Chapter 8
A Slovenian Perspective on Cyber Warfare 1
,
8.1. Introduction
Twenty years ago, the small Republic of Slovenia, part of the Socialist Federal Republic of Yugoslavia, decided to exercise its right of self-determination and with confirmation by the plebiscite 1 started to walk along the path of its own independence. The day after the Republic of Slovenia 2 declared its independence was the start of first war in Europe after World War II. A cease-fire agreement was reached after only 10 days of war and the Yugoslav army started to withdraw into other parts of Yugoslavia. Slovenian citizens had achieved independence with strong unity and determination to defend their own freedom by all means.
To fight against a strong army, every aspect of strategy is very important. Every part of society must become a battlefield and every adult citizen has to contribute in his or her role in the fight against the enemy. Despite the bloody war in the neighboring country of Croatia which then spread into Bosnia and Herzegovina, the Slovenian citizens, in their collective national consciousness, quickly replaced a sense of constant military threat with actual themes for a better standard of living and the desire for political integration in the European Union and the North Atlantic Treaty Organization (NATO) military alliance.
When they reached their main goals in less than 15 years, the compact unity that was capable of achieving almost unreachable goals started to fall apart. Slovenian society has been sharply divided into social classes, which put their own partial interests above the common interests of the whole society. After 20 years, most Slovenian citizens have forgotten the roots of their success and have quickly adapted to a carefree life.
In 20 years the world has changed into a global information village, filled with modern technology and producing a completely new way of life. Information and communication technologies (ICTs) have been implemented in all areas of our society and have started to dominate our lives. Modern technology has not only brought prosperity, but also new challenges, especially in the field of privacy and security. Massive use of the Internet has increased this issue, in addition to the security problems that ordinary people are confronted with every day. Is Internet security only a concern for individuals or does it also concern the State government? What kind of protection must be applied to defend ourselves against modern threats? Can modern threats only be applied through the Internet? To answer these questions, every country should first clearly identify all possible threats and than prepare for their defense in the most optimal way.
Since World War II various forms of electronic warfare have been known, where in order to achieve their goals, in addition to conventional weapons, the conflicting parties have also used various electronic devices. Such electronic devices can be used for direct purposes, such as enemy detection (radar, infrared devices, thermal imaging) or provide different type of communications at horizontal or vertical levels of command (through wired and wireless connections). Most of these electronic devices are used for indirect tasks aimed at increasing the efficiency of kinetic weapons. In the past two decades, rapid development of computer and telecommunication technologies, especially the Internet, has also led to intensive use of these modern technologies for military purposes.
No matter how military electronic devices are used, almost all have something in common — information. The vast majority of military electronic equipment is used for the efficient collection, processing, storing, analyzing and transmission of different types of information. How efficient electronic devices can implement such functions depends on the advancement of the technology used.
Many military analysts believe that the information age will launch a revolution in modern warfare, which will strongly rely upon the digitization of battlefields on land, in the sea, air and in space [CLA 10, PUF 95]. The information age will not only affect existing types of battlefields; it will also produce entirely new battlegrounds in the more abstract areas, such as cyberspace or social networks. The use of modern technologies will affect the future of military affairs, just like the use of canons changed warfare in the 15th Century or the development and massive use of mechanical machinery in the industrial revolution completely changed the course of the modern war. Today it can be assumed with great certainty that in modern warfare it will be equally important for the troops to be equipped with modern conventional weapons as well as with modern technology, which will include information technology, information weapon systems and information channels connected to computer networks.
Due to the specificity and lack of definition of so-called cyberspace 3, it is very difficult to define the boundaries of cyber warfare, cyber-espionage, cyber-crime, cyber-terrorism and even ordinary cyber-hooliganism. The boundaries of battlefields had already started to blur in World War II, but in modern war the boundaries among conflicting parties or soldiers and civilians could entirely disappear. Modern war can theoretically be started by an infected cellphone, owned by a completely innocent person in a different part of the world. Cyberspace can also blur the time boundaries of warfare, because cyberspace allows covert operation over a large time interval (logic bomb).
The specifics of cyberspace — where the main weapon, information, can appear in different forms — mean that the success of warfare in cyberspace mainly depends on the quantity and quality of information held by both offensive and defensive sides. History has demonstrated that in conflicts, technologically advanced countries almost always have an advantage over less developed countries. In real cyber war, the technological development of the country could be also a major shortcoming, since such countries have a high degree of dependence on modern technologies, especially in vital areas such as water and energy supplies, transport, communications, etc.
Unlike conventional warfare, which requires huge human, material and energy resources, effective cyber warfare is possible with limited human, material and energy resources, because it just requires quality information, especially knowledge. The information required can be obtained in various ways. The biggest source of huge quantities of relatively good quality information is the World Wide Web. This information is available to anyone and for this reason the threat of cyber warfare does not only come from countries, but dangerous cyber-attacks may be triggered by individuals or interest groups such as Anonymous 4. Therefore, cyberspace can become an ideal medium for conducting asymmetric operations, where the primary objective is to cause the maximum damage to an opponent by using minimum resources.
Though most of the quality of existing malware is on an enviable level, it is mainly characterized by an evolutionary progression of quality. In most cases malware has been developed by people who have had existing knowledge and have obtained source codes from the Internet, who have downloaded malicious source code and slowly supplemented it with new ideas and then posted it back on Internet sites. The Internet also allows easy integration, communication- and informationsharing among hackers worldwide. A lot of malicious code is created by individuals who lack the necessary coding skills and just “process” existing programs (script kiddie) as a hobby. However, the number of such individuals does not increase, but there is a huge increase in the number of hackers, who produce malicious code in order to obtain various economic benefits. Therefore, the number of different variants of malware is growing at a fast rate. In its Security Threat Report 2011 [SOP 11], Sophos states that in one day it reviewed 95,000 different types of malware.
With regards to different strategic concepts and the different approach to the implementation of digital weapons, it is certain that modern information and telecommunication technology will have a major impact on future warfare and wars. Given that the human imagination has no boundaries, we can expect fighting in a war to occur on all fronts and by all means. The Stuxnet worm has already shown that the success of digital weapons requires combined and coordinated action by different groups of people in different areas. Despite the use of sophisticated technologies, there is still a man in the center of each battlefield that has virtues and weaknesses [ALB 10]. The success of the Stuxnet worm does not rest solely on the use of the high-tech skills, but also on the implementation of classic spy activities that have been known for centuries. To obtain information on the technological specifications to control computer systems used to produce enriched uranium, images from spy satellites do not help; the necessary information must be obtained ‘on the ground’.
8.2. Preparations for digital warfare
The rapid developments of modern technologies caused an exceptional worldwide integration of the entire human infrastructure and the heavy dependence on modern ICTs. The whole of human society is becoming increasingly vulnerable in all vital areas of its functioning. Thus, given the importance of the potential benefits of information warfare, most countries, especially large ones, have carefully prepared themselves for the challenges of modern warfare.
The first unsuccessful attempts started in the mid-nineties, when the United States (US) military introduced a concept of digitization called “Force XXI”. The concept was based on previous research of the digitizing battlefield and tries to establish a tactical network to connect troops, smart weapons and equipment to operate in near real time (horizontal technology integration). Despite the plans to continue digitization at the level of the brigade (Task Force XXI) and later at division level (Division XXI), the implementation of this concept was stopped because the tests showed the incompleteness of the technology that was designed, which was causing inadequate efficiency and excessive system complexity [GSO 05].
