Reading 7 - Cybersecurity, Cyberspace and Ukraine's IT army

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/18

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

19 Terms

1
New cards

Cybersecurity

defence of ‘computers + servers, mobile devices, electronic systems, networks + data from malicious attacks’

2
New cards

Cyber space

Artifacts based on or dependent on computing + communications tech; info that these use, store, handle, or process; + interconnections among these various elements’

3
New cards

Cyber domain

Electronic info (data) processing domain comprising of 1 or several info technology infrastructures

4
New cards

Cyber power

Ability to obtain preferred outcomes through use of electronically interconnected info resources of cyber domain

5
New cards

Types of attacks in cyberspace (4)

  1. Cyber activity labelled as Computer network operations (CNO) or cyber operations - types:

    1. Computer network attack (CNA)

    2. Computer network defence (CND)

    3. Computer network exploitation (CNE)

6
New cards

The attribution conundrum

Attribution = ability to hold a cyber actor responsible for a specific cyber operation or action

7
New cards

Efforts to develop norms and laws governing cyber activity (2)

  1. Budapest Convention on Cybercrime -> 1st int treaty on crimes committed via Internet + other computer networks, dealing particularly w infringements of copyright, computer-related fraud, child pornography + violations of network security’

  2. Tallinn Manual on Int Law Applicable to Cyber Operations (2013), aspirational: provides extremely detailed + thoughtful compilation of expert opinion on application of int law + norms to Cyber domain


8
New cards

Tallinn Manual on the International Law Applicable to Cyber Operations (2013) → Key elements (4)

  1. Prohibition on use of force in int law is also applicable to cyber operations.

  2. Basis as to whether a cyber operation rises to level of an act of war is if it causes harm to individuals or damage to property equivalent to a use of force.

  3. Actual impact of cyber operation is critical; cyber operations that result in inconvenience + minor disruptions are not considered to be an act of war or use of force.

  4. States are responsible for cyber attacks even if conducted by a non-state entity within their borders if state is aware of them or these groups act under their direction

9
New cards

Cyber attacks - 2 case studies

  • Estonia (2007)

  • North korea vs Sony (2014)

10
New cards

Estonia (2007) (8)

  1. Estonian state inst weathering a sustained attack by a skilled cyber adversary

  2. Difficulties in several areas

    1. Classifying cyber attack as potential act of war

    2. Attributing attacks by an adversary that publicly id as non-state hacktivist surrogate of Russian state

    3. Estonia’s efforts to prepare for future attacks w defensive deterrence instead of cyber and/or physical response

  3. Cyber campaign targeted websites of Estonia’s president, parliament, gov ministries + pol parties, as well as 2 of country’s largest banks + 3 of Estonia’s major media orgs

  4. Initial attacks consisted largely of ‘ping-flooding’ (denial of service - DDOs) -> so knocked websites offline 

  5. Since attack Estonia has developed cyber defenses

11
New cards

North korea vs Sony (2014) (5)

  1. Attack by North Korea against Sony Pictures Entertainment, US company

  2. Gov began intense development of a cyber cadre, cyber warriors 

  3. Sony Pictures’ Entertainment computer system experienced an extensive + debilitating attack

    1. Employees unable to use their computers, shut down entire system, searching for a way to resurrect its computer operations.

  4. US gov placed sanctions on North Korea 

12
New cards

Outer Space

NewSpace entrepreneurs mobilize (+ glamorize) language + logics of colonization, which has been responsible for global-scale violence, suffering + genocide on Earth

13
New cards

Outer space in int law (2)

  1. UN outer space treaty defines outer space as a res communis: a global commons owned by ‘humanity’

    1. Incl both negative duties (prohibitions against occupation or use by states) + positive duties (to use outer space for activities that benefit ‘all of mankind’)

14
New cards

Risks with space colonization (4)

  1. Threats related to conflict (armed/otherwise) between states, threats to stability of int system + threats to physical security

    1. Challenge -> concept of sovereignty / no body governing outer state 

    2. NewSpace projects might create significant insecurity for ppl who might eventually travel to space as miners, workers/colonizers

    3. Space colonization projects may also entrench insecurities based on particular constructions of race + gender.


15
New cards

Ukraine’s IT army (3)

  1. Since invasion of Russia Aushev met w Ukrainian Minister of Digital Transformation Mykhailo Fedorov to discuss possibility of assembling an army of volunteers that would help defend + secure Ukraine’s digital infrastructure

    1. Created a telegram w over 3000000 volunteers

    2. 1st task to attack Russian banks, businesses + gov websites

16
New cards

Operations by Ukraine’s IT army (4)

  1. Defaced russian websites to spread disinformation + show mistrust 

  2. Offensive campaign that breached RuTube (Russian youtube clone) + almost took it down 

  3. Sabotage of Russian Rossgrame (instagram clone) 

  4. Dumping of source codes + internal data of Russian company Right Line, which is developing govs Digital Ruble project

17
New cards

Problematic precedent of the IT army (2)

  1. IT army asked to gather, train + direct ppl across globe to participate in DDos Campaigns against Russian civilian infrastructure 

    1. Trappings of legitimacy = unclear whether + how Amazon, Microsoft + Google are balancing risks between helping Ukrainian gov survive + allowing their services + infrastructure to be misused by IT Army

18
New cards

Problems with the IT army (3)

  1. Members urged to use virtual private networks (VPNs) for attacks

  2. Volunteers don't realize that if actively participate in cyber war, are automatically considered a combatant in that war

  3. IT Army has officially partnered with IPStress.in – a boot stressor that maintains its own botnet to DDoS websites + is in essence a cyber-criminal enterprise

19
New cards

Direction of the IT army (3)

  1. Likely to continue to push towards automatisation + gamification to mitigate loss of volunteers, + exploit a growing influx of highly skilled specialists

  2. Positioned to become an advanced persistent threat

  3. Worrying if it moves away from DDos towards more potentially disruptive attack vectors