Embed Size (px)
Citation preview
2 Volume 13 / 14 – January / February 2017
EXECUTIVE SUMMARY
: Brazil, Cyber Attack, Cyber Command, Cyber Espionage, Cyber Intelligence, Cyber
Terrorism, Cyber Warfare, Deterrence, Ideological Radicalization, ISIS, Islamic State, Italy, Italian
Report on Security Intelligence Policy, Propaganda, Secret Services, Strategy, Terrorism.
As every year, at the end of the month of February the
presented to the Parliament the
(Relazione sulla politica dell’informazione per la sicurezza). The Report focuses on the main
issues dealt with by the Italian Security Intelligence Department.
Namely, the attachment to the Report named National Security Document (Documento di
Sicurezza Nazionale) is totally focused on the with
a view to national security and on the role played by the Italian Security Intelligence so as to
safeguard and strengthen Italian cyber capabilities.
As per the Report, also in 2016 monitoring cyber threats highlighted a
.
, on the one hand, an organic, farsighted
agenda, targeted to the creation of , and this is also due to
the absence of basic regulations (i.e. a definition of “national security”, to inevitably include
most of the cybersecurity related issues).
On the other hand, instead, it is clear that the Italian Government needs to
(i.e. simple
crisis management, adoption of preventative measures against computer attacks and limit of
any damages thereof),
.
Instead, the focus section of this volume is dedicated to
.
Indeed, just hindering or completely and indiscriminately denying access to those websites
whose “service” to the community consists of providing propaganda and ideological radicalism,
by filtering or even shutting down such virtual spaces, cannot but damage the effectiveness
itself of any investigations carried out until then.
3 Volume 13 / 14 – January / February 2017
The following strategic guidelines can :
1. Analyze and figure out the peculiarities of the threat and the goal ISIS intends to fulfill through
the Internet, as well as the characteristics of its militants.
2. Start procedures aimed at deterring ISIS militants.
3. Conduct counter-propaganda and promotion of positive messages through the Internet.
4. Increase Internet Service providers (ISPs) and users’ awareness and sensitivity levels towards
such issues.
5. Carry out more and more dedicated diplomatic missions with allied countries in order to prevent
and contrast ISIS propaganda and ideological radicalization on the Internet.
6. Cut the funds fuelling ISIS terrorist activities.
Lastly, talking about cyber warfare activities, the Brazilian government has officially approved
the creation of its first .
Although Brazil’s strategic priorities in a view to national security are almost totally
, it is a long time since the Brazilian Government has seen in
.
Anticipated in October 2014, but officially approved by the Government of President Temer
only at the beginning of 2017, the first Brazilian (Comando de Defesa
Cibernética o ComDCiber) will include the Team of the Command for Cyber Security and will
be positioned within the Science & Technology Department of the Army. The Cyber Command
will supervise, coordinate and lead the whole Brazilian cyber defence, with regard to technical
as well as regulatory matters.
An alphabetic list follows of the main cybersecurity related news and events of the last
months about strategy and policies.
4 Volume 13 / 14 – January / February 2017
BRAZIL
Although Brazil’s strategic priorities in a view to national security are almost totally focused
on domestic and borders control, it is a long time since the Brazilian Government has seen in
cybersecurity one of the pillars of its strategy.
Back in 2008, in fact, the Defence National Strategy had already identified cybersecurity as one
of the three pillars to base the development of Brazilian Armed Forces capabilities on, together
with nuclear and space issues. Besides, according to the Brazilian Minister of Defence’s Decree
No. 14 of 2009, the Brazilian Army is in charge of cybersecurity.
In order to safeguard as efficiently as possible the military and civil networks falling under its
jurisdiction, in 2011 the Brazilian Army also established the first Centre for Cyber Defence
(Centro de Defesa Cibernética or CDCiber), subdivided into five operational areas, namely,
Doctrine, Operations, Intelligence, Science & Technology, and Human Resources Training.
Then, the 2012 Defence White Paper still considered cyber defence as one of the main strategic
pillars for Brazialian Armed Forces, widening and deepening the scope of any activities and
responsibilities in this field, headed by the Army.
