Inside Cyber Warfare Part 29

[189] "Poland to support NATO multinational cyber defence initiative," NATO C3 Agency, March 28, 2011, accessed August 31, 2011, http://www.nc3a.nato.int/news/Pages/20110325-POL-security-visit.aspx.

Republic of Korea

The Korean Information Security Agency (KISA) was formed in 1996 to establish reliable information distribution and to develop appropriate responses to electronic infringement. As cyber attacks from North Korea increased, in 2004 South Korea was one of the first countries to establish a Computer Emergency Response Team (KrCERT).[190] The ROK is faced with enormous cyber pressure and attacks from the DPRK, and while no formal policy has been publicly released, the ROK has been increasing their cyber education capacity, a first and basic step to growing any cyber defense infrastructure.

The ROK army, in cooperation with Korea University, has formed a new cyber defense school, slated to open in 2012, which will admit 30 students a year in a four-year course.[191] Courses will include breaking malicious Internet codes, the psychological ramifications of cyber warfare, and cyber warfare tactics. The army hopes that the school will ensure a steady supply of cyber experts to offset the DPRK's cyber offensive. Similar to US ROTC programs, if the students join the army after university, the army will pay their tuition.[192]

[190] KrCERT/CC home page, Korea Internet Security Center, accessed August 31, 2011, http://www.krcert.or.kr/english_www/.

[191] "South Korea opens cyber-war school," The Times Live, June 29, 2011, accessed August 31, 2011, http://www.timeslive.co.za/scitech/2011/06/29/south-korea-opens-cyber-war-school.

[192] Rick Martin, "South Korean University Students Can Now Major in Cyber Warfare," Penn Olson, The Asian Tech Catalog, July 1, 2011, accessed August 31, 2011, http://www.penn-olson.com/2011/07/01/south-korea-cyber-warfare-university/.

Russian Federation

See Chapter 15.

Singapore

In October 2009 Singapore established the Singapore Infocomm Technology Security Authority (SITSA), which was designed to be the national specialist authority in safeguarding the country against cyber threats. SITSA is structured under the Ministry of Home Affairs Internal Security Department. The agency will improve upon the current cyber defense capabilities by coordinating with private sector businesses. In addition, the authority will conduct simulations and exercises to strengthen the country's cyber security by training with real-world evolving threats.[193]

[193] Dawn Tay, "Govt sets up cyber-security agency," AsiaOne News, October 1, 2009, accessed August 31, 2011, http://www.asiaone.com/News/AsiaOne+News/Singapore/Story/A1Story20091001-171044.html.

South Africa

In February 2010 the South African Department of Communication (DOC) released a draft policy on cyber security. The draft not only outlined the DOC's intentions to enhance cyber security in all facets of the country, but also to increase collaboration with state-run security centers. To accomplish this, the DOC proposed the creation of a National Cyber Security Advisory Council. The major downfall of the draft is the lack of incentives to private sector companies to implement new cyber security regulations.[194]

In June 2011 South Africa agreed to work with China to combat crime. Most of the dialogue, however, focused on cyber crime. China and South Africa plan to share intelligence to expose criminal networks and activities. Through the agreement, they will share criminal intelligence, but it also inadvertently gives the Chinese access to Internet-based information gathering. This is likely the main reason Chinese intelligence officials are working with South Africa.[195]

[194] "Draft cyber policy welcomed but criticised in South Africa," Balancing Act Africa, February 26, 2010, accessed August 31, 2011, http://www.balancingact-africa.com/news/en/issue-no-493/internet/draft-cyber-policy-w/en.

[195] Jackie Cameron, "China, South Africa dodgy crime partnership," MoneyWeb, China Perspectives, June 9, 2011, accessed August 31, 2011, http://www.moneyweb.co.za/mw/view/mw/en/page503823?oid=544874&sn=2009+Detail.

