternal. The most intriguing thing till date about each of these attacks is that the source and
the origin of these attacks remain unidentified and unproven imputed to increased degree of
sophistication techniques involved and easily available opensource applications.

The INDIAN Panorama

While it happens from across the globe, happens across the globe, per se ,in Indian context, the
scenario has been no different amidst a multitude of attacks in recent past including few recent
one‟s referred below :

DANTI’s Attacks : As per reports released by Kaspersky Labs [2], an Advanced persistent
threat(APT) has been active at least since 2015, predominantly targeting Indian government
organizations. Additionally, Danti has also been actively hitting targets in Kazakhstan,
Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines.

SmeshApp : Media disclosures[3] were made about Pakistan Army snooping on Indian army
personnel‟s phones and computers through a malicious cloaked malware app called „SmeshApp,‟
which was though removed from the Google play store after little damage was done.

Suckfly Espionage : Symantec published a blog on Suckfly[4], an advanced cyberespionage

group that conducted attacks wherein primary targets were individuals and organizations
primarily located in India.

North East Exodus : Thousands of panic-struck masses of the northeast India based in Banglore
boarded trains to head to Guwahati, in August 2012, following bruits of violence targeting them
triggered vide social Media sites and applications [5].The mass panic triggered thus led to chaos
and violence on streets in an otherwise peaceful Bangalore city. Only as a reactive measure
though belated, Department of Electronics & Information Technology, Government of India
blocked that more than 245 Web pages and related links including uploaded pages on Facebook,
Google and Twitter[6].

Above mentioned cases are just a few to mention though, the number of attacks and subsequent
effects have only seen an extrapolated increase in last decade, which has at times seen nation
buzzing to chaos and riots in few states.

The Brobdingnagian Battleground

The references above are minuscule with respect to the exact state of occurrences actually taking
place. As per a Kaspersky Lab report[7], the number of new malware files found in year 2016
increased to a mindboggling 323,000 per day which is a step up from just 70,000 per day
identified in 2011.Besides 45,169,524 unique malicious URLs, 12,657,673 unique malicious
objects including scripts, exploits, executable files, etc, 1,198,264 kinds of online banking
malwares, 821,865 unique ransomwares, 116,469,744 unique malicious and potentially unwanted
objects were detected as malicious by web antivirus components. The quantified numbers here
are merely being seen from perspective and capabilities of detection of one leading vendor, thus
quantifying the complete cyberspace to encompass all other vendors detections and also include
millions of undetected zero day threats will produce a irrepressible state of one sided battle, so to
say. Cyber threats today thus have gained massive proportions in sizes which are inconceivable
to process manually. The battlegrounds that exist virtually encompassing the entire globe, with
no boundaries between states, present a global antagonist ready with fully loaded arsenal firing
and hitting hard already.

Necessitated Regional Cooperation

The unparalleled cyber threat menace for every region as it stands today magniloquent and
getting as grievous by the day is a severe cause of concern for each government across. Attacks
on one state whether part of a hacktivism or attempted to break into systems of other states for
monetary gains needs a definite common solution that can only be deciphered once the regional
cooperation is made forgetting other boundary or political conflicts issues.

Be it the case of Estonia or North east exodus or any other case, time and again the power of
Cyber warfare has proved that there is no other way round than to forget the regional boundaries
and demographics to respond effectively and strongly to this threat. To this effect, a large
number of national and International bodies are working to counter cyber security threats but the
attempts have been limited between two countries or more, utmost forming a small group to
coord with each other towards adjudicating such threats.
Resolving the cyber warfare threat actually doesn‟t end up at formation of a international body
wherein all states and countries sign up some MOU and promise to cooperate with each other but
goes beyond this to demand and call for uniform standards to include the following aspects :

- Logs Management : Any cyber incident that needs to be deciphered to nab the
criminals is required to be reverse engineered back to the origin which is possible only
through in-depth analysis of Logs generated vide devices and software systems effected.
Maintaining logs at each node, each system needs a standardized configuration to assist
which is usually not the case. Either intentionally or unintentionally, the effected systems,
the effected ISPs or the intermediary devices involved may not be configured right as
desired, which may just hit the investigation right at the onset. Further, these logs, if
configured to be generated need to be stored to timelines i.e. to be kept as backlogs as
deemed, if at all, any case requires during investigation. Keeping regional and
international users in mind, these logs need to be compatible for reading and analysis
across the globe. Whilst framing policies, regional languages and applications should
specifically be configured for easy translation onto a common platform for analysis, as
may be required, later.