Large countries also started to prepare themselves in the field of cyber warfare. Some senior US military officers have even proposed adding an efficient and effective cyber-branch alongside the army, navy and air force, as the existing structure is not sufficiently prepared and organized for new forms of warfare [CHA 09]. Maybe it is really too early for such drastic change to the army structure, but a new wind will start to slowly move military organizations in this new direction.
In 2009 the United Kingdom started to establish its Cyber Security Operations Centre (CSOC) with around 20 employees [INF 10]. It is based at the Government Communication’s Headquarters (GCHQ) in Cheltenham.
In 2010, the US military deployed a fully-operational unit called the US Cyber Command (USCYBERCOM), which aims to conduct military operations based on information technologies and the Internet [DOD 10].
In June 2011, in the former West German capital Bonn, Germany opened the Nationale Cyber-Abwehrzentrum (National Cyber-defense Center) with 10 full-time employees from different national security agencies. The center will work closely with the police, customs, the military, intelligence bodies and others [KNO 11].
Even the Chinese Defense Ministry in 2011 confirmed the existence of a cyber unit called “Cyber Blue Team”, which aims to improve Internet security, particularly in the military field [CTV 11]. It has also stressed that the cyber unit has been established strictly for defense against attacks by hackers.
The Russian concept of modern warfare introduces information as an important component in its doctrine. Interestingly, this concept associates information warfare with psychological aspects of warfare. The 2000 Russian Military Doctrine, showed a clear definition of information warfare, which was divided into psychological and technical information domains [THO 04]. In 2010 the State of the Internet report by Akamai Technologies stated that Russia had overtaken the US in the number of attacks launched by hackers (12% of traffic attacks came from Russia and 7.3% from the US) [LIN 11]. This is strong evidence of Russian progress in cyberspace in the past decade. Of course, many such attacks have come from Russian criminals and other hackers, but there are also reports of the Russian government’s involvement in such hacktivism [STP 08]. Even though in the Russian Armed Forces there is no official cyber-command department, there are some hints as to the military preparations for the establishment of some kind of cyber-command called Information Troops [GIL 11], especially because of a huge criticism of Russia’s poor performance in information warfare in the armed conflict in Georgia. Even though the relationship between the Information Troops and the existing REB Troops 5 is not completely clear, REB Troops were one of the few elements of the Russian forces whose performance did not suffer intense criticism. Either way, we can expect that Russia will develop a powerful and huge cyber-army in the near future.
Small countries usually face many problems in the area of cyber-security, especially because of their limited financial and human resources. Although the development of cyber-weapons and cyber-defense is relatively inexpensive compared with the development of modern weapons and defense, the total costs are still too high for the small State budgets. Unlike large countries, which must simply start preparations for future wars, cyber-war preparations in small countries depend on many other factors, such as their geostrategic, geopolitical or economic position.
8.3. Specifics of technologically-advanced small countries
Despite the fact that the vast majority of technologically-advanced small countries like Slovenia possess a sufficient number of highly-skilled professionals in the area of ICTs, the situation in the field of information security is relatively underrepresented. In a small country, most of the operational information systems used in the government (army, police, public administration, agencies, etc.) and private (companies, banks, entrepreneurs, etc.) sectors are relatively small. The necessary investments in information security, according to the size of an information system, do not follow the linear laws because the proportion of the costs that are necessary for effective protection is much bigger for small information systems than for large ones. Since the general opinion is that ICT security is a large cost that is rarely found to be justified, those making the decisions rarely decide to invest in a sufficient level of ICT security. Instead they choose the minimum safety standards. Such an approach is sufficient to prevent the majority of potential incidents, but it still leaves a relatively high degree of probability that unforeseen events will cause extensive damage. Choosing only the minimum of ICT security is also critical in light of the increasing growth in the amount of malicious code, especially in view of its increasing technological sophistication. Due to the increasingly complex malware, the minimum protection of information and communication infrastructure is becoming insufficient.
Since a large majority of small and medium-sized businesses cannot afford the teams that would care for their own information infrastructure, it is feasible to expect a large number of companies that are fully specialized in providing services in the field of ICT security in small countries. Such companies are rare, however, and it can reasonably be assumed that small and medium-sized enterprises would not choose such ICT security improvements. They are satisfied with meeting the minimum standards of ICT infrastructure protection or hire companies that offer a full range of ICT services, including security services.
In addition to the high costs, there is a negative effect of evaluating and selecting the level of information security policy in small countries based on the traditional perception of security in general. This stems from the general belief that small countries are irrelevant and, therefore, uninteresting for various forms of threat (e.g. crime or terrorism). There is also a general opinion that all security measures are much more effective due to the size of a country and a specific language. The level of threat to information technology posed by Internet connection depends primarily on the vulnerability of the systems, so in the long term this approach is naive and harmful [HAY 09].
A good example showing that the level of information security policies in individual countries is mostly dependent on the general attitude of society towards safety is the relatively small state of Israel. Despite its small size it has become one of the leading countries in information security [DAL 08]. A constant threat to the population is not the only factor that led to Israel’s highly technological competence in this area, but has significantly contributed to the positive attitude towards the implementation of security measures in all areas, as well as in ICT security. Even a mix of civilian and military spheres with close cooperation between public and private sectors has had a positive impact on the overall technological development of Israeli society, and consequently also the technological development of ICT security.
Another example is Estonia, a small Baltic republic near Russia. In 2007, Estonia was hit by a mass of waves of distributed denial of service (DDoS) attacks that hit important websites. DDoS attacks were carried out through a group of infected computers all over the world. A mass of requests for service from infected computers completely flooded major Estonian servers and as a result they were not able to respond to the legitimate demands of users. Attacks were carried out for a few months. Besides the moral damage inflicted, these attacks have caused huge economic damage, as the Estonian economy is very dependent on Internet services, primarily from Internet banking transactions. Ninety-five per cent of its banking operations are conducted electronically.
Partially in response to the cyber-attacks on Estonian public and private institutions, the defense ministers of NATO countries held a meeting in October 2007 in which agreed to create a common cyber-defense policy. In May 2008, NATO established a center in Estonia called the CCDCOE (Cooperative Cyber Defence Centre of Excellence) [NAT 08], which is responsible for making defense policy and cyber-warfare doctrine, providing education and training of personnel, improving cyber-security, etc.
Mainly because of these attacks, the cyber-security sector in Estonia has rapidly emerged [MA 11] and in few years Estonia has become one of the leaders in this sector. Estonia’s case has shown that even a small country with very limited financial and human resources can obtain a high degree of cyber-security [BOG 11].
8.4. Geostrategic, geopolitics and the economic position of the Republic of Slovenia
Independent since 1991, the Republic of Slovenia is a small and relatively young country. Slovenia is based at the crossroads of transport routes, so it is in an essential geostrategic position in Europe. It is on the East–West axis that starts in Russia and passes through the Central European countries to Western European Countries. It is also on the North–South axis that binds Central Europe with the Mediterranean zone and links Europe with the Middle East.
Due to its favorable geostrategic position, the Slovenian territory has always been a subject of desire to large countries. Until its declaration of independence 20 years ago, Slovenia has been ruled by foreigners, mostly the Austro-Hungarian Habsburg monarchy. After the First World War, Slovenia became a part of the Kingdom of Yugoslavia and finally, after the Second World War Slovenia, became a part of the Socialist Federal Republic of Yugoslavia. The Slovenian male population has always had to serve in foreign armies, which is the main reason for the existence of negative attitudes in the national consciousness towards the military.
