3. Agenda
1. Background
2. Importance of Study
3. Definitions
4. International Incidents and Local Incidents
5. Preparedness Levels
6. Concluding Remarks
4. The Snowden Effect
โข The Economist speculated that "the big
consequence" of the "Snowden Effectโ
will be that "countries and companies
will erect borders of sorts in
cyberspace.
โข In Forbes, the effect was seen as
evidenced by a rare bipartisan
movement in the U.S. Congress: "a
divided, intransigent Congress seems
nearly united over the idea that the
massive domestic intelligence gathering
system that grew after 9/11 has simply
gone too far."
7. Definitions of Cyber Terrorism
โข โCyber Terrorism is the premeditated use of disruptive
activities, or the threat thereof, against computers and/or
networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives, or to
intimidate any person in furtherance of such objectives. โ
โข Cyber Terrorism is limited to actions by individuals, independent groups, or
organizations. Any form of cyber warfare conducted by governments and states would
be regulated and punishable under international law.
โข Examples are ,
โ hacking into computer systems, introducing
viruses to vulnerable networks, web site
defacing, Denial-of-service attacks,
or terroristic threats made via
electronic communication.
8. International Incidents
โข The Baltic state of Estonia was target to a massive denial-of-service attack
that ultimately rendered the country offline and shut out from services
dependent on Internet connectivity for three weeks in the spring of 2007.
The infrastructure of Estonia including everything from online banking and
mobile phone networks to government services and access to health care
information was disabled for a time. The tech-dependent state was in
severe problem and there was a great deal of concern over the nature and
intent of the attack.
โข During the Russia-Georgia War, on 5 August 2008, three days before
Georgia launched its invasion of South Ossetia, the websites for OSInform
News Agency and OSRadio were hacked.
โข In October 2007, the website of Ukrainian president Viktor Yushchenko
was attacked by hackers. A radical Russian nationalist youth group, the
Eurasian Youth Movement, claimed responsibility.
9. Local Incidents
โข In 1998, ethnic Tamil guerrillas swamped Sri Lankan
embassies with 800 e-mails a day over a two-week
period. The messages read "We are the Internet Black
Tigers and we're doing this to disrupt your
communications." Intelligence authorities
characterized it as the first known attack by terrorists
against a country's computer systems.
โข In May 2009 SRI LANKA Army's official news wing,
(www.army.lk) has been illegally hacked by suspected
Tiger terrorists
10. Other Countries โ State of
Preparedness
โข The Chinese Defense Ministry confirmed the existence of an online defense unit in
May 2011. Composed of about thirty elite internet specialists, the so-called "Cyber
Blue Team," or "Blue Army," is officially claimed to be engaged in cyber-defense
operations, though there are fears the unit has been used to penetrate secure online
systems of foreign governments.
โข May 2011 Israeli Prime Minister Benjamin Netanyahu announced the establishment
of the National Internet Defense Taskforce, charged with developing tools to secure
vital Israeli online infrastructure. "The main responsibility of the taskforce will be to
expand the state's ability to defend vital infrastructure networks against cybernetic
terrorist attacks perpetrated by foreign countries and terrorist elements
โข The US Department of Defense (DoD) charged the United States Strategic Command
with the duty of combating cyber terrorism. This is accomplished through the Joint
Task Force-Global Network Operations, which is the operational component
supporting USSTRATCOM in defense of the DoD's Global Information Grid. This is
done by integrating GNO capabilities into the operations of all DoD computers,
networks, and systems used by DoD combatant commands, services and agencies.
11. Other Countries โ State of
Preparedness
National Cyber Security Strategies in the World
12. Other Countries โ State of
Preparedness
EU Moving Towards a Combined Strategy .
The Strategy is accompanied by the technical legislative proposal by the European
Commission's Directorate General Connect to strengthen the security of
information systems in the EU. This will encourage economic growth as people's
confidence in buying things online and using the Internet will be strengthened.
The Strategy is offering clear priorities for the EU international cyberspace policy:
1. Freedom and openness: The strategy will outline the vision and principles on applying the
EU core values and fundamental rights in cyberspace.
2. The laws, norms and EU's core values apply as much in the cyberspace as in the physical
world: The responsibility for a more secure cyberspace lies with all players of the global
information society, from citizens to governments.
