Asia-Pacific Review
ISSN: 1343-9006 (Print) 1469-2937 (Online) Journal homepage: http://www.tandfonline.com/loi/capr20
The Escalation of State Sponsored Cyberattack and
National Cyber Security Affairs: Is Strategic Cyber
Deterrence the Key to Solving the Problem?
Jun Osawa
To cite this article: Jun Osawa (2017) The Escalation of State Sponsored Cyberattack and
National Cyber Security Affairs: Is Strategic Cyber Deterrence the Key to Solving the Problem?,
Asia-Pacific Review, 24:2, 113-131, DOI: 10.1080/13439006.2017.1406703
To link to this article: https://doi.org/10.1080/13439006.2017.1406703
Published online: 21 Dec 2017.
Submit your article to this journal
Article views: 20
View related articles
View Crossmark data
Full Terms & Conditions of access and use can be found at
http://www.tandfonline.com/action/journalInformation?journalCode=capr20
Download by: [Gothenburg University Library]
Date: 09 January 2018, At: 03:00
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Asia-Pacific Review, 2017
Vol. 24, No. 2, 113–131, https://doi.org/10.1080/13439006.2017.1406703
The Escalation of State
Sponsored Cyberattack
and National Cyber
Security Affairs: Is
Strategic Cyber
Deterrence the Key to
Solving the Problem?
JUN OSAWA
During the past decade, nation-states have started to utilize the cyber domain as
a means to serve their national interest. An overview of the trend of cyberattacks
in the last decade reveals that cyberattacks frequently follow incidents of
international discord or conflict. Some nation-states have engaged in a
cyberattack for the purpose of intervening in the domestic affairs of a nearby
country. Therefore, cyber security has become a top priority in national and
international security. In order to stop potential state adversaries conducting
cyberattacks against national interest, strong national security policy
measures, such as cyber deterrence, collective cyber security, and information
sharing, have to be taken to prevent calamities of severe cyberattack.
Introduction
nformation infrastructure, from satellites orbiting in space to undersea cables,
plays an increasingly indispensable role in both economic activities and
national security in the past quarter century. Our daily life is completely dependent
on information technology and the Internet of Things (IoT), from GPS guided
navigation systems to smartphones in our hands. We depend more and more on
I
# 2017 Institute for International Policy Studies
113
Jun Osawa
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
the cyber domain, and this dependency makes a country and society more vulnerable to cyberattack. Since business worldwide is developing through digital transformation, a global cyberattack could trigger a huge economic loss. The UK-based
reinsurance entity Lloyd’s estimates1 an extreme cyberattack could cost US$53.1
billion, as high as the cost of economic damage inflicted by Hurricane Sandy in
2012. A cyberattack could cost our society as much as a severe natural disaster.
On June 27, 2017 a large scale ransomware outbreak of “Petya/NotPetya,”
almost a global cyber pandemic, spread across the world from Ukraine, victimizing several ministries of the Ukrainian government, critical infrastructure operating companies in Ukraine, and multinational companies with a branch or
subsidiary company in Ukraine, such as American multinational food and beverage company Mondelez International, the largest container ship operator A.P.
Moller-Maersk of Denmark, American multinational pharmaceutical company
Merck, British multinational advertising company WPP, American courier delivery service company FedEx, and so on. This cyber pandemic had tremendous
negative impact on corporate profits of targeted companies.
Economic cost, however, is not the only fundamental issue. The real problem
lies in the fact that a nation-state has engaged in a cyberattack for the purpose of
intervening in the domestic affairs of a nearby country. The Security Service of
Ukraine accused the Russian Federation of involvement in the cyberattack for
the sake of “destroying important data and fomenting disorder in state and
private institutions in Ukraine to spread panic among the population.”2
During the past decade, not only Russia but also other countries have started
to utilize the cyber domain as a means to serve their national interest. The purpose
of this article is firstly to uncover new trends in the cyber domain, and, in particular what and how nation states utilize the cyber domain in peacetime to achieve
their national interests. Secondly, it looks at how nation states try to shape strategies and policies that are helpful in stopping or deterring malevolent behavior
of states in the cyber domain. As the number of state-sponsored cyberattack
grows, strong measures, rather than cyber security or passive cyber defense,
have to be taken to prevent calamities of severe cyberattack.
Threats of state-sponsored cyberattacks in the past
decade
Computer viruses, hacking, and malicious cyber activities have been nothing out
of the ordinary from the beginning of ARPANET in the 1970s, an ancestral
network before the INTERNET. A computer program named “Creeper” which
was originally written by Bob Thomas in 1971 was the first self-replicating computer worm in the computer network of ARPANET and is regarded as the first
114
A SIA -P ACIFIC R EVIEW
V
2017
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
computer virus.3 At that time the program was not a malicious program and displayed only a funny message on the screen, “I’m creeper. Catch me if you can!”
Those good old days are long gone. The more that the importance of the cyber
domain increases, the more serious and numerous threats to cyber security
become. An overview of the trend of cyber-attacks in the last decade reveals
that cyberattacks frequently follow incidents of international discord or conflict.
Risks of state-sponsored cyberattacks are becoming more serious with the intent
to steal classified information, disrupt critical infrastructure, obstruct military
systems, and shake the foundations of democracy of other countries with black
propaganda, or false information from the opposing side of a conflict. In addition
to targeted attacks with the objective of stealing classified information, signs of
attacks designed to paralyze the control systems of vital social infrastructure
have begun to appear in recent years. With the realization that successful
attacks on electrical grids, transportation facilities, industrial sites, or other
infrastructure would have an adverse impact on people’s actual daily lives,
detecting and preventing attacks on control systems has become the top cyber
defense priority.
