UkrEngRus

“During the past 3 centuries human population has increased tenfold to 6000 million and fourfold in the 20th century

• Cattle population increased to 1400 million (one cow/family) by a factor of 4 during the past century

• There are currently some 20 billion (20,000 million) of farm animals worldwide

• Urbanisation grew more than tenfold in the past century almost half of the people live in cities and megacities

• Industrial output increased 40 times during the past century; energy use 16 times

• Almost 50 % of the land surface has been transformed by human action”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist***

“Fish catch increased 40 times

• The release of SO2 (110 Tg/year) by coal and oil burning is at least twice the sum of all natural emissions;

over land the increase has been 7 fold, causing acid rain, health effects, poor visibility and climate changes due to sulfate aerosols

• Releases of NO to the atmosphere from fossil fuel and biomass burning is larger than its natural inputs, causing regional high surface ozone levels

• Several climatically important ”greenhouse gases” have substantially increased in the atmosphere, eg.

CO2 by 40 %, CH4 by more than 100 %.”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist***

“Water use increased 9 fold during the past century to 800 m3 per capita / year;

65 % for irrigation, 25 % industry, ~10 % households

It takes 20, 000 litres of water to grow 1 kilo of coffee

11,000 litres of water to make a quarter pounder

5,000 litres of water to make 1 kilo of cheese

1 kg meat → 16000 litres of water

1 kg grain → 1000 litres of water”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist

Воєнна доктрина РФ в переліку загроз містить розширення НАТО і нарощування можливостей США та альнсу в цілому..*** У Стратегії Національної безпеки США дії Росії кваліфіковані як агресія що потребує протидії.. *** Росія реформує силові структури: відбувається створення Федеральної служби військ Національної Гвардії на базі Внутрішніх військ МВС, Федеральної міграційної служби та Федеральної служби контролю обігу наркотиків.. *** Глави оборонних відомств країн ЄС погодили новий план оборони і безпеки та домовилися створити новий штаб і спільні сили швидкого реагування.. ***

cyber securityEugenia Sadovska

     According to the trends in the policies of leading states towards countering threats in cyber-space; and to the internal information policy change of these states, as well as to the increasing problem of cyber-security, most countries in the world are modernizing their security sectors in accordance with modern challenges, and, in particular, paying attention to the potential of the Internet for use in military purposes. 

This process is due to:

- The development and acceptance of regulatory documents [strategies] which will ensure the integrity of government policy in this sphere. Today, countries such as the U.S., France, Germany, Netherlands, United Kingdom, Estonia, Finland, Slovakia, Czech Republic, Lithuania, Luxembourg, India, Australia, New Zealand, Colombia, Canada and Japan have already developed them. Some EU countries are in the process of finalization. Others have informal strategies (1).

- Active management systems reformed by the relevant security sector [the creation of specialized units and management structures]: in the U.S. [U.S. Cyber Command] (2), the U.K. [Cyber Security Operations Centre] (3), Germany [Internet Crime Unit (4), Federal Office for Information Security] (5), Australia [The Cyber Security Operations Centre] (6) and in other countries. A leading international security organization – NATO [Cooperative Cyber Defense Centre of Excellence] actively works on cyber-threats. In 2008, the Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia, was accredited as a NATO center of excellence. It conducts research and training on cyber defense (7). In January 2013 in Hague, the Netherlands, the European Centre for Cyber-crime was founded (8). 

- Increase the number of units engaged in the cyber defense system. Three regional police cyber units [The Police Central e-Crime Unit] have been set up in the U.K. with HMRC establishing a new team on cyber-crime (9). The U.S. announced an additional 1,000 employees to a special cyber-security Department of the National Security Office [Department of Homeland Security] (10), which will deal exclusively with high-tech U.S. security systems. 

