This is a comprehensive overview of nation-states that are involved in standing up a cyber operations capability; however, there are now so many states enabling this capability that it became impossible to list them all in the time provided to write this chapter. This chapter features a survey of the majority of them.
In a 2009 Australian Defense white paper, the Australian government is taking initiatives to develop and enable a new cyber warfare capability.[109] It states that the new department will “consist of a much-enhanced cyber situational awareness and incident response capability, and the establishment of a Cyber Security Operations Centre to coordinate responses to incidents in cyber space.”[110] The words “response” and “defense” are used many times in the paper, with no specific mention to offensive capability. However, it does suggest it will be present with the text “maximize Australia’s strategic capacity and reach in this field.”[111]
To accomplish this, Australia welcomed the opportunity to increase cooperation with the UK on cyber issues. In January 2011, Australia and the UK announced they will use their existing joint work on cyber security for the foundation of a sophisticated cyber partnership by further expanding the collaboration of their cyber security agencies and departments.[112]
A few months later, in March, the Australian Security and Intelligence Organization opened a new cyber investigations unit, tasked with investigating and advising on state-sponsored cyber attacks involving Australia.[113] The close cooperation of the Australian Computer Emergency Response Team (CERT) and the Defense Signals Directorate’s Cyber Security Operation Centre (CSOC) allow for identification of threats and the scale of response to be determined timely and effectively.
In September 2010 the Brazilian Army signed an agreement with Panda Security to assist in the training of the Army’s cyber forces. Panda Security will also use endpoint software to protect 37,500 computers that are organic to the Army’s Military Commands.[114] In addition to Panda Security’s assistance, Brazil has established a Center for Cyber Defense (CDCiber) in Brasilia, with General Jose Carlos dos Santos as commander.[115] CDCiber operates under the President of Brazil’s Cabinet of Institutional Security (GSI), and military officers from Brazil’s armed forces will staff it. Training is provided through coursework at the Military Institute of Engineering in Rio de Janeiro. A war room is under construction, which will provide incident response, malware analysis, and the ability to conduct cyber war games.
In October 2010 the Canadian government formally published its strategy to combat cyber attacks.[116] The strategy is built upon three pillars: securing government systems, partnering to secure vital cyber systems outside the federal government, and helping Canadians to be secure online. The strategy emphasizes that it will strengthen cyber sharing with its intelligence partners—including the United States, United Kingdom, and Australia—as well as work with NATO.
The Canadian Security Intelligence Service is instructed to analyze and investigate domestic and international threats. The Foreign Affairs and International Trade Canada will develop a cyber security foreign policy that will relate to Canada’s involvement abroad. The Department of National Defense and Canadian Forces are instructed to strengthen their capacity to defend their own networks and exchange information with allied militaries.[117] The strategy does not discuss offensive capabilities or the Canadian Cyber Incident Response Center (CCIRC).
According to an October 2010 interview with the director general of National Cyber Security at Public Safety Canada, the CCIRC is the first responder of cyber attacks but does not have the authority to direct response. Instead, the CCIRC acts as a triage of sorts to bring in other agencies to coordinate and determine which agencies have the lead for a response.[118]
In August 2011 the Czech Republic released its version of a cyber strategy for the years 2011–2015.[119] The document states that this present strategy is to be used as a foundation upon which to build Czech cyber capabilities. While this may not display that a former strategy was absent, it does indicate that the former policy was either inefficient or did not possess the authority to constitute effective action.
The strategy includes the involvement of all sectors pivotal to an effective security. It also stresses the importance of cooperation and mutual trust between the government and private sector. It does not, however, provide much incentive to the private sector to cooperate, only that the government and the private sector should coordinate to create cyber security standards. Moreover, the strategy dictates that international cooperation is key, specifically the European Union and NATO. The paper makes it clear that cyber security issues are the responsibility of the Ministry of Interior, but the Czech Republic is likely experiencing jurisdiction problems in that department, as are many other countries that are working to establish cyber security programs. Section 11 under legislative framework mentions that laws need to be put in place indicating which agencies will coordinate and what their respective duties will entail. It is also worthy to note that like many other national strategies, a Computer Emergency Response Team will be created to mitigate threats as they are presented.
In the cyber response arena, the strategy discusses the need for a national cyber threat early-warning system, which will have response options that are not yet specifically detailed. However, section 22 does indicate that the government will test response options and countermeasures to such security risks based on international cyber defense exercises. To accomplish this, the government will encourage state departments, the private sector, and academic facilities to support research and engage in training domestically and abroad in the arts of cyber security. The strategy, not unlike others published, establishes a basic break down of the proposed capabilities, the legal frameworks, and the education required to execute these tasks.
DPRK President Kim Jong Il is approaching age 72 and has suspected health problems. His son, Kim Jong Un, has been named his successor, and at 28 years old, Jong Un has been raised in a more technological generation. It is likely he will continue to push the DPRK toward cyber capabilities when he assumes the presidency.[120]
In 2007 a DPRK military officer who defected reported that North Korea has approximately 30,000 electronic warfare specialists under two electronic warfare brigades.[121] Out of these personnel, there are roughly 600 specialized hackers. Mirim College—also known as Kim Il Political Military University, or secret college—trains some 100 hackers a year via distance learning and Russian training that has been passed along in a train-the-trainer mentality.[122]
The army is seeking out young prodigies to train as hackers from an early age. When a child is identified as a potential recruit, he is given the best environment possible. If that child graduates with top grades, his family is moved to Pyongyang as a reward.[123] After studying at local universities, those prodigies are given the chance to study abroad, complete with a generous stipend for living expenses. These hackers are assigned to various units under the General Bureau of Reconnaissance (GBR). Republic of Korea intelligence authorities believe there are approximately 1,000 cyber warriors in the GBR based out of China and the North.