This led – in July 2015 – to the creation, within the Centre for Cyber Defence, of a Team of the
Command for Cyber Security (Núcleo do Comando de Defesa Cibernética or NuComDCiber),
for the first time aimed at centralizing under the same jurisdiction all the skills and
competencies on cybersecurity that the several Armed Forces had developed over the years.
Nowadays, such “path” is about to result into the creation of a Command for Cyber Defence
(Comando de Defesa Cibernética or ComDCiber). Anticipated in October 2014, but officially
approved by the Government of President Temer only at the beginning of 2017, the Command
for Cyber Defence, which shall include the Team of the Command for Cyber Security and shall
be positioned within the Science & Technology Department of the Army, shall finally supervise,
coordinate and lead the whole Brazilian cyber defence, with regard to technical as well as
regulatory matters.
To conclude, although the economic crisis Brazil has been constantly hit by for a long time
has undoubtedly slowed down such process, the effort is quite praiseworthy to try and establish
in the shortest time possible a Cyber Command to include and centralize cybersecurity
capabilities developed over the years by the several Armed Forces.
It is indeed desirable that the Government led by President Temer shortly widens such outlook,
following in the path of the main international powers, more and more quickly moving toward
the centralization of both defensive and offensive capabilities and competences related to
5 Volume 13 / 14 – January / February 2017
cyber intelligence and cyber warfare under a single and shorter chain of command. This – it
seems clear – not only to optimize the constantly growing economic investments, but especially
to enhance operational efficiency and effectiveness of the organizations active in and through
the cyberspace, making them more streamlined and responsive.
ITALY
As every year, at the end of the month of February the Italian Security Intelligence
Department presented to the Parliament the 2016 Italian Report on Security Intelligence Policy
(Relazione sulla politica dell’informazione per la sicurezza).
The Report focuses on the main issues dealt with by the Italian Security Intelligence
Department: from jihadi terrorism (and its diffusion in Italy and Europe) to the wave of
migration toward the Schengen area; from economic and financial threats to intelligence and
criminal attacks, both “traditional” and conducted in and through the cyberspace.
Namely, the attachment to the Report named National Security Document (Documento di
Sicurezza Nazionale) is totally focused on the analysis of the state of cyber threats in Italy with
a view to national security and on the role played by the Italian Security Intelligence so as to
safeguard and strengthen Italian cyber capabilities.
As per the Report, also in 2016 monitoring cyber threats highlighted a constant trend in
terms of sophistication, pervasiveness and persistence, while the level of security support
strengthening and awareness on specific risks was not always appropriate.
Italian intelligence, in fact, have noticed constant diversification of targets, methods of
implementation and goals of the attacks, according to the type of threat: starting from the
most relevant threats for Italian critical and strategic assets related to cyber crimes, cyber
espionage and military operations in and through the cyberspace, to terrorist and hacktivist
threats – more stable in their conduct and goals.
As regards cyber attacks conducted against the information systems of Italian Public
Administration, the number of attacks against central Administrations (87% of total attacks)
prevails over those against local Public Administrations (13% of total attacks), even if these latter
have hugely increased if compared to 2015. Such data are due to an increase of mere
propaganda and demonstrations carried out by Islamic groups and hacktivists, while central
Administrations information systems are still threatened by cyber espionage – which is a much
more concrete and relevant threat.
6 Volume 13 / 14 – January / February 2017
Interesting news can also be found when it comes to private entities, as well. Hence, even
though in 2015 especially companies active in the fields of defence, telecommunication,
aerospace and energy proved to be preferred targets of cyber attacks, statistics about 2016
data within the Report say that banks are on top of the list (+ 17% of attacks and +14% if
compared to 2015), followed by press agencies and newspapers, which – together with
industrial associations – count each as 11% of the total. Besides, together with pharmacy, these
latter represent an interesting new entry with respect to the previous year, equaling more
predictable sectors such as defence, energy and aerospace (each accounting for 5% of the total
number of attacks). In addition, of these last categories a 2% increase – compared to 2015 –
has been reported only in the energy sector, while attacks in defence and aerospace have
decreased respectively by 13% and 7%.
Official Statistics on Private Entities Involved in Cyber Attacks
Hence, generally speaking, leaving out defence and aerospace, the Report by the Italian
Security Intelligence Department shows that threats are constantly percent growing in virtually
every field considered relevant.
