Co - idsa.indisrupt business operations or it may cause severe outages, 10 ... enticing impressionable youth to follow extremist ideologies. Cyberspace has become an intricate constituent

18th Asian Security Conference 2016 | 1

CoNFERENCE

BOOKLET

18th Asian Security Conference

Securing Cyberspace: Asian andInternational Perspectives

(February 9-11, 2016)

Organised by

2 | 18th Asian Security Conference 2016


CONTENTS

ABOUT IDSA 5

ABOUT ASIAN SECURITY CONFERENCE 7

CONCEPT NOTE 9

CONFERENCE PROGRAMME 13

PROFILES OF PARTICIPANTS & ABSTRACTS 17

CONTACTS 104



ABOUT IDSA

The Institute for Defence Studies and Analyses (IDSA) is anon-partisan, autonomous body dedicated to objectiveresearch and policy relevant studies on all aspects of defenceand security. Since its inception, IDSA has served as a forumto debate important aspects of national and internationalsecurity. Its mission is to promote national and internationalsecurity through the generation and dissemination ofknowledge on defence and security-related issues.

IDSA was established as a registered society in New Delhion November 11, 1965. The initiative for setting up theInstitute came from then Defence Minister Shri YeshwantraoChavan, who was one of the Institute's founding members.Over the last forty-plus years, IDSA has played a crucial rolein shaping India's foreign and security policies, includingwith respect to nuclear weapons, military expenditure, andconventional and non-conventional threats to India.

IDSA has a well-qualified multi-disciplinary research facultydrawn from academia, defence forces and the civil services,and which represent a diversity of views. Research at theInstitute is driven by a comprehensive agenda and by theneed to provide impartial analyses and policyrecommendations. IDSA's journals, monographs, briefs, andbooks are the principal mediums through which theseanalyses and policy recommendations are disseminated.

The IDSA website offers in depth insight into the working ofthe Institute with a user friendly interface. Regular updateson the events at IDSA can be found in the Media Briefs andIDSA News pages.


Research Centres

East Asia

West Asia

South Asia

Military Affairs

North America

Internal Security

Europe & Eurasia

Strategic Technologies

Non-Traditional Security

Nuclear and Arms Control

Southeast Asia and Oceania

Defence Economics & Industry

Africa, Latin America, Caribbean & UN


ABOUT ASIAN SECURITY CONFERENCE

The Asian Security Conference (ASC) is a major calendarevent of the Institute for Defence Studies and Analyses(IDSA), New Delhi which is organized in early spring eachyear. Since 1999 when the conference was first held, it hasbecome an important forum for debating issues relating toAsian Security. The ASC provides an opportunity for policymakers, scholars and security analysts, both from India andabroad, to share their views on the security challenges facingthe continent.

The contemporary strategic context is increasingly definedby the rapid growth of major Asian economies and therapidly increasing interest the major powers are evincingin the region. It has also resulted in a perceptible shift inpower to the Asian continent. While the emerging powershift is full of promise and opportunities, there are importantconcerns that cannot be ignored. Asia’s statesmen face avariety of challenges, which, if ignored or viewed with lessconcern, could lead to further instability and insecurity inthe region. In this backdrop the ASC looks at variousemerging trends and changes in the Asian security contextand forms a platform for discussion and debate. The ASCserves as the best available vehicle in the Asian region fordeveloping and channeling astute and effective public policyon defence and security. It can also be regarded as animportant academic platform for scholars to discuss newideas and theories.

Previous Asian Security Conference (ASC)

2015: Asian Security: Comprehending the IndianApproach

2014: Emerging Strategic Trends in Asia and India’sResponse

2013: Emerging Trends in West Asia: Regional and GlobalImplications


2012: Non-Traditional Security Challenges- Today andTomorrow

2011: Towards A New Asian Order

2010: Asian Strategic Futures 2030 : Trends, Scenarios andAlternatives

2009: The Changing Face of Conflict and EvolvingStrategies in Asia

2008: Asian Security in the 21st Century

2007: Evolving Security Dynamics in Southeast Asia –Emerging Threats and Responses

2006: Changing Security Dynamic in West Asia: Relevancefor the Post 9-11 Systemic

2005: Changing Security Dynamic in Eastern Asia: Focuson Japan

2004: United Nations, Multilateralism and InternationalSecurity

2003: Asian Security and China in the Period 2000-2010

2002: Asian Security Strategies in a Period of Uncertainty

2001: Reshaping Asian Security

2000: Asia’s New Dawn the Challenges to Peace andSecurity

1999: Asian Security in the 21st Century


CONCEPT NOTE

Securing Cyberspace: Asian and International Perspectives

Cybersecurity is increasingly drawing attention from policymakers as the world becomes increasingly interlinked anddependent on digital pathways. Use of cyber space bygovernments, businesses and individuals has providedeconomic benefits and helped connect the world in beneficialways. Simultaneously, however, there are attempts beingmade by state and non-state actors to deny its legitimateuse by others. Use of cyber space for espionage, bothcommercial and security-related, are common. Its use bycriminals and extremists is no less dangerous. Managingthis nascent and rapidly developing threat has proved tobe problematic given that it now touches almost every aspectof human existence, from communication to commerce. Itequally impact on a variety of stakeholders, individuals,corporations and states, all with differing priorities andperspectives. The large number of users and actors involved,and their varying perceptions of the threats and responsesto emanating from cyber space have led to conflicting voiceson how best to mitigate and overcome them.

Even as the connected systems and networks have grownmore intertwined and complex, Cyberspace is being usedfor a variety of malicious activities, from crime to state-sponsored attacks on critical infrastructure. Theinterconnectedness of cyber networks means that even themost basic responses end up having a ripple effect orunintended consequences. Maintaining a balance betweensecurity and benefitting from the many opportunitiesprovided by the deployment of new cyber technologies isproving to be one of the most vexatious issues of the 21stcentury.

The risk from cyber threats to government agencies, privateenterprises, public sector undertakings and researchinstitutions of strategic importance can manifest in manyforms. A Distributed Denial of Service (DDoS) attack candisrupt business operations or it may cause severe outages,


thereby having a direct impact on their revenue andreputation. Companies also face the risk of losing tradesecrets or intellectual property rights. Moreover, a massivedata breach for companies or governance portals storingdata of customers or citizens can compromise personalinformation. A cyber-attack on entities that are part ofcritical infrastructure can have a debilitating impact onnational security. The risk increases manifold for electricitygrids, nuclear installations, and telemetry/command andcontrol network of space assets. Surprisingly, social media,as a threat vector, has become a channel of least resistancefor threat actors to conduct reconnaissance, identity theftsand gather information on employees, projects, systems andinfrastructure, besides spreading hateful propaganda andenticing impressionable youth to follow extremist ideologies.

Cyberspace has become an intricate constituent of nationalpower. The strategies for the development of Cyberspaceare not just restricted to civilian purposes; rather, this domainnow falls well under the ambit of the armed forces. Withthe advent of Network Centricity in military operations andRevolution in Military Affairs, armed forces are at elevatedrisk of cyber incidents. The integrated use of land, air,maritime and space assets for enhanced domain awarenessor real-time information access warrants the armed forcesto build expertise in both defensive and offensive cyberoperations. Nation states have documented their CyberStrategies and executed them in the form of CyberCommands, both overt and covert. With the militarydimension, Cyberspace is witnessing a race for developmentand deployment of cyber weapons. An arms control regime,the Wassenaar Arrangement has enlarged its controls listin consonance with the way Cyberspace has altered presentday security landscape. The development of cyber weaponsand their potential usage against high value targets has beenone of the major security concerns for nation states.

The threats in Cyberspace are varying in nature andintensity. Leading companies operating in the domains ofenergy, telecommunications, finance, and transportationsectors are targets of Advanced Persistent Threats (APT).


Non-state actors, such as terrorist organizations andcriminal syndicates have become tech-savvy, therebyemploying human resources to develop malware. Thesetools are used extensively in committing Cybercrime.Terrorist organizations leverage the benefits of Cyberspace,harnessing it for ideology propagation, recruitment andcommunication. The terrorist organization, the Islamic Statein Iraq and Syria (ISIS) has been a prime case study. It hastremendous presence on social media helps spread itspropaganda and recruit sympathizers across the globe. Al-Qaeda is also reported to have developed encryptionsoftware to secure their communication in Cyberspace.

As the extent of commerce transacted over Cyberspacegrows, along with increasing reliance on informationtechnology to drive cost-efficiencies, the risk exposure toenterprises have increased. According to the 2013 SecurityThreat Report published by the cyber security company,Sophos, Asia accounted for eight of the top-10 countriesmost vulnerable to Cybercrime. Asia, the largest continenton earth, represents 60 percent of the world's population.It is the fastest growing economic region globally. On theother hand, the unprecedented growth of rising economies,rapid industrialisation, rising demand for energy, expandingmarkets and, depleting natural resources have led tocompetition and confrontation with respect to the accessand control of resources. As Asia continues to grow its shareof the global trade and commerce, the threats from cyber-attacks are expected to increase in tandem.

Cyber-attacks, like many of the new security challenges,are transnational in origin and nature, and no nation cancombat them alone. Despite variations in ethnic, economicand government systems, Asian countries need robustsecurity architecture to resolve the issues specific to thegeographical region as well as international issuesdetrimental to Asia's economic and societal growth.

With the shift of power towards Asia, its representation inthe rule-making mechanisms and inputs towards creating asecure cyberspace is critical to international politics, theworld economy, and the credibility of international


institutions and cybersecurity regimes. Within Asia, cyberthreats have altered the security perceptions of institutionsand government systems. Against this backdrop, theInstitute for Defence Studies and Analyses, New Delhi willorganise the 18th Asian Security Conference focusing onthe emerging threats and challenges from cyber domain tonational and regional security. The two-and-a-half-dayconference will consider international and regionalresponses to cyber security and the scope for cooperationamidst varying national policy frameworks and legislations.