In the 1980s, strong anti-military movements emerged in Slovenia, mostly against the Yugoslav National Army (YNA). For this reason, YNA had become the focus of hateful feelings and such military movements had a big impact on the whole of Slovenian society. At the time of the declaration of independence, when Slovenia really needed weapons and military force, a petition to completely disarm the whole of Slovenia was issued. The petition was signed by a lot of people, even though at that time Slovenia was facing a real threat from the YNA.
Apparently, it was signed by many people who thought that problems would just disappear if the Slovenian people completely disarmed themselves. Few years later, the sad events in Srebrenica 6 showed us that they were wrong.
In 2004, the Republic of Slovenia became part of the NATO alliance and the European Union (EU). Despite some negative attitudes to such an alliance, the majority of Slovenian citizens supported the accession 7. Despite this, anti-military movements became increasingly strong, so a very similar petition was issued in 2010 calling for the abolition of the Slovenian army [MLA 10]. Again, many prominent Slovenian citizens in the fields of entertainment, science and culture signed the petition.
Slovenia is in currently a huge economic crisis, which is an increasingly common criticism of defense costs. For this reason, such a petition was welcomed by many members of the public, particularly in cases where there is strong support in the media. Therefore, it is currently unrealistic to expect that a small country, in time of huge economic crisis, will start to prepare the Slovenian Armed Forces for cyber-defense, especially because for a lot of people cyber-war is just a futuristic idea.
8.5. Information and communication development in Slovenia
To get a general picture of ICT development in a specific country, several different indicators can be measured. ICT infrastructure (and access) is a very good and simple indicator of ICT development. ICT infrastructure can be adequately sized by counting the number of households and companies with access to the Internet. Thus according to the results of the Republic of Slovenia Statistical Office [ZUP 11], at the beginning of 2010, 68% of households had access to the Internet, which is only 2% less than the EU-27 8 average of 70%. This indicator puts Slovenia among the average EU-27 developed countries in ICTs, which means that globally they are a relatively well-developed information country. This high level of development in the field of information technology is also confirmed by statistical data from the Republic of Slovenia in 2010, where 97% of enterprises with at least 10 employees had access to the Internet and 85% of enterprises had access to broadband Internet. Up to 85% of Slovenian companies used a local area network to transfer and exchange information in 2010. Of these, 87% are small businesses and the remaining proportion consists of medium or large enterprises.
Statistical data from the Republic of Slovenia Statistical Office has also been confirmed by statistical data on “e-commerce companies in the EU between 2004 and 2008” [ZUP 10a]. By almost all of the survey criteria conducted, Slovenia is close to the EU-27 average. A big exception in the survey was the criteria of employment or the employment needs of ICT professionals, where Slovenia was ranked 20 percentage points above the EU-27 average. This exception can easily be explained by the fact that in the years from 2004 to 2008 Slovenia underwent extraordinary economic growth, which was much higher than the European average. The survey did not only cover employees in ICT but also industry needs in this area.
Another exception in this study is how many companies use e-services in their operations with the government. In Slovenia, the number of companies using e-government services is among the highest in the EU-27. This has also been confirmed by the UN E-Government Survey 2010 study, where Slovenia is 29th highest 9 in the world [UNI 10]. Assuming that the development of e-government services and their use is one of the major indicators of the development of information society in each country, based on comparisons with other developed countries, we can gain an overall assessment of the ICT development of Slovenia.
The cheap and friendly service offered by the State institutions via the Internet in recent years means that the Republic of Slovenia e-government has been providing citizens, and companies in particular, with an easy way to carry out many tasks over the Internet. Some State institutions, such as Tax Administration, even require companies to only provide information on their business via the Internet. This approach enables cheap, fast and efficient data transmission, but increases the mutual dependence of the State administration and business upon the Internet.
Since companies must deliver the required data within specific time periods, it is an open question as to how companies can deliver the requested data in the case of a huge failure in the tax ICT administration, ICT infrastructure or Internet connections, as no alternative solutions exist. Such an approach is acceptable in cases of natural disasters, where destruction is usually so extensive that the entire structure is damaged and businesses can no longer operate. In the event of a prolonged period of DDoS attacks, like the attacks experienced by Estonia, such a shortsighted approach can completely paralyze the proper functioning of the tax administration.
8.6. Cyber-threats in Slovenia
Slovenia has not experienced mass hacker attacks yet, with the exception of minor DDoS attacks from Russian hacktivists in 2009, because Russia lost against Slovenia in the 2010 World Cup (soccer/football) qualifier play off. For one day, Russian hackers attacked the Agency of the Republic of Slovenia for Public Legal Records and related services’ webpages, so the damage was relatively minor. This attack was also commented on by the Republic of Slovenia’s Ministry of Defense: “The Ministry of Defense is elaborating actions to prevent attacks and protect critical infrastructure as part of the planning of national measures and actions at Alliance NATO in accordance with the financial capabilities” [HAF 09]. So far, the only dangerous cyber-threats that have been detected in Slovenia are from cybercriminals. From the statistics in a police report for 2010, it can be concluded that 2010 the vast majority of computer criminality (75.2%) related to attacks on information systems [POL 11]. This number had declined from 2009 by 22.4%.
During the summer of 2010, the Slovenian police and FBI agents in Maribor (northwestern Slovenia) arrested two persons accused of participating in the production of one of the largest and most advanced known botnet network — “Mariposa” 10. A 23-year-old graduate student at the Faculty of Computer Science Maribor in Slovenia with the nickname Iserdo 11 was accused of being the main author of the Mariposa malware.
This network led to the infection of 12 million computers worldwide. The most dangerous capability of this network was its ability to select infected computers for infection with a completely new malware [THO 09]. With this ability, the botmaster can arbitrarily change and develop the functionality of computers that are already infected, and thus he has greatly reduced the effectiveness of antivirus protection. The administrator could send arbitrary commands to all infected computers all over the world, to all infected computers in a selected country or even just to one individual computer.
Mariposa can be spread via P2P 12 networks, through the IE6 13 security holes, USB sticks or through infected websites, such as via MSN 14 Messenger user connections. Therefore, the malicious code that created the Mariposa botnet network cannot be classified as a virus, a worm or a Trojan Horse, because the administrator can set an arbitrary way to spread malicious code. This has significantly increased the likelihood of the spread of infections on computers equipped with antivirus protection.
Mariposa botmasters, who call themselves the DDP 15 group, have used the Mariposa network to install additional malware on the already infected computers, such as advanced input keyboard loggers (keyloggers), banking Trojans (Zeus), etc. All information obtained (stolen credit card numbers, bank and credit card passwords) is sold through Internet hacker channels. The DDP group has also been selling the control of different parts of the Mariposa botnet, thus allowing illegal installation of toolbars on infected computers and statistical manipulation through their search engines.
Botmasters from the DDP group communicate with infected computers by using encrypted commands. It is extremely difficult to detect such botnet commands, and even harder to decipher them. In addition, the botmasters have established network links via anonymous virtual private network (VPN) connections. Luckily the error of a major botmaster player has led the police to find his identity. It turns out that a group of criminals from Spain, who operated a Mariposa botnet network, did not have much computer knowledge but had bought these services on the “Internet market” from Iserdo. Due to his age, we may conclude with a high probability that Iserdo is not a top professional, but probably only a talented programmer who has skillfully utilized existing tools for creating malicious code and successfully created state-of-the-art malware.