In this regard, much concern should be raised about the constantly rising increase in the trend
of cyber espionage conducted by state actors or third parties sponsored by a state, more and
more focused on leaking relevant information from information systems of central and local
Public Administrations. Moreover, the tendency to strictly link cyber criminals’ economic
interests to those of common players should also be alarming, especially in light of these latter’s
ever increasing interest to jeopardize competitiveness of their competitors by stealing
7 Volume 13 / 14 – January / February 2017
industrial, business or corporate know-how, or stopping production – if possible – by means
of cyber attacks or by publicly prejudicing their online reputation.
Generally speaking, the 2016 Italian Report on the Security Intelligence Policy clearly defines
and identifies the trend in cybersecurity. The Report draws also attention to the first results of
the huge attempt made especially by the Italian intelligence to comply with Italian cybersecurity
regulations, as per Prime Minister’s Decree dated January 2013 and subsequent national cyber
strategy.
Nonetheless, some considerations seem to be due, especially upon entering into force of
the new cybersecurity strategic approach by the Italian Government, namely the National
Program for Cybersecurity (Programma Nazionale per la Cyber Security), recently approved by
the Italian Interministerial Committee for the Security of the Republic (Comitato
Interministeriale per la Sicurezza della Repubblica – CISR).
In fact, what still seems to be lacking in the Italian debate is, on the one hand, an organic,
farsighted agenda, targeted to the creation of a real national cybersecurity policy, and this is
also due to the absence of basic regulations (i.e. a definition of “national security”, to inevitably
include most of the cybersecurity related issues).
On the other hand, instead, it is clear that the Italian Government needs to modify its strategic
approach toward cybersecurity at soonest, switching from a merely defensive one (i.e. simple
crisis management, adoption of preventative measures against computer attacks and limit of
any damages thereof), to a proactive approach, that might help foresee and anticipate trends
and future changes in the field, so as to plan in due course any proper action and strategy to
be taken.
TERRORISM – FOCUS ON AN HOLISTIC STRATEGY TO
CONTRAST ISIS PROPAGANDA AND IDEOLOGICAL
RADICALISM THROUGH THE INTERNET
The tragic succession of terrorist events hitting Europe in the last years and still openly
threatening Europe stability has led to a mostly shared reaction by member States toward the
intensification of measures to contrast terrorism, both within the territory of each single State
and on the Internet.
8 Volume 13 / 14 – January / February 2017
Yet, the first thing to be stressed is that no real terrorist attacks against information systems of
national strategic relevance have been carried out so far, and actually ISIS online activities have
always been exclusively confined to propaganda, proselytism, radicalization, first stage of
recruitment and training, fund raising and operational planning of future terrorist actions.
In fact, despite the media depict ISIS as capable of conducting significant cyber attacks, such
as attacks to critical national infrastructures or capable of autonomously manufacturing cyber
weapons, as a matter of fact this terrorist organization has not yet raised the bar at all.
Even in case terrorist attacks have actually been carried out, their threat level has never
exceeded the threshold of the so-called merely disturbing activities. In fact, all the computer
attacks detected and ascribable to ISIS fall under the categories of mere Distributed Denials of
Service (moreover, accomplished by means of very simple tools such as the recent software
Caliphate Cannon), defacement of websites or social network accounts of several governmental
agencies, or at most leakage and disclosure of personal data of governmental, military or public
security personnel.
As already analyzed in February 2016 issue of Cyber Strategy and Policy Brief, what ISIS is
more focused on, instead, is finding the most secure methods and means of communications
possible.
It is in fact by using the Internet as a crucial means to recruit new supporters that in some cases
some ISIS members have been identified, geolocated, and even killed, due to the high levels
of exposure on the net.
Nonetheless, although propaganda and then the media describe ISIS as capable of developing
software completely securing communications among the members of the terrorist group – as
in the recent case with the mobile app called Alrawi – there is actually no trace on the Internet
of such software nor of the Alrawi app. On the contrary, all the information available in the field
of secure communications leads to believe that the popular and common mobile apps
Conversation, Signal, Telegram and Threema are also used by ISIS. All the rest is merely
propaganda.