- IT Infrastructure Management : Simply having the intent and mutual consent for
cooperation between countries to fight cyber crime would not suffice easy resolves but
would deem committed and supported IT infrastructure to be built up internal to the
countries as well as external to meet global connectivity. Once the basic IT Infrastructure
framework is planned, necessary new generation technologies would need to be
coordinated for implementation that may include Big data analytics, Blockchain for
ensuring near real time intelligent predictions of attacks in future to come.

- Common policies at regional level : A common body or organization, as may be

deemed , to be setup for coordinating regional cooperation would require having a
common Terms of Reference to move ahead. A large number of infringing issues would
invade in while framing policies, based on privacy and information sharing matters which
need to be resolved mutually and timely towards common interest of the goals set.

- Compatibility of Interfaces: Once moving towards a common goal ,issues pertaining to

compatibility of logs, system languages, tools, distros ,training staff, penetration testing
access controls etc need to be mutually decided to attain inter country investigation ease
and controls. Access controls and framework need to be decided to meet these criterions.

- Common Trained Staff to handle investigations : The staff involved to discuss the
inter country investigations need to be standing at the same level of understanding for
expediting investigations lest the investigations only get stuck at the onset for want of
investigation procedures and solving technical terminologies.
- Reducing digital divide by creation of Securely connected Infrastructure : Cyber
criminals regrettably stand out today leaps ahead of investigating agencies in terms of
speed and technology, the approach on the other side has only been reactive and not pro-
active, thus the IT infrastructure being planned to be setup for regional cooperation
should be deliberately planned in a multilayered hardened approach to counter cyber
attacks securely in future. All measures to set up a hardened and secure IT infrastructure
should be in place.

- Funding and resources : All countries will not be at the same platform with respect to
funding and establishing IT infrastructure setup. Ways need to be induced to provision
and assist such countries in monitory as well as for technology transfer ease. A country
might have a huge user base based on COTS device and technology penetration but just
not might have the knowhow of the technicalities behind that might be outsourced again
to an outside firm without any major government intervention. So in such cases,
deliberate government intermediary needs to be bought in and setup vide regional
cooperation for smooth functioning.

- Inter country rotation of staff to better interpret each other environs : Once setup,
such deputations and rotation of staff between countries would facilitate better
understanding at regional levels about regional working environs, that would go a long
way in bettering the cooperation index.

- Following up on timelines : Planning today and ensure adherence to the time lines with
respect to coordination & implementation of the proposed body would hold the key to
reduced cyber crimes and quick resolves of cyber crime incidents. Undesired delays
attributed to anything will only lead to more damage and leaving the globe more
vulnerable, with the kind of threat evolving and improving by the day.

- Implementation of real-time and dynamic responses to cyber incidents : The regional

cooperation should be able to facilitate near real-time monitoring and responses for
investigation agencies.

- Information sharing : The information sharing between the inter countries investigation
agencies should be configured for facilitating ease of investigations rather than creating a
road block for each other. To quote an example, Whatsapp and such other umteen mobile
apps have nearly no formal way to share info with the investigation agencies. Lakhs of
reported case of cyber abuse are simply held up for coordination from the app designer
company based in other country quoting geographic boundaries and legal limitations.
 - Increase awareness-raising activities : To ensure proper cyber incident responses from
investigation agencies, relevant echelons need to have an discernment of basic cyber
security knowhow which requires adequate availability of trained technical staff.Not just
the awareness of the staff,the other most important awareness needs to be at the level of
user who should know the repercussions of each act he does on the web and related
devices. This would require governments to conduct awareness campaigns of maintaining
basic cyber hygiene across the country starting from school and educational institutes, to
each citizen, to corporate houses etc ie to encompass each digital user surfing on the web
vulnerable. A well versed and aware user might just reduce the threat base thus effecting
to a reduced cyber incidents.

- Common labs for Research and Development : The advanced, sophisticated and ever
evolving cyber threats , need to be continuously taken on with countermeasure techniques
that match and negate the threat levels met. An efficient way of meeting such a
requirement is to coalesce each country‟s technological potencies and work in concert
towards setting up common research labs instead of setting up different islands of
research labs spread across globe mostly duplicating efforts and work.