Despite the fact that Iserdo was arrested in the spring of 2010 and the authorities shut down the Mariposa botnet control computers, a year later ICT security experts from Unveillance and Panda discovered an even more extensive network called a Metulji botnet 16 [BAR 11]. The Metulji botnet is the largest botnet discovered so far, since unknowingly tens of millions of infected computers that are located in at least 172 countries participate in it. Unveillance ICT security experts have even estimated that the size of the Metulji botnet is twice that of Mariposa. The Metulji botnet was created with an advanced version of the Butterfly Bot Kit, which was produced and marketed by Iserdo. All Metulji botnet traces have led to Slovenia, and Bosnia and Herzegovina. The FBI and Interpol conducted Operation Hive, which resulted in the arrests of two Metulji botnet operators in Bosnia [AND 11].
DDoS attacks generated by the botnets are very disturbing for websites and their users and they can cause enormous economic damage as we have seen in Estonia. Although NATO documents have identified DDoS attacks as a military threat, it is very difficult to define DDoS attacks as a military weapon. However, botnet in the hands of criminal groups are threatening funds and can be used for a wide range of serious crimes. Therefore, technologically-advanced countries must be thoroughly prepared for the expansion of cyber-crime, and start to cooperate with other developed countries in this area because this type of crime is usually led by international criminal groups.
If one individual or a small group of people can create a malicious code, such as software code for the Mariposa botnet based only on their knowledge of and the existence of malware source code obtained from Internet sites, we can only imagine the potential to seize power and knowledge from a large organization like the US National Security Agency (NSA), which employs over 30,000 people worldwide including large number of top US experts and scientists in the field of information and communication sciences and technologies. Of course, software code designed by professionals is a secret weapon, so until 2010 it was impossible to obtain any information on cutting-edge technology of such digital weapons.
In July 2010, however, security researchers from the Belarusian antivirus vendor VirusBlokAda discovered a new harmful program code that was later named the Stuxnet worm. The Stuxnet worm had infected less then 100,000 computers and it was not a serious danger to ordinary Windows users but it surprised a large number of security professionals and experts, due to the high complexity and embedded knowledge it contained. The worm was described as the most complex malicious code known and it is estimated that the cost of developing Stuxnet was about $10 million [LAN 10].
Malware is basically an offensive weapon, since it is made to attack the desired target. Whether it only strikes a selected target or attacks causes high collateral damage depends on many factors that cannot be exactly predicted, even by the attacker. Extension of infection by the Stuxnet worm showed that despite the precise definition of the worm’s objectives, it caused accidental infection and damage to a huge number of systems worldwide. This led to various speculations about the true purpose of its production, such as damage to an Indian satellite [CAR 10]. It is highly unlikely that the attackers deliberately infected so many computers in order to disguise their true object of attack.
If malicious code is classified as an offensive weapon, then we can consider antivirus protection to be a defensive weapon. With the increasing use of malicious code as a weapon, possessing successful antivirus protection is an increasingly important strategic asset that is necessary for successful defense against cyber-attacks.
8.7. Slovenia in the field of information and communication security policy
The Republic of Slovenia is a small and relatively little country, with a population of around 2 million people — just a little more than the population of Manhattan (in New York). Due to its size and its obscurity, and especially because it has its own language, Slovenia is a relatively safe country embedded in the EU and NATO. Therefore, the vast majority of people feel safe and they do not perceive any immediate threat that would be recognized as a major risk.
This situation is generally reflected in its relationship to information security policy, despite the fact that Slovenian ICT infrastructure ranks among the most highly developed countries and its increased dependence on the reliability of information and communication systems.
According to the data published in the e-Commerce Companies in the EU between 2004 and 2008 survey, 94% of firms used antivirus programs for protection (in 2006), which ranked Slovenia in the top of the EU-27. Software antivirus protection is the most basic measure of information security protection and it presents a minimum amount of security measures that companies must invest in to protect their own ICT infrastructure. The share of firms that use a firewall for ICT protection is smaller, but its use is still 71% — placing Slovenia above the EU-27 average. The share of the firms that use more expensive hardware ICT protection, however, is dramatically below the EU-27 average (leaving them near the bottom). Thus the share of companies that use secure servers is only 24% and only 12% of companies that use backup systems for data outside the enterprise (off-site backup). These statistical data clearly show that large numbers of Slovenian companies have invested in the basic ICT protection equipment, but most of them have not invested in additional, costly security measures.
In 2010, according to the Republic of Slovenia Statistical Office results [ZUP 10b], only 73% of enterprises in the financial sector with at least 10 employees had formal strategy for the safe use of ICT. Given the sensitivity of financial management, where high security and reliability is a top priority, this percentage is relatively low.
Since the average gains in the financial sector are much higher than in the other sectors, such a situation is not the result of a lack of investment funds, but rather the relationship of management structures to ICT security.
The situation in other sectors is even worse, since the proportion of non-financial enterprises with a formal strategy for the safe use of ICT in 2010 was only 16%, which is more than 10% below EU-27 average (27%). Since these statistics do not include companies with fewer than 10 employees, this situation is dismal. Given that Slovenia has a multitude of regulations that enterprises have to consider in their everyday business, it is unacceptable that in the field of ICT security there are rules to force companies, according to their size and type of business, to take a necessary security measures to protect their ICT infrastructure.
Although there are no specific statistical data on ICT security in government administration, this area is more regulated because in 2002 the Government Center for Information issued a publication entitled Recommendations for the Preparation of an Information Security Policy containing useful guidelines for the implementation of ICT security in the public sector [HAJ 02]. Also included in this publication are security assessments of the current ICT situation in government administration in 2002 [page 6] where it has been found that the state ICT security in public administration was completely unbalanced. In some areas of government, administration ICT security was at a sufficient level while in the other areas it may have been completely ignored or on the back burner. It was found that no branch of government administration at the time possessed a clear ICT security policy. These conclusions suggest that until 2002, the government administration did not have a uniform policy on ICT security. Given the success of the e-government in Slovenia after five years, we may reasonably assume that the ICT security situation has been improved in all public sectors and that no doubt these recommendations have significantly contributed it. It is likely that the recommendations have led to an effective foundation for the harmony of ICT security policy across the public sector.
The Defense Ministry document published in 2011 [MIN 11] states that due to new technological advances, the Government of Slovenia will set up an interdepartmental coordination group to prepare a new document that will update existing recommendations for the preparation of an information security policy. This document will give the government administration completely new guidelines in the field of ICT security and recommendations will be made for other public authorities that do not fall within the government’s remit (municipalities, public enterprises, etc.).
Statistical data on the security situation show that in terms of basic ICT security the Republic of Slovenia is at the top of the EU-27 countries. This claim is backed up by the latest Kaspersky Lab’s report analyzing vast numbers of ICT threats during the second quarter of 2011, where Slovenia is one of the countries with the lowest percentages of users attacked while surfing the web (17.8%) 17 and with the lowest levels of infection (17.2%) [NAM 11]. If we take into account statistical data regarding the security situation, this report shows that in normal conditions mass use of basic ICT security is almost completely adequate to achieve good results when protecting against everyday cyber-threats. In the field of superior and advanced cyber protection, however, the Republic of Slovenia is at the bottom of the EU-27. Only the future will show whether this approach is the right one in light of the new and sophisticated cyber-threats that are being developed.
8.8. Slovenia’s information and communication security policy strategy
Given that Slovenia is a member of the EU-27 and NATO, its strategy regarding information and communication security policies can be divided into several areas that can overlap. In essence, its strategy is divided into the civil sector and military sphere, where Slovenia in association with the EU-27 mostly implements strategic objectives in the civil sphere and in association with NATO implements strategic objectives in the military field. At the same time, Slovenia is also planning its own strategy for information and communication security in both the civil and military fields.