Table 1 shows the trend of state-sponsored cyberattacks in the past decade.
The first known instance of a state-sponsored massive cyberattack occurred in
the context of an international dispute that emerged in Estonia, one of the three
Baltic countries, a decade ago.4 In the Estonian case, a nationalistic confrontation
between Russia and Estonia over the removal of a Bronze Soviet Red Army
Soldier symbolizing Soviet oppression triggered large scale distributed denialof-service (DDoS) cyberattacks targeting the country’s infrastructure, causing a
shutdown of the websites of government authorities, political parties, and institutions in the financial sector.5 At that time Estonia depended heavily on information technology and was one of the countries with the most advanced
information infrastructure in Europe, so that the attack was quite successful. In
the second wave of DDoS attacks on May 10, 2007, nearly one million computers
abroad requested Estonian servers to respond to external communications and
filled the network of Estonia with meaningless packets. As a result, online
banking services and ATMs of Estonia’s two big banks came to a standstill.
Estonian Prime Minister Andrus Ansip blamed Russia for being responsible
for the attack.6 Despite insufficient evidence of direct involvement of the
Russian authority, cyber security experts are almost positive that the attack was
a Russian information operation or that Russian authority let “Proxies”7 attack
Estonia.8
There were three other similar9 state-sponsored “cyber sabotage” attacks in
2008 –09, aiming to paralyze servers or network service temporarily with an overwhelming volume of data traffic by using the method of DDoS attacks. In June and
July 2008, Lithuania became a victim of a suspected Russian cyberattack. Soon
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
115
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
A SIA -P ACIFIC R EVIEW
V
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
.
.
.
.
.
.
.
Major State-sponsored Cyber Attacks (2007-2017)
(Year/Month)
2007.4 Estonia; cyber sabotage targeting government, media, financial sector.
2008.7 Lithuania; cyber sabotage targeting government, private sector.
2008 U.S. DoD; cyber intrusion and espionage.
2008.8 Georgia; cyber sabotage targeting government, media, financial sector.
2009.1 Kyrgyzstan; cyber sabotage targeting Internet Service Providers.
2009.7 ROK and U.S.; cyber sabotage targeting government.
2009.12 Google, cyber intrusion on its core system. Google retreated from business in China.
2010.8 Iran; Stuxnet, cyber subversion targeting Iranian uranium-enrichment plant.
2011.9 Japan; cyber espionage targeting defense industry, including MHI and IHI.
2011.10 Japan; cyber espionage targeting parliament member.
2011 – 12 U.S.; Iranian state-sponsored actor conducted cyber sabotage against financial sector.
2012.8 Saudi Arabia and Quarter; cyber subversion targeting energy industry, Saudi Aramco, RasGas.
2012.12 – 13.1 U.S.; cyber espionage targeting major newspapers and think tanks.
2013.3 ROK; cyber sabotage targeting media and financial sector.
2014.3 Ukraine; cyber sabotage targeting government and telecommunication company.
2014.5 Belgium; cyber espionage targeting Ministry of Foreign Affairs
cf. 2010- European countries; cyber espionage targeting government, int’l organization.
2014.8 U.S.; cyber intrusion and financial cyber crimes targeting JP Morgan, etc.
2014.10 U.S.; cyber intrusion and espionage targeting White House and State Department.
2014.11 U.S.; cyber subversion targeting Sony Pictures Entertainment. U.S. government identified the attacking group and sanctioned
North Korea (the first attributed state-sponsored attack).
2015.4 France; cyber subversion targeting TV5.
2015.4 U.S.; cyber intrusion and espionage targeting U.S. Office of Personnel Management, resulted in the theft of sensitive information of
21.5 million individuals.
2015 Germany; cyber espionage targeting Germany. Germany BND accused Russia.
Jun Osawa
116
Table 1.
2017
.
.
.
V
.
V OLUME 24, N UMBER 2
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
.
.
.
.
.
.
.
2015.5 Japan; cyber espionage targeting Pension Service, 1.25 million records breached.
2015.12 Ukraine; cyber subversion targeting power grid company. (the first officially attributed state-sponsored attack on Critical
Infrastructure)
2016.2 Bangladesh; cyber theft targeting the central bank, $81 million stolen.
2016.3 Sweden; cyber sabotage targeting media sector.
2016.4 Lithuania; cyber sabotage targeting its parliament.
2016.8 Viet Nam; cyber sabotage targeting international airports.
2016.11 Saudi Arabia; cyber subversion targeting government and private sector.
2016.11 U.S.; Russian cyber intrusion and espionage targeting Democratic National Committee.
2016.12 Ukraine; cyber subversion targeting power grid company in Kiev.
2017.4 Japan; new style cyber espionage operation named “Cloud Hopper” by APT10.
2017.5 World-wide; cyber subversion by the Wannacry ransomware cyber pandemic.
2017.6 World-wide; cyber subversion by the Petya/Not-Petya ransomeware cyber pandemic.
Source: Author, using open source materials.
117
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
A SIA -P ACIFIC R EVIEW
.
Jun Osawa
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
after the enactment of the law banning the use of Soviet Symbol, a huge number of
websites in the country suffered aggression; as a consequence, more than 300 websites were compromised and defaced with the Soviet flag and anti-Lithuanian
messages.10
Georgia was a constituent country of the Soviet Union and regained independence in 1991. After independence, Georgia has become embroiled in two ethnic
conflicts in South Ossetia and Abkhazia, where the ethnic minority supported by
Russia agitated for independence from the Georgian majority, resulting in an eruption of ethnic violence and conflict. On July 20 and August 8, 2008, large-scale
DDoS attacks occurred in Georgia.11 The attack on July 20 targeted news and government websites, and the latter attack, which was launched to coincide with the
invasion of Russian troops, extensively locked on the financial industry, business
in Georgia, and the website of the Georgian president and parliament.