A specific unit under the GBR is Office 121, which is a cyber warfare unit that possesses world-class hacking abilities.[124] In May 2011, Im Chae Ho, the vice president of the KAIST Cyber Security Research Center, commented that North Korean hackers had 10 times the strike capability of their South Korean counterparts, and are at a stage where they can directly attack South Korea’s infrastructure through cyber terrorism.[125] North Korea has expressed interest in damaging South Korea’s infrastructure, including nuclear power plants and stock market systems, via the Internet.[126]
In 2010 the DPRK increased the priority of its cyber warfare unit (Office 121) to about 3,000 personnel. North Korean computers run off a Linux variant called Red Star, which has an interface similar to Windows, except with a red star replacing the Windows button at the bottom left.[127]
In the aftermath of the 2007 attacks, Estonia established a Cyber Defense Center in 2008 with the assistance of NATO.[128] Since then, the center has been fully accredited as a NATO Center of Excellence, bringing with it funding and multinational support. Seven NATO member nations—Estonia, Germany, Italy, Latvia, Lithuania, Slovakia, and Spain—formally signed into the creation of the center. The United States is also an observer member, and Estonia has recently invited Iceland to participate in the center.[129] According to the Estonian Minister of Defense, after a visit to the US Cyber Command, Estonian cyber capabilities are considered in high regard by the United States.[130]
In addition to the center, Estonia has also established a Cyber Defense League of volunteers that, in the case of conflict, would perform duties under a unified military command. The volunteers are comprised of cyber security professionals in the private and public sectors who carry out regular weekend exercises to prepare for possible cyber situations. This is considered so vital to Estonian national security that the league is considering a draft to ensure all experts are available in the event of a crisis. While volunteer cyber armies are not unheard of, their motives and loyalty are considered uncontrollable. Estonia is likely trying to harness a cheap and already developed national tool.[131]
In November 2010 the European Union (EU) conducted its first-ever pan-European cyber war simulation. Cyber Europe 2010, as the exercise was called, included experts across Europe who worked to hone their response to attacks from hackers trying to reduce the Internet connectivity around Europe. Moreover, the stress of this environment helped test the appropriateness of contact points among the participating countries. The European Network Security Agency (ENISA) organized the cyber exercise, and all member nations—including Iceland, Norway, and Switzerland—participated.[132] In March 2011 the European Union was hacked by cyber criminals in a very similar manner to the strikes on the European Commission.[133] ENISA is planning on attending the Cyber Warfare Europe conference in September 2011.[134]
In 2009 France created the French Network and Information Security Agency (FNISA) to provide a national watchdog on the government’s sensitive networks that would detect and respond to cyber attacks.[135] Since then, little has been exposed about the disposition of French cyber security until March 2011, when the French finance ministry announced that it had suffered a cyber attack during the Paris G20 summit.[136] The attack targeted documents relating to the summit and other economic issues.
In August 2011, France announced its intentions to build network warfare capabilities. Cyber warfare specialists under the General Directorate of Armament (DGA) demonstrated their capabilities in September 2011 using a communications mini-drone to simulate an attack on a national communications satellite.[137] Personnel dedicated to France’s cyber warfare capabilities include 130 engineers and researchers with links to French universities, as well as US and UK cyber experts who provide advice to other French departments on improving their organic network securities. The DGA intends to grow these numbers by 30 per year for the next 30 years.[138] A major focus of the DGA is currently to develop secure networks for the French Naval Forces, including Naval Aircraft, by implementing an intranet.
Germany established a Cyber Defense Center (CDC) in June 2011 to combat the growing attacks on German networks.[139] The Cyber Defense Center is modestly staffed with six employees from the Federal Office for Information Security, two from the German Office for the Protection of the Constitution (a domestic intelligence agency), and two from the Federal Office of Civil Protection and Disaster Assistance. These 10 employees will eventually be joined by representatives from the Federal Police, Federal Office of Investigation, the Bundesnachrictendienst (a foreign intelligence agency), the German armed forces, and the Customs Criminal Investigation Office. The center is the result of the “Cyber Security Strategy for Germany,” approved in February 2011, which also plans to work closely with the private sector.
A few weeks after the CDC was established, it became a target of a group of hackers known as the “n0n4m3 crew,” or the No Name Crew. The hackers broke into the CDC networks and stole information from a program used by German police to help track criminals.[140] Two of the hackers involved were subsequently tracked down and arrested, but the successful attack on the CDC is likely to increase the focus and resources allotted on the center by the German government to avoid further embarrassment.
In August 2010 the Indian government told its agencies to enhance their capabilities in cyber warfare.[141] The strategy directed government agencies to develop capabilities to break into networks of unfriendly countries, set up hacker laboratories, set up a testing facility, develop countermeasures, and set up CERTs for several sectors. The agencies at the forefront of this strategy were the National Technical Research Organization, the Defense Intelligence Agency, and the Defense Research and Development Organization.[142]
Not long after the strategy was announced, India discovered a Chinese variant of the Stuxnet worm in Indian installations. India has since stepped up efforts in its offensive cyber capabilities.[143] In December 2010 hackers from the Pakistan Cyber Army defaced India’s Central Bureau of Investigation, which was supposed to be one of the nation’s most secure websites.[144] This attack caused the Indian government to call for increased capabilities in cyber security. The increasing focus on cyber security is evident through the planning of India’s second cyber warfare conference, which will be held in November 2011.[145]
In 2010 the Iranian Islamic Revolution Guards Corps (IRGC) set up its first official cyber warfare division.[146] Since then, its budget and focus has indicated the intention of growing these cyber warfare capabilities. Education is considered a top priority in the strategy, with increased attention to computer engineering-specific cyber security programs. The IRGC budget on cyber capabilities is estimated to be US$76 million. The IRGC’s cyber warfare capabilities are believed to include the following weapons: compromised counterfeit computer software, wireless data communications jammers, computer viruses and worms, cyber data collection exploitation, computer and network reconnaissance, and embedded Trojan time bombs.
The cyber personnel force is estimated to be 2,400, with an additional 1,200 in reserves or at the militia level. The IRGC also recognizes the ability to use Iran’s hacker community against state targets.[147] However, the hacktivists’ loyalty to the IRGC may be in question, as seen in the 2009 Iranian elections. After the Iranian government utilized its cyber army to go after political dissenters, the Iranian hacking community struck back by defacing government websites.[148] Soon after, the Iranian Stuxnet crisis occurred In June 2011 Iran announced that the Khatam al-Anbiya Base, which is tasked with protecting Iranian cyberspace, is now capable to counter any cyber attack from abroad,[149] a claim that will likely be tested soon given the volatile nature of cyberspace.