8.8.1. The EU information and communication security policy
Because Slovenia is a member of the EU-27, it must also act within the field of information and communication security in accordance with the recommendations and EU directives, which are mainly concerned with civil governance. In the area of information and communication security, the currently enforced European Council Framework Decision 2005/222/JHA from 2005 [CFD 05] will guide the EU Member States toward a gradual harmony of their laws. This is especially the case in the area of cyber-crime. The directive requires the cooperation of Member States’ competent national authorities to ensure the enforcement of effective ICT security.
In preparation there is a European Parliament directive to replace the Council Framework Decision, which is evident from the draft opinion of the European Economic and Social Committee [ESO 11]. In this document, the Committee also stressed the importance of developing strong public and private partnerships with the aim of increasing and strengthening security and resilience (EP3R) 18, thus demonstrating the importance of tight cooperation with NATO. Due to the specifics of the emerging information and communication security, the future lies in cooperation between both civilian and military sectors, as well as in cooperation between public and private sectors. This can also be seen from a long-term plan of the European digital agenda [EUC 10]. This plan also stresses the determination to establish a European system for rapid responses to cyber-attacks, including a network of groups to respond to computer threats ( Computer Emergency Response Team (CERT) [ENI 06] and the strengthening of the European Networks and Information Security Agency’s (ENISA’s) role. Slovenia also has a Slovenian CERT (SI-CERT) that operates primarily in the civilian area of information and communication security.
In December 2004, the EU Council adopted the European Programme for Critical Infrastructure Protection (EPCIP). Based on the adopted document, the European Commission prepared the Green Paper on EPCIP, where 11 critical structure sectors have been defined. Unfortunately, in the European Council directive on critical infrastructure no. 114/2008, only two sectors were defined (transport and energy). Based on the EPCIP Green Paper, a special inter-sector group for coordinating critical infrastructure protection was established in Slovenia. The special inter-sector group had the task of developing special programs to enforce the EU Council Directive. The program also included a definition for critical infrastructure of national importance. Among other critical infrastructures, it also defined the ICT structure. The inter-sector group included representatives from the ministries of economy, transport, internal affairs, higher education, research and technology, defense, as well as representatives of the Slovenian Armed Forces (SAF) General Staff and the Republic of Slovenia Administration for Civil Protection and Disaster Relief [ČAL 11]. Unfortunately, the group faced similar problems to the EU and was unsuccessful. Its only achievement was the harmonization of the definition of critical infrastructure. In the end, the Slovenian Government did not even succeed in totally implementing European Council Directive 2008/114/ES and received a warning from the European Commission in a formal notice dated March 17, 2011.
8.8.2. NATO’s information and communications security policy
At the Prague summit in November 2002, NATO leaders agreed to establish a NATO Cyber Defense Program, which would protect NATO information and communication systems from cyber-attacks by setting up the NATO Computer Incident Response Capability (NCIRC).
Until the spring of 2007, when attacks were carried out in Estonia, NATO mainly built cyber-defense to protect its own information and communication systems. In light of the cyber-attacks, the defense ministers of NATO countries agreed that NATO must protect all allied countries against cyber-attacks.
Therefore, NATO has developed a mechanism to assist allies against cyberattacks if they want this assistance. The first step in this direction was the establishment of the CCDCOE in Estonia in May 2008. The CCDCOE’s main mission is to foster cooperation, capabilities and information sharing between NATO countries in areas of cyber-security through research and education in cyber warfare, including education and training from specialists from allied countries.
Despite the resolute intention of NATO to defend all allies against cyber-attacks, the major proportion of the security policy still rests with the Members themselves who must take primary responsibility for the safety and security of their systems against cyber-attacks. For a successful mission NATO requires the Member States to have a reliable and secure infrastructure.
8.8.3. Slovenia’s information and communication security policy
The Republic of Slovenia, in order to implement its own ICT security policy in addition to meeting its obligations as a member of the EU-27 and NATO, must accept the measures that have been written in key strategic documents in both the civil and military sectors. Unfortunately, the Republic of Slovenia does not possess a clear strategy that would define the objectives it needs to achieve sufficient information and communication security policies and it has even less clear directions on how it can meet the pledged objectives. From most of the adopted strategic documents we can conclude that the problem of ICT security in Slovenia is underestimated. In all these documents cyber-threats are only mentioned, mostly in the domain of cyber-crime, and are not discussed in detail. Defense against these threats is limited to general responses and intentions to design new strategies and new government bodies.
Since the volume of cyber-crime in Slovenia is a relatively minimal and Slovenia has not experienced mass DDoS cyber-attacks yet — certainly not as extensive as that experienced by Estonia in 2007 — its attitude to ICT security is understandable. Because it is already difficult to justify the costly investment of high security in existing ICTs, it is even more difficult to invest in future cyber warfare, which for most people is completely imaginary and incomprehensible. Therefore, it is more important to find appropriate ways to make relatively small investments in order to achieve a high level of information and communication security. This is only possible with concerted action by the whole society, which means close cooperation between civilian and military governmental bodies and successful collaboration between the public and private sectors. This close cooperation enables synergistic effects while avoiding the duplication of various functions and activities that are an integral part of any security policy. Since ICT protection is almost exactly the same in both civil and military sectors, it makes sense to find common foundations and build common defenses against cyber-attacks on them, while only separating those tasks that are specific to each segment (e.g. cyber-crime actions are addressed by the police).
A good example of the successful organization of ICT in a small state is Israel. Studying this example can be a positive experience and, above all, a good solution can quickly be transferred to the Slovenian strategic plans to set out the main courses of its ICT security policy.
Such an approach will also lead to additional boosts in the development of information and communication sectors in the industry, as such activity does not require a huge investment. It requires few material and energy resources; mostly it requires more professional staff. Due to its relatively high technological development in the field of ICT, Slovenia has enough experts who can quickly specialize in the field of information and communication security. Creating the complex botnet Mariposa is proof that Slovenia also has talented hackers whose expertise could be used for worthwhile purposes.
8.8.4. Analysis of key strategic documents regulating the field of information and communication security policy in the Republic of Slovenia
In this analysis we will try to focus only on the most important strategic documents that are directly related to areas that are important for the security of ICT infrastructure. In all of these documents there is no clear specification of cyber-threats, but they generally refer to cyberspace and information technology, which entail certain risks in the event of cyber-attacks. From the documents analyzed it can clearly be seen that not much attention is paid to this issue, because the strategy is limited to the security of ICT in general.
The Republic of Slovenia in 2010 adopted the “Resolution on the national security strategy of the Republic of Slovenia” ( Official Gazette of the Republic of Slovenia, 27/2010). In Chapter 4.2 on Transnational Threats and Risks of National Security, potential sources of threats are mentioned, such as cyber-threats and the abuse of information technologies and systems. Slovenia is strongly dependent on the continuity and reliability of information systems in both the public and private sectors, with particular emphasis on the key functions of the State and society. In the document, it cites criminal organizations as potential sources of cyber threat. Cyberspace as a potential battlefield is only briefly mentioned. In section 5.3.5 on responding to cyber-threats and abuse of information technologies and systems, the Republic of Slovenia makes a commitment to develop a national strategy to respond to cyber-threats and abuse of information technologies. It will also take the necessary measures for effective cyber-defense, which will include both public and private sectors. In the near future, the document also provides for the establishment of a new national coordinating body for cyber-security. The resolution on the national security strategy clearly shows that ICT security is not at the top of the list of national priorities and the resolution of cyber-threats but has been moved to a vague point in the future.