- In addition, the leading states of the world actively participate in trainings on cyber-attack prevention. The U.S. military experience [Cyber Storm] and the EU [Cyber Europe 2010] (11) and training in the special ground Northrop Grumman argues that such trainings have a significant effect in identifying problem spheres of infrastructure protection, modeling possible incidents and developing typical patterns of response, as well as improving interagency cooperation (12). For example, in the U.K., a new virtual research institute [the Virtual Research Institute] (13) was established to provide an understanding of the science according to the increasing number of threats to cyber-security. In 2011, the United States and the United Kingdom signed an agreement on the conducting of large-scale trainings and education programs for American and European IT experts to combat IT terrorist threats. The document says that over the next several years at least five thousand people working in public security must pass the course (14). 

- Actions for public awareness on the dangers of cyber-threats. Recently, the U.K.- with European, American and Canadian partners -held its first event called “Get Safe Online Week” to increase understanding of the threats to cyber-security among the general population (15). On May 18, 2012 in Donetsk, Ukraine, an International Seminar “Cyber-security and new challenges for the information society” was held (16).

Taking into account international experience in dealing with information security threats, what are the key lessons for the implementation of these strategic approaches, and what is the possible position on them in Ukraine?

In recent years, Ukraine has been paying increasing attention to the problems of state cyber-security and combating cyber-crime.

To fulfill these tasks, on 6th of March, 2013 the Act of Ukraine “On the cyber-security of Ukraine” was approved by the Cabinet of Ministers of Ukraine. It has to note key terms in the cyber-security sphere, define the concepts of critical infrastructure object and mechanisms in order to protect such objects, create a single nationwide system structured to counter cyber-threats and its component elements, to solve the problem of inter-agency coordination and power entities on state cyber-security (17). Confirmation of Ukraine’s commitments towards the development of the Act are reflected in the Annual National Program of Ukraine – NATO cooperation in 2012, which set aside a separate paragraph 4.7 on the issue of cyber-security. It describes the priorities for the current year on cyber-security which are: 

- ensuring the exchange of experience between Ukraine and the states – members of NATO; 

- working on the possibility of cooperation with the General Centre of Excellence for Cyber Security [Tallinn, Estonia];

- promoting cooperation on cyber-security between the Security Service of Ukraine, Administration of State Service of Special Communication and Information Protection of Ukraine, as well as the relevant NATO bodies; 

- facilitating the implementation of activities and trainings on cyber-security within the NATO program on Science for Peace and Security (18).

The enhancing of interstate cooperation in combating cyber-crime and cyber-threats also should be noted. In October 2010, the Security Service of Ukraine in cooperation with the FBI and nine intelligence services of other countries conducted the operation “Trident breach” to neutralize a criminal hacker international group that illegally intervened in the work of foreign banks from Ukraine resulting in losses worth about 70 million dollars USA (19). This joint operation was noted in the annual report on the results of FBI activities in 2010. In June 2011, the Security Service of Ukraine, in cooperation with law enforcement agencies of the U.S., U.K., Netherlands, France, Germany, Cyprus, Lithuania [10 countries in total], stopped the illegal activities of international criminal hacker groups under the guise of business structures which … operating legally and coordinated by citizens of Ukraine. According to preliminary estimates, as a result of this criminal group activity, losses exceeded 72 million U.S. dollars (20).

Despite such actions by the government of Ukraine in the information sphere, international experience in combating information security threats is necessary for Ukraine as an example of appropriate policy shaping and in order to build its own cyber-security system.

Despite the fact that most developed countries in the world have adopted national cyber-security strategies which define the medium- and long-term priorities and state authorities objectives in this area, until recently, the position of Ukraine on the relevant international strategies has been uncertain. Undoubtedly, this is due to the nature of these strategies. Now Ukraine has to clearly decide on the admissibility of some of the proposed approaches and the direction of shaping of the country’s position on cyber-security and cyber-space development on the international level.