In Kyrgyzstan, two major Internet Service Providers fell victim to a DDoS
cyberattack and were forced to shut down more than 80% of the country’s Internet
access. The background of the attack is believed to be due primarily to the
Moscow’s dissatisfaction with Kyrgyzstan allowing the U.S. Air Force to use
Manas Airport near Bishkek.
Estonia, Lithuania, Georgia, and Kyrgyzstan gained formal independence
from Russia, caused by the dissolution of the Soviet Union in 1991. All of
these four countries had diplomatic confrontations with Russia at that time.
Cyber security analysts consider the series of DDoS cyberattacks against the
four countries to have been covert information warfare or so-called “hybridwarfare”12 conducted by Russian Federation.
The U.S. Department of Defense created a Cyber Command in June 2009,
soon after the series of Russian hybrid-warfare campaigns. Then-Deputy Secretary
of Defense William Lynn said, "One of the reasons we’re looking at a Cyber
Command is to unify all aspects of cyber defense, so that you don’t separate
out offense, defense, intelligence, so that all of the various aspects work together,"
while emphasizing that more than 100 countries have the ability to conduct cyberattack and that the cyberattacks in Estonia and Georgia were quite successful.13
In addition to cyber sabotage attacks in these four countries with the objective
of jeopardizing political and economic stability in targeted countries, signs of
attacks designed to paralyze the control systems of vital social infrastructure
have begun to appear in recent years.
South Korea faced cyberattacks more severe and sophisticated than DDoS in
2013. On the afternoon of March 20, internal computer networks of television
broadcasters and three major banks were forced to shut down, caused by a premeditated malware assault on servers and tens of thousands of computers in the networks. The banks’ ATMs and the broadcasters’ news distribution systems were
118
A SIA -P ACIFIC R EVIEW
V
2017
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
paralyzed for several hours. South Korea’s official investigation team blamed14
North Korea for masterminding the cyberattacks and the government estimated
the damage to South Korea of the March attack and a subsequent June attack to
be at least USD800 million, according to a ruling party legislator.15 After eight
months of careful preparation, Pyongyang apparently put a mass cyberattack
plan into action, coinciding with increasing military tension on the Korean Peninsula after Democratic People’s Republic of Korea’s (DPRK, North Korea) third
nuclear test on February 12, 2013.
One year later, in November 2014, Sony Pictures Entertainment was attacked
by a hacking group self-proclaimed “Guardian of Peace,” but afterwards it transpired that the group was actually North Korea itself. The outcome of the attack
was awful, almost half of company’s PCs (3262/6797) and servers (837/1555)
were wiped-off, and all the confidential material of the company, from unscreened
movie scripts to salary lists with 47,000 social security numbers, was dumped into
the public domain.16
Soon after the attack, the FBI started an investigation and confirmed one
month later, on December 19, that North Korea was behind the Sony attack.17
The Obama administration blamed North Korea; then-Secretary of Homeland
Security Jeh Johnson charged18 that the attack was not just an attack against a
company and employees, but also an attack on US freedom of speech and way
of life, and tightened sanctions on North Korea. The US Obama administration
regarded the cyberattack from North Korea as not just a usual cyberattack on a
private company but an unusual attack that breached a core value of freedom of
speech and violated US sovereignty. The administration announced19 new financial sanctions against North Korea on January 2, 2015.
On December 23, 2015, at the last minute before Christmas Day, more than
two hundred thousand people were deprived of light. A power grid company in
western Ukraine, Prykarpattyaoblenergo and two other companies were targeted
in a cyberattack, and the result was that several electric power substations were
forced off. The Ukrainian state security service SBU denounced that Russian
security services were responsible for the attack.20 It is the first cyber subversion
attack targeting power grid critical infrastructure and sent shockwaves through the
cyber security community. Three months later, the Ukraine-US joint investigation
team detected solid evidence of the malware that caused the blackout by wrecking
computers and wiping out sensitive control systems of the Ukrainian power grid
company. 21 According to the E-ISAC technical report on the attack, the attackers
used spear phishing e-mails to drop Black Energy variant malware and succeeded
in delivering remote access tools (RATs) that enable the attacker to access the
power-grid Supervisory Control And Data Acquisition (SCADA) system.22
Almost one year later, in an exactly similar way, a power grid in the Ukrainian
capital Kiev faced an outage of one-fifth of its energy consumption of the capital,
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
119
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Jun Osawa
caused by a cyberattack.23 Ukrainian President Petro Poroshenko condemned Russia
as “the investigation of a number of incidents indicated the complicity directly or
indirectly of Russian security services waging a cyberwar against our country.”24
And six months after the blackout in Kiev, a ransomware outbreak of a
“Petya” variant hit Kiev again. A wide range of governmental and private entities
in Ukraine, including governmental ministries and agencies, central bank and
private banks, national power grid company, and the national railway and
subway system in Kiev, were affected significantly by the outbreak.25 This
series of cyberattack campaigns against Ukraine coincided with the Russo-Ukrainian conflict since 2014. The cyberattack is now regarded as “hybrid warfare” and
causes serious concern among US cyber experts.
In a U.S. Senate Select Committee on Intelligence hearing, James R. Clapper,
the Director of National Intelligence, named26 the four most cyber-capable adversary states: China, Russia, Iran, and North Korea. As Clapper noted, these four
countries are very active in many aspects in the cyber arena.
Type of state-sponsored cyberattacks and changes
in the pattern
As shown in Table 2, state-sponsored cyberattacks are can be defined in five types
as follows: 1) Cyber Espionage, 2) Cyber Sabotage, 3) Cyber Subversion, 4)
Cyber Propaganda / Manipulation, and 5) Military Cyber Attack (Hybrid Cyber
Warfare).