In 2010, the military sphere adopted the “Resolution on the overall long-term program for development and equipping the Slovenian Armed Forces until 2025” (Official Gazette of the Republic of Slovenia, 99/2010). In this document, cyberspace is also mentioned as a potential battlefield and only in the annex of this document is the concept of cyber warfare briefly explained. It is described as various forms of attack and defense on information systems that take place in cyberspace. Beside this brief description, the document also explains the concept of cyber-defense, and states the NATO definition of cyber-defense as the use of the security measures in order to protect the infrastructure of communication and information systems against cyber-attacks. Unfortunately in this resolution we cannot find more precise definitions of cyber warfare and the attitude of Slovenian Armed Forces on this issue. This resolution does not indicate any conceivable public–private partnerships in the field of ICT, which would allow more efficient use of human and infrastructure resources.
A condescending attitude towards safety in ICT is also found in the Report on the Implementation of Civil Defense Exercise Doctrine of the Republic of Slovenia [MIN 11], prepared by the Ministry of Defense, where it is noted that at the State level, the center for monitoring cyber threats has not been set up to perform tasks in the field of ICT security in the public and private sectors [page 6].
8.8.5. National bodies that govern the field of information and communication security policy in the Republic of Slovenia
In the Republic of Slovenia, competency in the field of ICT security is spread across several ministries and state bodies. It became obvious, during the development of ICT, that there was an urgent need to perform certain security functions. Consequently, many of these tasks in the field of ICT — implemented by the various state bodies — are duplicated or even worse are performed in a large number of departments. As a result of this situation, there are inefficiencies and ICT security has an unnecessarily high total cost.
However, a rapid and complete centralization of these activities would not achieve an optimal effect, since every government department in the field of ICT has its own specifics, which should be carefully taken into account. Therefore, Slovenia should first establish a body whose main concern at the beginning will be to coordinate and guide State bodies on ICT security. Then, in order to achieve the optimizations needed, it should gradually transfer State tasks and processes on ICT security to the relevant branches of the State. Moreover, such an authority will take over the strategic planning of ICT security and also carry out tasks, especially in the field of complex security measures.
8.8.6. Directorate for information society (Ministry of Higher Education, Science and Technology)
The main task of the Directorate for Information Society is acceleration, coordination and effective development of the information society. The Directorate also works with various organizations in the field of security and privacy in the cyber world, such as the Center for a Safer Internet (SAVE.SI). It tries to provide information and advice on the safe use of the Internet and other modern technologies to different groups of Internet users (children, teenagers, parents or teachers). Within the Directorate for Information Society, the SI-CERT team operates under the auspices of the academic and research network.
8.8.7. Slovenian Computer Emergency Response Team
The SI-CERT organization is the main point of contact for reporting network security incidents involving systems and networks located in Slovenia. By agreement with the Slovenian government, SI-CERT also provides the main role for the government CERT. SI-CERT is the main organization responsible for dealing with all security incidents in computer networks located in the public or private sectors.
For historical reasons, SI-CERT operates under the academic and research network ARNES 19. In Slovenia ARNES has played an important role since the introduction of the Internet. During the development and adoption of the Internet, help from the academic institutions was understandably welcome, but the massive use of the Internet in all areas of society has exceeded the academic framework. Thus, this form of organization for solving ICT security problems has become completely inadequate. An interesting solution to this issue is provided by the ENISA in the [WP2006/5.1 (CERT-D1/D2)] document. The document supports the creation of new groups computer security incident response team (CSIRT) in order to establish an effective network of groups for interventions. Since the CERT Coordination Center has registered the term CERT in the US, Europe has introduced the new acronym CSIRT. CSIRT groups may be formed as a public–private partnership and in its establishment the government plays a key role. To build a project with a successful partnership, the government should also extend an invitation to academic institutions, private, economic and other interested entities. The CSIRT group can also provide services in the field of ICT security to different customers (academic institutions, government branches, military bodies, small and medium-sized enterprises, traders, etc.). Inadequacy in the SI-CERT organization could be elegantly resolved by transforming the SI-CERT team into a public—private entity CSIRT, where the government contributes SI-CERT shares a capital investment among other interested entities (companies), which could invest their own capital according to their expectations.
8.8.8. Directorate of e-Government and Administrative Processes (Ministry of Public Administration)
Under the Directorate of e-Government and Administrative Processes several divisions operate that carry out important tasks in the field of ICT security for the whole country. Thus, the central division for the information infrastructure operates a task forces in the field of public key infrastructure to meet the needs of State agencies, public institutions, enterprises and citizens and the issue of qualified digital certificates for Biometric passports. In this sector they also analyze and prepare domestic and international technology security and regulatory recommendations and standards.
The Department of Local IT Infrastructure gives advice on data security and the protection of local computer networks. It takes care of antivirus protection on information systems belonging to the State authorities.
8.8.9. Office of the Government of the Republic of Slovenia for the Protection of Classified Information
The Office of the Government of the Republic of Slovenia for the Protection of Classified Information ( Urad Vlade RS za varovanje Tajnih Podatkov — UVTP) primarily performs tasks in the field of the security of classified information, and is therefore a key element in information security. UVTP is also responsible for the development and implementation of physical, organizational and technical standards for the protection of classified information in government bodies, local communities, holders of public companies and other organizations that deal with classified information. In this field it cooperates with the relevant agencies from foreign countries and international organizations, unless otherwise stipulated by an international treaty. It is also responsible for ensuring the security of Slovenian national classified information abroad and the security of foreign classified information within Slovenia.
Under the auspices of the UVTP, the Information Security Commission has been established comprising representatives of the Ministry of Public Administration, the Ministry of the Interior, the Ministry of Defense, the Ministry of Foreign Affairs, the Slovenian Intelligence and Security Agency and the Government Office for the Protection of Classified Information 20.
Functions of the Information Security Commission are:
– the production of technical and regulatory solutions to protect classified information in communication and information systems;
– it provides appropriate methods and procedures for the identification and authentication of user access to communication information systems;
– it confirms encryption systems, which can be used in information systems;
– it creates the requirements for the integration of communication and information systems; and
– it prepares the implementation of safety requirements to protect against unwanted electromagnetic radiation.
Although this office works in the area where cyber-threats should be seriously considered, in the official documents there are no specific descriptions of this issue.
8.8.10. Slovenian Intelligence and Security Agency
Slovenian intelligence and security operations are regulated by law for the Slovenian Intelligence and Security Agency ( Official Gazette of the Republic of Slovenia, 81/06-UPB2, Slovenska Obveš čevalno-Varnostna Agencija — SOVA 21). It does not directly mention cyber-security tasks, but the agency may perform functions under the Act in accordance with the priorities established by the government based on the national-security program adopted by the National Assembly. Given that the SOVA is an important factor in overall security, it would be necessary to update and harmonize legislation on security and intelligence agencies with modern technological trends.
8.8.11. National Center for Crisis Management
The National Center for Crisis Management ( Nacionalni center za krizno upravljanje — NCKU) was established in 2004 under the US initiative to set up centers in Central and Eastern European countries for crisis management at the strategic level. This was to ensure the unified management of the crisis situation at the national level, while also ensuring the regional integration of these countries. At the beginning, the tasks of the NCKU were not fully defined; therefore, in 2006 the government issued a decree to more precisely define the NCKU tasks as they relate to the organization and operation of NCKU ( Official Gazette of the Republic of Slovenia, 9/2006).
NCKU is organized under the Ministry of Defense, which provides personnel, material, accommodation, financial and other assistance. NCKU operates continuously. Its main task is to provide accommodation, technical, information and communication conditions under the auspices of the government of the Republic of Slovenia in accordance with the law in the event of a state of emergency, war or other threats that may significantly compromise the national security. Although it has been a priority for NCKU to act in a crisis situation, it provides permanent information and communication links between strategic State bodies.
