DARPA Would Develop Offensive And Preventive Cyber Capabilities

The Defense Advanced Projects Research Agency (DARPA) has been working hard to develop its cyber capabilities. It includes both offensive and defensive cyber capabilities. The seriousness of United States in this regard is also apparent from the fact that the US government’s advanced research unit has decided to increase its funding for cyber research by 50 percent over the next 5 years. This has been decided in response to the increased threat of cyber terrorism and cyber warfare that US is facing.

The DARPA, held it’s first-ever symposium to discuss how the U.S. military can better protect itself from foreign-backed hackers. DARPA’s director, Regina Dugan, told conference members the agency will work to develop offensive cyber capabilities as well as maintaining defensive lines.

Recent cyber attacks on multinational firms and institutions, ranging from Google, Citigroup, U.S. Senate's website to the International Monetary Fund, have raised fears that governments and the private sector are ill-prepared to beat off hackers. To tackle these sophisticated cyber criminals there is an urgent need to beef up offensive cyber capabilities.

DARPA’s conference would follow several months of discussion among security experts and military personnel as to how the U.S. should balance its offensive and defensive cyber weapons.

In a typical cyber attack by an enemy State, the critical infrastructure is the first choice. Estonia witnessed this truth in the past. Further, in cases of cyber warfare and cyber terrorism also critical infrastructure is the chief target of cyber attack. An international cyber security treaty can be a good solution for dealing with this problem at the international level.

NATO Requests Cyber Security Cooperation From India

In the absence of international cyber crimes treaty and international cyber security treaty, the next best thing is to have mutual cooperation between various countries. However, nothing can benefit more than an international cyber security cooperation that is urgently required.

In the absence of international harmonisation, the concept like cyber warfare still haunts the international community. This is also the main reason for blame game for various cyber attacks. However, mere suspicion or blame without actual authorship attribution for cyber attacks can produce only insignificantly beneficial results.

Recently India and US had signed a cyber security cooperation agreement. Now North Atlantic Treaty Organisation (NATO) has sought stronger cooperation with India to counter growing cyber threats, particularly emanating from China. Top NATO officials listed cyber security very high on the list of possible areas of cooperation, which included counter-terrorism, missile defence and anti-piracy operations.

"The cyber world does not recognise alignments. It only understands switches," said a top NATO official during a briefing to visiting Indian journalists, while making a strong pitch for joint efforts to combat cyber threats.

The NATO official made this remark in context of India's sensitivity against military alliances and its commitment to non-alignment. He suggested this could be a functional alignment in which both sides could give and take.

"India has an advanced cyber and IT industry and is very strong in cyber issues", he said, hinting that India and NATO can cooperate in this field. Democracies face challenges that are common. As democracies we can have a dialogue, as we deal with issues differently... We need to work together, because individually we cannot. It is better to deal with such issues commonly than deal with them individually."

He added that even though the threats were different, the nature of our responses could be similar, while seeing India as a strong partner with NATO on various issues. Though he did not mention any of India's neighbours from where the cyber attack challenge came, he hinted at China from where such threats had come in the recent past.

Seeking a partnership on matters relating to cyber security, the official pointed out that India and NATO had already reached at a tactical level understanding in dealing with piracy and shared a strategic level understanding in countering terrorism. Incidentally, in July this year some anonymous hackers had targeted NATO in a cyber attack and it decided recently to create a special task force to detect and respond to such attacks by beefing up its cyber defence network. While the United States has already signed a cyber security collaboration with India this July, the 28-nation political and military alliance is of the view that it can collaborate with it in protecting its cyber systems. NATO's 2010 Summit in Lisbon also recognised the growing threat of cyber attacks and sought to ally with partner nations to step its cyber security.

White House Is Mulling Federal Cyber Security Law

United States (US) is a country that takes its cyber security very seriously. Recently US declared its international cyberspace strategy. US is also entering into bilateral cyber security agreements with various countries including India. Further, US is also advocating international cooperation for cyber security issues, though within the limits of existing international law framework and not through a dedicated international cyber security treaty.

Cyber attacks at the international level are getting worst and more sophisticated. Recently cyber attacks at Gmail, Citicorp, International Monetary Fund, etc have proved the point. Cyber security has become a necessity these days. Since cyber security is techno legal in nature, both laws and technology must be used to tackle cyber attacks.

India has a bad cyber law, missing cyber security and cyber warfare policy and absent cyber security laws. US on the other hand has good cyber laws and is now planning to have a federal cyber security law. The focus seems to be on developing both offensive and defensive cyber warfare capabilities. The department of homeland security may be entrusted with the job to secure US cyberspace.

In the Indian context, expecting cyber security law before a decade would be pre mature and over optimism. India must first make its cyber law potent and strong by repealing the existing one. But given the preference of e-surveillance over cyber security capabilities in India, the information technology act, 2000 may continue on the statute book despite it being a bad law having unconstitutional provisions.