Sweden

Sweden partic.i.p.ated in the May 2010 Baltic Cyber Shield international cyber defense exercise. The exercise was organized by NATO's Cooperative Cyber Defense Center of Excellence based out of Estonia, as well as several Swedish governmental inst.i.tutions, including the Swedish National Defense College.[196] Sweden has also been designated as a vital part of the US National Infrastructure Plan (NIP) because of the Swedish telecommunication firm Telia Sonera, which operates the most critical part of the European cyber infrastructure. Sweden's critical role in the US NIP has earned it an inner-circle membership in the defense exercise Cyber Storm, which simulates attacks by terrorists and hostile states on the cyber infrastructure.[197]

[196] "Baltic Cyber Shield to train technical skills for countering cyber attacks," NATO Cooperative Cyber Defence Centre of Excellence, May 3, 2010, accessed August 31, 2011, http://www.ccdcoe.org/172.html.

[197] "Sweden has central role in cyber warfare," Om Dagens Nyheter, January 2, 2011, accessed August 31, 2011, http://www.dn.se/nyheter/sverige/sweden-has-central-role-in-cyber-warfare.

Taiwan (Republic of China)

The Taiwanese military began planning for a battalion-sized cyber warfare unit in 2000, according to Defense Minister Wu Shih-Wen. The unit would focus on building information warfare and electronic warfare capabilities, and it would receive funding in an amount equal to almost 25% of Taiwan's defense budget.

Taiwan's General Lin Chin-Ching has said that Taiwan has an advantage over the People's Republic of China in information warfare: Taiwan's information warfare advantage, which cannot be matched by the mainland, is that all of our citizens have a very high level of universal education, with a solid communications infrastructure, and our related research on electronic anti-virus software and Internet defense products all being up to world-cla.s.s level.[198]

In fact, Taiwan has a history of producing high-quality malware dating back to 1990, before the PRC had its own Revolution in Military Affairs (RMA).

[198] Emily O Goldman and Thomas G. Mahnken, The Information Revolution in Military Affairs in Asia (Palgrave Macmillan), p. 156.

Turkey

Turkey conducted cyber terror drills in January 2011. The second attack drills involved 39 Turkish national and private inst.i.tutions. The drill was primarily designed to coordinate cyber response among the diverse inst.i.tutions.[199] In June 2011 Turkey announced the formation of Internet filter laws, which will require Internet users in Turkey to use government-provided Internet filters. The hacking group Anonymous attacked government websites in response to these new laws, and Turkish police arrested 32 suspected members of Anonymous.[200]

In March 2011 Turkey established the first of three core commands that will serve as Turkey's Cyber Command in the office of the General Staff. The entire command, modeled largely after the United States' Cyber Command, has experienced major delays due to organizational issues. The current established team has eight computer engineers with specialized cyber security training.[201]

[199] "Turkey conducts cyber terror drill," Hurriyet Daily News, January 27, 2011, accessed August 31, 2011, http://www.hurriyetdailynews.com/n.php?n=turkey-conducts-cyber-terror-drill-2011-01-27.

[200] Giles Tremlett, "Turkish arrests intensify global war between hacker activists and police," The Guardian, June 13, 2011, accessed August 31, 2011, http://www.guardian.co.uk/technology/2011/jun/13/turkish-arrests-global-war-hackers-police.

[201] Umit Enginsoy and Burak Ege Bekdil, "Turkey Raises Emphasis On Cybers.p.a.ce Defense," Defense News, August 15, 2011, accessed August 31, 2011, http://www.defensenews.com/story.php?i=7388376&c=FEA&s=SPE.

United Kingdom

The UK published a wider National Security Strategy in 2009 and along with that came a specific cyber security strategy.[202] This strategy was aimed at combating cyber attacks from countries-the Russian and Chinese governments were mentioned specifically. The strategy also appointed Lord West as the UK's first cyber security minister. Lord West mentioned that the government had recruited a team of hackers for the new Cyber Security Operations Centre, located at the GCHQ in Cheltenham. He also commented that the UK will recruit former illegal hackers and "naughty boys," as they often seem to enjoy stopping other illegal hackers. Offensive capabilities were also signified as priority as a result of state actor threats being the UK's primary cyber concern.

In October 2010 the Strategic Defense and Security Review (SDSR) readdressed much of the cyber issues that the 2009 National Security Strategy highlighted. Much more funding was allocated to cyber security, and cyber threats were given priority access to the prime minister's desk, alongside terrorism, natural disasters, and hostile military attacks.[203] In addition, several changes to the cyber security structure were implemented.