Table 2.
Types of State-sponsored Cyberattack
† Cyber Espionage: steal confidential information, secrets or intellectual property, by
using methods of advanced persistent threat (spear phishing, watering hole attack,
etc.) or indiscriminate attacks.
† Cyber Sabotage: paralyze servers or network service temporarily with overwhelming
volume of data traffic, by using the method of distributed denial of service attacks.
† Cyber Subversion: disrupt or destroy function of computer network, including critical
infrastructure, by means of deleting or manipulating digital data after intrusion of
network by using methods of APT, indiscriminate attacks or Zero-Day
vulnerabilities.
† Cyber Propaganda/Manipulation: undermine or manipulate public opinion in western
allies by means of propaganda in cyber media or fake news spread by proxy actor to
cover or hide real purpose.
† Military Cyber Attack (Hybrid Cyber Warfare): disrupt or destroy adversary’s military
cyber-based C4ISR assets or critical infrastructure along with military operation.
Source: Author, using open source materials.
120
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
It is apparent that there have recently been three changes in the nature of
cyberattacks: a transition from non-targeted to targeted attacks designed to steal
classified information; the commencement of concerted cyberattacks targeting
control systems of infrastructure providers; and a new phenomenon of undermining or manipulating public opinion in democratic countries by means of propaganda in cyber media, fake news in social network services, or betraying
secrets on the Web.
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Cyber Espionage/Spying
Since around 2006, cyberattacks have switched from prank attacks aimed at
infecting an unspecified, large number of hosts to targeted attacks with the objective of stealing top-secret information from specific organizations and individuals.
Ministries and agencies, governmental organizations, think tanks, and scholars
have faced sophisticated cyberattacks, so-called “Advanced Persistent Threat”
(APT), aimed at stealing top-secret information from specific organization and
individuals. State-sponsored cyberattacks have become not only a real threat to
national security but also a threat to economic activities of the private sector of
our countries. Risks of state-sponsored cyberattacks with the intent to steal classified information, disrupt critical infrastructure and obstruct military systems, are
becoming more serious.27 State-sponsored APT groups intend to make cyber
espionage of stealing secret information or theft of intellectual properties a
serious threat to national security.
Cyberattacks designed to paralyze control systems
In addition to targeted attacks, the telltale signs of attacks designed to paralyze the
control systems of vital social infrastructure have begun to appear in recent years,
such as the cyberattacks in Ukraine. Since attacks on control systems would have
an adverse impact on people’s actual lives, this has become the top-priority cyberspace defense issue in the US and other countries.
In this regard, the attention of information security experts was drawn in particular in 2010 to the Stuxnet worm, which targeted control machinery in Iranian
nuclear facilities.28 Officials at the major security company Symantec, which conducted detailed analysis of Stuxnet, characterized Stuxnet as the most significant
phenomenon in computer security of the past 20 years and as the first instance of
malware that actually attacks physical facilities. Analysis revealed that, in operation, Stuxnet consists of 15 different modules and that it must have taken not a
few engineers a period of time ranging from a few months to a few years to
develop. That it was sophisticated enough to hijack control of high-frequency converters which regulate centrifugal separators used for uranium enrichment over a
period of at least two years indicates that these cyberattack modules must have
been developed with nation-state support.
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
121
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Jun Osawa
Since the year 2000, the telltale signs of attacks designed to paralyze control
of vital social infrastructure such as electric power, gas, and water supplies have
been evident in the US and other countries. The industrial control systems for vital
infrastructure providers consist of field control equipment, such as PLCs (programmable logic controllers), actuators, and valve control devices, and a whole
plethora of information technology devices, such as server and client PCs,
which are used in the observation and measurement of conditions. It is claimed
that, normally, control systems are not too susceptible to cyberattack, since as a
security measure they are either not ordinarily connected to networks or are connected to them through a firewall. It has also been thought that since each system is
customized for the particular enterprise using it and is thus unique to that enterprise, it would be difficult to attack without thorough knowledge of the inner
workings of the system, and that such systems are also immune to ordinary computer viruses. In fact, however, it has recently become clear that these control
systems are highly susceptible to cyberattack since, in most cases, they are
running the same operating system as a PC and are periodically receiving data
input or update modules. Actually, there is a high incidence of country-level
cyberattacks aimed at critical infrastructure in the last decade.
Cyber Propaganda/Manipulation
During the US presidential campaign in 2016, we saw a quite new type of cyberattack against the Democratic National Committee (DNC). It is a new phenomenon of manipulating US public opinion by using propaganda media and fake
news in social network services written by “troll troops” and leaking inside information of the DNC on the Web. According to the intelligence report29 and the
joint analysis report30 on Russian hacking, two separate Russian espionage
groups, APT28/Fancy Bear and APT29/Cozy Bear, intruded into the information
system of the DNC in 2015 and April 2016.
State-sponsored actors undermine or manipulate public opinion in western
allies by means of propaganda in cyber media or fake news spread by proxy
actor to cover or hide the real purpose. This kind of cyberattack has now
become a grave challenge to the democracy of Western countries.
Cyber: 5th domain for warfare or essential platform
for all?
Cyber security has been one of the top priorities of national and international
security, even if some experts send a skeptical look at the real possibility of
cyber war. Former Secretary of Defense, Leon E. Panetta, delivered a speech
on cyber security to Business Executives in New York City, stating that “A cyberattack perpetrated by nation states and violent extremist groups could be as
122
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
destructive as the terrorist attack on 9/11.” Then he sent an alert to the audience of
business executives that “the collective result of these kinds of attacks could be a
cyber Pearl Harbor; an attack that would cause physical destruction and the loss of
life.”31
During the presidential election campaign, Mr. Trump also emphasized the
importance of the cyber domain and the enhancement of US offensive capabilities.