The major themes to be discussed include the following:

Day One

Session 1: The Global Cybersecurity Environment

Session 2: International and Regional Responses to issues inCybersecurity

Session 3: Non-State Actors and Cyberspace

Day Two

Session 4: Securing Strategic Critical Infrastructure

Session 5: Cybersecurity and the Digital Economy

Session 6: Role of Military in Cybersecurity

Day Three

Session 7: Cybersecurity Futures


CONFERENCE PROGRAMME

DAY 1: Tuesday, February 9, 2016

09:15-09:40 Registration09:45-10:15 Inaugural AddressWelcome Remarks: Shri Jayant Prasad, Director General,

IDSAKey Note Address: Air Marshal PP Reddy VM, ADC,

Chief of Integrated Defence StaffVote of Thanks: Brig. Rumel Dahiya (Retd), Deputy

Director General, IDSA

10:15-10:45 Tea

10:45-13:00 Session 1 - The GlobalCybersecurity Environment

Chairperson: Nitin DesaiAmmar Jaffri Cyber Security Challenges &

Opportunities in the Fast ChangingWorld Today

Varun Sahni Cyber Redefinitions and theChallenged State: SecurityImplications

Greg Austin Mutual Restraint in the CyberspaceDiplomacy of Great Powers

Cuihong Cai Global Cybersecurity Environment:Perspectives of the US and China inComparison

Yasuaki Hashimoto Present Situation of Japanese CyberSecurity

13:00-14:00 Lunch

14:00-15:30 Session 2 - International andRegional Responses toCybersecurity Challenges

Chairperson: Latha Reddy


Alexandra Working out the Rules of GlobalKulikova Cyberspace GovernanceNandkumar International and RegionalSaravade Responses to Cybersecurity

ChallengesCandice Tran Dai Economic Dimensions of National

Cybersecurity Strategies in the Asia-Pacific Region

Munish Sharma & A South Asian RegionalCherian Samuel Cybersecurity Cooperation (SARCC)

Forum: Prospects and Challenges

15:30-16:00 Tea

16:00-17:30 Session 3 - Non-State Actors andCyberspace

Chairperson: Ravi KantAlok Vijayant Asymmetrism in Cyberspace:

State vs. Non-state ActorsSanjeev Relia Non-State Actors and Cyberspace:

An OverviewArun Mohan State and Non-State: Residual ActorsSukumar in CyberspaceGillane Allam Non-State Actors & Cyberspace- A

North African Perspective

DAY 2: Wednesday, February 10, 2016

10:00-11:00 Keynote Address by Arvind Gupta,Deputy National Security Advisor

11:00-11:30 Tea

11:30-13:00 Session 4 - Securing StrategicCritical Infrastructure

Chairperson: Alhad G. ApteTed Lewis Challenges of Cybersecurity:

Malware and AS-level Structure


Kah-Kin Ho Evolving Role of Government inCritical Infrastructure Protection

Jana Robinson Governance Challenges at theIntersection of Space andCybersecurity

Caroline Baylon Cyber Security Threats to CriticalInfrastructure: A Case Study ofNuclear Facilities

A. Vinod Kumar Securing Critical Infrastructure fromCyber Threats: Developing Defence,Deterrence and Norms

13:00-14:00 Lunch

14:00-15:30 Session 5 - Cybersecurity and theDigital Economy

Chairperson: V. K. SaraswatLiam Nevill Challenging Opportunities for Asia-

Pacific's Digital EconomyMadan M. Oberoi New Technologies and New Forms

of Crime: Need to Recalibrate LawEnforcement Strategy / Procedures /Law

IL Seok, OH Korean Legal Initiatives to combatCybercrime and enhance DigitalEconomy

Uchenna Regionalising CybersecurityJerome Orji Governance in Africa: An

Assessment of Responses

15:30-16:00 Tea

16:00-17:30 Session 6 - Role of Military inCybersecurity

Chairperson: Prakash MenonLiina Areng Role of Military in CybersecurityAmit Sharma The Triad Theory of Cyber Warfare:

A Framework for Strategic CyberWarfare


Caitriona Heinl International Military CyberCooperation in Asia

Li-Chung Yuan Role of Military in Cyberspace: Caseof Republic of China (Taiwan)

DAY 3: Thursday, February 11, 2016

10:00-11:30 Session 7 - Cybersecurity FuturesChairperson: K. SanthanamTobby Simon Cybersecurity FuturesSico van der Meer Defence, Deterrence, and Diplomacy:

Foreign Policy Instruments toIncrease Future Cybersecurity

John Ellis Disruptive Technologies and theTrusted Cyber Future

Jonathan Reiber Cybersecurity Futures and the US-India Strategic Partnership

11:30-12:00 Tea

12:00-14:00 Session 8 - Panel Discussion onWay Forward

Chairperson: Gulshan RaiAmmar JaffriGillane AllamGreg AustinKiran KarnikN BalakrishnanSantosh Jha

Vote of Thanks

14:00-15:00 Lunch


Profiles of Participants

&

Abstracts



Key Note Address

AIR MARSHAL PP REDDY, VM, ADC

Chief of Integrated Defence Staff

Air Marshal PP Reddy, VM took over as Chief of IntegratedDefence Staff to the Chairman Chiefs of Staff Committeeon 01 Jul 14. He was commissioned as a Fighter Pilot in theIndian Air Force in Jun 1977. He is an alumnus of RashtriyaIndian Military College, National Defence Academy andDefence Services Staff College, Wellington.

He is a Qualified Flying Instructor and an Experimental TestPilot who has flown 3600 hrs on various types of fighter aswell as transport aircraft, including SU-30 MKI. He hascommanded a MiG-27 Squadron and a Fighter Base inKashmir Valley. He has worked in the Plans Branch at AirHQ and was instrumental in the implementation of SU-30MKI, IL-78 Flight Refueller Aircraft and MiG-27 upgradeprograms. He has also served as the Chief Test Pilot atAircraft and Systems Testing Establishment, Air Adviserat High Commission of India, London, Senior Officer-in-Charge Administration at South Western Air Command andSenior Air Staff Officer at Training Command. He was theDirector General (Inspection & Safety) at Air HQ prior tohis present appointment.

He is decorated with the Presidental Award, ‘VayusenaMedal’.


Welcome Address

JAYANT PRASAD

Director GeneralInstitute for Defence Studies andAnalyses, New Delhi

Shri Jayant Prasad is Director General, Institute for DefenceStudies and Analyses, New Delhi. He was India’sAmbassador to Afghanistan, Algeria, Nepal, and the UNConference on Disarmament, Geneva. At headquarters, inthe Ministry of External Affairs, he served as SpecialSecretary (Public Diplomacy), and Head of the Americasand the Multilateral Economic Relations Divisions. He wasRapporteur of the U.N. Commission on Human Rights,Geneva (1986-87), Fellow at the Weatherhead Center forInternational Affairs, Harvard University (1998-99), memberof U.N. Secretary-General’s Advisory Board onDisarmament Matters (2005-07), and Visiting Scholar, Centerfor the Advanced Study of India, University of Pennsylvania(2014-15). Before his 37-year public service career, he waslecturer in history, St. Stephen's College, University of Delhi,after completing his studies at Modern School, St. Stephen'sCollege, and Jawarharlal Nehru University.


RUMEL DAHIYA

Deputy Director GeneralInstitute for Defence Studies andAnalyses, New Delhi

Brig Rumel Dahiya, SM (Retd) is Deputy Director Generalat the Institute of Defence Studies & Analyses. He is alsoCoordinator of the Military Affairs Centre and ManagingEditor of the Journal of Defence Studies.

Brig Dahiya is an Indian Army veteran with extensivecommand and staff experience spanning 32 years, includingin counter-insurgency operations. He previously served asa Defence Attache to Turkey, Syria and Lebanon, and withthe Indian Military Training Team in Bhutan. He also servedwith Military Operations Directorate of the Indian Armyand Net Assessment Directorate at Integrated Defence Staff.Brig. Dahiya is a graduate of the National Defence Collegeand Defence Services Staff College. He was awarded theSword of Honour and Gold Medal at the Indian MilitaryAcademy at his commissioning.

Vote of Thanks


Session 1The Global Cybersecurity

EnvironmentTuesday, February 9, 2016

1045h - 1300h


Shri Nitin Desai was formerly the Chief Economic Adviserin the Ministry of Finance, Government of India and laterUnder Secretary General of the UN and Chair of the Multi-stake holder Advisory Group that organises the annual UNInternet Governance Forum. He was also the Chairman ofthe IDSA Task Force on Cyber Security.

Chairperson

NITIN DESAI


AMMAR JAFFRI

Ammar Jaffri is President of Pakistan Information SecurityAssociation. He has over 40 years of experience inGovernance, Digital Forensics, Information Technology,Security, Education and Philanthropy. He has served andled different departments in the Federal Government ofPakistan, and has been recognized with some of the highestindustry honors in Pakistan as well as internationally.

He serves as the Pakistan point of contact for a number ofinternational initiatives on Cyber Security like the MicrosoftLaw Enforcement Forum, G-8 24/7 High Tech CrimeNetwork, the OIC-CERT, SAARC CERT, APCERT, Councilof the European Union, and with INTERPOL. He retired asthe Additional Director General of the Federal InvestigationAgency of Pakistan in 2010, and is currently engaged invarious public and private projects in a private capacity. Heis a well-known speaker on a wide range of subjectsincluding Information Security, Electronic Governance,Business Continuity Planning, Electronic Banking, andemerging trends in communication.


CYBER SECURITY CHALLENGES & OPPORTUNITIES IN

THE FAST CHANGING WORLD TODAY

Ammar JaffriThe paper deals on the following aspects.

i) Use of Cyberspace in Asian Countries.. Future trendsand opportunities.

ii) Use of Cyberspace by Criminals & terroristorganizations.

iii) How to remain secure in cyberspace..... Challengesand Solutions.

iv) Need for regional cooperation for securing theCyberspace.

v) Use of Internet in Development Sector (Health,Education,etc)

vi) Need for regional cooperation (E-SAARC as a Casestudy)


VARUN SAHNI

Varun Sahni is Professor in International Politics atJawaharlal Nehru University, New Delhi. He editsInternational Studies and South Asian Survey and speaksannually (since 2006) at the National Defence College (NDC)and several times a year (since 1997) at the Foreign ServiceInstitute, New Delhi. He has been a Jury Member of theJawaharlal Nehru Award for International Understanding.An Inlaks Scholar, he wrote his doctoral dissertation on thepolitical role of the Argentine Navy at the University ofOxford (1991). He has written 105 research articles onnuclear deterrence issues, regional security, emergingbalances in the Asia-Pacific, evolving security concepts,emerging powers, international relations theory and LatinAmerican issues. He has been visiting professor at importantuniversities in Mexico City, Washington, DC and Canberra.For his “outstanding contribution to research and teaching”,he was conferred the V.K.R.V. Rao Prize in Social Sciencesfor 2006 by the Indian Council of Social Science Research.From December 2008 to January 2012, he served as the 10thVice-Chancellor of the University of Jammu.


CYBER REDEFINITIONS AND THE CHALLENGED STATE:SECURITY IMPLICATIONS

Varun SahniStates are static because they are rooted in territory. Worldpolitics, on the other hand, is increasingly dynamic,consisting of networks and flows rather than actors.Information technology (IT), i.e. technology relating to theproduction, manipulation, storage, communication anddissemination of information, is redefining human and socialpossibilities, thereby posing some fundamental challengesto the sovereign territorial state. The first redefinitionpertains to people: cyberspace is creating novel humanaggregations and social configurations and throwing up newpossibilities of community. The second challenge is spatialand relates to the new coordinates of location that self-evidently exist in cyberspace. A concrete sense of placeemerges out of the specific meanings that individual humanbeings and social collectivities ascribe to empty, abstractspace; cyberspace radically transforms both by offeringalternate places and parallel spaces. The third challenge isabout the purposes and manifestations of power: cyberspacesimultaneously augments the capabilities of government butalso magnifies the demands and expectations placed by civilsociety upon it, besides providing insurgents with new waysto challenge established power structures. Fourthly,cyberspace fundamentally challenges notions of exclusivejurisdiction that are inherent to traditional understandingsof statehood. Perhaps it is not coincidental that thechallenges emanating from cyber redefinition impact uponthe four classical elements of statehood - population,territory, government and sovereignty - and have asignificant impact upon state security. Challenges notadequately addressed and dealt with become existentialthreats. As states, societies and economies become ever moredependent upon IT, cyberspace will inevitably become atheatre of war.


GREG AUSTIN

Greg Austin is a Professorial Fellow with the EastWestInstitute in New York and a Professor at the AustralianCentre for Cyber Security at the University of New SouthWales, Canberra, at the Australian Defence Force Academy.He is the author of several highly reviewed books oninternational security, especially on Asia. His latest book isCyber Policy in China (Cambridge: policy 2014).