3. Developing cyber security capacity building: The EU will engage with international partners
and organisations, the private sector and civil society to support global capacity building in
third countries. It will include improving access to information and to an open Internet, and
preventing cyber threats.
4. Fostering international cooperation in cyberspace issues: To preserve open, free and secure
cyberspace is a global challenge, which the EU will address together with the relevant
international partners and organisations, the private sector and civil society.
13. Sri Lanka Computer Emergency
Readiness Team (CERT)
Reshan Dewapura (Head of SL Central IT Body / ICTA ) made the following
five practical proposals to overcome cyber crime in Sri Lanka:-
1. We have to recognise that it is the responsibility of the government to ensure that national
networks are secure and have not been penetrated. To achieve this, the nationโs cyber
activities need to be coordinated on both the institutional, district and provincial levels.
And this has to be led by the Apex Agency of Cyber Security in Sri Lanka, SLCERT.
2.
Centralised bodies such as Sri Lanka CERT, Law Enforcement Agencies and the Legislature
should focus on areas where it has particular competence, such as protecting critical
infrastructure and coordinating legal structures, as well as regulating and working with
business, consumer protection privacy, and anti-terrorism.
3.
The national security policy would need to be extended to include a cyber security agenda
that covers the length and breadth of the country, in order to take the message to the
people that cyber security is compatible with individual rights, privacy and freedom of
speech.
14. Sri Lanka Computer Emergency
Readiness Team (CERT)
4.
This national security and defense policy can be used for
furthering Sri Lankaโs cyber security agenda; this policy must also
ensure that military operations and civilian missions are protected
against cyber attacks. Cyber defence should be made an active
capability of the country as a whole; it is crucial that Sri Lanka
takes advantage of the overlaps it shares with its powerful Asian
neighbours to coordinate activities between our countries.
5. Establish Public Private Partnerships โ It is essential for
governments to cooperate with the private sector, as the majority
of web infrastructure is in private hands. All developed nations
have identified this and are working closely with the private
sector, and the private sector in return should reciprocate
equally.โ
15. Sri Lanka Computer Emergency
Readiness Team (CERT)
- Actual State
โข Citizens
Citizens who use emails, social media and many web applications such as e-banking
are misled and duped by people who have malicious and financial intents.
โข Government Organizations
1. Information Security (IS) Audit. IS audits on your IT systems should be carried out every 6
months, at the very minimum.
2. Sri Lanka CERT|CC conducted a web security workshop/seminar for government
3. Ensure your website is compliant with Sri Lanka Government web standards.
4. Ensure that your web developer or the party responsible for maintain the website comply
with Information Security checklist.
5. Ensure that your organization has adopted, implemented and conforming to the Information
Security Policy which has been approved by the Cabinet of Ministers through the
eGovernment Policy.
6. Information Security Management Systems (ISMS) certificate
16. Concluding Remarks
1. Resources and attention given to Sri Lankan Cyber
Security sector is very less compared with
neighboring countries.
2. The appointed body to secure the country from such
threats are severely understaffed, and comparatively
has limited technical knowledge compared to privet
sector specialists.
3. Cyber Security is the least secure of the security
bodies in Sri Lanka (Compared with Army , Navy Air
force & Police)
18. Bibliography for Research
1. Westcott N. (2008) , โDigital Diplomacy: The Impact of the Internet on
International Relationsโ , Oxford Internet Institute, Research Report 16
2. Nissenbaum H (2005) , โWhere Computer Security Meets National Securityโ , Ethics
and Information Technology , New York University
3. Edith Cowan University (2010) , โInternational Relations and Cyber Attached
Official and Unofficial Disclosureโ , Australian Information Security Welfare
Conference
4. Nye J S (2010), โCyber Powerโ, Harvard Kennedy School
5. Graham E (2010) , โCyber Threats and Law of Warโ , Journal of Security Law and
Policyโ
6. Herzog J (2011) , โRevisiting Estonian Cyber Attacks: Digital Threats and
Multinational Responsesโ , Journal of Strategy Security
7. Cavelty M (2013) , โ From Cyber Bombs to Political Fallout: Threat Representations
with an Impact in the Cyber Security Disclosureโ , International Studies Review