Moreover, NCKU presides over a group that provides analytical and technical support for the ruling government in an emergency or a state of war, and also responds to crises. The analysis group has the task of monitoring potential sources of risk, which include cyber-attacks. In the current legislation, there is no direct guidance for cyber-security; the question arises as to whether the analytical group has sufficient human resources and knowledge to perform such complex tasks. Therefore, it would be prudent to align this area in order to better define the tasks of the group.
8.9. Conclusion
Although the Republic of Slovenia in its strategic documents has mentioned cyberspace as an existing dimension, it should also take into account that the realization and implementation of cyber-security is unfolding very slowly. Slovenia is not adequately prepared for cyber-attacks, especially for advanced attacks on its critical information and communication infrastructure. A very good example of Slovenian cyber-vulnerability is the YouTube affair that occurred in December 2011, when several clips from recordings of closed government of Slovenia sessions were publicized on the video-sharing website [WIK 11]. The Slovenian Armed Forces have neither the personnel nor resources to achieve satisfactory levels of cyber-security [ČAL 11]. Even in 10 years, Slovenia will not be sufficiently prepared to effectively conduct an active cyber-defense [BRA 11]. Besides the high cost, which is really difficult to justify, the main factor preventing investment in ICT security is the relatively high sense of security, which can be seen throughout Slovenian society.
Due to the nature of cyber-attacks, which may be intertwined with cyber-crime, cyber-hooliganism, cyber-espionage, cyber-terrorism or even cyber warfare, all societies, especially in small States, must join forces with civilian and military ICT security, and particularly with the cooperation of public and private sectors, to achieve maximum synergy. This cooperation is cost-effective and would provide ICT protection for everyone.
It is therefore necessary to re-review all strategic documents regulating the field of information and communication security policy in the Republic of Slovenia and coordinate them with the latest trends in ICT security, especially to define cyberspace and cyber-attacks in more detail and trace the optimal defense against them. The focus of the new strategic documents should address the coordination of various government bodies and institutions to affect optimal cooperation between the public and private sectors. Therefore, for effective cooperation between civil and military national authorities, as well as between public and private sectors, it is necessary to set up a group to coordinate the ICT security, which would essentially seek to define common ground among all State bodies and then coordinate all State authorities, municipalities and public or private companies in the ICT security field.
In addition, Slovenia should establish a unit that has the power for rapid reaction in the area of cyberspace, like SI-CERT but with special authorizations. In peacetime this could be a function of the police, and in a state of war this can be transferred to a military unit. Such a unit, in addition to performing preventive measures in the field of cyber-security, could also carry out effective measures to combat cyber-crime and ‘cyber-rascality’. At the same time it could take action in the field of cyber-terrorism and cyber-espionage and start to prepare to fight against cyber-warfare.
The key element for an optimal and efficient defense in cyberspace is tight cooperation among all social entities in the country, which could be achieved by careful planning in all strategic documents. Although this applies to all countries, in order to optimize their actions in cyber defense small countries must implement such cooperation even more strictly than larger ones. A good example of such cooperation is Estonia, where an all volunteer-force of programmers and computer scientists has been created that can be mobilized to defend their country during a cyber-war.
8.10. Bibliography
[ALB 10] ALBRIGHT D., BRANNAN P. and WALROND C., Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?, Institute for Science and International Security, 2010, available at: http://www.isis-online.org/isis-reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant/.
[AND 11] ANDLOVIČ A., Slovenski Metulji Ropajo po Svetu, Slovenske Novice, 2011, available at: http://www.slovenskenovice.si/crni-scenarij/doma/slovenski-metulji-ropajo-po-svetu.html.
[BAR 11] BARDIN J. Metulji Botnet Largest to Date — Unveillance and Panda Team, CSO online, 2011, available at: http://blogs.csoonline.com/1575/metulji_botnet_largest_to_date_unveillance_and_panda_team.
[BOG 11] BOGIS A., Lessons from Estonia’s Cyber Army, Homeland Security Watch, 2011, available at: http://www.hlswatch.com/2011/01/20/lessons-from-estonias-cyber-army/.
[BRA 11] BRATUšA T., Asimetrično bojevanje in strategija posrednjega nastopanja v kibernetski vojni, Master’s thesis, Faculty of Criminal Justice and Security, University of Maribor, 2011, available at: http://dkum.uni-mb.si/IzpisGradiva.php?id=19003
[CAR 10] CARR J., “Did The Stuxnet Worm Kill India’s INSAT-4B Satellite?”, Forbes, 2010, available at: 2010, http://blogs.forbes.com/firewall/2010/09/29/did-the-stuxnet-worm-kill-indias-insat-4b-satellite/.
[CFD 05] CFD, Council Framework Decision 2005/222/ JHA of 24 February 2005 on Attacks against information systems, Official Journal of the European Union, L 069, pp. 0067– 0071, 2005, available at: http://europa.eu/legislation_summaries/information_society/internet/133193_en.htm.
[CHA 09] CHABROW E., New Cyber Warfare Branch Proposed, Information Security Group, Corp (ISMG), 2009, available at: http://blogs.govinfosecurity.com/posts.php?postID=160.
[CLA 10] CLARKE R.A. and KNAKE R.K., Cyber War. The Next Threat to National Security and What to Do About It, HarperCollins, New York, 2010.
[CNT 11] CNTV , Defense Ministry clarifies Cyber Blue Team, CNTV, 2011, available at: http://english.cntv.cn/program/china24/20110526/111784.shtml.
[ČAL 11] ČALETA D. and ROLIH G., “Cyber security in the operation of critical infrastructure — an analysis of the situation in the field of Slovenian defence”, in: Contemporary Military Challenges, General Staff of Slovenian Armed Forces, available at: http://www.slovenskavojska.si/fileadmin/slovenska_vojska/pdf/vojaski_izzivi/svi_13_3.pdf.
[DOD 10] DEPARTMENT OF DEFENSE, Cyber Command Achieves Full Operational Capability, Department of Defense, 2010, available at: http://www.defense.gov/releases/release.aspx?releaseid=14030.
[ENI 06] EVROPSKA AGENCIJA ZA VARNOST OMREŽIJ IN INFORMACIJ (ENISA), Postopen pristop k vzpostavitvi csirt, Dokument WP2006/5.1(CERT-D1/D2), ENISA, 2006, available at: http://www.enisa.europa.eu/act/cert/support/guide/files/csirt-setting-up-guide-in-slovenian/at_download/fullReport.
[ESO 11] EVROPSKI EKONOMSKO-SOCIALNI ODBOR, “Mnenje Evropskega ekonomskosocialnega odbora o predlogu direktive Evropskega parlamenta” in Sveta o napadih na informacijske sisteme in razveljavitvi Okvirnega sklepa Sveta 2005/222/PNZ, 471. plenarno zasedanje, 2011, available at: http://www.toad.eesc.europa.eu/ViewDoc.aspx%3Fdoc%3Dces%255Cten%255Cten437%255CSL%255CCES453-2011_FIN_NI_SL.doc.
[EUC 10] EUROPEAN COMMISSION, A Digital Agenda for Europe, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, 2010, available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52010DC0245R(01):EN:NOT.
[GIL 11] GILES K. Information Troops, a Russian Cyber Command?, Conflict Studies Research Centre, Oxford, 2011, available at: http://www.conflictstudies.org.uk/files/Russian_Cyber_Command.pdf.
[GSO 05] GLOBAL SECURITY. ORGANISATION, Force XXI, Global Security Organisation, 2005, available at: http://www.globalsecurity.org/military/agency/army/force-xxi.htm.