MUTUAL RESTRAINT IN THE CYBERSPACE DIPLOMACY

OF GREAT POWERS

Greg AustinThere has been a strong tension in the cyberspace diplomacyof the great powers between the impulse to collaborate forcommon interests and the countervailing persistence ofdivergent national military and security needs. Bothtendencies saw important evolutions in 2015. Newagreements for cooperative efforts and mutual restraintwere reached in several forums, such as the G20 and theUnited Nations Group of Governmental Experts. At thesame time, several states published new plans or made newannouncements about stepping up military and nationalsecurity-related activity in cyberspace in ways thatsuggested an escalating cyber arms race. The middle groundbetween these two impulses was occupied by newuncertainties in interstate relations about technology transferbetween states in the ICT sector. The paper sketches thisrecent evolution in cyberspace diplomacy with a specialfocus on the United States, China, Russia and India. It thenreturns to the theme of war avoidance and mutual restraintin cyberspace to see how that has played out in the policydeliberations, both national and multinational, in recentyears. The paper concludes with an assessment of likelypathways, casting ahead to the 10 to 20 year time frame forinternational security perspectives. The paper concludeswith some recommendations for policy makers to helpentrench practices of mutual restraint.


CUIHONG CAI

Cuihong Cai is associate professor of international relationsat the Center for American Studies of Fudan University.Prior to the present job, she worked for the Foreign AffairsOffice of Fudan University during 1996-2001. She receivedher B.S.(1993) and M.S.(1996) in biophysics, and her Ph.D(2002) in international relations from Fudan University. Shealso holds a B.A.(2001) in English language and literaturefrom Shanghai International Studies University. She was avisiting scholar at the Georgia Institute of Technology in2002, and at the University of California, Berkeley in 2007,as well as an invited fellow in the 2007 program on USNational Security sponsored by the US State Department.

Cuihong Cai is the author of Political Development in the CyberAge (Beijing: Current Affairs Press, 2015), U.S. NationalInformation Security Strategy (Shanghai: Academia Press, 2009)and Internet and International Politics (Shanghai: AcademiaPress, 2003), as well as several dozen of articles and paperson cyber-politics, cyberspace governance, cybersecuritystrategy and Sino-US relations.


GLOBAL CYBERSECURITY ENVIRONMENT: PERSPECTIVES

OF THE US AND CHINA IN COMPARISON

Cuihong Cai

The global cybersecurity environment can be considered asthe current condition and situation related to cyberspacethat affects the security, stability and development of thecountries in the world. From an objective point of view, theglobal cybersecurity environment has many commonfeatures, such as the diversity of threats, the asymmetry ofsubjects, the lagging of security technologies, the absenceof institutional norms, the imbalance of cyber power, thelack of collective security mechanism as well as themalfunction of the deterrence in cyberspace. These alsoconstitute the common challenges of the global cybersecurityenvironment that China and the United States are facing.At the same time, the global cybersecurity environment is asubjective cognition, which has different meanings todifferent countries. While the United States defines globalcybersecurity environment from the perspective of “threats”,China tends to defines it from the perspective of“development”. The threat-based approach defines it fromthe “others”, and the development-based approach focusesmore on the “self” needs, with the main purpose to enhancethe development of cyberspace as well as to guarantee thedomestic stability of the society. The gap of China and theUnited States on the global cybersecurity environmentawareness leads to the difference of their cybersecuritystrategy and therefore the lack of mutual trust between thetwo sides, which in turn becomes part of the globalcybersecurity environment.


YASUAKI HASHIMOTO

Yasuaki Hashimoto is now Head of Government and LawDivision at The National Institute for Defence Studies (NIDS)and Lecturer (International Law) at KOMAZAWAUniversity, Japan. He also serves on the Committee onNational Space Policy of Japan as ad hoc member. Hiseducational background includes LL.B. (KanazawaUniversity, Japan), LL.M. (Keio University, Japan) andstudies at Leiden University in the Netherlands. ProfessorHashimoto's areas of expertise are international law, spacelaw, cyber law, international law of armed conflict andinternational humanitarian law. He has a career spanningsome 25 years and has published articles in the space lawfield after becoming an International Institute of Space Law(IISL) member in 1987. Particularly after joining NIDS, he isfocusing mainly on the research of space law and policyfrom the security perspective. He also cooperates with theIISL Moot Court Competition in the Asia Pacific Region.


PRESENT SITUATION OF JAPANESE CYBER SECURITY

Yasuaki HashimotoThe number of cyber attacks in Japan is drastically increasing.It was 3 billion in 2005, 5.7 billion in 2010, 7.8 Billion in2012, 12.8 billion in 2013. And in 2014 the number of cyberattacks sensed in Japan jumped up to 25.6 billion, twice ofthe previous year 2013. And this danger is getting biggerday by day, year by year.

In fact Japan has faced some different kinds of cyber attacks.In the past, most of them were DDoS (Distributed Denialof Service) attacks to some governmental sites orcommercial web sites mainly done by foreign nationalisticpeople. But recently more sophisticated APT (AdvancedPersistent Threat) attacks are the main cyber attacks againstJapan. The targets are the leading companies such as inaerospace industries, the Diet (national parliament) andJapanese diplomatic offices in abroad. Responding to suchsituation, Japanese government established Cyber SecurityStrategy in 2013. It shows that Japan has recognized thestability of cyberspace as the important national challenge.Additionally in 2014 Japanese Diet passed the Cyber SecurityBasic Law. Under those basic law and strategy, Nationalcenter of Incident readiness and Strategy for Cybersecurity(NISC) in the Cabinet Office has played a headquarters rolein the national level cyber security. This NISC, however,only monitors, analyses the cyber attacks of the governmentand related authorities, and coordinates the appropriatemeasures taken by affected organizations. The actual cybersecurity will be achieved by some governmental ministriesand their related commercial companies groups. Japan nowhas this kind of multi players' cyber security structure.

Ministry of Defense also has its own Cyber Defense Unitfrom 2014. However, this Unit only protects the cybernetworks owned and operated by Ministry of Defense(JapanSelf Defense Forces) and does not cover the whole nationalcyber network infrastructure. It is contrastive consideringthe actual, real national territory is protected by Ground,Air and Maritime Self Defense Forces.


Session 2International and RegionalResponses to Cybersecurity

ChallengesTuesday, February 9, 2016

1400h - 1530h


Chairperson

LATHA REDDY

Smt. Latha Reddy is the former Deputy National SecurityAdviser of India. She was responsible for cybersecurity andother critical internal and external security issues. She isalso a Distinguished Fellow, East West Institute, New York.

She served in the Indian Foreign Service from 1975-2011.During her diplomatic career she served in Lisbon,Washington D.C., Kathmandu, Brasilia, Durban, Vienna andBangkok. She served as Ambassador of India to Portugal(2004-2006) and to Thailand (2007-2009). She was Secretary(East) in the Ministry of External Affairs in Delhi (2010-2011) with overall charge of India's bilateral and regionalrelations with Asia. She was then appointed as India’sDeputy National Security Advisor in the Prime Minister'sOffice from 2011-2013.


ALEXANDRA KULIKOVA

Alexandra Kulikova is the Global Stakeholder EngagementManager for Eastern Europe and Central Asia at ICANN,and also acting as PIR Center Consultant (non-staff).Alexandra's research interests within the program andbeyond include national and global internet governance,privacy and data protection online, state and corporatepolicies on ICT security, international cyber-strategies andpolicies.

She holds an M.Sc. degree from the London School ofeconomics and Political Science in media and communicationgovernance and graduate degree from Moscow StateLinguistic University in theory and practice of interculturalcommunication and teaching foreign languages and cultures.


WORKING OUT THE RULES OF

GLOBAL CYBERSPACE GOVERNANCE

Alexandra Kulikova

As cyber instability increases globally, both state and non-state actors are looking for ways to elaborate ways ofresponsible behaviour in cyberspace, which would reducethe risk of a cyber conflict. While efforts to develop suchnorms and rules have been undertaken for more than adecade, various initiatives developed currently atinternational, regional and bilateral levels indicatestakeholders' ripe resolve to work at the preventionmechanisms in tackling cybersecurity issues. Together theseefforts and initiatives form a rich ecosystem of tools andstandards to ensure cyber stability serving global, regionalor local goals. However, this diversity of needs, goals andagendas suggest a reconciliation as well as implementationand operability challenge.


NANDKUMAR SARAVADE

Nandkumar Saravade is the Chief Executive Officer of theData Security Council of India (DSCI). He is a Civil-and-Environmental-Engineer-turned-IPS officer-turned-securityprofessional. While in the IPS, he served in the state policedepartments of Jammu and Kashmir and West Bengal,before moving to Mumbai on deputation to the CentralBureau of Investigation in 1996.

From 2005-2008, he worked with NASSCOM (NationalAssociation of Software and Service Companies), asDirector, Cyber Security and Compliance, on a three-yeardeputation from Public Services. In 2008, he took voluntaryretirement from the Indian Police Service (IPS) and joinedthe private sector, leading the security and crime preventionverticals at financial institutions such as ICICI Bank andCitiBank. He was appointed as CEO of DSCI in July 2015.


INTERNATIONAL AND REGIONAL RESPONSES TO

CYBERSECURITY CHALLENGES

Nandkumar Saravade

Cyberspace is becoming increasingly important for nationstates from policy and diplomacy perspective, given itsrising strategic importance. It has emerged as fifth domain- after land, sea, air and outer space. One nation state's effortto strengthen its cyberspace capabilities evokes a responseby another state. Early adopters have built up significantcyber capacity and are seemingly ahead of theircounterparts. Many countries, majorly developing andunderdeveloped states are in the middle of digitizing theirstate, economy and society. By virtue of its design, thedomain in offence is dominant. Nation states andorganisations are investing significant efforts and resourcesto safeguard their critical assets.

The cybersecurity threat landscape is changing rapidly.Dependence on cyberspace has led to the proliferation of adiverse and complex range of threats. The attacks have comeof age - starting with computer registry modifying virusesto use of ransomware and complex malwares havingsignificant kinetic impact. Technology evolution and trendssuch as Big data, shift to the Cloud, rising usage of Internetof Things etc. have increased overall risk exposure.

The challenges of cybersecurity are faced by one and all, andit requires concerted efforts at all layers to effectively counterthe growing menace. Collaboration is required at national,regional and global level. Clearer role of establishedinstitutions, comprehensive cyber doctrines and treaties willemerge sooner rather than later, with countries signing non-aggression pacts on cyber attacks, and forging cyber-defenceagreements that put cyber attacks in the same policy bucketas kinetic acts. Right from information sharing amongsttrusted parties on security threats, to collaboration amongstLaw Enforcement Agencies to bring cyber criminals tojustice, to devising treaties and regulations for cyber domain,cyber security challenge is emerging as a big uniting factor.


CANDICE TRAN DAI

Candice Tran Dai is Vice President and Cyberspace ProgramManager at Asia Center, France. She has also been workingas a consultant in international business developmentstrategy since 2006, advising European companies regardingtheir market access and international development in Chinaand Southeast Asia. Working both for the public and theprivate sectors, she has developed a strong expertise onICT and Internet related issues in the Asia-Pacific region.Regarding her consulting assignments in the private sector,she has been for instance working on helping companiesdesign and implement their digital strategies in Asiancountries. In the public realm, she is focusing on issuesrelating to knowledge society, national ICT developmentstrategy, as well as political and cybersecurity issues. Shewas besides mandated as Committee Supervisor during the7th Asia-Middle East International session (Siamo),organized by the Institute for Higher National DefenceStudies (IHEDN) in 2011 and dedicated to cyberspacestrategic issues.