The Ukrainian government has not only signed [11/23/2001], but also ratified [07/09/2005] a Convention on Cyber-crime (21) [entered into force on 01.07.2006] (22). According to it, Ukraine is an active member of the Convention Committee on Cyber-crime, which holds annual meetings and identifies priorities for the further extension of the Convention, especially for country-members of the Council of Europe (23). At present, a number of provisions of the Convention on Cyber-crime have already been implemented into domestic legislation, and there are projects for their further implementation.

According to international experience, in addition to creating its own strategy on cyber-security, Ukraine needs comprehensive exercises to combat serious crimes in the cyber sphere both for practical training of personnel in relevant agencies and cooperating between the institutions which are responsible for the cyber-security of the state. In addition to trainings at a national level, it is desirable that Ukraine will participate in European cyber-security exercises. It would be appropriate to initiate such studies by Ukraine within the program “Partnership for Peace” (24).

Ukraine should occupy a more active position in the international arena on cyber-security and cyber-weapons issues. To seek, at the international level, the definition of key terms on cyber-security problems: “cyber-security”, “cyber-space”, “cyber-attack”, “cyber-war”, “cyber-terrorism”. For example, the Doctrine on Information Security of Ukraine states that it has become an information developed state; a competent and influential member of European life, taking its right place in the globalized world (25).

In 2013, Ukraine will chair the OSCE (26), and it is appropriate that the problem of acceptable international agreement development on cyber-security can be one of the major initiatives proposed by Ukraine in the security sphere. It appears to be realistic during 2013 to attain such a version of the relevant document, which will generally satisfy all participants in the OSCE and those countries which are concerned with cyber-security issues.

An important point is the fact that the OSCE has already made some developments on cyber-security issues. In May 2011, in Vienna, a conference “Comprehensive approach to cyber-security: the role of the OSCE” was held, where cyber-security issues were discussed [military-political, cyber-crimes and terrorism, global responsibility, regional responsibility, and the potential role of the OSCE] (27).

As the head of the OSCE, Ukraine should initiate in Kiev the holding of a relevant international conference on this subject, where existing international initiatives should be discussed and a draft of consensus document on international rules of cyber-space use should be proposed.

Ukraine initiative in the OSCE could also be, for example, the preparation of a draft treaty on the ensuring, by member countries, of the Budapest Convention on Cyber-crime; and the fundamental freedoms of information systems users in cyber-space; as well as protecting the interests of citizens from threats to their personal information and chance of cyber-crimes being committed against them.

***

Noting the high level of international community activity, and the interest in strategic dealing with problems of information space development; considering the definition of information security, which is complex and multi-valued; studying the experience of other countries in this field, which can become an example for Ukraine in shaping of its own policy in the information sphere, some lessons can be learned.

Creating a real international consensus on this issue among the leaders-states is an objective necessity as it will prevent further rapid growth of cyber-threats both on a national and international level.

Today, Ukraine is influenced by cyber-crime. It is interested in being actively involved in these discussions. International experience in combating threats to information security is essential to Ukraine as an example of policy shaping and building of its own cyber-security system. Primarily through the creation of the Strategy as one of the guiding documents of state policy of Ukraine, which define the activities of authorities in the information sphere, only security issues are doctrinally defined. Laws and guidelines regulate only the issues related to the latest information technologies.

The development of a consensus document on cyber-space could be the main issue during the presidency of Ukraine in the OSCE in 2013.


Bibliography:

1. National Cyber Security Strategies: Setting the course for national efforts to strengthen security cyberspace, ENISA (European Network and Information Security Agency), May 2012:

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/cyber-security-strategies-paper

2. U.S. Cyber Command: http://www.arcyber.army.mil/org-uscc.html

Department of Defense Strategy for Operating in Cyberspace, the United States of America – July 2011: http://www.defense.gov/news/d20110714cyber.pdf

3. James A. Lewis, Katrina Timlin, Cybersecurity and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization, Center for Strategic and International Studies – 2011: http://www.unidir.org/pdf/ouvrages/pdf-1-92-9045-011-J-en.pdf 