In August 2011 Iran challenged the United States and Israel, stating that they are ready to prove themselves with their cyber warfare capabilities. Should the Iranian cyber army be provoked, Iran would combat these operations with their own “very strong” defensive capabilities.[150] Tehran has greatly increased its cyber warfare capability in the past years, but it is likely not yet ready to wage a full-scale cyber war with the United States or Israel, despite its claims.[151]
Israel is no stranger to cyber warfare; maybe one of the most successful known acts of cyber warfare occurred when Israel shut down Syria’s anti-aircraft radars so Israel’s Air Force could fly undetected to destroy a suspected Syrian nuclear site in 2007. In February 2010 the Israeli Intelligence Directorate published a paper highlighting the necessity of cyber capabilities to the Israeli Defense Forces (IDF). The paper also realized the importance of cyber defense centers set up in the United States and the UK.[152]
In June 2010, word was released that Israel had begun setting up a cyber warfare unit, but with a twist—the unit was using the same recruiting methods that the IDF uses for Israeli commando units. These teams are dispatched to target countries, where they not only act as a covert commando unit, but also launch cyber attacks from inside that country. The unit is structured under the military intelligence department.[153] This goes along with the Israeli strategy that cyber warfare is an alternate means to conventional warfare, one that can be employed much more often because of the lack of formal consequences.[154]
In early 2011 Israel convened a panel of cyber experts to discuss the future of the Israeli cyber defense and security issues.[155] The panel concluded that not only do offensive cyber capabilities need to be used, a strong defense for the Israeli cyber infrastructure is also necessary. Soon after this session, Israel set up a cyber command to address these needs.[156]
The 80-person command is said to be primarily a defensive unit, although it is very likely the unit will have offensive capabilities.[157] The command will coordinate efforts between the government, cyber industry, and universities. There is also a plan to develop cyber studies at the secondary school level. The cyber command is part of Unit 8200, which is primarily an intelligence-collecting unit and is the largest unit of the IDF.[158]
Italy has expressed interest in setting up a Cyber Defense Command (CDC), and in May 2010 the Italian parliament’s intelligence commission formally investigated taking such action.[159] Currently, the Italian cyber warfare and security operations are divided among the military, police, and government departments, without any real coordination or fusion. The end result is expected to set up two separate cyber divisions: one that handles foreign issues, and one that is more domestically focused. Like many other countries, the Italians are looking at the NATO cyber centers for a possible cheap alternative to setting up their own center.[160]
In August 2011 a group called the Anonymous Hackers for Anti Operation released over eight gigabytes of stolen files from the Italian National Anti-Crime Computer Center for Critical Infrastructure Protection (CNAIPIC). The files included correspondence indicating the CNAIPIC has been spying on Russian-owned government energy and defense industries primarily, but that Italy may have also gathered much of its Russian information from the Indian embassy’s Air Attaché to Russia.[161]
In June 2010 the Kenyan Internet Governance Forum (KGIF) proposed the formation of a national cyber security management framework. Citing the growing accessibility to Internet access and the attacks on critical national infrastructure in Estonia and Georgia, the proposed CERT would coordinate response to cyber security incidents at the national level.[162]
A year later the Kenyan government had set up a CERT as the first steps to a future cyber-combatting department.[163] The Kenyan CERT has partnered with cyber experts from the United States to help shape the newly founded departments.
Myanmar has long used cyber warfare capabilities to silence domestic political opposition. In 2008 the military regime used denial of service attacks on several opposition websites. The Defense Services Intelligence (DDS) set up the Defense Services Computer Directorate (DSCD) in 1990, which was then focused primarily on military communications, but it soon became more focused on information warfare.[164] In 2004 the service was disbanded as a result of the former prime minister and intelligence chief being arrested during a military coup. The DDS was later reformed as the Military Affairs Security (MAS), which took on the majority of the cyber warfare functions. The MAS reportedly received major assistance from Singapore, but many of the cyber experts in MAS received training from Russia and China.[165]
The military cyber warfare division surfaced again in March 2011 when it was tracked to the hacking of an exiles media website that routinely criticizes the regime.[166] The media website was also taken down in 2008, presumably by the MAS.[167] In the first quarter of 2011 Myanmar was the world’s leader in received cyber attacks, not necessarily indicating that the MAS was at fault, but rather that hackers around the world are taking advantage of Myanmar’s weak Internet security laws.[168]
A very large contingent of NATO’s cyber warfare capabilities rest in the establishment of NATO’s Cyber Defense Center (detailed earlier in the section Estonia). In November 2010 NATO conducted its third cyber exercise dubbed The Cyber Coalition of 2010.[169] The exercise simulated cyber attacks against NATO and alliance members to test the response of the decision-making process, which was very similar to the Cyber Europe exercise that the European Union conducted earlier in November 2010. Currently, NATO networks are spread among several countries, many of which have not yet reached agreements on standard operating procedures for data sharing. All NATO members are not expected to reach similar agreements for NATO networks until 2013.[170]
Since the cyber attacks on the NATO member nation of Estonia, NATO has implemented quick responses such as the Cyber Defense Center, but it also has been working on a long-term policy concept that was formally agreed upon at the 2011 Lisbon summit.[171] The strategic concept includes many obvious realizations, such as the necessity of cyber defense to NATO’s core tasks of collection defense and crisis management, but it also displays an absence of offensive-capabilities focus.[172] While these capabilities may not have made it to the unclassified version of the strategic concept, it is rather strange that none was mentioned. The current strategy is to build only cyber defensive capabilities, which is likely an attempt to streamline the ability to protect member nation networks against the already-developed offensive capabilities of adversary nations.[173]
The Dutch government released a cyber security doctrine in April 2011 that focuses on involving commercial interests and cooperating with international initiatives, as well as improving existing capabilities and creating collaborations with the private sector. The doctrine is short, and most of the proposed ideas are capable of being attained without major investment—if any at all.