- Formulation of International Standards : Universally accepted, agreed upon and

established means of determining how things should work would interpret to a better and
transparent working towards a common resolve. Setting up of standards to define each
aspect as discussed above would only lead to easy adaption and quick expediting for
investigation agencies involved. As cyber security systems are progressively traded
internationally, maintaining technological standards of such systems is growing in its
importance so as to ascertain their compatibility with each other and security levels.

Presnt Regional Endeavors

The need for regional cooperation has not just risen overnight, various attempts between
countries vide inter-country MOUs or creation of groups of countries to follow suits towards
resolving cyber security incidents have been inked over years but these work as basic islands of
cooperation not towards a global cause but limited to certain countries that ink to resolve, that
too in very limited capacities and technically vague commitments. Few of these are briefly
bought out below :

OECD: The Organization for Economic Co-operation and Development focuses on the
development of better policies to ensure that cyber security and privacy foster economic
and social prosperity in an open and interconnected digital world. The OECD member
countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark,
Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy,
Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland,
 Portugal, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United
Kingdom and the United States.

ASEAN : The Association of Southeast Asian Nations is a regional organization

comprising ten Southeast Asian states which promotes intergovernmental cooperation
and facilitates economic integration amongst its members. ASEAN Member States called
for closer cybersecurity cooperation among ASEAN countries, stronger coordination of
regional cybersecurity capacity building initiatives, and strengthening of ASEAN
discussions with a specific focus on cyber security at the Ministerial and Senior Official
levels[8]

TSUBAME Project : TSUBAME is a packet traffic monitoring system to observe

suspicious scanning activities in the Asia Pacific and other regions. It aims to promote
collaboration among mainly Computer Security Incident Response Teams with a national
responsibility in the Asia Pacific and other regions by using the common platform and
raise capacity of global threat analyses by incorporating 3D visualization features to the
common platform[9]. As on date 26 countries are members of this project.

IWWN : The International Watch and Warning Network was established in 2004 to
foster international collaboration on addressing cyber threats, attacks, and vulnerabilities.
It provides a mechanism for participating countries to share information to build global
cyber situational awareness and incident response capabilities[10].

APCERT : APCERT (Asia Pacific Computer Emergency Response Team) is a coalition

of CSIRTs , from 13 countries across the Asia Pacific region and is working to create a
Safe, Clean and Reliable cyber space in the Asia Pacific Region through global
collaboration[11].

EASIER SAID THAN DONE!!

Cyberspace, which came up from progressions in ICT has become an indispensable platform to
support national growth across countries and with this increasing reliance ,more complicated and
sophisticated cyber-attack techniques are being used by the cyber criminals further leading to
expansion of cyber attack targets. Cyberspace has continued to evolve beyond national
boundaries, and its use and application by cyber criminals have grown apace with increased and
deeper penetration. Consequently, associated risks are becoming more severe, widespread and
globalized. Cyber threats thus emerge as pressing global challenge facing the international
community as a whole. Thus the need for Regional cooperation in Cyber security gains immense
importance for the global community as a whole rather than being specific to any particular state
or nation. The aspects bought out to be included for regional cooperation above are though not
exhaustive but still demand a collative effort which is not going to be easy. The need of the hour
is to immediately get on to work UBIQUITOUS from every country and state nodes. There will
be severe teething issues when all countries work together but they need to be resolved on
priority which would only be possible when each of us realizes the potential of threat and
repercussions in our future.

References :

1. https://www.dni.gov/files/documents/SASC_Unclassified_2016_ATA_SFR_FINAL.pdf

2. https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-
threats/

3. https://www.hackread.com/google-removes-smeshapp-india-pakistan-spying/

4. https://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks

5. http://www.firstpost.com/india/mystery-of-the-ne-exodus-why-bangalore-419876.html

6. http://pib.nic.in/newsite/mbErel.aspx?relid=86355

7. https://www.helpnetsecurity.com/2016/12/08/malware-detected-daily/

8. https://www.csa.gov.sg/news/press-releases/asean-member-states-call-for-tighter-
cybersecurity-coordination-in-asean

9. http://www.apcert.org/about/structure/tsubame-wg/

10. Critical infrastructure protection By David A. Powner Page 52,Table 13

11. http://www.oecd.org/sti/ieconomy/35492507.pdf

______________________________________________________________________________
THIS ARTICLE HAS BEEN PUBLISHED IN PINNACLE : The ARTRAC
Journal,2017,Vol 16, ISSN 0972-4044
---------------------------------------------------------------------------------------------------------------------