Notwithstanding, policymakers around the world have always reacted to terrorist attacks
exclusively by granting broader and more effective powers to their administrations, so that they
can restrict access to websites visited by ISIS militants to carry out the above-mentioned
activities.
The only goal is in fact to conduct stricter controls of the Internet, and, if necessary, immediately
ban those websites identified as vehicles to spread terrorist ideology, recruit possible martyrs-
to-be or raise funds. It is easy to gather that all the above is especially due to the highly effective
and socially penetrating role played by ISIS propaganda through the Internet.
9 Volume 13 / 14 – January / February 2017
As things stand now, however, basing a repression strategy exclusively on this kind of
activities, just contrasting them in such a broad and complex environment as the Internet –
which moreover can offer simple and easy ways out to those under investigation – makes the
traditional investigative and repression methods look particularly “rudimentary”, expensive and
in many cases ineffective, if not marginally and for short periods of time.
Indeed, just hindering or completely and indiscriminately denying access to those websites
whose “service” to the community consists of providing propaganda and ideological radicalism,
by filtering or even shutting down such virtual spaces, cannot but damage the effectiveness
itself of any investigations carried out until then.
The result shall therefore be no other than having that website shut down – most of the times
without the authors of those illicit actions even being actually tracked and arrested. In addition,
that very website shut down will almost immediately be reopened somewhere else, maybe
duplicated at the same time in several areas of the Internet – so that the jihadist network no
longer loses continuity in the flow of information – while investigations shall start again from
scratch as if nothing had happened.
Conducting effective counter terrorism on the Internet means inevitably acting on more
levels, equally relevant and interlinked, always bearing in mind that such phenomenon is linked
to the “virtual” and “real” world as well. Hence – it must be specified, although it might seem
granted – any contrast attempt started on the Internet shall inevitably find its way and material
continuation also in the real world.
Based on the analysis carried out so far, the following strategic guidelines can outline a
correct approach to contrast such phenomena:
It is in fact undeniable that some of ISIS peculiarities greatly differ from those typical of other
guerrilla/warrior groups or well-known terrorist organizations. Inter alia, particular attention
must be paid to the fact that today most of those willing to become ISIS affiliates or militants
are not driven by the wish to embrace a radical Islamic ideology nor to safeguard shared
cultural origins, but are rather simply fascinated by captivating and appealing symbols and
stories learnt on the Internet.
Removing specific contents from a website, infiltrating special agents in online jihadist
networks, as well as immediately introducing – and making it public – criminal liability for
10 Volume 13 / 14 – January / February 2017
terrorism-related crimes (especially with regard to crimes of opinion such as incitement or
subversive propaganda) are undoubtedly the three main pillars to start from so as to set up
an effective deterrence strategy against ISIS militants. This, in order to stop promoting new
supporters, destabilize the jihadist network and the existing relationships of trust, as well as
stem online activities of its militants, who are mainly second-generation individuals, which is
European/Western citizens.
Given ISIS almost spectacular communication level on the Internet and the consequent very
high likelihood of impact such propaganda might have on some kinds of users, the appeal
of these messages should be reduced not only through real counter-propaganda (i.e. see
the videos uploaded online by the U.S. Government) but also by promoting positive
messages for those not included in the jihadist network or who intentionally dissociate from
it.
Given the material impossibility for Governments and their Police Forces to constantly and
effectively monitor cyberspace as a whole, the foundations must be laid at soonest of a
system based on self-regulation of the contents to be managed by the very Internet Service
Providers (ISP), to which some responsibilities with regard to cooperation and contrast in
this field shall be delegated.
In addition, the need to create also preconditions for the creation of a “bottom-up” self-
defence system is clear, a system to be based on end users of the Internet, raising their
awareness of the phenomenon, and providing them with simple and easy tools to report
any possible contents considered to be dangerous and/or inopportune.
A further and essential requirement is to raise awareness of the Governments of allied
countries towards this kind of threats, suggesting shared strategies and solutions. Such a
strategic element is essential as never before and in some cases becomes even a prerequisite
for any other activity, due to the global scope of the threat, that – by means of the so-called
“second-generation terrorists” – concerns all Western countries, as well as because of ISIS
well-grounded capabilities to attract more and more people on the Internet, or the
fundamental need to cooperate so as to help investigate and repress such phenomenon.