One of the biggest takeaways is the establishment of two cyber agencies: the National Cyber Security Council and a National Cyber Security Center (NCSC). The NCSC will coordinate cyber security through all Dutch organizations and departments.[174] All involved parties will create a strategy, and the NCSC will execute those policies. The already-existing Cyber Security and Incident Response Team (GOVCERT)[175] will be incorporated into the NCSC. Absolutely no budget is allotted for this doctrine, which will challenge the effectiveness.
Nigeria currently has no cyber crime or virtual information theft laws. In 2006 this was entirely acceptable, as less than 3.1% of the population was connected to the Internet.[176] In 2009, however, this number jumped to 16.1%, and due to a heavily invested future digital infrastructure, the number is expected to reach 30–40% by 2013.[177] This explains the phishing emails that originate from Nigeria, such as the Nigerian Prince scam.
After Al Qaeda computer expert Muhammad Naeem Noor Khan was arrested in Pakistan in 2004, it was discovered that Al Qaeda networks were communicating through Nigerian email systems and websites. Soon after, work began on a Nigerian Cyber Act that would at least provide deterrence to cyber crime, not only for domestic situations, but also for foreign criminals using Nigerian hosts. As of March 2011 the Nigerian House of Representatives rejected the Cyber Act because it duplicates many of the duties found in already-standing agencies.[178]
The Nigerian population’s growing connectivity to the Internet, combined with the lack of legislature defining consequences for cyber crime activities, creates an incubator for experienced cyber criminals. Cyber criminals who may eventually gain enough expertise to be hired out to the highest bidder. This also invites foreign groups and even state-actors to operate through and out of Nigeria directly or indirectly, shielded by the sovereignty of Nigeria.
Pakistan is not a new player in the arena of cyber warfare; it has been engaged in a cyber war with India since 1998. For the most part, the cyber wars only consisted of defacing each other’s websites, but in 2003, the two sides went after each other’s government servers.[179] In 2010 Indian cyber hackers attacked Pakistan’s infrastructure; in retaliation, Pakistan targeted similar Indian infrastructure. Pakistan is faced with an Israeli-Indian cyber war against its nuclear program. Even in lieu of these attacks, Pakistan has no formal cyber warfare coordination center or any specifically designated department for cyber warfare. Any cyber actions are done from individual cyber sections that are attached to government departments.[180]
The People’s Liberation Army (PLA) Science and Engineering University is the People’s Republic of China’s (PRC) center for information warfare (IW) training.[181] The PRC’s Integrated Network Electronic Warfare (INEW) is the formal IW strategy that places intelligence-gathering responsibilities and network defense on the PLA’s 3rd General Staff Department (Signals Intelligence) and specialized IW militia units. Since 2002, the PLA has created IW militia units that integrate personnel from the military, universities, and private sector information technology companies. Research and development in cyber espionage is considered a focusing strategy, according to the Five-Year Plan (2011–2015) by both the Chinese central government and the PLA.[182]
The Chinese government’s massive efforts to develop cyber warfare capabilities have created a growing cadre of cyber experts. China is increasingly finding that it is difficult to control and harness these experts and hacktivists.[183] Chinese citizens who are designated for cyber warrior training are first sent to military institutions in an attempt to nationalize and promote loyalty within the warriors.[184] In May 2011 China announced that it had established a “Blue Army” division, a cyber command unit of 30 initial members who were recruited from existing PLA soldiers, officers, college students, and experts from the private sector.[185] The unit’s formation contrasts the PLA information warfare concept, which harnesses the hacktivists and existing cyber experts instead of establishing a military operations command.[186] It is likely that the Blue Army division will serve as a coordinating and focusing element to the largely diverse hacktivists networks.
The PRC’s and PLA’s cyber offensive capabilities are slightly divided. The government’s focus on hacktivists and other assets is to further the economic and technological successes through the use of cyber espionage, as well as to quell or silence political dissenters.[187] The military, on the other hand, is more focused on obtaining technology or cyber warfare capabilities to disable enemy communication networks with one swift blow. To obtain this evolving piece of attack code or tools, they have utilized hacktivists and other organic cyber experts to steal or develop these capabilities.[188]
Poland is intending to play a leading role in the NATO multinational cyber defense initiative that is to be up and running by the end of 2012. The cyber defense capabilities will be structured under the NATO C3 Agency, which is responsible for delivering C4ISR to NATO operations. In March 2011 NATO C3 Agency’s General Manager Georges D’hollander commented that “Poland is renowned for its cyber defense expertise.”[189]
The Korean Information Security Agency (KISA) was formed in 1996 to establish reliable information distribution and to develop appropriate responses to electronic infringement. As cyber attacks from North Korea increased, in 2004 South Korea was one of the first countries to establish a Computer Emergency Response Team (KrCERT).[190] The ROK is faced with enormous cyber pressure and attacks from the DPRK, and while no formal policy has been publicly released, the ROK has been increasing their cyber education capacity, a first and basic step to growing any cyber defense infrastructure.
The ROK army, in cooperation with Korea University, has formed a new cyber defense school, slated to open in 2012, which will admit 30 students a year in a four-year course.[191] Courses will include breaking malicious Internet codes, the psychological ramifications of cyber warfare, and cyber warfare tactics. The army hopes that the school will ensure a steady supply of cyber experts to offset the DPRK’s cyber offensive. Similar to US ROTC programs, if the students join the army after university, the army will pay their tuition.[192]
See Chapter 15.
