CYBERSPACE: A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Definition
Foreign interference occurs when a foreign entity (state or non-state actor),
with hostile intent,
takes actions to deliberately, covertly and deceptively
disrupt the politics and policies of the target state
Source: Fog of war: how the Ukraine conflict transformed the cyber threat landscape, published by Google TAG (Threat Analysis Group)
Overview
1. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results.
2. Moscow has leveraged the full spectrum of IO – from overt state-backed media to covert platforms and accounts – to shape public perception of the war.
3. The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem that will likely have long term implications for both coordination between criminal groups and the scale of cybercrime worldwide.
Sources: Defending Ukraine: Early Lessons from the Cyber War (Microsoft)*
Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts.
This calls for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.
The Strontium group was targeting Ukrainian institutions, media organizations, and government institutions and think tanks in the United States and the European Union
Microsoft got court orders 16 times to redirect internet traffic from Strontium domains into a ‘sinkhole’
How to defend the information domain
Public coverage and exposure
Clear counter-messages
Legislation
Build media and digital literacy
Work with citizens, influencers
Detect and expose fake accounts
Active measures
Work strategically, not reactively
Build a strong narrative that is more attractive than the adversary
2. WHAT ARE THE DOMAINS?
LAND : Earth’s
surface ending at the
high-water mark and
overlapping with the
maritime domain in
the landward
segment of the
littorals.
SEA: The oceans,
seas, bays, estuaries,
islands, coastal
areas, and the
airspace above these,
including the littorals.
AIR: The atmosphere,
beginning at the
Earth’s surface,
extending to the
altitude where its
effects upon
operations become
negligible.
SPACE : The area
above the altitude
where atmospheric
effects on airborne
objects become
negligible.
DOD Dictionary of Military and Associated Terms, January 2021, Accessed May 17, 2021
from https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/dictionary.pdf?ver=2019-05-29-162249-290
3. CYBER DOMAIN • CYBERSPACE: A global domain
within the information
environment consisting of the
interdependent networks of
information technology
infrastructures and resident data,
including the Internet,
telecommunications networks,
computer systems, and
embedded processors and
controllers.
7/19/2023 Sample Footer Text 3
4. GOALS OF CYBER
AT TACKS: C, I, A
Confidentiality
Integrity
CIA Triad
Availability
Confidentiality
- Data breach (SingHealth)
- Trade secrets
Integrity
- Software (Solarwinds)
- Nuclear power plant
(Stuxnet)
Availability
- Ransomware or
wiperware (NotPetya)
- DDOS
5. CYBER INCIDENTS IN ASEAN
• Singapore, 2018
• SingHealth: 1.5 million patients' non-
medical personal data stolen, including PM
• Singapore, 2019
• 2,400 MINDEF/ SAF personnel, by phishing
ST Logistics (3rd party)
• Singapore, 2019
• 14,200 people diagnosed with HIV, taken by
ex-lover of a doctor with access
• Thailand and Vietnam
• Toyota customer data, no details given
• Malaysia, 2017
• 46.2 million mobile subscribers’ data
• Philippines, 2018
• 82,150 customers of Wendy’s
• Philippines, 2019
• 900,000 customers of pawnshop Cebuana
• Thailand, 2018
• 45,000 customers of True Corp mobile
• [source: CSO Online]
6. CYBER INCIDENTS IN ASEAN IN 2020
Palo Alto State of Cybersecurity Report ASEAN 2022
7. APTS AND TARGETS IN ASIA
APT Target countries Target entities
FunnyDream (C) Malaysia, Philippines, Thailand,
Vietnam
High-level government
organisations; political parties
Platinum Indonesia, Malaysia, Vietnam Diplomatic and government entities
Cycldek (C) Laos, Philippines, Thailand,
Vietnam
Government, defence, and energy
sectors
HoneyMyte Myanmar, Singapore, Vietnam Government organisations
Finspy Indonesia, Myanmar, Vietnam Individuals
PhantomLance Indonesia, Malaysia, Vietnam Entities
Zebrocy (R) Malaysia, Thailand Entities [source: Kaspersky]
Economic and
Geopolitical
intelligence
gathering
8. FIRELAND
PROBLEMS: AT TRIBUTION IS HARD
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
We’ve been
cyber-attacked!
Where did it come
from?
The malware
must have
come from
WATERLAND!
9. FIRELAND
PROBLEM: AT TRIBUTION IS HARD
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
WATERLAND, if you
attacked us, we will take
countermeasures
against you!
We’re
innocent!