Cyber security is an international concept and so must be the regulations governing the same. We need international harmonisation because a national approach in this regard would not be sufficed.

Cyber Security Must Be An International Issue

I personally believe that Cyber Security is an “International Issue” and not a “National One”. Those who believe it to be a National Issue are going to suffer a lot. Similarly, “Self Regulation” is not going to help us in the long run especially when countries all over the world are establishing Cyber Commands and Cyber Warfare Capabilities.

I also believe that despite all odds, we must try to formulate International Cyber Law Treaty and International Cyber Security Treaty. Without clearly demarcating the “Roles and Responsibilities” of Nations in the Cyberspace, International Mutual Cooperation in this regard is next to impossible.

United Nations has a bigger role to play in this regard. On the one hand it must formulate International Cyber Law and Cyber Security Treaty whereas on the other hand it must make these Treaties in conformity with the Human Rights in Cyberspace.

Developed Countries like US are not interested in Treaties on Cyber Law and Cyber Security except to the extent permitted by present International Legal Framework .This Framework was formulated at a different time and in a different context. It is high time to abandon the same in the larger interest of “International Community”.

The growing Cyber Attacks on Gmail, Citicorp, etc are happening because of this “Void” at the International level. This “Void” is also forcing the Countries to adopt their own Cyber Security safeguards. Australia has planned a Cyber Defence Strategy whereas European Union has set up a team of Cyber Crime Fighters. Countries are adopting this “National Approach” because there is no “International Framework” to deal with these issues.

The sooner we have International Frameworks for Cyber Law and Cyber Security related issue the better it would be for the interest of International Cyberspace Community at large.

International Cyber Security Treaty Is Required

The threats of Cyber Crimes and Cyber Security attacks are alarming these days. As more and more Critical Infrastructure is connected to Information and Communication Technology (ICT), a need has been felt to protect Critical ICT Infrastructures all over the World.

In a typical Cyber Attack by an Enemy State, the Critical Infrastructure is the first choice. Estonia witnessed this truth in the past. Further, in cases of Cyber Warfare and Cyber Terrorism also Critical Infrastructure is the chief target of Cyber Attack.

It is surprising that despite the seriousness of the issue we have no International Cyber Law Treaty and International Cyber Security Treaty. International Organisations and Institutions have still not taken Cyber Crimes and Cyber Security very seriously. Even Human Rights Protection in Cyberspace has not been taken by seriously by all concerned.

Organisations like United Nations, North Atlantic Treaty Organisation (NATO), etc have also not shown much interest in this regard in the past. Now these Organisations have taken notice of the nuisances of Cyberspace and they are gradually shifting their attentions to Cyber Crimes and Cyber Attacks.

International Organisations dealing with Human Rights, Cyber Law and Cyber Security must start thinking in this direction as issues like Cyber Warfare, Cyber Terrorism, Cyber Espionage, Cyber Crimes, E-Surveillance, Unlawful Interceptions, etc are “Transnational” in nature.

If different Countries would have different laws for these issues, it would be very difficult to truly enforce protective provisions against these menaces at National and International levels. It is high time for UN to seriously consider issues like International Cyber Law Treaty, International Cyber Security Treaty and Protection of Human Rights in Cyberspace.

Greater India US Cyber Security Cooperation Anticipated

India and United States (US) are entering into many bilateral agreements regarding issues like homeland security, cyber security, clean energy and so on. US has also recently released its international strategy for cyberspace.

These initiatives would definitely improve the cyberspace cooperation between India and US. However, bilateral agreements can have limited effect on cyberspace. Till now we have no uniformly acceptable treaty or convention on cyber crimes and cyber security.

There are many international organisations and institutions that are dealing with information and communication technology (ICT) in one form or other. However, none of these international organisations are dealing with cyber crimes at the global level. Thus, the establishment of a harmonised international standard for cyberspace is still missing and is the need of the hour.

Meanwhile, Christopher Painter, the State Department Co-coordinator for Cyber Issues, has said that there would be many more meetings with India on cyber security aspect. India and US are deliberating as to how to exchange information, cooperate in securing networks, fight cyber crimes and both countries are working in this direction.

Painter further said the International Strategy for Cyberspace released early this week for the first time pulls together all the different strands of our policies in cyberspace from Internet freedom issues to Internet governance issues, to security issues, to military issues, to cyber crime issues, to economic issues, and puts them really all in one framework for the first time.

However, irrespective what US and India say, global cooperation and collaboration is the first and foremost requirements to have a better cyberspace. At the same time there is no doubt that if India and US work together in this direction, this may be the beginning of creating a global consensus. This dialogue is a good step in the right direction.