In October 2009 Singapore established the Singapore Infocomm Technology Security Authority (SITSA), which was designed to be the national specialist authority in safeguarding the country against cyber threats. SITSA is structured under the Ministry of Home Affairs Internal Security Department. The agency will improve upon the current cyber defense capabilities by coordinating with private sector businesses. In addition, the authority will conduct simulations and exercises to strengthen the country’s cyber security by training with real-world evolving threats.[193]
In February 2010 the South African Department of Communication (DOC) released a draft policy on cyber security. The draft not only outlined the DOC’s intentions to enhance cyber security in all facets of the country, but also to increase collaboration with state-run security centers. To accomplish this, the DOC proposed the creation of a National Cyber Security Advisory Council. The major downfall of the draft is the lack of incentives to private sector companies to implement new cyber security regulations.[194]
In June 2011 South Africa agreed to work with China to combat crime. Most of the dialogue, however, focused on cyber crime. China and South Africa plan to share intelligence to expose criminal networks and activities. Through the agreement, they will share criminal intelligence, but it also inadvertently gives the Chinese access to Internet-based information gathering. This is likely the main reason Chinese intelligence officials are working with South Africa.[195]
Sweden participated in the May 2010 Baltic Cyber Shield international cyber defense exercise. The exercise was organized by NATO’s Cooperative Cyber Defense Center of Excellence based out of Estonia, as well as several Swedish governmental institutions, including the Swedish National Defense College.[196] Sweden has also been designated as a vital part of the US National Infrastructure Plan (NIP) because of the Swedish telecommunication firm Telia Sonera, which operates the most critical part of the European cyber infrastructure. Sweden’s critical role in the US NIP has earned it an inner-circle membership in the defense exercise Cyber Storm, which simulates attacks by terrorists and hostile states on the cyber infrastructure.[197]
The Taiwanese military began planning for a battalion-sized cyber warfare unit in 2000, according to Defense Minister Wu Shih-Wen. The unit would focus on building information warfare and electronic warfare capabilities, and it would receive funding in an amount equal to almost 25% of Taiwan’s defense budget.
Taiwan’s General Lin Chin-Ching has said that Taiwan has an advantage over the People’s Republic of China in information warfare:
Taiwan’s information warfare advantage, which cannot be matched by the mainland, is that all of our citizens have a very high level of universal education, with a solid communications infrastructure, and our related research on electronic anti-virus software and Internet defense products all being up to world-class level.[198]
In fact, Taiwan has a history of producing high-quality malware dating back to 1990, before the PRC had its own Revolution in Military Affairs (RMA).
Turkey conducted cyber terror drills in January 2011. The second attack drills involved 39 Turkish national and private institutions. The drill was primarily designed to coordinate cyber response among the diverse institutions.[199] In June 2011 Turkey announced the formation of Internet filter laws, which will require Internet users in Turkey to use government-provided Internet filters. The hacking group Anonymous attacked government websites in response to these new laws, and Turkish police arrested 32 suspected members of Anonymous.[200]
In March 2011 Turkey established the first of three core commands that will serve as Turkey’s Cyber Command in the office of the General Staff. The entire command, modeled largely after the United States’ Cyber Command, has experienced major delays due to organizational issues. The current established team has eight computer engineers with specialized cyber security training.[201]
The UK published a wider National Security Strategy in 2009 and along with that came a specific cyber security strategy.[202] This strategy was aimed at combating cyber attacks from countries—the Russian and Chinese governments were mentioned specifically. The strategy also appointed Lord West as the UK’s first cyber security minister. Lord West mentioned that the government had recruited a team of hackers for the new Cyber Security Operations Centre, located at the GCHQ in Cheltenham. He also commented that the UK will recruit former illegal hackers and “naughty boys,” as they often seem to enjoy stopping other illegal hackers. Offensive capabilities were also signified as priority as a result of state actor threats being the UK’s primary cyber concern.
In October 2010 the Strategic Defense and Security Review (SDSR) readdressed much of the cyber issues that the 2009 National Security Strategy highlighted. Much more funding was allocated to cyber security, and cyber threats were given priority access to the prime minister’s desk, alongside terrorism, natural disasters, and hostile military attacks.[203] In addition, several changes to the cyber security structure were implemented.
The UK Defense Cyber Operations Group (DCOG) was created and will work with the Ministry of Defense. UK intelligence agencies were instructed to share intelligence on cyber security. A cyber infrastructure team in the Department of Business, Innovation and Skills (BIS) was set up for coordinating security efforts with critical industries. An Infrastructure Security and Resilience Advisory Council was also set up to create a closer relationship between private sector infrastructure providers and the government.[204]
Recently, the SDSR planned for an increase in cyber warfare troops, which started to take shape in 2011. In May 2011 a Ministry of Defense (MoD) spokesman said there are plans to “significantly grow the number of dedicated cyber experts in the MoD, and the number will be in the hundreds but precise details are classified.”[205] The UK is expected to develop a first-strike capability in the Ministry of Defense’s cyber division. The cyber division doctrine will probably be covert in nature, similar to those of the Special Air Service forces, but will follow strict guidelines involving collateral damage.[206]
[109] Andrew Davies, “Intelligence, Information Technology and Cyber Programs,” Security Challenges 5, no. 2 (Winter 2009), accessed August 29, 2011, http://www.securitychallenges.org.au/ArticlePDFs/vol5no2Davies.pdf.
[110] Department of Defence, Defending Australia in the Asia-Pacific Century: Force 2030 (Canberra: Commonwealth of Australia, 2009), para. 9.87–88.
[111] Ibid.
[112] “Australia-United Kingdom Ministerial Consultations,” Joint Communiqué, Australian Minister of Foreign Affairs, January 18, 2011, accessed August 29, 2011, http://www.foreignminister.gov.au/releases/2011/kr_mr_110118a.html.
[113] Johanna Morden, “Australian Govt Reveals New Cyberspooks Unit,” FutureGov Asia Pacific, March 14, 2011, accessed August 29, 2011, http://www.futuregov.asia/articles/2011/mar/14/australia-reveals-new-cyberspooks-unit/.
[114] “The Brazilian Army and Panda Security join forces to combat cyber-warfare,” Panda Security Press Center, September 27, 2010, accessed August 29, 2011, http://press.pandasecurity.com/news/the-brazilian-army-and-panda-security-join-forces-to-combat-cyber-warfare/.
[115] Isabel Estrada, “Cyberspace Becomes Newest Battlefield for Brazil’s Armed Forces,” Diálogo, March 8, 2011, accessed August 29, 2011, http://www.dialogo-americas.com/en_GB/articles/rmisa/features/regional_news/2011/08/03/aa-brazil-cyber-warfare.
[116] “Canada’s Cyber Security Strategy,” Public Safety Canada, accessed August 29, 2011, http://www.publicsafety.gc.ca/prg/ns/cbr/ccss-scc-eng.aspx.