ECONOMIC DIMENSIONS OF NATIONAL CYBERSECURITY

STRATEGIES IN THE ASIA-PACIFIC REGION

Candice Tran Dai

Many Asian governments have integrated the informationand communication technologies (ICT) into their socio-economic development strategy in a way that the rapidemergence of information societies in Asia involves anincreased corollary dependence upon the ICT in terms ofeconomic prosperity. Hence, from a regional perspective,the expansion of digital economies and the development ofinformation societies result in stronger vulnerability andgreater exposure to cyber-crimes and cyber-threats, bothinternally and externally. The prevalence of cybercrime inthe region reflects without doubt the economic vitality ofthe Asia-Pacific region, which has become very attractivefor potential gains from cybercriminal activities. Howeverthe boundaries between what constitutes an act of crime,economic or strategic espionage are still difficult todetermine. Cybersecurity has undoubtedly become apriority component in the formulation of national cyber-strategy roadmaps of Asia-Pacific countries.

At national level, Asia-Pacific countries have heterogeneousmeans and capabilities for prevention and fight againstcyber-crimes and cyber-threats, and they have to deal withchallenges of different nature with regards to cybersecurity.The result is a wide disparity in approaching the questionof cybersecurity and in the formulation or reformulation ofpolicies and/or ad hoc national strategies.

The objective of this paper is to highlight the variousincentives behind the quest for indigenous cybersecuritycapability and technology as a growing trend in the Asia-Pacific region, notably driven by several countries, and toshow how it is intertwined with a general quest forinnovation capability and a pragmatic quest for commercialobjectives.


Cherian Samuel is Associate Fellow in the StrategicTechnologies Centre at the Institute for Defence Studies andAnalyses. His recent publications include India’s InternationalCybersecurity Strategy in Cybersecurity: Some Critical Insights andPerspectives, Damien D. Cheong ed, S. Rajaratnam School ofInternational Studies, Singapore (January 2015), Net-CentricDefence Forces : A Macro View in DSA Magazine, July 2014 issue,Cyber security and National Development CASS Journal, Vol. 1,No. 3, July–September 2014 ((Pune), Cybersecurity and Cyberwar,(October 2013 issue of Seminar magazine), and Prospects forIndia-US Cyber Security Cooperation, (Volume 31, Issue 2, StrategicAnalysis September 2011). His monograph Global, Regional andDomestic Dynamics of Cybersecurity was published in December2014. He was co-ordinator of the IDSA Task Force on CyberSecurity which published a report on India's Cyber SecurityChallenges in March 2012.

MUNISH SHARMA

Munish Sharma is an Associate Fellow with theCybersecurity Project at IDSA. He is an engineering graduateand holds a masters in Geopolitics and InternationalRelations. Prior to masters he worked as software engineerfor four years with Accenture Services. His research areasare Cybersecurity, Critical Information InfrastructureProtection, Space Security, and Defence Technologies.

CHERIAN SAMUEL


A SOUTH ASIAN REGIONAL CYBERSECURITY

COOPERATION (SARCC) FORUM:PROSPECTS AND CHALLENGES

Munish Sharma and Cherian Samuel

South Asia has experienced a long haul of robust economicgrowth, and World Bank statistics conclude that it has beenamong the fastest-growing regions in the world. Much ofthis economic development has been facilitated through theadvances in information technology with the digitizationof public services and opportunities for businessdevelopment in Information and CommunicationTechnology. However, countries in the region are yet tointernalize cyber security as essential to their economic,political and national well being. Lack of capabilities andcapacities to understand and remediate threats make notjust individual countries, but the entire region vulnerableto threats from state and non-state actors.

As an economic and geopolitical organisation of eightcountries, South Asian Association for Regional Cooperation(SAARC) can play a pivotal role in capacity building aswell coordinating cyber security efforts of all the membersfacing non-traditional security threats from non-state actorsto both their populace and businesses, in form of terrorism,cyber crime etc. The paper examines the feasibility of SAARCputting across Cyber security as a key agenda item forcooperation, given the divergences among members overtraditional security threats. It makes an attempt to drawlearning lessons from the ASEAN Regional Forum (ARF)to address Cyber issues as key security matter to ensure asafe and secure Cyberspace across South Asia.


Session 3Non-State Actors and

CyberspaceTuesday, February 9, 2016

1600h - 1730h


Chairperson

RAVI KANT

Shri Ravi Kant is the Additional Secretary in the Ministryof Defence. He is a 1984 batch IAS officer from the Biharcadre. Before taking charge as Additional Secretary, heserved as Joint Secretary with Department of DefenceProduction in the Ministry of Defence.


ALOK VIJAYANT

Alok Vijayant is Director-Information Dominance Groupand Tech Financial Intelligence Unit of the National TechnicalResearch Organisation (NTRO).


ASYMMETRISM IN CYBERSPACE: STATE VS.NON-STATE ACTORS

Alok VijayantThe asymmetries in the fifth domain of cyber lend itselfexploitable by all and sundry. The distinction between thestate and the non-state actors have got marginalised in thecurrent decade and is the non-state actors that call the shotsand the state actors only try to legislate the domain andcreate controls to have stakes in this domain.

What remains to be seen is whether coercive and deterrencetechniques would be the parameters to reckon with or thereare other methods of controls. Primarily non-state actorstarget systems and entities that could bring benefits to them.Most of the time their target focuses on money, prestige,glorifications and alike rather than focussing on CII andother critical systems. Such systems would only be targetedin case of a personal revenge that they might have on theirfolds due to small amount of bills or any mundane issue, orin the event someone is willing to sponsor the act, be it thestate or corporate. However, state agencies would dwellinto investments in offensive technology for various acts ofespionage, foreknowledge, diplomacy and warfare.


SANJEEV RELIA

Sanjeev Relia was commissioned into the Corps of Signalsin 1986, he holds a B.Tech in Electronics andTelecommunications. He attended the Defence Services StaffCollege Course in Wellington. Col. Relia has been associatedwith modernization of IT and communication infrastructurein the Indian Army and issues related to Cyber Security.Besides research work, he is also pursuing Ph.D on India’sCyber Security Challenges. He was associated with researchproject at The United Services Institution of India, andauthored the book Cyber Warfare: It's Implications on NationalSecurity, published in November 2015. He is a certifiedEthical Hacker and holds a Post Graduate Diploma in CyberLaws.


NON-STATE ACTORS AND CYBERSPACE: AN OVERVIEW

Sanjeev ReliaMillions of dollars are lost because of cybercrime every year.That is perhaps the reason that cybercrime is the mostreported and discussed facet of cyberspace. Yet cyber-criminals are not the ones who pose the gravest of threats.It is the threat of presence of non-state actors in cyberdomain that is worrying nations today. The very nature ofcyberspace makes them a potent force that will play a pivotalrole in any future cyber war.

The paper focuses on defining who the Non State actors inthe cyberspace are and how non state actors operating inthe virtual world (cyberspace) are different from the nonstate actors operating in the real world. It is also discussedin detail the modus operandi of Cyber militia and Cyber-terrorists and the threats that a country like India faces fromnon state actors operating in the cyberspace.


ARUN MOHAN SUKUMAR

Arun Mohan Sukumar heads the Observer ResearchFoundation's Cyber Security and Internet GovernanceInitiative, coordinating research projects on internetgovernance, data protection, and international norms. Heis the elected vice-chair of the Asia-Pacific InternetGovernance Forum. Arun is a lawyer by training, educatedat NALSAR University of Law, Hyderabad. He holds aMaster's degree from the Fletcher School of Law andDiplomacy, Tufts University, where he was the DouglasDillon Fellow, and the recipient of the Leo Gross Prize forOutstanding Student of International Law. Arun waspreviously Senior Fellow at the Centre for CommunicationGovernance, National Law University Delhi, working onglobal internet governance. He has served on the editorialboard of The Hindu, and continues to write for the dailyon foreign affairs.


STATE AND NON-STATE: RESIDUAL

ACTORS IN CYBERSPACE

Arun Mohan SukumarThe non-state actor shares an adversarial relationship withexisting international regimes on cybersecurity and cyberwarfare. This is true of many international regimes today,whether they relate to non-proliferation or maritime piracy.Multilateral instruments and organisations founded in theaftermath of the Second World War have tried “manage”non-state actors, often treating their actions through theprism of the state. The etymology of the phrase itself isrevealing: “non-state” refers to all actors excluding thenation-state, which remains the primary agent ininternational relations. This trend is visible even inconversations around cyber security regimes, notably in theeffort to create norms around “attribution” of non-stateactions. Cyber security regimes, however, cannot afford totreat non-state actors residually.

Individuals in cyberspace possess hard and soft capabilitiesthat go well beyond any other common space regulated byinternational law. The problem of absorbing non-state actorsinto international regimes is complicated by the fact thatcyberspace is not a “commons” in the true sense of theworld. Unlike the high seas, the ozone layer or outer space,the internet is heavily regulated by national, regional andlocal laws that confer rights and responsibilities on theindividual. So while the state retains agency over manyactions of a non-state actor in cyberspace, internationalregimes have to be sensitive to the different legal andtechnical standards that limit universal treatment. This paperexplores if existing cyber norms have been able to adjust tothese differing standards, using the example of the TallinnManual and the 2015 report of the UN Group ofGovernmental Experts. Both instruments are non-binding,but constitute definitive attempts to codify norms on stateand non-state conduct in cyberspace.


GILLANE ALLAM

Gillane Allam is a career diplomat of the Ministry of ForeignAffairs of Egypt. She is a graduate of the School of Economicand Political Sciences of Cairo University. She later pursuedher graduate Studies at the Woodrow Wilson School forInternational & Public Affairs of Princeton University, USAas a Parvin Fellow through a Fulbright Fellowship.

During her service abroad , Allam served as a diplomat inthe Permanent Missions of Egypt to the UN in New york &Specialized Agencies in Vienna. She held the posts ofAmbassador consecutively to India, Australia, New Zealand& countries of the Pacific. She was awarded the Order ofThe Republic of Egypt for Professional Distinction.

Post retirement, she taught at the Graduate School of TheArab Academy in Cairo. She also joined the EgyptianCouncil for Foreign Affairs (ECFA). She represented ECFA,participated & contributed to a multitude of conferences,seminars, workshops on regional & international issuesrelated to terrorism, non proliferation & regional security.


NON-STATE ACTORS & CYBERSPACE- A NORTH

AFRICAN PERSPECTIVE

Gillane AllamIn the geopolitical and geostrategic realm, Non State Actors(NSAs) are not a novel phenomenon in Asia. Mainly sincethe early 1980s, from countries of West Asia or what is calledthe larger Middle East, news of operations of Hezbollah,Hamas, Taliban, Al Qua'ida swamped all international mediadomains.

The more recent events since 2010 of the so called ArabSpring in countries of West Asia and North Africa gaveupstage appearance for an additional variation of armedNSAs (ANSAs) notably DA'ESH (otherwise called ISIL/ISIS/IS).

The question arises if DA'ESH with its modus operandiinclusive of Cyberspace is a threat to Asia's ambitiouseconomic progress. The reply is in the affirmative. DA'ESHnames itself the CYBER CALIPHATE.Political stability andsustainability of flow of energy is primordial to economicgrowth. UNSCR 2253(2015), as an attempt at suppressingand drying off financial resources available to DA'ESH, willbe a long term efficient way of breaking its might. Fightingit in Cyberspace might be another more lethal approach.Egypt as a non-permanent member of UNSC for the years2016-2017, while undertaking its responsibilities asChairman of UNSC Counter Terrorism Committee for thatperiod, will seek international support in that mission.Furthermore, the Fatwa Authority of Egypt has establisheda strong multilingual Internet Blog with a view to modernizethe Islamic approach and address to society as well asdispute and disqualify calls for radicalization. Asia'sbooming economies and its Cyberspace knowledge andindustry should be at task in these endeavours.