Ha ha ha
(evil
laughter)
10. Source: Md Faizal, G Haciyakupoglu, J Yang, D Leong, YL Teo, B Ang, Countermeasures Against Foreign Interference, RSIS Policy Report
Definition
• Foreign interference
occurs when a
foreign entity (state
or non-state actor),
• with hostile intent,
• takes actions to
deliberately,
covertly and
deceptively
• disrupt the politics
and policies of the
target state
RSIS FRAMEWORK OF INFORMATION,
INFLUENCE, AND INTERFERENCE
13. RISKS OF FALSE INFORMATION:
NARRATIVES THAT DAMAGE COHESION
• “Putin is the man”, “Ukraine war was
US/NATO’s fault”, “US has secret bio-labs
in Ukraine that started pandemic”
• Anti-vax conspiracy theories
e.g., “vaccines contain graphene oxide, are
for population culling / implanting 5G chips
/ Plandemic”
• QAnon – “a cabal of Satanic, cannibalistic
child molesters are operating a global child
sex trafficking ring”
• Gender issues – “LGBTQ activists are
coming for your children”
15. CASE STUDY: RUSSIA V UKRAINE
• Source: Fog of war: how the Ukraine conflict transformed the cyber threat landscape, published
by Google TAG (Threat Analysis Group)
• Overview
• 1. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to
gain a decisive wartime advantage in cyberspace, often with mixed results.
• 2. Moscow has leveraged the full spectrum of IO – from overt state-backed media to covert
platforms and accounts – to shape public perception of the war.
• 3. The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem
that will likely have long term implications for both coordination between criminal groups and
the scale of cybercrime worldwide.
16. 1. MULTI-
PRONG CYBER
TACTICS
• Russian government-
backed attackers have
engaged in an aggressive,
multi-pronged effort to
gain a decisive wartime
advantage in cyberspace,
often with mixed results.
7/19/2023 16
17. MULTI-TACTIC
AND TARGET
• Spear phishing (targeted emails) up 250% in Ukraine,
up 300% in NATO countries in 2022
• Destructive attacks on gov / mil / critical
• Hack and leak (of sensitive info)
• Android apps pretending to be DDOS weapons
7/19/2023 Sample Footer Text 17
18. MULTI TACTIC
AND TARGET
Media: To plant false information
Energy provider, shipping and trains: To disrupt
Drone manufacturer: To disable weapons
7/19/2023 18
22. 2. FULL SPECTRUM
INFORMATION
OPERATIONS
• Moscow has leveraged the
full spectrum of IO – from
overt state-backed media
to covert platforms and
accounts – to shape public
perception of the war
1. Undermine the Ukrainian
government
2. Fracture international
support for Ukraine; and
3. Maintain domestic
support in Russia for the
war.
7/19/2023 22
24. TYPES OF INFO OPS
Russian IO focused
on domestic
audiences
• Spikes before
military activity
• Narrative of
“De-Nazification”
IO actors using
overt and covert
methods
• Fake accounts,
news sites,
YouTube
• Telegram groups
• Duplicate sites
Resurgence of
hacktivists
• Linked to Russian
intelligence
29. DEFENDING THE CYBER/INFO DOMAIN
• Sources: Defending Ukraine: Early Lessons from
the Cyber War (Microsoft)*
1. Defense against a military invasion now
requires for most countries the ability to
disburse and distribute digital operations and
data assets across borders and into other
countries.
2. Recent advances in cyber threat intelligence
and end-point protection have helped Ukraine
withstand a high percentage of destructive
Russian cyberattacks.
3. As a coalition of countries has come together
to defend Ukraine, Russian intelligence
agencies have stepped up network penetration
and espionage activities targeting allied
governments outside Ukraine.
4. In coordination with these other cyber
activities, Russian agencies are conducting
global cyber-influence operations to support
their war efforts.
5. This calls for a coordinated and
comprehensive strategy to strengthen
defenses against the full range of cyber
destructive, espionage, and influence
operations.
30. DEFENCE LESSONS, IN DEPTH
Distribute digital
ops and assets
globally
• Attackers bombed
data centres
Good defences can
stop cyberattacks
• Cyber threat
intelligence
• Connected end-point
protection
Allies also need
defence
• NATO countries
• Denmark, Norway,
Finland, Sweden,
Turkey
31. DEFENCE LESSONS, IN DEPTH
New tools are
needed to stop IO
• AI, new analytics
tools, data sets, and
experts to track and
forecast
Coordinated
response needed
• Governments
• Tech companies
• Civil society
• Academia
32. PUT TING
STRONTIUM IN
A SINKHOLE
The Strontium group was
targeting Ukrainian institutions,
media organizations, and
government institutions and think
tanks in the United States and the
European Union
Microsoft got court orders 16
times to redirect internet traffic
from Strontium domains into a
‘sinkhole’
7/19/2023 Sample Footer Text 32
34. DEFENDING FROM INFO OPS
• Public coverage and exposure
• Clear counter-messages
• Legislation
• Build media and digital literacy
• Work with citizens, influencers
• Detect and expose fake accounts
Active measures
• Work strategically, not reactively
• Build a strong narrative that is more
attractive than the adversary
35. WHAT LESSONS CAN WE LEARN ABOUT
DEFENDING THE CYBER/INFO DOMAIN?