[117] Ibid.
[118] Chris Thatcher, “Cyber strategy: Defining roles in a federated model,” Vanguard, accessed August 29, 2011, http://www.vanguardcanada.com/CyberStrategyRobertDick.
[119] “Cyber Security Strategy of the Czech Republic for the 2011–2015 Period,” European Network and Information Security Agency, accessed August 30, 2011, http://www.enisa.europa.eu/media/news-items/CZ_Cyber_Security_Strategy_20112015.PDF.
[120] Kevin Coleman, “Is North Korea poised to revolutionize cyber warfare?”, Defense Systems, November 15, 2010, accessed August 31, 2011, http://defensesystems.com/Articles/2010/11/17/Digital-Conflict-North-Korean-cyberwarfare-capabilities.aspx?Page=1.
[121] “N.Korea Trains Up Hacker Squad,” The Chosunilbo, March 8, 2011, accessed August 31, 2011, http://english.chosun.com/site/data/html_dir/2011/03/08/2011030800611.html.
[122] Ibid.
[123] Jeremy Laurence, “North Korea hacker threat grows as cyber unit grows: defector,” Reuters, June 1, 2011, accessed August 31, 2011, http://www.reuters.com/article/2011/06/01/us-korea-north-hackers-idUSTRE7501U420110601.
[124] Mok Yong Jae, “North Korea’s Powerful Cyber Warfare Capabilities,” Daily NK, May 4, 2011, accessed August 31, 2011, http://www.dailynk.com/english/read.php?cataId=nk00400&num=7647.
[125] Ibid.
[126] “North Korea And The Cyber Bandits,” Strategy Page, March 25, 2011, accessed August 31, 2011, http://www.strategypage.com/htmw/htiw/20110325.aspx.
[127] Joseph L. Flatley, “North Korea’s Red Star OS takes the ‘open’ out of ‘open source’,” Engadget, March 4, 2010, accessed August 31, 2011, http://www.engadget.com/2010/03/04/north-koreas-red-star-os-takes-the-open-out-of-open-source/.
[128] “NATO launches cyber defence centre in Estonia,” Space War: Your World at War (May 2008), accessed August 30, 2011, http://www.spacewar.com/reports/NATO_launches_cyber_defence_centre_in_Estonia_999.html.
[129] “Foreign Minister Paet Invites Iceland to Participate in Cyber Defence Centre,” Estonian Embassy in Washington, accessed August 30, 2011, http://www.estemb.org/news/aid-1306.
[130] “Aaviksoo: Estonian cyberdefence is held in high regard in US,” Estonian Ministry of Defence, accessed August 30, 2011, http://www.mod.gov.ee/en/aaviksoo-estonian-cyberdefence-is-held-in-high-regard-in-us.
[131] Matt Liebowitz, “Estonia Forms Volunteer Cyber Army,” Security News Daily, January 6, 2011, accessed August 30, 2011, http://www.securitynewsdaily.com/estonia-forms-volunteer-cyber-army-0398/.
[132] “Digital Agenda: cyber-security experts test defences in first pan-European simulation,” Europa, accessed August 30, 2011, http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1459&format=HTML&aged=0&language=EN&guiLanguage=en.
[133] Tom Brewster, “European Parliament hit by cyber attack,” IT Pro, March 30, 2011, accessed August 30, 2011, http://www.itpro.co.uk/632359/european-parliament-hit-by-cyber-attack.
[134] “Cyber Defence & Network Security 2012,” Cyber Defence and Network Security, accessed August 30, 2011, http://www.cdans.org/Event.aspx?id=598092.
[135] Peter Sayer, “France creates new national IT security agency,” CIO, July 10, 2009, accessed August 30, 2011, http://www.cio.com.au/article/310622/france_creates_new_national_it_security_agency/#closeme.
[136] “Cyber attack on France targeted Paris G20 files,” BBC News, March 7, 2011, accessed August 30, 2011, http://www.bbc.co.uk/news/business-12662596.
[137] Pierre Tran, “France Sets Stage To Build Network Warfare Capabilities,” Defense News, August 15, 2011, accessed August 30, 2011, http://www.defensenews.com/story.php?i=7388378&c=FEA&s=SPE.
[138] Ibid.
[139] Jorge Benitez, “Germany establishes new Cyber Defense Center,” The Atlantic Council, June 16, 2011, accessed August 30, 2011, http://www.acus.org/natosource/germany-establishes-new-cyber-defense-center.
[140] Brian Donohue, “Hacking Crew Attacks German National Cyber Defense Center,” Threat Post, July 22, 2011, accessed August 30, 2011, http://threatpost.com/en_us/blogs/hacking-crew-attacks-german-national-cyber-defense-center-072211.
[141] Thomas K. Thomas, “India goes on the offensive in cyber warfare,” The Hindu Business Line, August 3, 2011, accessed August 30, 2011, http://www.thehindubusinessline.com/todays-paper/article1000443.ece?ref=archive.
[142] “India to increase its cyberwarfare capabilities,” The Cybernaut, September 5, 2010, accessed August 30, 2011, http://www.thecybernaut.org/2010/09/india-to-increase-its-cyberwarfare-capabilities/.
[143] Surinder Khanna, “The secret cyber war between India and China accelerates,” India Daily, October 10, 2010, accessed August 30, 2011, http://www.indiadaily.com/editorial/21800.asp.
[144] “Hacked by ‘Pakistan Cyber Army', CBI website still not restored,” NDTV, December 4, 2010, accessed August 30, 2011, http://www.ndtv.com/article/india/hacked-by-pakistan-cyber-army-cbi-website-still-not-restored-70568?cp.
[145] “India’s Only Dedicated Military Cyber Security Conference,” Cyber Security India, accessed August 30, 2011, http://www.iqpc.com/Event.aspx?id=548338.
[146] Siavash [pseud.], “Iranian Cyber Warfare Threat Assessment,” Siavash’s Blog, entry posted May 13, 2011 accessed August 30, 2011, http://www.cyberwarzone.com/content/iranian-cyber-warfare-threat-assessment.