Keynote AddressWednesday, February 10, 2016

1000h - 1100h


Keynote Address

ARVIND GUPTA

Dr. Arvind Gupta is the deputy National Security Adviserof India. He is also the Secretary in the National SecurityCouncil Secretariat (NSCS), an apex advisory body taskedwith suggesting to the government on political, economicand strategic security concerns. Previously, Dr.Gupta wasthe Director General of Institute for Defence Studies andAnalyses (IDSA) from 5th January, 2012 to 7th August 2014.

He holds a Ph.D in International Relations from JawaharlalNehru University, New Delhi; M.Sc. in Physics from DelhiUniversity. He was Visiting Member at the Tata Institutefor Fundamental Research (1974-76) and served at the Oil& Natural Gas Commission (1976) and at the State Bank ofIndia (1976-79) before joining the Indian Foreign Service in1979.

Arvind Gupta retired from the Indian Foreign Service in2013. Dr. Gupta has worked in the Ministry of ExternalAffairs in different capacities and served in diplomaticmissions in Moscow, London and Ankara. He held the LalBahadur Shastri Chair on National Security at the IDSA from2008 to 2011.

Prior to joining the IDSA, he was Joint Secretary at the IndianNational Security Council Secretariat from 1999 to 2007.During his tenure at the NSCS, he dealt with a wide rangeof international and national security issues and participatedin the various working groups and task forces set up by theNational Security Council. He has also worked with theKargil Review Committee.


Session 4Securing Strategic Critical

InfrastructureWednesday, February 10, 2016

1130h - 1300h


Chairperson

ALHAD APTE

Shri Alhad Apte was the Chairman of National TechnicalResearch Organisation (NTRO). He joined NTRO in themonth of April 2012 as Senior Advisor, the Second inCommand of the Organisation. He took over as Chairman,NTRO on July 01, 2013. Shri Apte is recipient of SpecialContribution Award of Department of Atomic Energy(DAE) in 2007.

He joined Bhabha Atomic Research Centre (BARC) asScientific Officer in the year 1972. During his tenure atBARC, he held important portfolios and served for 40 years.He retired on attaining the age of superannuation on 30thApril, 2012 as an Outstanding Scientist and Head ofComputer Division of the BARC. He also chaired Computerand Information Security Advisory Group of DAE. Heundertook and completed several DAE level projects,including classified projects. He has worked on CyberSecurity Related Consultative Committee of theInternational Atomic Energy Agency. He was closelyinvolved with CERN, Geneva and European Commissionprojects in Grid Computing.


TED LEWIS

Ted Lewis is a computer scientist and author of the bookCritical Infrastructure Protection in Homeland Security: Defendinga Networked Nation. His unique scientific approach to the fieldof critical infrastructure protection uses network theory,optimization theory, and simulation software to analyze andunderstand how infrastructure sectors evolve, where theyare vulnerable, and how they can best be protected.

Ted Lewis was Professor of Computer Science and ExecutiveDirector of the Center for Homeland Defense and Securityat the Naval Postgraduate School in Monterey, California.He has advised the governments of Taiwan, Egypt, Mexico,and Italy in the areas of economic development andtechnology development parks. He has previously held avariety of positions within IEEE Computer Science (EIC ofIEEE software, EIC of IEEE COMPUTER), industry (CEODaimler Chrysler Research and Technology NA, Senior VicePresident of Eastman Kodak) and academia (University ofLouisiana, Oregon State University, Naval PostgraduateSchool). Lewis is the author of over 30 books and 100 paperson computing, critical infrastructure and complexity.


CHALLENGES OF CYBERSECURITY:MALWARE AND AS-LEVEL STRUCTURE

Ted Lewis

There are many policy and technical challenges facing thesecurity of cyberspace. This paper proposes a technicalsolution to only two challenges having to do with the spreadof malware, a process that is similar to the spread of acontagion within a human or animal population. Themonoculture design and scale-free structure challengesposed by the AS-level Internet promotes widespreadcontamination even under very small probability orvulnerability to an exploit. On the other hand, the scale-free structure of the AS-level Internet can be turned to adefender's advantage by relating resilience to vulnerabilityand self-organization as measured by spectral radius. Theauthor shows that resilience increases with decreases invulnerability, spectral radius, or both. Furthermore, ananalysis of the AS13579 Internet identifies 944 (7%) of theAS-level nodes as blocking nodes. By protecting theseblocking nodes, spectral radius is dramatically diminished,with corresponding increase in resilience. A secondapplication of blocking node analysis shows that protecting13.5% of the global Internet's AS-level nodes can eliminatenearly all malware.


KAH-KIN HO

Kah-Kin Ho has been with Cisco for more than 18 yearsand in his current role as the Head of Strategic Security, aposition he has held since January 2014, he plays a key rolein developing and shaping Cisco's strategic positioning insecurity that aligns with customer requirements. He alsoserves in the Advisory group of EUROPOL European CyberCrime Center (EC3) and teaches Cyber Security Strategyand Policy at Eidgenössische Technische Hochschule (ETH),Zürich.


EVOLVING ROLE OF GOVERNMENT IN CRITICAL

INFRASTRUCTURE PROTECTIONKah-Kin Ho

The 21st century has so far signaled an era of wide-scalederegulation and privatization, with much of the nation'scritical infrastructures (energy, transport, finance, medicine)now in the hands of the private sector. These criticalinfrastructures are constantly targeted by adversariesranging from non-state actors such as terrorist groups,hacktivist groups, organized criminals, etc. to state actors,and due to our high degree of interconnectedness acrossthe globe. Part of the reason why it can be difficult to securecritical infrastructures is due to the divergence of interestsbetween the private and public sectors. The private sector'sprimary focus is corporate efficiency: in terms of security,implementing the bare minimum level of security, since itsmain goal is profit-making. The government, in contrast, isprincipally concerned with achieving social order, nationalsecurity and economic prosperity for its population. Yetgovernments today do not provide close supervision of, oroperational control over, these critical infrastructures thatnow fall within the realm of the private sector. As a result,it has been argued that the role of government as thelegitimate provider of security has diminished, and that itwill continue to weaken moving forward. This paperprovides the argument that the role of government inhelping to secure critical infrastructure is ever more criticalbut their remit must transcend what their historicalregulatory role has typically entailed. To formulate a viableapproach going forward, a new framework will be proposedthrough which governments must strategize, and they mustbe ready to draw upon analogous lessons learned from pastpreparedness efforts geared towards other areas of threat,such as pandemic and terrorism.


JANA ROBINSON

Jana Robinson is currently Space Security Program Directorat the Prague Security Studies Institute (PSSI). She previouslyserved as Space Policy Officer at the European ExternalAction Service (EEAS) in Brussels. She was also a SpaceSecurity Advisor to the Czech Foreign Ministry, secondedto the EEAS. From 2009 to 2013, Ms. Robinson worked asResident Fellow at the European Space Policy Institute(ESPI), seconded from the European Space Agency (ESA),leading the Institute's Space Security Research Programme.Prior to joining ESPI, she served as Development Directorat PSSI from 2005 to 2009, and administered its affiliateorganization in Washington DC, PSSI Washington. She holdsan MA in Asian Studies from George WashingtonUniversity's Elliott School of International Affairs, and anMA in Chinese Studies from Palacky University. Shereceived scholarships to attend the International SpaceUniversity's (ISU) 2009 Space Studies Program (SSP09), the2008 Summer Training Course at the National TaiwanNormal University in Taipei, and a one-year course of studyat Shanghai University 1999-2000.


GOVERNANCE CHALLENGES AT THE INTERSECTION OF

SPACE AND CYBERSECURITYJana Robinson

Despite the critical role of the cyber and space domains fornational security and war-fighting, decision-makers stillstruggle to configure proper crisis management mechanisms,including the rapid crafting of proportionate responses toany hostile or disruptive actions by certain space-faring orother nations. Understanding the cross-domain parallels aswell as differences is essential to the successful safeguardingof both of these domains. Accordingly, this paper willexamine how the cyber and space domains interact (e.g.the transmission of cyber signals by satellite communicationssystems), the vulnerabilities associated with how theyconnect (e.g. cyber attacks on space systems), and possiblerisk-mitigation strategies. It will focus on common features,as well as distinct characteristics, of these domains, and howthey impact on political/military decision-making.

Understanding the different physical and technicalproperties of the two domains is also the key when seekingto arrive at appropriate policy prescriptions.

Active involvement of both government and private sectoractors is required to address common threats and toformulate realistic norms and guidelines for responsiblebehaviour in these two domains. Such norms, as well astransparency and confidence-building measures (TCBMs),are of critical importance for arenas where traditional armscontrol methods cannot be easily employed. As in otherfields, the establishment of strong communication linksbetween relevant authorities, including hotlines, exchangesof information concerning policies and doctrines and regulardialogues among decision-makers are all foundationalTCBMs that enhance security. The intersections of cyberand space remain on the rise and require urgent attentionand contingency planning and preparation if the essentialservices offered by both domains are to be protected andpreserved.


CAROLINE BAYLON

Caroline Baylon is a researcher on cybersecurity. She iscurrently carrying out two research projects, one on curbingthe proliferation of cyber weapons and another on cyberproxy armies, funded by the UK government. She servesas the director of the cybersecurity research program at theCenter for Strategic Decision Research in Paris, France andwas previously the lead researcher on cyber security atChatham House (The Royal Institute of International Affairs)in London, United Kingdom. While there, Caroline'sresearch focused on critical infrastructure protection, notablyon cyber security challenges for nuclear facilities and oncyber security threats to satellites. She was also the editorof the Journal of Cyber Policy, a peer reviewed academicjournal published by Routledge, Taylor & Francis and servedon the secretariat of the Global Commission on InternetGovernance. She speaks regularly at internationalconferences and is a frequent media commentator andcontributor. Caroline will be joining AXA, which isestablishing a think tank on cyber security within theorganization, in April. Caroline holds a Master of Sciencein Social Science of the Internet from Balliol College,University of Oxford and a Bachelor of Arts in Economicsfrom Stanford University.


CYBER SECURITY THREATS TO CRITICAL

INFRASTRUCTURE: A CASE STUDY

OF NUCLEAR FACILITIESCaroline Baylon

Perhaps the greatest cyber security issue facing the nuclearindustry is that many in the sector do not fully understandthe risk, and therefore a key first step is to develop guidelinesto assess and measure this risk as accurately as possible.This will help CEOs and company boards to understandwhat is at stake, and also provide them with a cleareconomic rationale to invest in cyber security. Thedevelopment of cyber insurance, with its strong reliance onrisk metrics, may be an important tool for promoting thedevelopment of cyber risk guidelines. In tackling thechallenges related to the “human factor”, it will also beimportant to raise awareness among both engineers andcontractors of the risks involved in setting up unauthorizedconnections or plugging in personal USBs at nuclear facilities.Measures that promote disclosure and information-sharingcan also play an important role in enhancing cyber security,as can regulatory standards and other policy measures,improved communication to bridge cultural divides and theimplementation of technical solutions.


