Are we ready for the cyber warfare?

This is the reason for which the Deputy Director of the Romanian Intelligence Service, Major General Florian Coldea, has kindly accepted to discuss exclusively with Q Magazine about the Romanian Cyber Security Strategy.

In order to fully comprehend the dynamics of cyberspace, we must recall that it took the radio 35 years to reach an audience of 50 million people, television – 15, while as it took the internet just 5 years to reach the same numbers. Nowadays, over two billion people are interdependent and highly digitalized. However, beyond its obvious advantages, cyberspace has in time proved to be generating cyber crimes and conflicts. The more gloomy scenarios reveal a doomsday like image, in which  food, energy, water supply, transports, finances and all related could eventually freeze, even in a developed country such as USA.

In the interview for Q Magazine, Major General Florian Coldea, the Deputy Director of the Romanian Intelligence Service (RIS/SRI), admits that Romania is in just as much potential harm as any other NATO member state. In 2000, two Filipino hackers launched the Love Bug, attacking 55 million computers, while the damages rose up to 15 billion dollars.  That was the time when the world got a real understanding of the devastating effects of an unconventional war, sometimes asymmetrical, which can be infinitely larger than those caused by conventional weapons.

Bombs are no longer conventional, but they can be launched to the other side of the world through a simple virtual “touch”. The enemy is usually unseen and often remains unknown even for intelligence services. The concept of cyber warfare is wrapped around in a cloak of mystery, making the Cold War seemingly a time of diplomatic transparency.

Potential electronic “Pearl Harbor”

In a special report, with 21 years experience in the US Army, CSBA president Andrew Krepinevicki Jr. considers cyber attacks to be the cause of far greater damage than nuclear ones, whiles former US Secretary of Defense, Leon Panetta did not dismiss the possibility of a new electronic Pearl Harbor. When asked about the threat of a cyber attack, US Cyber Command chief, general Keith Alexander declared that “such an enemy can cut off the electric power of an entire country, influence stock markets, trade exchange, as well as internet… for a while” and that this ability does not stand alone in the hands of states, but also in the hands of individual hackers or terrorists.
Nothing seems impossible anymore. In 2009, Joint Strike Fighter military program was compromised, several terabits of data concerning informational systems were stolen, and the source of this cyber attack appears to have been China. Chinese hackers also seem to have hacked into the White House network, managing to steal several e-mails of governmental officials before the system was fixed.

General James Cartwright said we should start considering cyber threats as weapons of mass destruction, whiles two experts of Peoples Liberation Army, Ye Zheng and Zhao Baoxian, feel that “as the nuclear threat was the strategic war of the industrial era, the cyber warfare became strategic the informational era, and this has a devastating potential harm that has to do with both the rise and fall of nations”.

China set out its national strategy policies for 2050 to rule the cyberspace. The 1.500 Chinese diplomats, within 70 offices, 15.000 Chinese students studying yearly in the US and 10.000 Chinese arriving to the US in 2.700 delegations every year, could just be a cover for the Beijing espionage.

Organized crime is yet another trigger in the dramatic increase of cyber crimes. Nowhere in the world is this more evident as in Russia, where the Russian Business Network (RBN) became the “first cyber crime organization that supplied information systems for cyber attacks”. The cyber warfare capabilities of RBN are so outstanding, that it lead NATO consider it a major security threat. Supposedly RBN exerts control over 150-180 million hubs. In 2007, approximately 40% of cyber crimes were claimed by RBN. Chatham House „Cyber Security and Global Interdependence: What Is Critical?” Report has a more mild view and underlines the opportunities cyberspace has to offer are far greater than the risks it contains- “many of which are set in this kind of dramatic language and apocalyptic that reveal fears deeper than the risk of losing control over technology”.

Those who may find the balance between freedom rights and cyber security will have greater rewards than loses.

Romania, target to cyber espionage

Cyber crimes seem to have reached Romania as well, being the target of many cyber attacks lately, some discovered by the Romanian Intelligence Service (RIS/SRI), others not. For instance, the attack recorded in late February (the latest official report) which was announced to Romanian intelligence by homologous services and was estimated to have had a greater impact than Red October, due to its sophisticated technology and data flow. Also, Kaspersky Lab had announced an espionage campaign concerning information on national strategy and natural resources over Eastern Europe, Romania being one of them.