[147] Ibid.
[148] Lisa Daftari, “Iran’s Citizen Cyber Warriors,” FrontPage Magazine, November 9, 2010 accessed August 30, 2011, http://frontpagemag.com/2010/11/09/iran%E2%80%99s-citizen-cyber-warriors/.
[149] “Iran capable of countering cyber attacks,” Press TV, July 8, 2011, accessed August 30, 2011, http://www.presstv.ir/detail/188146.html.
[150] Lee Ferran, “Iran to US, Israel: Bring On the Cyber War,” ABC News - The Blotter, August 8, 2011, accessed August 30, 2011, http://abcnews.go.com/Blotter/iran-us-israel-bring-cyber-war/story?id=14255216.
[151] Kevin Coleman, “Iran Talks Cyber Tough,” Defense Tech, August 12, 2011, accessed August 30, 2011, http://defensetech.org/2011/08/12/iran-talks-cyber-tough/.
[152] Arnon Ben-Dror, “Military Intelligence: Israel Defence Forces are prepared for Cyberwarfare,” Defence Professionals, accessed August 30, 2011, http://defpro.com/news/details/12967/.
[153] “Israeli Cyber Commandos,” Strategy Page, accessed August 30, 2011, http://www.strategypage.com/htmw/htsf/20100628.aspx.
[154] Dan Williams, “Israeli official sees cyber alternative to ‘ugly’ war,” Reuters, February 3, 2011, accessed August 30, 2011, http://af.reuters.com/article/worldNews/idAFTRE7125A420110203.
[155] Barak Ravid, “Israel planning strategy to defend computer networks from attack,” Haaretz, March 4, 2011, accessed August 30, 2011, http://www.haaretz.com/print-edition/news/israel-planning-strategy-to-defend-computer-networks-from-attack-1.353722.
[156] “Israel sets up cyber command,” Defence Web, accessed August 30, 2011, http://www.defenceweb.co.za/index.php?option=com_content&view=article&id=15471:israel-sets-up-cyber-command&catid=48:Information%20&%20Communication%20Technologies&Itemid=109.
[157] Ibid.
[158] Damien McElroy, “Israel’s unit 8200: cyber warfare,” The Telegraph, September 30, 2010, accessed August 30, 2011, http://www.telegraph.co.uk/news/worldnews/middleeast/israel/8034882/Israels-unit-8200-cyber-warfare.html.
[159] Tom Kington, “Italy Weighs Cyber-Defense Command,” Defense News, May 31, 2010, accessed August 30, 2011, http://www.defensenews.com/story.php?i=4649478&c=FEA&s=SPE.
[160] Ibid.
[161] Joseph Fitsanakis, “Computer hacking reveals Italian spying on Russia, India,” IntelNews.org, entry posted August 1, 2011, accessed August 30, 2011, http://intelligencenews.wordpress.com/2011/08/01/01-776/.
[162] Vincent Ngundi, “Cybercrime, Cybersecurity and Privacy,” East Africa Internet Governance Forum (EAIGF), July 29, 2010, accessed August 31, 2011, www.eaigf.or.ke/files/2010_KIGF_Cybercrime_Cybersecurity_and_Privacy.pdf.
[163] Lola Okulo, “Kenya: State Sets Up Cyber Crime Team,” allAfrica.com, July 26, 2011, accessed August 31, 2011, http://allafrica.com/stories/201107261874.html.
[164] Brian McCartan, “Myanmar on the cyber-offensive,” Asia Times, October 1, 2008 accessed August 31, 2011, http://www.atimes.com/atimes/Southeast_Asia/JJ01Ae01.html.
[165] Ibid.
[166] “Exile Website Hacked,” Radio Free Asia, March 14, 2011, accessed August 31, 2011, http://www.rfa.org/english/news/burma/hacked-03142011175904.html.
[167] Ibid.
[168] “Cyber war: Myanmar leader in attacks in 2011,” AsiaNews.it, July 28, 2011, accessed August 31, 2011, http://www.asianews.it/news-en/Cyber-war:-Myanmar-leader-in-attacks-in-2011-22224.html.
[169] Warwick Ashford, “NATO gears up for cyber warfare with latest exercise,” Computer Weekly, November 18, 2010, accessed August 31, 2011, http://www.computerweekly.com/Articles/2010/11/18/243979/NATO-gears-up-for-cyber-warfare-with-latest-exercise.htm.
[170] Ibid.
[171] “NATO adopts new Strategic Concept,” North Atlantic Treaty Organization (NATO), November 19, 2010, accessed August 31, 2011, http://www.nato.int/strategic-concept/index.html.
[172] Jason Healey, “NATO Cyber Defense: Moving Past the Summit,” The Atlantic Council, June 24, 2011, accessed August 31, 2011, http://www.acus.org/new_atlanticist/nato-cyber-defense-moving-past-summit.
[173] Jorge Benitez, “NATO and Strategic Cyber Capabilities,” The Atlantic Council, July 15, 2011, accessed August 31, 2011, http://www.acus.org/natosource/nato-and-strategic-cyber-capabilities.
[174] Don Eijndhoven, “Dutch National Cyber Security Strategy—Blessing or Curse?” Infosec Island, April 1, 2011, accessed August 31, 2011, https://www.infosecisland.com/blogview/12746-Dutch-National-Cyber-Security-Strategy-Blessing-or-Curse.html.
[175] Govcert home page, accessed August 31, 2011, http://www.govcert.nl/english/home.
[176] “Nigeria: Internet Usage and Telecommunications Reports,” Internet World Stats, accessed August 31, 2011, http://www.internetworldstats.com/af/ng.htm.
[177] Chijioke Ohuocha, “Internet access set to triple in Nigeria,” Reuters, June 15, 2011, accessed August 31, 2011, http://af.reuters.com/article/topNews/idAFJOE75E0H920110615.
[178] Chukwu David, “Nigeria: Representatives Reject Cyber Bill,” allAfrica.com, March 2, 2011, accessed August 31, 2011, http://allafrica.com/stories/201103020802.html.