A. VINOD KUMAR

A. Vinod Kumar is an Associate Fellow at the Institute forDefence Studies and Analyses (IDSA), New Delhi and avisiting faculty at the Institute of Foreign Policy Studies(IFPS), University of Calcutta, Kolkata. His areas of expertiseinclude nuclear policy issues, missile defence, foreign policyand strategy. Kumar's first book titled India and the NuclearNon-Proliferation Regime - The Perennial Outlier waspublished by the Cambridge University Press in April 2014.He has written extensively in acclaimed publications likeBulletin of the Atomic Scientists, The National Interest,Strategic Analysis, Asia Times and Vayu Aerospace Review,among others. Prior to joining IDSA, Kumar was a journalistwith some leading Indian media houses, including asExecutive Editor of South Asia Monitor - a media diplomacyplatform. He was also a Fellow at the Indian PugwashSociety. His ongoing study is on the implications of missiledefence for nuclear deterrence. Concurrently, he is alsospearheading an archival mining and documentation effortto trace the history of India's nuclear programme as part ofthe Indian Nuclear History Project at IDSA. Kumar isrecipient of the Ministry of Defence Madras Medal.


SECURING CRITICAL INFRASTRUCTURE FROM CYBER

THREATS: DEVELOPING DEFENCE,DETERRENCE AND NORMS

A. Vinod Kumar

How should a cyber attack on a nation's critical infrastructurebe described - as a subversive action or an act of war, orrather a proxy war. Cyber-attacks, on individuals as wellas public utilities, have been integral to the spectaculargrowth of cyber platforms and dependence on digitaltechnologies in the recent past. While intrusion anddisruption has hitherto been the hallmark of such attacks,numerous calibrated attacks in recent years on criticalinfrastructure (including strategic assets) of various countriesunderline the new dimensions and frontiers of warfare,involving “adversarial forces” that blur conventionalcombatant identities. While the deployment of non-stateactors for transnational cyber attacks highlight the elementof proxy conflicts in this spectrum, that states are formingtechno-military groups (cyber commands) reveals the truismof cyberspace evolving into the new battleground. Thispaper is an attempt to conceptualize this battlefield and thethreat environment, while pointing to its numerouscomplexities: (a) objectives of the attack, rather than thetype of actors, define the nature of this neo-warfare; (b)episodes like Stuxnet, involving attacks on nuclearinfrastructure, points to outcomes evolving towards masssubversion, destruction and instability of states; (c) thatconventional deterrence doctrines may not suffice as cyber-attacks run short of triggering a full-fledged war norrevealing belligerence; (d) norms are non-existent, or insteadmight buttress subversion, as state actors use plausibledeniability and virtual camouflage in a porous domain toendow cyber warfare with the same attributes or flexibilityof terrorism.


Session 5Cybersecurity and the

Digital EconomyWednesday, February 10, 2016

1400h - 1530h


Chairperson

V.K. SARASWAT

Dr. V.K. Saraswat is one of the full-time members of NITIAayog. He was a Former Secretary of Defence (Research &Development). He also served as a Director General ofDefence Research and Development Organisation (DRDO)and as Scientific Advisor to Defence Minister. He wasconferred the Padma Shri in 1998. He was also conferredthe Padma Bhusan by the Government of India in 2013. Dr.Saraswat has been credited with development of LiquidPropulsion Rocket Engines and missiles namely PRITHVI,DHANUSH, PRAHAAR indigenously. He is also theprincipal architect of the Ballistic Missile Defence programmewhich included major technology breakthroughs.

Dr. Saraswat’s efforts have led to establishment of Research& Innovation Centre at IIT Madras; MILIT- Centre forTraining needs of armed forces on S&T; CERT for reporting,auditing and handling emergency response of InformationSecurity Incidents; CHESS - futuristic technology Centre forHigh Energy Laser and Microwave devices; Kyrgyz-IndianMountain Bio-Medical Research Centre at Kyrgyzstan.

Dr. Saraswat has a Masters in Engineering from IIScBangalore and a Ph.D from Osmania University.


LIAM NEVILL

Liam Nevill is currently working in the Australian StrategicPolicy Institute's International Cyber Policy Centre,researching and writing on international and domestic cyberpolicy issues. Prior to joining ASPI Liam worked at theAustralian Department of Defence on strategic andinternational defence policy issues. He has previouslyworked in policy roles in the Department of Health andAgeing, and the Northern Territory Treasury. Liam holdsa Master of Arts in Strategy and Security, and a Bachelor ofArts in History, Politics and International Relations, fromthe University of New South Wales.


CHALLENGING OPPORTUNITIES FOR ASIA-PACIFIC’SDIGITAL ECONOMY

Liam Nevill

The Asia-Pacific region offers a diverse set of opportunitiesfor the continued growth of the digital economy. The regionis home to some of the largest and most advancedeconomies, and some the least connected and leastdeveloped. The size, population, demography and economyof the region provides significant opportunity to harnessthe connectivity that cyberspace enables to enhanceproductivity and diversify practices and markets. The digitaleconomy consistently grows as a percentage of region's GDPevery year, and the adoption of innovative and disruptivebusiness models that take advantage of technologiesincluding big data analytics and mobile devices will likelysee this continue. However challenges remain to greatergrowth, specifically cybercrime and legal and regulatorypractices that have failed to keep up with new businessmodels. Addressing these will enable greater growth, andassist in the development of the region's least developedcountries.


MADAN M. OBEROI

Madan M. Oberoi is an Indian Police Service (IPS) officer of1992 batch. He is presently deployed as Director of CyberInnovation and Outreach Directorate in the INTERPOLGlobal complex for innovation (IGCI), Singapore. Hesupervises two sub-directorates including ‘Strategy andOutreach’ and ‘Research & Innovation’.


NEW TECHNOLOGIES AND NEW FORMS OF CRIME

NEED TO RECALIBRATE LAW ENFORCEMENT STRATEGY

/ PROCEDURES / LAWMadan M. Oberoi

Although predicting the future can be uncertain, it isimportant to understand the new technology trends. Froma law enforcement perspective it is equally, if not more,important to understand the way technology is going toimpact Criminal Justice System and its stakeholders namelylaw enforcement agencies, prosecutors and judiciary andalso the world within which Criminal Justice Systemoperates. We need to understand technology's potential useby police as well as it's exploitation by criminals andterrorists.

This paper attempts to understand some of the currenttechnological trends like Data Tsunami, Smart Everything,Digital Disruption and Cyber Insecurity. In light of theseshifts, the paper looks at their impact on Intelligencegathering, Investigation, Police Information Management,Training for Policing and Third-Party Policing.

The paper looks at criminals' exploitation of technology byusing it for secure and anonymous communication,leveraging technology for a wider reach, for launderingproceeds of crime, for hiding their footsteps by using anti-forensics, crowdfunding their illegal activities, accessing newmarkets for illegal products, motivation and recruitment ofnew criminals/terrorists, and new business model of crime-as-a-service.

Finally the paper attempts to suggest recalibration ofexisting policing strategies and procedures in light ofavailability of expertise, information and resources as wellas in light of growing multi-jurisdictional nature of newcrimes.


IL SEOK OH

IL Seok, OH is Senior Researcher at Institute of LegalStudies, Korea University Law School, an expert in Contract,Tort, Oil and Gas Law, and Information Security Law. Hehas a Ph.D from Korea University and an LLM from theNorthwestern University School of Law, Chicago. Amonghis published works are Recommendations on ReformingCritical Information Infrastructure Protection Act of Koreawith a View from Risk Allocation, Designing EffectiveResponding Legal and Political Measures against NorthKorea’s Cyber Attacks, and Establishment of EfficientCountermeasures against Cyber Attacks without Applying‘Law of War’.


KOREAN LEGAL INITIATIVES TO COMBAT CYBERCRIME

AND ENHANCE DIGITAL ECONOMYIL Seok OH

Computer networks and information systems havegoverned daily human lives in this early 21st century andprovided so many advantages. However lots of cyber attacksand cyber crimes have made damages against critical computersystems and disturbed their functions. It is very difficult tofind out the causes and results of the cyber crimes and torespond against the risk properly. Therefore a state shalldesign appropriate legislations and national plans to respondagainst cyber crimes and enhance digital economy.

In Korea, to protect critical information infrastructures fromcybercrimes, “Critical Information Infrastructure ProtectionAct” has been enacted since 2001. An act on “Promotion ofInformation and Communications Network Utilization andInformation Protection” has been enacted to contribute tothe improvement of citizens'lives and the enhancement ofpublic welfare by facilitating utilization of information andcommunications networks, protecting personal informationof people using information and communications services,and developing an environment in which people can utilizeinformation and communications networks in a sounder andsafer way.

“Electronic Financial Transactions Act” has been enacted tocontribute to ensuring the security and reliability ofelectronic financial transactions by clarifying their legalrelations and to promoting financial conveniences for peopleand developing the national economy by creating afoundation for the sound development of electronic financialindustry.)

The paper will introduce major cyber attacks andcybercrimes happened in Korea and Korean government'spolicies and activities to combat cybercrimes. The detailedprovisions of the above Acts are explained andrecommendations are proposed to amend the Acts to makeit more efficient measures to combat cybercrime in Korea.


UCHENNA JEROME ORJI

Uchenna Jerome Orji is an Attorney admitted to theNigerian Bar as a Barrister and Solicitor of the SupremeCourt of Nigeria. He holds an LL.B Honours Degree fromthe University of Nigeria and, an LL.M Degree from theUniversity of Ibadan, Nigeria, where a major part hisresearch focused on Cybersecurity governance. He iscurrently completing a PhD in law at the Nnamdi AzikiweUniversity in Nigeria, with a specialization intelecommunications regulation. Uchenna is also a ResearchAssociate at the African Center for Cyber Law andCybercrime Prevention (ACCP) located within the UnitedNations, African Institute for the Prevention of Crime andthe Treatment of Offenders in Kampala, Uganda. He is theauthor of Cybersecurity Law and Regulation (Wolf LegalPublishers: The Netherlands, 2012), in addition to severaljournal publications on cybersecurity law and also worksas a consultant for a number of local and internationalorganizations.


REGIONALISING CYBERSECURITY GOVERNANCE IN

AFRICA: AN ASSESSMENT OF RESPONSESUchenna Jerome Orji

Since the beginning of the Millennium, Africa has continuedto witness a phenomenal growth in Internet penetrationand the use of Information Communications Technologies(ICTs). However, while the spread of ICTs and Internetpenetration has been enhancing development in Africa, therehave also been concerns about cybersecurity. To addressthese concerns, several African intergovernmentalorganizations have developed legal frameworks to promotecybersecurity. At the sub-regional level, the EconomicCommunity of West African States (ECOWAS) adopted aDirective on Fighting Cybercrime in August 2011, while theCommon Market for Eastern and Southern Africa(COMESA) adopted a Model Cybercrime Law in October2011. In March 2012, the Southern African DevelopmentCommunity (SADC) also adopted a Model Law onComputer Crime and Cybercrime. At the regional level, theAfrican Union (AU) adopted the AU Convention on CyberSecurity and Personal Data Protection in June 2014.

This paper seeks to discuss these regional legal instrumentswith a view to determine their impact on the developmentof national cybersecurity laws within the African region. Inparticular, the paper will examine whether these instrumentshave provided an effective basis for legal harmonizationand international cooperation while also considering thechallenges to the regionalization of cybersecurity measures.The paper will also propose measures to enhance theeffectiveness of regional cybersecurity instruments includingthe development of follow-up mechanisms, mutual legalassistance mechanisms and incident response mechanismsto enhance regional cooperation in the coordination ofresponses to cybersecurity incidents.