An effective yet surely complex move is to hit the bank accounts of ISIS leaders and their
financing subjects so as to drain them or in any case alter their capacity (currently estimated
at over 2 billion dollars). Moreover, such a move is inevitably based on solid international
11 Volume 13 / 14 – January / February 2017
cooperation relationships. Nonetheless, reducing even just a part of the funds available for
Islamic terrorists means inevitably reducing the main resource fuelling, promoting and
driving this kind of conflicts. Besides, this stratagem is not new at all in history (as shown by
the plans to remove first Milosevic in 1999, then Saddam Hussein in 2003, and finally
Gheddafi in 2011), and nowadays might be put into practice even just through targeted cyber
attacks.
To conclude, and as already mentioned, it needs to be always borne in mind that such
phenomenon is linked to the “virtual” and “real” world as well, that has always been the real
goal of propaganda and ideological radicalism through the Internet, as well as the next step to
be taken, ideally.
Therefore, the strategy outlined so far cannot but represent a small part of a much wider
strategic contrast concept, aimed at stemming, preventing and hitting ISIS militants’ actions on
the Internet, but also and especially within the territory of each single state and in the occupied
territories.
12 Volume 13 / 14 – January / February 2017
ABOUT THE AUTHOR
Stefano Mele is an attorney specialized in ICT Law, Privacy, Information Security and
Intelligence and works as ‘of Counsel’ at Carnelutti Law Firm, Milan. He holds a PhD from the
University of Foggia and cooperates with the Department of Legal Informatics at the Faculty of
Law of the University of Milan. Stefano is also the Founding Member and Partner of the Moire
Consulting Group and he is also the President of the “Cyber Security Working Group” of the
American Chamber of Commerce in Italy (AMCHAM). He is Director of the “InfoWarfare and
Emerging Technologies” Observatory of the Italian Institute of Strategic Studies ‘Niccolò
Machiavelli’ and member of the International Institute for Strategic Studies (IISS). Stefano is
also a lecturer for several universities and military research institutions of the NATO and the
Italian Ministry of Defence and has published a number of scientific works and articles about
cyber security, cyber intelligence, cyber terrorism and cyber warfare.
In 2014, his name appeared in the list of NATO Key Opinion Leaders for Cyberspace Security.
In 2014, the business magazine Forbes listed Stefano as one of the world’s best 20 Cyber Policy
Experts to follow online.
For more information: www.stefanomele.it
13 Volume 13 / 14 – January / February 2017
SEE ALSO THE PREVIOUS VOLUMES
Cyber Strategy & Policy Brief (Volume 06 – June 2016)
Keywords: Cyber Command, Cyber Intelligence, Cyber Warfare, Israel, Israel Defense Forces,
Italian Joint Command for Cyberspace Operations, Italian Joint C4 Command, Italy, NATO,
Strategy, Ukraine, Ukraine National Cybersecurity Coordination Centre.
Cyber Strategy & Policy Brief (Volume 07/08 – July/August 2016)
Keywords: Cyber Warfare, Rules of Engagement for Cyberspace, FBI, DHS, ODNI, United States.
Cyber Strategy & Policy Brief (Volume 09 – September 2016)
Keywords: Cyber Warfare, Department of Homeland Security (DHS), Elections, Electronic Voting
Systems, Espionage, Influence Activities, Information Warfare, International Law, Offensive
Cyberspace Operations, Office of the Director of National Intelligence (ODNI), Propaganda,
Russia, United Nations, United States.
Cyber Strategy & Policy Brief (Volume 10 – October 2016)
Keywords: Association of South-East Asian Nations (ASEAN), Critical Infrastructures, Cyber
Crime, Financial Sector, G7, National Security, Risk Analysis, Singapore, Strategy, Turkey, United
States.
Cyber Strategy & Policy Brief (Volume 11/12 – November/December 2016)
Keywords: China, Critical Infrastructures, Cyber Attack, Cyber Command, Cyber Security, Cyber
Strategy, Governance, India, Iran, Law, OPEC, Saudi Arabia.