Romania considers cyber security a dimension to its national security and defense, as cyber threats became more and more dynamic, even though the gross population does not yet perceive its real extent.

Considering cyber crime affects civilians as well as private companies and public institutions, cyber prevention measures issued in the Romanian Cyber Security Strategy, and ratified in the last CSAT meeting, from 5th of February, are ought to be publicly debated for awareness. Meanwhile, a natural question arises; especially in a country obsessed with the “Big Brother” phenomenon, up to which point can we give up our computers’ control to the entity coordinating this Strategy, as in the Romanian Intelligence Service.

Major General Florian Coldea, the Deputy Director of the Romanian Intelligence Service, has exclusively answered this question for Q Magazine.

What are the objectives and the national directions of the Strategy, besides those presented by the European Commission?

I shall briefly present you some. We must adapt our laws and regulations to the challenges posed by cyber threats, secure the relevant national and critical digital infrastructures and assure its cyber defense capabilities.

Also, insuring a state’s security assumes identifying, preventing and reacting to cybernetic vulnerabilities, risks and threats. We are considering developing a public- private partnership, as well as, national and international cooperation in the field, raising awareness amongst the population concerning the vulnerabilities, risks and threats coming from cyber space and the necessity of securitizing private informational systems. In order to reach these objectives, within the Romanian Cyber Security Strategy there are some national action directives, where, if I may say so, there are underlined the conceptual, organizational and action frames, the development of national risk- management and reacting to cybernetic incidents capabilities based on a national Program, promoting and consolidating security habits in the cyber field, developing international cooperation from the cyber security stand. Though it may seem a little bit technical, I must underline these objectives, for it is the first time that Romania adopts the National Strategy in the field of Cyber Security and therefore, it is a very important document, from which all others shall derive.

Recently, through its spokesperson, the institution admitted that “Red October” was a cyber attack meant to get data on Romanian natural resources. How many such cyber attacks have been made on Romanian security entities in the past years, what where they after and how many did RIS manage to prevent?

The latest attack, which we announced at the beginning of March, was by RIS estimations, far stronger than “Red October”. We daily record dozens to hundreds of cyber incidents, but only a scarce part of them can qualify as cyber attacks and a very small amount of them require RIS competency, which has attributions only on the line of identifying and informing public and private institutions that own Critical Informational Infrastructure (CII) or digital systems of national interest, regarding cyber threats.

RIS operates for investigating cyber threats and puts emphasis on identifying the purpose and motivation of the attacks. This process usually requires a longer period, considering the asymmetrical character of the cyber threats, and the difficulty of attributing the attack. Sometimes it takes up to one or two years to analyze an attack.

The Intelligence constantly monitored and documented cyber aggressions on the digital systems of certain public and private entities, developed by people connected to transnational cyber criminality that aimed taking over such systems. Cyber attacks that have a transnational character have made the object of RIS cooperation with homologous services from the states on whose territories the attacks have had effects.

Also, RIS has informed state institutions regarding several attacks by members of the Anonymous group. On 29th of May 2012, DIICOT prosecutors- with the help of county police and the technical support of RIS- have organized a series of actions meant to dismantle the Anonymous Romania group, which illegally accessed and exported data flow from the digital systems belonging to public institutions.

How do you collaborate with other institutions? Is there a thorough understanding of these dangers?

As the national authority in the field of cyber intelligence, RIS implemented CyberInt. National Center. Here, we identify cyber attacks made on National Critical Infrastructures (NCI) and limit their probable consequences. We work with all other responsible institutions in the cyber security field, as well as with the other institutions in possession of NCI.

I believe it is necessary to consolidate cooperation of the Services with national entities with attributions in the field, including implementing the public- private partnership.

What Romanian authority will be handling the securitization of informational networks?

Every legal entity public or private will be assuring its own informational network security. The national coordination of these actions in this field was covered by the Strategy, by implementing the National System of Cyber Security representing the inter-institutional frame for cooperation for assuring cyber security. The technical coordination of the System was assigned to RIS.

Romania attended Cyber Europe 2012 through CERT-RO, SRI and STS. What were the conclusions?