The UK Defense Cyber Operations Group (DCOG) was created and will work with the Ministry of Defense. UK intelligence agencies were instructed to share intelligence on cyber security. A cyber infrastructure team in the Department of Business, Innovation and Skills (BIS) was set up for coordinating security efforts with critical industries. An Infrastructure Security and Resilience Advisory Council was also set up to create a closer relationship between private sector infrastructure providers and the government.[204]

Recently, the SDSR planned for an increase in cyber warfare troops, which started to take shape in 2011. In May 2011 a Ministry of Defense (MoD) spokesman said there are plans to "significantly grow the number of dedicated cyber experts in the MoD, and the number will be in the hundreds but precise details are cla.s.sified."[205] The UK is expected to develop a first-strike capability in the Ministry of Defense's cyber division. The cyber division doctrine will probably be covert in nature, similar to those of the Special Air Service forces, but will follow strict guidelines involving collateral damage.[206]

[202] Gordan Corera, "UK 'has cyber attack capability'," BBC News, June 25, 2009, http://news.bbc.co.uk/2/hi/uk_news/politics/8118729.stm.

[203] Derek Parkinson, "Funding the new Home Guard to protect against cyber attacks," SC Magazine UK, January 3, 2011, http://www.scmagazineuk.com/funding-the-new-home-guard-to-protect-against-cyber-attacks/article/192648/.

[204] Ibid.

[205] "UK beefs up cyber warfare plans," BBC News, May 31, 2011, http://www.bbc.co.uk/news/technology-13599916.

[206] Nick Hopkins, "UK developing cyber-weapons programme to counter cyber war threat," The Guardian, May 30, 2011, http://www.guardian.co.uk/uk/2011/may/30/military-cyberwar-offensive.

Chapter 17. US Department of Defense Cyber Command and Organizational Structure

Some of the information regarding the US Department of Defense organizational chart has been changed since this chapter was written. A few changes are represented in the footnotes; however, the DoD's process of reshaping itself is ongoing and their review process was too lengthy to meet the publishing requirements for this second edition. Thus, readers are encouraged to check the facts contained in this chapter with the latest guidance from the US DoD.

Summary

The US Department of Defense (DOD) has taken a decentralized approach to the organization of its cyber security structure. There are various organizations, divisions, and agencies that address the DoD's cyber security needs at both the policymaking and operational levels. The Joint Chiefs of Staff, the US Joint Forces Command (JFCOM), and several offices within the Office of the Secretary of Defense have roles in developing policy and guiding cyber security strategy.[207] At the operational level, the central organization to DOD's cyber security efforts is US Cyber Command (USCYBERCOM), which was created in June 2009 under US Strategic Command (USSTRATCOM).[208] The Joint Information Operations Warfare Center (JIOWC) was also created to plan, integrate, and synchronize information operations (IO) in direct support of Joint Force Commanders and to serve as the USSTRATCOM lead for enhancing IO across the Department of Defense. Additionally, the director of the NSA doubles as the director of USCYBERCOM, making them dual-hatted organizations.[209]

Each branch of the military has designated a support component for cyber security that operates under USCYBERCOM. These are the US Army Cyber Command, the US Fleet Cyber Command/US 10th Fleet, the 24th Air Force/AFCYBER, and the Marine Corps Cyber Command (able to conduct cyber operations but is not expected to achieve full operational capability until 2013).[210] There are several other DOD organizations that play an important role in cyber security. Network Operations Security Centers (NOSCs) provide network-operations reporting and situational awareness for each of the military service branches, as well as for the various theater commands. The National Guard and the DOD Criminal Investigative Services also have cyber security functions.[211]

[207] GAO, "Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities," US Government Accountability Office, July 2011, http://www.gao.gov/products/GAO-11-75.

[208] Ibid.

[209] GAO, "Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cybers.p.a.ce Capabilities," US Government Accountability Office, May 2011, http://www.gao.gov/products/GAO-11-421.

[210] Ibid.