[179] Farzana Shah, “Pakistan: Propaganda and warfare in Cyber World,” The Frontier Post, August 4, 2011, accessed August 31, 2011, http://www.thefrontierpost.com/?p=40162.
[180] Ibid.
[181] Deepak Sharma, “China’s Cyber Warfare Capability and India’s Concerns,” Journal of Defence Studies 5, no. 2 (April 2011), accessed August 29, 2011, http://www.idsa.in/system/files/jds_5_2_dsharma.pdf.
[182] Willy Lam, “Beijing Bones up its Cyber-Warfare Capacity,” The Jamestown Foundation: China Brief 10, no. 3 (February 2010), accessed August 30, 2011, http://www.jamestown.org/single/?no_cache=1&tx_ttnews[tt_news]=36007.
[183] Sean Noonan, “China and its Double-edged Cyber-sword,” Stratfor, December 9, 2010, accessed August 30, 2011, http://www.stratfor.com/weekly/20101208-china-and-its-double-edged-cyber-sword.
[184] Ella Chou, “US-China Cyber War Scenario in the Eyes of a Chinese Student,” The Atlantic, February 8, 2011, accessed August 30, 2011, http://www.theatlantic.com/technology/archive/2011/02/us-china-cyber-war-scenario-in-the-eyes-of-a-chinese-student/70855/.
[185] Leo Lewis, “China’s Blue Army of 30 computer experts could deploy cyber warfare on foreign powers,” The Australian, May 27, 2011, accessed August 30, 2011, http://www.theaustralian.com.au/australian-it/chinas-blue-army-could-conduct-cyber-warfare-on-foreign-powers/story-e6frgakx-1226064132826.
[186] Dancho Danchev, “People’s Information Warfare Concept,” Mind Streams of Information Security Knowledge, entry posted October 5, 2011, accessed August 30, 2011, http://ddanchev.blogspot.com/2007/10/peoples-information-warfare-concept.html.
[187] Tim Hudak, Zach Krajkowski, and Anthony Salerno, “Chinese Cyber Focus Likely On Enemy Military Networks; During Preconflict, China Likely To Use Cyber Attacks To Disrupt Enemy Infrastructure Using All Assets,” Wikispaces, accessed August 30, 2011, http://chinesehackingdisposition.wikispaces.com/.
[188] Bryan Krekel, “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation,” Northrup Grumman, accessed August 30, 2011, http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf.
[189] “Poland to support NATO multinational cyber defence initiative,” NATO C3 Agency, March 28, 2011, accessed August 31, 2011, http://www.nc3a.nato.int/news/Pages/20110325-POL-security-visit.aspx.
[190] KrCERT/CC home page, Korea Internet Security Center, accessed August 31, 2011, http://www.krcert.or.kr/english_www/.
[191] “South Korea opens cyber-war school,” The Times Live, June 29, 2011, accessed August 31, 2011, http://www.timeslive.co.za/scitech/2011/06/29/south-korea-opens-cyber-war-school.
[192] Rick Martin, “South Korean University Students Can Now Major in Cyber Warfare,” Penn Olson, The Asian Tech Catalog, July 1, 2011, accessed August 31, 2011, http://www.penn-olson.com/2011/07/01/south-korea-cyber-warfare-university/.
[193] Dawn Tay, “Govt sets up cyber-security agency,” AsiaOne News, October 1, 2009, accessed August 31, 2011, http://www.asiaone.com/News/AsiaOne+News/Singapore/Story/A1Story20091001-171044.html.
[194] “Draft cyber policy welcomed but criticised in South Africa,” Balancing Act Africa, February 26, 2010, accessed August 31, 2011, http://www.balancingact-africa.com/news/en/issue-no-493/internet/draft-cyber-policy-w/en.
[195] Jackie Cameron, “China, South Africa dodgy crime partnership,” MoneyWeb, China Perspectives, June 9, 2011, accessed August 31, 2011, http://www.moneyweb.co.za/mw/view/mw/en/page503823?oid=544874&sn=2009+Detail.
[196] “Baltic Cyber Shield to train technical skills for countering cyber attacks,” NATO Cooperative Cyber Defence Centre of Excellence, May 3, 2010, accessed August 31, 2011, http://www.ccdcoe.org/172.html.
[197] “Sweden has central role in cyber warfare,” Om Dagens Nyheter, January 2, 2011, accessed August 31, 2011, http://www.dn.se/nyheter/sverige/sweden-has-central-role-in-cyber-warfare.
[198] Emily O Goldman and Thomas G. Mahnken, The Information Revolution in Military Affairs in Asia (Palgrave Macmillan), p. 156.
[199] “Turkey conducts cyber terror drill,” Hurriyet Daily News, January 27, 2011, accessed August 31, 2011, http://www.hurriyetdailynews.com/n.php?n=turkey-conducts-cyber-terror-drill-2011-01-27.
[200] Giles Tremlett, “Turkish arrests intensify global war between hacker activists and police,” The Guardian, June 13, 2011, accessed August 31, 2011, http://www.guardian.co.uk/technology/2011/jun/13/turkish-arrests-global-war-hackers-police.
[201] Umit Enginsoy and Burak Ege Bekdil, “Turkey Raises Emphasis On Cyberspace Defense,” Defense News, August 15, 2011, accessed August 31, 2011, http://www.defensenews.com/story.php?i=7388376&c=FEA&s=SPE.
[202] Gordan Corera, “UK ‘has cyber attack capability’,” BBC News, June 25, 2009, http://news.bbc.co.uk/2/hi/uk_news/politics/8118729.stm.
[203] Derek Parkinson, “Funding the new Home Guard to protect against cyber attacks,” SC Magazine UK, January 3, 2011, http://www.scmagazineuk.com/funding-the-new-home-guard-to-protect-against-cyber-attacks/article/192648/.
[204] Ibid.
[205] “UK beefs up cyber warfare plans,” BBC News, May 31, 2011, http://www.bbc.co.uk/news/technology-13599916.
[206] Nick Hopkins, “UK developing cyber-weapons programme to counter cyber war threat,” The Guardian, May 30, 2011, http://www.guardian.co.uk/uk/2011/may/30/military-cyberwar-offensive.