On October 3, 2016, Mr. Trump told military veterans, “as a deterrent against
attacks on our critical resources, the United States must possess the unquestioned
capacity to launch crippling cyber counter-attacks.”32 After the presidential election, President Trump released an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” on May 11, 2017.33 In
the EO, President Trump ordered strengthening of cyber security of the federal
government and US critical infrastructure. Three months later, President Trump
elevated the Cyber Command to the status of a Unified Combatant Command
focused on cyber space operations.34
On September 30, 2017, The Washington Post revealed that the President
Trump signed a directive to bring greater pressure on North Korea and lead to
the use of military cyber capability.35
Is a cyber war really around the corner? Many cyber experts have been debating the possibility of a war in the cyber arena for more than a decade.36 The question has yet to be answered. It is true that countries face cyber espionage, cyber
sabotage, and subversive activity, varying from cyber espionage aimed at news
media and think tanks by China37 to the cyber sabotage aimed at the production
facilities of Saudi Aramco by Iran.38 We have, however, not seen any cyber
warfare “hurting, injuring, and killing human beings, even a single one,” as
Thomas Rid argued in a panel discussion at The Brookings Institution. 39
“Cyber war” in the future might be far from the kind of war that we imagine.
It is sure that cyber war will not be in the category of war, when applying the
rigid social scientific definition of war to cyber warfare, as those defined by the
long-standing notable “Correlates of War Project (COW)”40 which was
established by David Singer and Melvin Small: defined as “sustained combat,
involving organized armed forces, resulting in a minimum of 1,000 battlerelated fatalities.”41
Although fatalities are not expected in a future cyber war, experts have
seriously concern about possible catastrophic results of a cyberattack on our
social infrastructure, as argued by Secretary Panetta: “the most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at
one time, in combination with a physical attack on our country.”42
Even if cyber war is not just around the corner, many national security experts
view the cyber domain as the fifth domain of warfare, after land, air, sea and
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
123
Jun Osawa
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
space.43 In reality, however, any operations in these four domains rely entirely
upon cyber space, as shown in Figure 1. Thus, the cyber domain has become
necessary for national security, and cyber security has become a top priority in
national and international security.
As early as 1999, China advanced the doctrine of “unrestricted warfare” in
reference to cyber war, and, since around 2002, it has been establishing an information-war militia and forming combined teams comprised of private-sector IT
companies, universities, and People’s Liberation Army computer network task
forces within the military forces under the control of each military district.
Even North Korea is believed to have several-thousand-strong cyber units consisting of cyber combat personnel who have been selected as early as elementary
school and trained from then onwards. In the USA, an increasing sense of the
danger of cyber war has seen the establishment of the United States Cyber
Command and the formation within the four armed-services branches (the US
Army, Navy, Air Force, and Marine Corps) of the Army Cyber Command, the
Twenty-Fourth Air Force, the Tenth Fleet, and the Marine Corps Forces Cyberspace Command.
The National Security Strategy of the Government of Japan also describes “in
recent years, risks that can impede the utilization of and free access to global
domains, such as the sea, outer space, and cyberspace, have been spreading and
become more serious.” Further, “Risks of cyber-attacks with the intent to steal
classified information, disrupt critical infrastructure and obstruct military
systems, are becoming more serious.”
Richard Clarke, the former US Special Advisor to the US President on Cyber
Security and Cyber Terrorism, has written, “cyber war is real” and that “cyber war
Figure 1. The cyber domain has become a platform for military operations
124
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
has begun,” stating that there is “the potential to change the world military balance
and thereby fundamentally alter political and economic relations.”44 In fact, preparations for cyberwar are already underway in several countries.
Conclusion and policy recommendation: Cyber
deterrence and collective cyber security or alliance
for future cyber deterrence
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Cyber deterrence
In order to stop potential state adversaries conducting cyberattacks against national
interest, the United States has employed a new strategy of “cyber deterrence” in
which the US applies deterrence theory to the cyber domain. The U.S. DoD
2015 Cyber Strategy calls for “deterrence in the Future Security Environment,”
saying the “Department of Defense must contribute to the development and
implementation of a comprehensive cyber deterrence strategy to deter key state
and non-state cyber actors from conducting cyberattacks against U.S. interests.”45
The U.S. Government seeks to establish a cyber deterrence strategy46 through
a trial and error process in recent years. President Obama gave a warning of the
growing threat in the cyber domain in his State of the Union Address on February
12, 2013.47 He pointed out that “America must also face the rapidly growing threat
from cyberattacks” and “Now our enemies are also seeking the ability to sabotage
our power grid, our financial institutions, and our air traffic control systems.” He
then revealed that he signed a new Executive Order “that will strengthen our cyber
defenses by increasing information sharing, and developing standards to protect
our national security, our jobs, and our privacy.”
Since then, the Obama administration adopted all policy tools that could deter
state-sponsored-cyberattacks.