Beyond conclusions, the practice represented an excellent opportunity for know- how exchange at an international level among attending entities. It was an occasion to analyze, understand and evaluate existing European inter-institutional cooperation mechanisms and to consolidate the European community to manage informational incidents. Pan-European practices in the field represent an important instrument for the evaluation and the improvement of state-to-state relations and this is an essential factor considering the resolution of real digital crisis.

How vulnerable is Romania regarding this cyber warfare?

The fact that governmental and commercial activities are increasingly interconnected through internet, has offered cyber attackers new opportunities to implement their intentions, mostly due to the interdependence of information and communications technology in a globalized international market, which have brought with itself their vulnerabilities and risks.

Nowadays we are experiencing a global economical crisis, which generated strong social contradictions. Moreover, the implementation of technological standards and European regulations in Romania is still in its early stages. All these realities have offered extra motivations for new cyber attacks on digital networks belonging to public authorities and private entities, and have favored new IT specialists’ recruitments into criminal activities.

RIS considers that Romania has a level of cyber security that needs to improve. In order to limit the risks of a mass proportions event or cyber attack, with obvious implications for our national security, and economical, social and institutional consequences, Romania needs to be strong enough and determined to go through a series of steps.

What would these be?

First of all, the legal shortcomings must be overcome. The law concerning the identification and assignment of critical infrastructures and the Romanian Cyber Security Strategy must be followed by the development and ratification of the Cyber Security Law, that will set up regulations concerning concepts, as well as national cyber security or cyber event/ attack, but mostly a legal frame for national institutions and the national authority’s attributions in the field and of other such institutions that have responsibilities in providing cyber security and reaction in case of an incident or cyber attack. The public- private partnership must be implemented and at a European level the relationship with organizations in the field must be continued.

Also, at a national level it’s extremely important to have a sustainable effort for the developing and implementation of a national plan to control and react to cybernetic incidents, which will include a methodology for every institution in the case of a cyber event/ attack. We must promote and enforce a culture of security in the cybernetic field; we must develop awareness programs among the people, public administration and private sector concerning the threats, vulnerabilities and risks specific to cyber space.

A step forward is this interview we are taking. China seems to have set its military objective on winning the informational war of this century, whiles American officials admitted that US have launched a cyber attack on another country, most likely Iran. What are the countries Romania should fear in this war?

Considering the fact that we are NATO and EU member state, any threat addressed to these institutions are a threat to Romania.

We could say that the future sounds… threatening!

Don’t be so pessimistic! Cyber space does not only assume threats, but also opportunities for promoting interests, values and national objectives. It depends on each of us to capitalize them. Also, this is another objective of the Strategy.

The US has recently announced that they will hire a number of 5.000 IT specialists for “a digital army”. Does the institution you represent have a similar strategy?

Even if we are going through austerity times that have lead to limited material resources and to restrictions concerning the hiring of new human resources at budget institutions, we have always had intentions of creating a team of IT specialists, with which we have established amazing operational results, nationally, as well as internationally, some of which are the Anonymous case and the Paunescu, Red October, Pene cases.

We are known for a series of Romanian hackers that have established incredible performances, of course, illegally. Does the institution consider a conversion, or a recovery of these individuals for national interests?

In order to accomplish its mission of assuring the cyber security of digital systems and national interest critical infrastructures, RIS will always be concerned with identifying specialists of high rank in the field. A priority for us is represented by the careful selection from academic field, as well as from the private sector. We are also counting on the expertise achieved by Intelligence from international cooperation activities.

RIS is coordinating the Cyber Security Strategy, so it will impose prevention measures to private institutions, as well as to state institutions. Taking into account that we live in a country obsessed with the fact that RIS is listening to us, is following us, is intercepting us, until where can we give up control upon our computers?

Here we are not having an issue of giving up control over computers, but more likely about developing a preventing and reacting measures, on the line of implementing of policies, standards and security guides. I can assure you that all regulations in the field will be in compliance with European security standards and will be implemented through the responsibility and complete knowledge of owners and digital systems administrators. All cyber attacks prevention measures that the Romanian Intelligence Service has taken so far and will take hereinafter based on the Strategy adopted by CSAT will be in strict compliance with the laws, including the fundamental rights and freedoms of the citizen.