4. Cyber security strategy for Germany, Federal Ministry of the Interior – Translation Service, February 2011:

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/CyberSecurity/

Cyber_Security_Strategy_for_Germany.pdf?__blob=publicationFile

5. Federal Office for Information Security: https://www.bsi.bund.de/EN/Home/home_node.html

6. The Cyber security operations centre: http://www.dsd.gov.au/infosec/csoc.htm

7. Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia: https://www.ccdcoe.org 

8. European Cybercrime Centre (EC3) at Europol: https://www.europol.europa.eu/ec3

9. Minister for the Cabinet Office and Paymaster General: Progress on the UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World:

http://www.cabinetoffice.gov.uk/sites/default/files/resources/WMS_Cyber_Strategy_3-Dec-12_3.pdf

10. Department of Homeland Security: http://www.dhs.gov/about-dhs

11. Cyber Storm: Securing Cyber Space: http://www.dhs.gov/cyber-storm-securing-cyber-space

Cyber Europe 2010 – Evaluation Report, ENISA: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe/ce2010/ce2010report

ENISA facilitated the first ever pan European Cyber Exercise: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe/ce2010

12. Northrop Grumman – Cybersecurity: http://www.northropgrumman.com/cybersecurity/16.

13. The Next Wave, Vol. 19 № 4 – 2012, UK’s new Research Institute investigates the science of cybersecurity, Government Communications Headquarters (GCHQ): http://www.nsa.gov/research/tnw/tnw194/article8.shtml

14. No to Government Control of the Internet, Biden Says: http://london.usembassy.gov/cybersecurity004.html

15. Get Safe Online week: http://www.cabinetoffice.gov.uk/news/get-safe-online-week

16. Семінар з питань кіберзахисту у Донецьку:

http://www.nato.int/cps/uk/SID-34C19153-8F998EDD/natolive/news_87967.htm

17. Уряд схвалив законопроект про кібернетичну безпеку України:

http://www.kmu.gov.ua/control/uk/publish/article?art_id=246124630&;cat_id=244276429

18. Указ Президента Украины от 19 апреля 2012 года № 273/2012 «Об утверждении годовой национальной программы сотрудничества Украина – НАТО на 2012 год»:

http://www.president.gov.ua/ru/documents/14697.html

19. Alicia A. Caldwell: FBI says cyber-thieves stole $70 million, The Associated Press - Friday, October 1, 2010:

http://www.washingtonpost.com/wp-dyn/content/article/2010/10/01/AR2010100105316.html

20. Olzhas Auyezov, REUTERS, Ukraine says breaks up global hacker ring, banks targeted:

http://www.reuters.com/article/2011/06/23/us-ukraine-hackers-idUSTRE75M2JM20110623

21. Table of signatures and ratification:

http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?CL=ENG&;

CM=&NT=185&DF=&VL=

22. Convention on cybercrime, Council of Europe – Budapest, 23.XI.2001:

http://conventions.coe.int/Treaty/rus/Treaties/Html/185.htm

23. Council of Europe: http://hub.coe.int/web/coe-portal/navigation/47-countries 

24. The Partnership for Peace programme: http://www.nato.int/cps/en/natolive/topics_50349.htm

25. Доктрина інформаційної безпеки України № 514/2009 від 8 липня 2009 року:

http://zakon2.rada.gov.ua/laws/show/514/2009 

26. Україна розпочинає головування в Організації з безпеки і співробітництва в Європі (ОБСЄ):

http://mfa.gov.ua/ua/press-center/news/9416-ukrajina-rozpochinaje-golovuvannya-v-organizaciji-z-bezpeki-i-spivrobi

27. OSCE Conference on a Comprehensive Approach to Cyber Security: Exploring the Future OSCE Role, 11 May 2011:

http://www.osce.org/cio/77482


Eugenia Sadovska, Master of Public Administration

Development and Security Association