Regarding the cyber espionage operations from China, the U.S. Department
of Justice prosecuted five Chinese military officers in 2014.48 In another case of
prosecution, a Chinese businessman was arrested in Canada and charged with
criminal conspiracy to steal military technical data, including Boeing C-17 strategic transport aircraft, by means of cyber espionage. And finally, Obama’s diplomatic pressure on Chinese president Xi in September 2015 to not engage in
economic cyber espionage evolved into a joint agreement in which neither the
US nor the Chinese Government will conduct or knowingly support cyberenabled theft of intellectual property, including trade secrets or other confidential
business information for commercial advantage.49
After the cyberattack against Sony Pictures Entertainment, the Obama administration imposed additional sanctions with respect to North Korea. The sanction is
the first case of the US introducing retaliatory financial sanctions against a stateA SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
125
Jun Osawa
sponsored cyberattack. The Executive Order on January 2, 2015 says that for the
reason of the provocative, destabilizing, and repressive action and policies of the
government of North Korea, the US president orders sanctions on three North
Korean organizations and ten individuals.50
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
Collective cyber defense
To make good use of diplomatic pressure, like-minded countries have to promote
norms of state behavior in cyberspace, such as to refrain from cyber-enabled theft
of intellectual property for commercial gain, not to attack critical infrastructure
and not to interfere in internal affairs by means of cyber manipulation. In
Europe, NATO extends Article 5, the principle of collective defense, to cyber
domain. At the press conference on June 14, 2016, NATO Secretary General
Jens Stoltenberg said, “Cyber defense is part of collective defense. [. . .] We
have decided that a cyberattack can trigger Article 5, meaning that a cyberattack
can trigger collective defense, because we regard cyberattacks as something that
can cause a lot of damage and can be very dangerous.”51
In this context of collective cyber security, Japan and the US are working
closely to enhance cooperation between the two in the cyber domain. On
October 3, 2013, U.S. State Secretary Kerry and Defense Secretary Hagel and
their Japanese counterparts, Foreign Minister Kishida and Defense Minister
Onodera, gathered for a meeting of the U.S.-Japan Security Consultative Committee (SCC) in Tokyo. The SCC meetings, so-called “2+2”, are convened on an irregular basis usually in DC and rarely with 2 Ministers + 2 Secretaries, rather with
2+ State Secretary or +Defense Secretary in the usual case. After the 2+2
meeting in Tokyo, Secretaries and Ministers released the joint statement52 to
which they agreed in Tokyo covers a wide range of alliance-related concerns
but focuses especially on the cyber domain as one of five topics: revising the
U.S.-Japan 1997 Defense Guidelines by the end of 2014 in a way that reflects
new challenges, such as in the space and cyber domains, and enhancing the alliance for covering a more active international role. Following the commitment
of the defense ministers of Japan and the United States, both governments have
promoted cyber cooperation between the MoD and DoD, and the established of
the U.S.-Japan Cyber Defense Policy Working Group (CDPWG) in October 2013.
The U.S.-Japan Cyber Defense Policy Working Group published a joint statement53 pledging deep cooperation in the cyber domain, such as “if such a cyber
incident occurs as a part of an armed attack against Japan, the MOD and DOD
will consult closely and take appropriate cooperative actions.”
Adding to the cooperation between the ministries and agencies, it is desirable
for the U.S. and Japan to officially declare extension of Article 5 of the U.S.-Japan
Security Treaty covering the cyber domain and establish “collective cyber
defense,” as such as NATO’s declaration of cyber collective defense in 2014.
126
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
Information sharing
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
In order to protect cyberspace, early detection of cyberattacks is essential and
warnings must be shared without delay among like-minded countries. These partners should make effective use of classified meetings for an exchange of views on
cyber threat situation awareness and potential cyber adversaries. As any digital
signal, whether good or bad such as malware, can circle the world in a flash in
the cyber domain, it is indispensable for like-minded countries to introduce a
real-time or near real-time automated cyber threat information sharing system
that contains a joint database of cyber-attack threat information and cyberattack
indicators.
To protect cyberspace, it is essential that it first detect signs of cyberattacks
without delay and widely share early warnings among like-minded countries. At
the same time, we realize that it is difficult to defend against cyberattack and cyber
espionage through defensive measures alone. It will also be necessary to invade
attackers’ networks in return as measures of “cyber-counterattacks in self-defense”
for the purpose of identifying enemies’ activities and striking back at them.
In the context of collective cyber security, like-minded countries have to
enhance the foundation to all of this information security and information protection more broadly. So that’s also an important line of effort for Western allies,
ensuring that our practices, our standards, and our procedures are as strong and
robust as they can be, because that’s the thing—that’s the foundation for everything else that we do together.
Notes
1
2
3
4
5
Lloyd’s and CYENCE, “Counting the Cost: Cyber Exposure Decoded,”
Emerging Risks Report 2017. September 15, 2017, https://www.lloyds.
com/~/media/files/news-and-insight/risk-insight/2017/cyence/emergingrisk-report-2017—counting-the-cost.pdf
News release of Security Service of Ukraine, “SBU establishes involvement
of RF special service into Petya.A virus-extorter attack,” July 1, 2017.
Thomas M. Chen and Jean-Marc Robert “The Evolution of Viruses and
Worms,” In: William W.S. Chen (ed.) Statistical Methods in Computer
Security (CRC Press, 2004), 265 –285.
Adam Segal defines the Estonian case as the first “cyber conflict.” See
Adam Segal, The Hacked World Order: How Nations Fight, Trade,
Maneuver, and Manipulate in the Digital Age (New York: Public Affairs,
2016), 60.
Richard A. Clarke and Robert K. Knake, Cyber War: The Next Threat to
National Security and What to Do About It (New York; Harper Collins
Publishers, 2010), 13 – 16.
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
127
Jun Osawa
6
7
8
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
9
10
11
12
13
14
15
16
17
18
19
128
BBC News, “Estonia Hit by ‘Moscow Cyber War’,” May 17, 2007.
September 23, 2017, http://news.bbc.co.uk/2/hi/europe/6665145.stm
“Proxy” is a new technical term in cyber security. To hide its true
perpetrator, state, especially Russia, recently tend to hire “Proxies”;
patriotic hackers, hacktivist and cyber criminals.