Session 6Role of Military in

CybersecurityWednesday, February 10, 2016

1600h - 1730h


Chairperson

PRAKASH MENON

Lieutanant General Prakash Menon was a military adviserto the National Security Advisor. He has also been acommandant of the prestigious National Defence College,New Delhi. During his service, the general has earned thereputation of a “Soldier Scholar”. He has been anoutstanding Commander in the field. His command at theBattalion, Brigade and Divisional levels in counterinsurgency environment of Jammu and Kashmir has beencommendable; earning him two military awards fordistinguished service. As a company commander in 1989,he was awarded for his performance during activeoperations on the Siachen Glacier. He has been awarded aPh.D for his thesis on Nuclear Deterrence and Limited War inthe Indo Pak context by the Madras University. He wasnominated by the then Cabinet as a member of the expertgroup for establishment of the Indian National DefenceUniversity (INDU).


LIINA ARENG

Liina Areng assumed the duties of Head of InternationalRelations at Estonian Information System Authority in March2014. Prior to her current position, she coordinated NATOCooperative Cyber Defence Centre of Excellence's (NATOCCD COE) international affairs. She holds an honorary titleof NATO CCD COE Ambassador.

Between 1999 and 2012, she held different positions inEstonian Ministry of Defence. Her last appointment in theMinistry was Senior Cyber Security Adviser. During 2007-2010, Liina Areng worked as Assistant Defence Counsellorat the Permanent Representation of Estonia to NATO. Herprevious positions include being Arms Control Adviser(2005-2007) and Chief Expert on Russia and theCommonwealth of Independent States in Defence Policyand Planning Department (2000-2005).


ROLE OF MILITARY IN CYBERSECURITY

Liina Areng

The military dominance of traditional great powers hascaused adversaries and competitors to adapt in a variety ofways to confront this strategic advantage. Cyber capabilitiesare most notably used as a tool to gain leverage ininternational security, challenging the traditional militarycapabilities and doctrine. To immobilize a nation, to renderit incapable of defending itself, attackers no longer needkinetic weapons. A cyber attack against national criticalinfrastructure could have a cascading effect to economy,society and government in ways difficult to understand,model or predict. The failures in ICT can have seriousnational security implications, yet the response to cyberthreats cannot be conceived purely in terms of classicalwarfare.

The analysis will discuss the need to defend the society asan “ecosystem” by orchestrating military planning andpreparation for civil emergencies. While nations aredeveloping their arsenals of defensive and offensive cyberweapons, most cyber problems remain in the "gray area"beneath clear military action, response to which needsproper preparedness and resilience, but also adequateinternational containment and de-escalation mechanisms.


AMIT SHARMA

Amit Sharma is currently serving as Additional Director inthe Office of the Scientific Advisor of Defence Minister,Defence Research and Development Organization (DRDO),Ministry of Defence, Government of India. He has workedin the field of Information Security, Information warfare,Strategic Information Dissemination Systems, Net CentricWarfare, C4I2SR systems and Secure and survivablenetworks. He is a Chevening Scholar and gained his Mastersin 'Global Security' from Defence College of Managementand Technology, UK Defence Academy, United Kingdom.He did his B Tech (honors) in Computer Science andTechnology from National Institute of Technology,Hamirpur, India.

His most recent publications includes, Cyber Wars: A paradigmshift from means to ends; Asimit - A virtual architecture for widearea file system; BBN approach for vulnerability assessment ofstrategic information dissemination systems; Xcalibur- A dynamicprotocol for authentication and secure communication based ondynamic key construction and cryptographic algorithm selection;etc.


THE TRIAD THEORY OF CYBER WARFARE: AFRAMEWORK FOR STRATEGIC CYBER WARFARE

Amit Sharma

Information assets is a strategic enabler or force-multiplierthat has revolutionized the contemporary age to an extentthat this age is often termed as an Information age,nevertheless it has also induced a strategic vulnerability inour critical assets which in current scenarios is exploited bya new form of warfare called the strategic cyber warfare.This strategic vulnerability to cyber warfare is based oninducing strategic paralytic effect upon the victim nationby performing rapid decisive operations to gain rapiddomination in cyberspace. The author believes that such astrategic paralytic effect can be induced onto the victimnation if the Clausewitz's Trinitarian warfare is performedin cyberspace. This paper tries to define a strategy, TheTriad Theory of Cyber Warfare, which aims at destroyingthe elusive Clausewitzian trinity in cyberspace byperforming parallel warfare in cyberspace, so as to gainrapid dominance and strategic freedom of operation,consequently resulting in the destruction of the victim nationas a system of systems.The paper also analyses the critical components to betargeted in waging strategic cyber warfare and providessatisfactory reasons for failure of contemporary cyberattacks to generate a strategic effect. The analysis isconcluded with the presentation of a framework of strategiccyber warfare involving The Triad Theory of Cyber warfare;its operational cyber campaign plan and formation of a'Known' and 'Credible' Cyber deterrence to generate ascenario of Mutually Assured Destruction in cyberspace thusguaranteeing a strategic status quo, as the primary meansof achieving grand strategic objectives in the contemporaryworld order. Once the strategic aspect of the cyber warfareis established, the author will conclude by providing variousrecommendations for creation of cyber deterrence capabilitiesespecially involving the notion of Prepare, Pursue, Protect andPrevent in cyberspace to capitalize the strategic opportunitiesprovided by this framework of strategic cyber warfare.


CAITRIONA HEINL

Caitriona Heinl joined the Centre of Excellence for NationalSecurity (CENS) at S. Rajaratnam School of InternationalStudies (RSIS) as a Research Fellow for cybersecurity issuesin October 2012. She has published articles in peer-reviewedjournals and policy advisory reports on topics that includeinternational and regional cooperation, country case studies,national security implications of emerging technologies suchas cyber capabilities and increasingly autonomoustechnologies, public-private partnerships, and cyber defence.


INTERNATIONAL MILITARY CYBER

COOPERATION IN ASIA

Caitriona Heinl

The paper focuses on the following aspects relating toInternational Military Cyber Cooperation in Asia.

i) Particular issues that face militaries in Asia in terms ofcyber; including the relevance of international civil-military and law enforcement cooperation;

ii) Status of cyber policy within the regional militaryinstitutional structures, with specific focus on theADMM/ADMM Plus and other regional networks;

iii) Recommendations on where there is space to moveforward to increase cooperation;

iv) Good practices in other regions that may be adaptedto suit the region;

v) Where India fits in this dialogue.


LI-CHUNG YUAN

Li-Chung Yuan is currently teaching at the Graduate Instituteof Strategic Studies in the Republic of China (ROC) NationalDefense University (NDU) as an Assistant Professor withthe rank of Colonel. He received his MS from Iowa StateUniversity with major in Transportation, and MA in theInternational Master Program in Taiwan Studies fromNational Chengchi University in Taiwan. He acquired hisPhD from Department of War Studies at King's College,London. As for military educational background, hegraduated from ROC Air Force Academy and attended theElectronic Warfare Advanced Course in Taiwan’s military.With 22 years of military service, he served as teachingassistant and squadron commander in the Air ForceAcademy, translation officer at the Institute of NationalStrategic Studies (a defense think tank), staff officer at theIntelligence Division (J-2) of the Ministry of NationalDefense, Air Combat Command, and the CombinedLogistics Command. He is serving in the editorial board ofthe journal Strategic Vision (in English) and National DefenseMagazine (in Chinese).


ROLE OF MILITARY IN CYBERSPACE: CASE OF REPUBLIC

OF CHINA (TAIWAN)Li-Chung Yuan

Cyberspace has been utilized in various fields of nationaldevelopment as a whole information infrastructure,including the military. There is no exception for both Chinaand the Republic of China (Taiwan), in that militaryconfrontation between two sides still exists and cyberspaceis an essential part of the confrontation. Tension in theTaiwan Strait has apparently given way to a potential conflictin the cyber-domains; thus, Taiwan government has beenthe crucial target of cyber espionage and attacks suspiciouslysponsored by China. This means that cyber threats belowthe level of “war” should be dealt with in serious manner.

Nevertheless, issues have been addressed with regard tothe appropriateness of using the armed forces to tacklethreats of, inter alia, sabotage, subversion, and especiallyespionage in cyberspace. There are advantages of using themilitary to play such role. Most militaries in advancednations possess certain level of cyber capability to eithersupport the fighting in the battlefield or defend their ownsystems during peacetime. Using Taiwan's armed forces asthe case, this paper will explore the roles played by militaryin various fields of cyberspace. It will focus on: 1. thethievery of intelligence and information from governmentand the military, 2. the possibility for a severe attack onnational infrastructure, and 3. Can military play a leadingrole in cyberspace in the potential battleground? Thoughthe military is expected to offer response to a cyber attack,in most countries some parts of national infrastructurebelongs to the private sector, thus making militaryapproaches less practical or acceptable. Therefore, this isthe field which the government’s best approach in terms ofpublic-private partnership (PPPs) might be useful to improvethe cybersecurity levels.


Session 7Cybersecurity FuturesThursday, February 11, 2016

1000h - 1130h


Chairperson

K. SANTHANAM

Shri K. Santhanam was the Director General of IDSA duringthe period 2001 to 2004. He superannuated from the DefenceResearch and Development Organisation as Chief Advisor(Technology). He was Scientific Advisor in the Ministry ofExternal Affairs and a member of the National SecurityAdvisory Board. He was conferred Padma Bhusan awardin recognition of contributions to the Shakti-98 series ofnuclear tests conducted in Pokhran in May 1998. He is a co-author of two books Jihadis in Jammu and Kashmir: A PortraitGallery (Sage, 2003) and Iraq War 2003: Rise of the NewUnilateralism (Ane Books, 2003). His works include AsianSecurity and China, 2000-2010 (Shipra, 2004) and India andCentral Asia: Advancing the Common Interest (Anamaya, 2004).


TOBBY SIMON

Tobby Simon is the President of Synergia Foundation, athink tank that works closely with industry, polity andacademia to establish leading edge practices through appliedresearch in the domains of geo politics, risk managementand security analysis.

He has been a speaker at various global public policyconferences, including: World Trade Organization - Geneva,Global Public Policy of the World Information Technologyand Services Alliance, Massachusetts Institute ofTechnology, John F Kennedy School of Government, Councilfor Foreign Relations, Indian Institute of Management,Indian Institute of Science, the Herzliya Conference and theNational Institute of Advanced Studies.

He is currently pursuing his Ph.D. on International Securityat the National Institute of Advanced Studies and is a SpecialProfessor at the School of Management in the University ofNottingham.


CYBERSECURITY FUTURES

Tobby Simon

“Hidden in the dark underbelly of the Trojan Horse, Odysseus andthis Greek warriors proved to be the undoing of Troy. Will theWorld Wide Web and its anonymous residents prove to be theAchilles heel of the Cyberspace”

The capacity to produce, communicate and use informationis affecting every aspect of human security, from the waywe govern ourselves (e- government) to the way we fightwars (information warfare), to the way transnationalcriminal organisations optimise their bandwidth, to the wayactivist and extremist mobilise support seamlessly acrossborders.

The geography of Cyberspace is more mutable than otherenvironments. Mountains and oceans are hard to move, butsignificant parts of the Cyberspace can be turned on andoff with the click of a switch. Low barriers of entry contributeto diffusion of power both in the geo-political space andcyber domain. It will be easier and cheaper to move electronsacross globe than aircraft carriers thus creating new chokepoints.

Cybersecurity concerns in the future may primarily revolvearound traditional and non traditional areas like health care,consumer devices built on IOT's, hybrid warfare , access togovernmental information and cyber weapons by outsideorganisations or a breach in nuclear or space security .