[HAF 09] HAFNAR D., Nova Zmaga, nov Napad, Žurnal 24, 2009, available at: http://www.zurnal24.si/print/61307.
[HAJ 02] HAJTNIK T., Priporočila za Pripravo Informacijske Varnostne Politike, Center Vlade RS za Informatiko, 2002, available at: www.mju.gov.si/fileadmin/mju.gov.si/pageuploads/mju_dokumenti/pdf/Priporocila_za_pripravo_inf.varnostne_politike_2.0_1.del.pdf and www.mju.gov.si/fileadmin/mju.gov.si/pageuploads/mju_dokumenti/pdf/Priporocila_za_pripravo_inf.varnostne_politike_2.0_2.del.pdf.
[INF 10] INFOSECURITY NEWS, “UK government Cyber Security Operations Centre going live soon”, Infosecurity Magazine, 2010, available at: http://www.infosecurity-magazine.com/view/8020/uk-government-cyber-security-operations-centre-going-live-soon/.
[KNO 11] KNOKE F, De Maizière preist neue Cyber-Zentrale, Spiegel Online, 2011, available at: http://www.spiegel.de/netzwelt/netzpolitik/0,1518,747350,00.html.
[LAN 10] LANGNER R., The Short Path from Cyber Missiles to Dirty Digital Bombs, Langner, 2010, available at: http://www.langner.com/en/2010/12/26/the-short-path-from-cyber-missiles-to-dirty-digital-bombs/.
[LIN 11] LATEST IT NEWS, The Most Hacker Attacks come from Russia, Latest IT News, 2011, available at: http://www.whioam.com/the-most-hacker-attacks-come-from-russia.html.
[NAM 11] NAMESTNIKOV Y, IT Threat Evolution: Q2 2011, Kaspersky Lab, 2011, available at: http://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011.
[NAT 08] NATO news, NATO Opens New Centre of Excellence on Cyber Defence, NATO, 2008, available at: http://www.nato.int/docu/update/2008/05-may/e0514a.html.
[PUF 95] PUFENG W., The Challenge of Information Warfare, China Military Science, 1995, available at: http://www.fas.org/irp/world/china/docs/iw_mg_wang.htm
[MIN 11] MINISTRSTVO ZA OBRAMBO, Kabinet Ministra, Poročilo o uresničevanju programa uveljavljanja Doktrine civilne obrambe Republike Slovenije, Dokument 80100-1/2011/10, VlADA, 2011, available at: www.vlada.si/fileadmin/dokumenti/si/sklepi/seja_vlade_2011/133_seja/133sv14.doc.
[MLA 10] MLADINA EDITORIAL, “Peticija Ukinimo vojsko! (Petition for abolishing the army!)”, Mladina, 2010 available at: http://www.mladina.si/mladina_plus/peticije/ukiniti_vojsko/.
[POL 11] POLICIJA, Poročilo o delu policije za leto 2010, Ministrstvo za notranje zadeve 2011, available at: http://www.policija.si/images/stories/Statistika/LetnaPorocila/PDF/LetnoPorocilo2010.pdf.
[SOP 11] SOPHOS, Security Threat Report 2011, Sophos, 2011, available at: http://www.sophos.com/security/topic/security-threat-report-2011.html.
[STP 08] STRATEGY PAGE, Russia the Evil Hacker Haven, StrategyPage.com, 2008, available at http://www.strategypage.com/htmw/htiw/20080204.aspx.
[UNI 10] UNITED NATIONS, United Nations e-Government Survey 2010. Leveraging e-Government at a Time of Financial and Economic Crisis, Department of Economic and Social Affairs, New York, United Nations, 2010, available at: http://www2.unpan.org/egovkb/global_reports/10report.htm.
[THO 04] THOMAS T.L., Russian and Chinese Information Warfare: Theory and Practice, Foreign Military Studies Office, 2004, available at: http://www.dtic.mil.
[THO 09] THOMPSON M., Mariposa Botnet Analysis, Defence Intelligence, 2009, available at: www.defintel.com/docs/Mariposa_Analysis.pdf.
[ZUP 10a] ZUPAN G. E-poslovanje v podjetjih v Sloveniji in EU, 2004–2008, Statistični urad RS, 2010, available at: http://www.stat.si/novica_prikazi.aspx?id=2921.
[ZUP 10b] ZUPAN G. Uporaba informacijsko — komunikacijske tehnologije v podjetjih, podrobni podatki, Slovenija, 2010 — končni podatki, Statistični urad RS, 2010, available at: http://www.stat.si/novica_prikazi.aspx?ID=3596
[ZUP 11] ZUPAN G., Svetovni dan telekomunikacij in informacijske družbe 2011, Statistični urad RS, 2011, available at: http://www.stat.si/novica_prikazi.aspx?id=3908.
[WIK 11] WIKIPEDIA, 2011 Slovenian YouTube affair, 2011, Wikipedia, available at: http://en.wikipedia.org/wiki/2011_Slovenian_YouTube_affair.
1 Chapter written by Gorazd PRAPROTNIK, Iztok PODBREGAR, Igor BERNIK and Bojan TIČAR.
1 The plebiscite held in December 1990, at which the citizens of Slovenia voted overwhelmingly in favor of a sovereign and independent state. Turnout for the plebiscite was 93.2% of those eligible to vote. Of those who did vote, 88.5% said “yes” to an independent and sovereign Slovenia.
2 Slovenia was declared an independent country by the President on June 26, 1991 at the ceremony held in Trg Revolucije Square, Ljubljana.
3 Word cyberspace was first used by William Gibson in his book Neuromancer in 1984.
4 Anonymous is an Internet-oriented group initiating active civil disobedience and representing themselves as an anarchic, digitized global brain.
5 REB Troops are the Voyska radioelektronnoy bor’by, or Voyska REB — the Russian military’s electronic warfare branch.
6 During the Bosnian War in July 1995, in the town of Srebrenica (Bosnia and Herzegovina), there was genocide in which the Army of Republika Srpska (ARS) killed more than 8,000 Bosniaks (Bosnian Muslims), mainly men and boys.
7 Turnout for the referendum was 60.29% of those eligible to vote. Of these, 89.61% voted for EU integration and 60.2% voted for integration into the NATO alliance.
8 EU-27 — the 27 countries in the European Union.
9 According to the UN E-Government Survey 2008, Slovenia has occupied 26th position in the world.
10 Mariposa is the Spanish word for a butterfly.
11 Iserdo, read backwards, means “salvation” in Slovenian.
12 P2P network — a peer-to-peer network is a distributed application architecture that can communicate between peers.
13 IE6 — Internet Explorer version 6.
14 MSN — Microsoft Network.
15 DDP — Días de Pesadilla (in Spanish this means nightmare days).
16 Metulji is the Slovenian word for butterflies.
17 According to Kaspersky Lab’s report, in Q2 2011 the lowest percentages of users attacked while surfing the web are in Japan (13%), Taiwan (13.7%), the Czech Republic (16.1%), Denmark (16.2%), Luxembourg (16.9%), Slovenia (17.8%) and Slovakia (18.3%).
18 EP3R — the European Public–Private Partnership for Resilience.
19 The Academic and Research Network of Slovenia (ARNES) is a public institute that provides network services to research, educational and cultural organizations.
20 The Information Security Commission has been established pursuant to Part 15 of the Article of regulation on the protection of classified information in communication and information systems ( Official Gazette of the Republic of Slovenia, 480/2007) and the government decree of the Republic of Slovenia num. 01203-19/2007/7, December 20, 2008
21 Sova is the Slovenian word for owl.