Rain Ottis, “Analysis of the 2007 Cyber Attacks Against Estonia from the
Information Warfare Perspective,” In: Proceedings of the 7th European
Conference on Information Warfare and Security (Plymouth. Reading:
Academic Publishing Limited), 163 – 168.
Andrzei Kozlowski, “Comparative Analysis of Cyberattacks on Estonia,
Georgia and Kirgizstan,” Europoean Scientific Journal, February 2014,
237 – 245.
Reuters, “Lithuanian Tax Office Website Hit by Cyber Attack,” July 21,
2008. September 24, 2017, http://www.reuters.com/article/lithuaniaweb-attacks/lithuanian-tax-office-website-hit-by-cyber-attackidUSMAR14153920080721
New York Times, “Before the Gunfire, Cyberattacks,” August 12, 2008.
September 23, 2017, http://www.nytimes.com/2008/08/13/technology/
13cyber.html
Andre Radin, Hybrid Warfare in the Baltics (Rand Corporation, 2017). See,
pp.5 – 12.
Voice of America, “US Creates Military Cyber Command to Defend
Computer Networks,” November 02, 2009. September 23, 2017, https://
www.voanews.com/a/a-13-2009-06-15-voa64-68693937/409147.html
Yonhap News, “Gov’t confirms Pyongyang link in March cyber attacks,”
April 10, 2013. Retrieved September 24, 2017, from http://english.
yonhapnews.co.kr/northkorea/2013/04/10/49/
0401000000AEN20130410007352320F.HTML
Yonhap News, “Damage from N.K. Cyber Attacks Estimated at 860 bln
Won: Lawmaker,” October 15, 2013. September 24, 2017, http://english.
yonhapnews.co.kr/northkorea/2013/10/15/16/
0401000000AEN20131015003200315F.html
Peter Elkind, “Sony Pictures: Inside the Hack of the Century,” Fortune, July
1, 2015. September 25, 2017, http://fortune.com/sony-hack-part-1/,
http://fortune.com/sony-hack-part-two/ and http://fortune.com/sonyhack-final-part/
FBI Press Release, “Update on Sony Investigation,” December 19, 2014.
September 25, 2017, https://www.fbi.gov/news/pressrel/press-releases/
update-on-sony-investigation
New York Times, “Obama Vows a Response to Cyber Attack on Sony,”
December 19, 2014. September 25, 2017, https://www.nytimes.com/
2014/12/20/world/fbi-accuses-north-korean-government-in-cyberattackon-sony-pictures.html
U.S. Department of the Treasury Press Release, “Treasury Imposes
Sanctions Against the Government of the Democratic People’s Republic
of Korea”, January 2, 2015. September 25, 2017, https://www.treasury.
gov/press-center/press-releases/Pages/jl9733.aspx
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
20
21
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
22
23
24
25
26
27
28
29
30
31
32
33
Reuters, “Ukraine to Probe Suspected Russian Cyber Attack on Grid,”
December 31, 2015. September 27, https://www.reuters.com/article/usukraine-crisis-malware/ukraine-to-probe-suspected-russian-cyber-attackon-grid-idUSKBN0UE0ZZ20151231
CNN, “U.S. Investigators Find Proof of Cyberattack on Ukraine Power
Grid,” February 4, 2016. September 27, 2017, http://edition.cnn.com/
2016/02/03/politics/cyberattack-ukraine-power-grid/index.html And also
see, US-CERT ALERT (IR-ALERT-H-16-065-01), “Cyber-Attack Against
Ukrainian Critical Infrastructure” February 25, 2016. https://ics-cert.uscert.gov/alerts/IR-ALERT-H-16-056-01
SANS-ICS and E-ISAC, “Analysis of the Cyber Attack on the Ukrainian
Power Grid,” March 18, 2016. https://ics.sans.org/media/E-ISAC_SANS_
Ukraine_DUC_5.pdf
Reuters, “Ukraine Investigates Suspected Cyber Attack on Kiev Power
Grid,” December 21, 2016. September 27, 2017, https://www.reuters.
com/article/us-ukraine-crisis-cyber-attacks/ukraine-investigatessuspected-cyber-attack-on-kiev-power-grid-idUSKBN1491ZF
Reuters, “Ukraine Hit by 6,500 Hack Attack, sees Russian ‘Cyberwar,’”
December 30, 2016. September 27, 2017, http://www.reuters.com/
article/us-ukraine-crisis-cyber/ukraine-hit-by-6500-hack-attacks-seesrussian-cyberwar-idUSKBN14I1QC
Reuters, “Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack,”
June 27, 2017. September 28, 2017, https://www.reuters.com/article/usukraine-cyber-attacks/ukrainian-banks-electricity-firm-hit-by-fresh-cyberattack-idUSKBN19I1IJ
Office of DNI, “Remarks as Delivered by The Honorable James R. Clapper
Director of National Intelligence, Senate Armed Services Committee
Hearing – IC’s Worldwide Threat Assessment Opening Statement,”
February 9, 2016. September 9, 2017, https://www.dni.gov/files/
documents/2016-02-09SASC_open_threat_hearing_transcript.pdf
Gordon Corera, Cyber Spies: The Secret history of Surveillance, Hacking,
and Digital Espionage (New York: Pegasus Nooks, 2016).
Kim Zetter, Countdown to ZeroDay: Stuxnet and the Launch of the
World’s First Digital Weapon (New York: Crown Publishers, 2014).
Office of the Director of National Intelligence, “Assessing Russian
Activities and Intentions in Recent US Elections,” January 6, 2017. https://
www.dni.gov/files/documents/ICA_2017_01.pdf
DHS and FBI, “Grizzly Steppe – Russian Malicious Cyber Activity,”
December 29, 2016. https://www.us-cert.gov/sites/default/files/
publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf
Remarks by Secretary Panetta on Cybersecurity to the Business Executives
for National Security, New York City, October 11, 2012.http://archive.
defense.gov/transcripts/transcript.aspx?transcriptid=5136
Franz-Stefan Gady, “Trump and Offensive Cyber Warfare,” The Diplomat,
January 16, 2017.