SICO VAN DER MEER

Sico van der Meer is a Research Fellow at the NetherlandsInstitute of International Affairs ‘Clingendael’. His researchis focussing on non-conventional weapons like Weapons ofMass Destruction and cyber weapons from a strategic policyperspective. He graduated from the Radboud UniversityNijmegen in 1999 with a Master’s in History. Before joiningthe Clingendael Institute he worked as a journalist and as aFellow of a think tank on civil-military relations. Currentlyhe is also a member of the Editorial Boards of the journals‘Internationale Spectator’ and ‘Security and Human Rights’.


DEFENCE, DETERRENCE, AND DIPLOMACY: FOREIGN

POLICY INSTRUMENTS TO INCREASE FUTURE

CYBERSECURITY

Sico van der Meer

Predicting the future is hardly possible, but stating that cyberaggression - be it espionage, sabotage or even warfare -will be a continuing threat to international security andstability in the coming years seems a safe forecast. Whatforeign policy instruments do states have to increaseinternational cybersecurity.

Defence and deterrence, which could be labelled passivedeterrence and active deterrence as well, are probably themost 'simple' counter-measures to international cyberaggression that a state could implement. The paper especiallyanalyses why defence and deterrence look like promisingpolicies, but in practice face many difficulties in the cyberrealm. Defence and deterrence are not able to create long-term cyber security and stability, but may instead evencreate further escalation and uncertainties.

Diplomatic efforts to create international accepted normsand rules regarding cyber aggression could be moreeffective in actively addressing the core problems ofinternational cyber aggression, but are little successful sofar. The paper argues that such multilateral diplomatic effortsare crucial to come to long-term cyber security and stability.Instead of an on-going 'cyber arms race', efforts could betterbe focussed on building mutual confidence and respect.


JOHN ELLIS

John Ellis is Chief Strategist - Cyber Security (Asia Pacific &Japan) at Akamai Technologies. An experienced thoughtleader with more than 20 years of IT security strategy andtechnology solutions experience, with the last last ten yearsin spent in Asia. John has held senior technology positionsin Standard Chartered Bank, Barclays Capital and Telstra.John is responsible for providing thought leadership andadvocating Akamai's security technologies to help customersaddress their business problems in cyber security.


DISRUPTIVE TECHNOLOGIES AND

THE TRUSTED CYBER FUTURE

John Ellis

Erosion in the trust of digital technology and servicescontinues through the daily news of successful cyberattacks, data breaches, and overt government masssurveillance. Consumers demand convenience and a‘frictionless’ digital experience, yet expect that their data,money, investments are well protected and privacyrespected.

Analysts predict that the world economy stands to lose 3Trillion USD should we continue ‘muddling' through thisproblem. With the backdrop of regional and globalgeopolitical issues, pending crypto-wars, and increasingregulation, what can governments and organizations do toestablish trust in their digital economies and business?

The paper also seeks to answer the following questions.What are the top 5 mega trends in disruptive technologies?How will it impact our economies? What are the challengesthey present for privacy and trust, and what are theopportunities that they will create? What approaches cangovernments and industries take to overcome fear in thesedisruptive technologies so as to build trust and confidencefor consumers and industries alike? Is it possible for us toachieve a secure cyber future for all? What are thecharacteristics of a trusted cyber world? What practical stepscan governments and industry take to build a trusted cyberfuture?


JONATHAN REIBER

Jonathan Reiber is a Senior Fellow and writer at Berkeley'sCenter for Long-Term Cybersecurity. He focuses hisresearch and writing on cyber resilience, nationalcontingency planning, and international security.

Prior to his appointment at Berkeley, he held a number ofpositions in the Obama Administration within the U.S.Department of Defense. From January 2013 to September2015, he served as Chief Strategy Officer for Cyber Policyin the Office of the Secretary of Defense. As Chief StrategyOfficer, he advised the Pentagon leadership and led strategicinitiatives across the cyber policy portfolio, to includestrategic planning; key international, interagency, andindustry partnerships; and strategic communications. Hewas the principal author of The Department of Defense CyberStrategy (2015). In addition to serving as Chief StrategyOfficer, he was also the Executive Secretary of the DefenseScience Board Task Force on Cyber Deterrence.

Earlier in the Obama Administration, He served as SpecialAssistant and Speechwriter to the United States’ DeputySecretary of Defense, Dr. Ashton B. Carter, and previouslyas Special Assistant to the United States’ Principal DeputyUnder Secretary of Defense for Policy, Dr. James N. Miller.In both positions he focused on strategy, Middle Eastsecurity, Asia-Pacific security, cyber policy, and publiccommunications.

He is a graduate of Middlebury College, where he studiedReligion, and The Fletcher School of Law and Diplomacy,where he focused his studies on international security andU.S. diplomatic history and served as Editor-in-Chief ofThe Fletcher Forum of World Affairs.


CYBERSECURITY FUTURES AND THE U.S.-INDIA

STRATEGIC PARTNERSHIP

Jonathan Reiber

Following Prime Minister Modi's announcement of Start-up India last week, and using Berkeley's emerging cyberscenarios as a basis, the paper will propose that the U.S.and India should take the next step in their strategicpartnership by expanding their cybersecurity cooperationto better account for strategic issues and public-privateexchanges. While President Obama has made the U.S.-Indiastrategic partnership a centerpiece of his Administration'sforeign policy, despite the escalating cyber threat the twocountries have yet to collaborate in depth on strategic issuesin cybersecurity. This is a missed opportunity. Using Start-up India as a hook, the paper will look at future scenariosof IT and cybersecurity, and argue persuasively that theU.S. and India can take practical steps together to securetheir interests in cyberspace and protect their futureeconomic prosperity. Cooperation should include concretemeasures in technology sector collaboration, strategydevelopment, and contingency planning.


Session 8Panel Discussion: On the

Way ForwardThursday, February 11, 2016

1200h - 1400h


Chairperson

GULSHAN RAI

Dr. Gulshan Rai is the National Cyber Security Coordinator,Government of India. Dr. Rai has over 25 years of experiencein different areas of Information Technology which includeCyber Security, e-Governance, Legal Framework and theInformation Technology Act for e-commerce, and severalrelated fields. His previous assignments include DirectorGeneral, CERT-In (Indian Computer Emergency ResponseTeam), Director General, STQC Directorate(Standardization, Testing & Quality Certification) and Headof Department of E-Security and Cyber Law Division inthe Ministry of Communications and InformationTechnology.


KIRAN KARNIK

Shri Kiran Karnik was the President of NASSCOM, a premieretrade body and the “chamber of commerce” for the ITsoftware and services industry in India, till January 2008.Prior to joining NASSCOM in 2001, he was the ManagingDirector and CEO of Discovery Networks in India wherehe spearheaded the launch of Discovery Channel in SouthAsia in August 1995 and Animal Planet (a Discovery - BBCjoint venture) in 1999. From 1991 to 1995, Shri Karnik wasFounder-Director of the Consortium for EducationalCommunication, which was responsible for UGC'sCountrywide Classroom broadcasts and other ICT initiatives.Earlier, he worked for over 20 years at the Indian SpaceResearch Organization (ISRO), where he held variouspositions including that of Founder-Director of ISRO'sDevelopment and Educational Communicational Unit. Hiswork in ISRO involved conceptualizing and managingapplications of space technology. He has served as SpecialAssistant to the Secretary-General of UNISPACE 82 in theUnited Nations. He has done consulting assignments forWHO, The World Bank, UN Institute for DisarmamentResearch, Ford Foundation, and an extended one forUNESCO in Afghanistan.He has been a member of many key government committees,and is presently a member of the Scientific Advisory Councilto Prime Minister. He also has a deep involvement with anumber of NGOs in the areas of education and environment,and currently is honorary Chairman of the NationalFoundation of India, Chairman of Vigyan Prasar andPresident of India Habitat Centre. He has been awarded thePadma Shri in 2007 and the ‘DATAQUEST IT Person of theYear - 2005’. A post-graduate from Indian Institute ofManagement, Ahmedabad, Shri Karnik holds an Honoursdegree in Physics from Bombay University.


N BALAKRISHNAN

Prof. N Balakrishnan was part of an Expert Groupconstituted by the Ministry of Home Affairs on "Roadmapfor Effectively Tackling Cyber Crimes in the Country".The Expert Group submitted the report on September2015. Prof. Balakrishnan was the Chairman of DataSecurity Council of India (DSCI) from August 30, 2010 to31st March, 2015. Currently He is a Professor at theDepartment of Aerospace Engineering and at theSupercomputer Education and Research Centre, IndianInstitute of Science (IISc). His areas of research includeNumerical Electromagnetics, High Performance Computingand Networks, Polarimetric Radars and AerospaceElectronic Systems, Information Security, Digital Libraryand Speech Processing. He has more than 200 publicationsto his credit in international journals and internationalconferences and reports. He was awarded withPadmashree, which he received from the President of Indiain 2002.

Prof. Balakrishnan is very active in many major Indian andinternational initiatives in IT planning and informationsecurity. He is also Visiting Professor at the Institute forSoftware Research International, Carnegie MellonUniversity in the U.S. He is a Fellow of all the major scienceand engineering academies in India and also a Fellow ofTWAS, the third world academy of sciences. He continuesto be on DSCI Board as Independent Director.


SANTOSH JHA

Shri Santosh Jha joined the Indian Foreign Service in 1993.From 1995 to 2004, he served as Second Secretary (Political)in Moscow, was Consul General of India Vladivostok, andlater posted to the Indian Consulate in New York, wherehe handled Press and Consular Affairs.

From 2004 to 2007, he served at the Ministry of ExternalAffairs in New Delhi in the Americas Division where hewas involved with India-US nuclear negotiations and alsohandled issues pertaining to Space, Defence and HighTechnology cooperation with the USA.

From 2007 to 2010, he was posted to Colombo as Counsellorin-charge of Economic, Commercial and Development Aidissues. He was a member of the Indian delegation fornegotiation of the Comprehensive Economic PartnershipAgreement (CEPA) with Sri Lanka. After the end of thecivil conflict in Sri Lanka in 2009, he was also involved withdeveloping the architecture of development aid from Indiato Sri Lanka.

From 2010 to 2013, he served as the Deputy Chief of Missionto the Indian Mission to the European Union, Belgium andLuxembourg. During this period, he also served as Charged'Affaires from January to September 2012.

From June 2013 till 15 April 2015, he was Joint Secretary in-charge of Establishment, Administration and the EuropeWest Divisions in the Ministry of External Affairs (MEA).Since 15 April 2015, he is serving as the Joint Secretary dealingwith Policy Planning, Research and Global Cyber Issues.


GREG AUSTIN

Please refer Pg. 28 for detailed profile.

GILLANE ALLAM


AMMAR JAFFRI



CONTACTS

Name Office Mobile

Cherian Samuel 91-11-26717983 9810809336Conference Coordinator Extn: 7221

Munish Sharma 91-11-26717983 9916344044Conference Team Extn: 7335

Arul R 91-11-26717983 9013350392Conference Team Extn: 7228

Ameeta Narang 91-11-26717983 9871844607Sumit Singh Extn: 7202 9999402933Conference Cell

Aparna Krishna 91-11-26717983 9899802660Manager, Communications Ext. 7204& Outreach

Rahul Gupta 91-11-26717983 8800145788Assistant Estate Manager Ext. 7312

Gopal Awasthi 91-11-26717983 9899933960Assistant Estate Manager Ext. 7305

Accommodation 91-11-26146656 9810890685IDSA Guest House Intercom: 9000Shri Nirdosh Tirkey

Documents

Co - idsa.indisrupt business operations or it may cause severe outages, 10 ... enticing impressionable youth to follow extremist ideologies. Cyberspace has become an intricate constituent