The White House, “Presidential Executive Order on Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure,” May 11,
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
129
Jun Osawa
34
35
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
36
37
38
39
40
41
42
43
44
45
46
47
48
49
130
2017. https://www.whitehouse.gov/the-press-office/2017/05/11/
presidential-executive-order-strengthening-cybersecurity-federal
The White House, “Statement by President Donald J. Trump on the
Elevation of Cyber Command,” August 18, 2017. https://www.
whitehouse.gov/the-press-office/2017/08/18/statement-donald-j-trumpelevation-cyber-command
The Washington Post, “Trump Signed Presidential Directive Ordering
Actions to Pressure North Korea,” September 30, 2017. October 1, 2017,
https://www.washingtonpost.com/world/national-security/trumpsigned-presidential-directive-ordering-actions-to-pressure-north-korea/
2017/09/30/97c6722a-a620-11e7-b14f-f41773cd5a14_story.html
See. Richard A. Clarke, Cyber War: The Next Threat to National Security
and What to Do About It (New York: Harper Collins Publishers, 2010).
Thomas Rid, Cyber War Will Not Take Place, London; C. Hurst & Co., 2013.
See Mandiant, “APT1: Exposing One of China’s Cyber Espionage Units,”
February, 2013. http://intelreport.mandiant.com/Mandiant_APT1_
Report.pdf
See. Christopher Bronk, Enekenand, Tikk-Ringas, “The Cyber Attack on
Saudi Aramco,” Survival, 55 (2), (2013), 81 – 96.
http://www.brookings.edu/events/2013/09/09-cyber-war-will-not-takeplace
David Singer founded COW as a project in the University of Michigan in
1963. After his retirement, Penn State has archived all data and materials
of COW. http://www.correlatesofwar.org/
Meredith Reid Sarkees, “The COW Typology of War: Defining and
Categorizing Wars,” and Frank Wayman (2010). Resort to War: 1816 2007. CQ Press.
Remarks by Secretary Panetta, Ibid.
“The Armed Forces must have the ability to operate across the air, land,
sea, space and cyberspace domains of the battlespace”, US Joint of Staff,
The National Military Strategy of the United States of America: 2004, 18.
Richard Clarke, Cyber War: The Next Threat to National Security and
What to Do About IT (New York: Harper Collins Publishers, 2010), 30 – 32.
U.S. Department of Defense, The DoD Cyber Strategy, April 2014, 10.
Scott Jasper, Strategic Cyber Deterrence: The Active Cyber Defense
Option (Lanham; Rowman & Littilefield, 2017).
The White House, Office of the Press Secretary, “President Barack
Obama’s State of the Union Address”, February 12, 2013. http://www.
whitehouse.gov/the-press-office/2013/02/12/president-barack-obamasstate-union-address
U.S. Department of Justice, News Release, “U.S. Charges Five Chinese
Military Hackers for Cyber Espionage Against U.S. Corporations and a
Labor Organization for Commercial Advantage,” May 19, 2014. https://
www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyberespionage-against-us-corporations-and-labor
The White House Press Release, “Remarks by President Obama and
A SIA -P ACIFIC R EVIEW
V
2017
The Escalation of State Sponsored Cyberattack and National Cyber Security Affairs
50
Downloaded by [Gothenburg University Library] at 03:00 09 January 2018
51
52
53
President Xi of the People’s Republic of China in Joint Press Conference,”
September 25, 2015. https://obamawhitehouse.archives.gov/the-pressoffice/2015/09/25/remarks-president-obama-and-president-xi-peoplesrepublic-china-joint
Executive Order—Imposing Additional Sanctions with Respect to North
Korea, January 2, 2015. https://obamawhitehouse.archives.gov/thepress-office/2015/01/02/executive-order-imposing-additional-sanctionsrespect-north-korea
NATO Press conference by NATO Secretary General Jens Stoltenberg
following the North Atlantic Council meeting at the level of NATO
Defence Ministers, on June 14, 2016. http://www.nato.int/cps/en/natohq/
opinions_132349.htm
MOFA, “JOINT STATEMENT OF THE SECURITY CONSULTATIVE
COMMITTEE: Toward a More Robust Alliance and Greater Shared
Responsibilities,” October 3, 2017. http://www.mofa.go.jp/files/
000016028.pdf
Japanese Ministry of Defense and U.S. Department of Defense, “Joint
Statement of the U.S.-Japan Cyber Defense Policy Working Group,” May
30, 2015. http://www.mod.go.jp/j/press/news/2015/05/30a_1.pdf
About the author
Mr. OSAWA Jun, Senior Research Fellow, Institute for International Policy Studies
(IIPS).
Jun Osawa joined IIPS as a research fellow in April 1995. In 2009, he was appointed
a senior research fellow. He received an M.A. degree in political science from Keio
University. He also served concurrently in government and academic positions:
2004-2006 analyst (WMD issue) for the Intelligence and Analysis Service, Ministry
of Foreign Affairs; 2007-2009 policy planning advisor for the Policy Planning Division, Foreign Policy Bureau, Ministry of Foreign Affairs; 2013 visiting fellow at the
Brookings Institution; 2012-2016 visiting scholar at GRIPS; 2014-2016 Deputy
Counsellor, National Security Secretariat, Cabinet Secretariat; 2017- present
Senior Fellow at National Security Secretariat.
A SIA -P ACIFIC R EVIEW
V
V OLUME 24, N UMBER 2
131