Transcript Исследовательская работа на тему Междун
Oleg Demidov, Program Director, PIR Center GCSP SPAS, Geneva, 28.11.2014
GCSP SPAS, Geneva, 28.11.2014
GCSP SPAS, Geneva, 28.11.2014
Doctrinal level of national strategy: on the way towards integration
Milestone laws and initiatives Council of Federation: Concept of Russia’s Cybersecurity Strategy from 10.01.2014
Unclear aims
issues
Avoiding defense and strategic Digital sovereignty idea President’s Decree з №31с from 15.01.2013 : FSB in charge of a nation-wide governmental resources protection system MOD:
Increase in activities: from 2008 to 2012 2012 г.: Conceptual views on the activities of Armed Forces in the Information Space
2014 г. – establishment of the Russian Cyber Command launched
Competition with special services
Integrated cyber strategy
GCSP SPAS, Geneva, 28.11.2014
Doctrinal basis 1. Foundations of the State Policy in the Field of International Information Security to 2020 (adopted in August 2013)
Puts in place comprehensive multilayered agenda for foreign policy goals
Provides systemic vision of formats and frameworks of international cooperation to be developed 1. Information Security Doctrine of 2000
Still regarded as a basic doctrinal document Requires modernization and does not meet up-to date agenda
Generalist vision of the IS issues
Concept and Terminology behind Russia’s Approach
GCSP SPAS, Geneva, 28.11.2014
USA: Cyberspace A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processes and controllers U.S. Department of Defense (latest edition 2012) Inf. space Russia, SCO: Information Space Information space - the sphere of activity connected with the formation, creation, conversion, transfer, use, and storage of information and which has an effect on individual and social consciousness, the information infrastructure, and information itself.
Convention on International Information Security (concept); SCO Yekaterinburg Agreement June 16, 2009 Germany: Cyberspace The virtual space of all IT systems linked at data level on a global scale. The basis for cyberspace is the Internet as a universal and publicly accessible connection and transport network which can be complemented and further expanded by any number of additional data networks. IT systems in an isolated virtual space are not part of cyberspace.
Cyber Security Strategy for Germany, 2011 Cyber Space Russia – U.S. Bilateral on Cybersecurity. Critical Terminology Foundations. East West Institute, 2011 An electronic domain through which information is created, transmitted, received, stored, processed and deleted U.S-Russian Study Group: Cyberspace
History of the CBMs: From Failed Consensus to a New Terminology
The Joint Statement of June 23, 2011 called to implementation of the steps of practical bilateral cooperation by the beginning of 2012. That required some sort of a formal agreement.
The draft agreements on bilateral CBMs in cyberspace were prepared for the meeting of President Putin and President Obama on June 18, 2012 on the margins of the G20 Summit in Los Cabos, Mexico.
GCSP SPAS, Geneva, 28.11.2014
However, the two sides failed to agree on the final text before the meeting of their Presidents.
The reason was ONE TERM: “ cyber security ” in the U.S. version VS “ international information security ” in the Russian draft text. Then another option was suggested as consensus terminology: “CBMs in the field of security of ICTs”. This failed too, as the Russian side proposed another wording: “CBMs in the field of security in the use of ICTs”. As a result, the agreements were not signed, and the Joint Statement of the U.S. and Russian Presidents from June 18, 2012 doesn’t mention cyber issues at all. THERE’S A LONG-STANDING CONCEPTUAL GAP BEHIND TERMINOLOGICAL DISPUTE!
The Triad of Threats and the “Fourth Pillar”
GCSP SPAS, Geneva, 28.11.2014
Russia: the Triad of threats in the information space After the Arab Spring of 2011 a new element added: “ …
Elements are interrelated and inseparable Strong emphasis on content-related issues
information systems’ security and protection
Never limited to technical issues of the Doesn’t reserve any special segment or niche for cybersecurity as a separate topic
The concept of the Triad (without the 4 th element) was formulated in the UN GA Resolution A/RES/54/49 on December 1, 1998 ( adopted under Russia’s initiative) = Russia seeks global recognition for this model
“Prisma” terminals
(installed in 2012 ) Tracking and analyzing discussions in social media, LiveJournal, Twitter, YouTube, etc. Identification of threads on hot social issues (commodity services, corruption, government, salaries, medical services, etc.), and also on terrorism, extremism, social protests, etc.
Processing up to 60 mln resources in 24/7 regime
Perspectives:
adaptation for global scale
GCSP SPAS, Geneva, 28.11.2014
Russia and post-soviet states:
Mounting priority of threats to social and political stability from the Internet and social media after the Arab spring of 2011 Elaboration of common approaches and joint activities with the states of CIS and CSTO (document of the CSTO summit of 2011) Russia: shift to proactive strategy in 2014 against the backdrop of the Crimea crisis
Weak spots:
Deficit of highly advanced social engineering tools and other technological solutions Lack of positive cooperation with foreign social media businesses and projects
Authors 1. Russia Proposals
Russia’s Initiatives for Cyber Governance: Legally Binding Mechanisms
Proposals of international legally binding acts GCSP SPAS, Geneva, 28.11.2014
1. Convention on International Information Security (concept)
Presented on 11.2011 (Conference on Cyberspace) Global scale as a UN act Comprehensive nature (the triad of threats + the issues of cyber sovereignty) 2. Project of a universal UN Convention on international cybercrime (to be presented)
To provide new level of cooperation and to avoid the flaws of the Budapest Convention of CoE
Embraces only criminal segment of the Triad of threats 3. Project of a UN Document on International Cooperation in the Field of Critical Information Infrastructure Protection (to be presented) 2. SCO and its separate states 1. The agreement of SCO on cooperation in the field ofinternational information security signed on June 16, 2009
Laid terminological foundation in the field of IIS
First legally binding international document
No any particular mechanism of intergovernmental cooperation on countering cyberthreats
GCSP SPAS, Geneva, 28.11.2014
GCSP SPAS, Geneva, 28.11.2014
GCSP SPAS, Geneva, 28.11.2014
–
GCSP SPAS, Geneva, 28.11.2014
Perspective Vision of Russia’s National Cyber Strategy
GCSP SPAS, Geneva, 28.11.2014
1. The part and role of content related issues 2. Terminology and paradigm 3. Defensive vs offensive Issues and threats in scope 1.
Multistakeholder or State-dominated 2. Central coordinating body?
3. Oversight mechanism Stakeholders and bodies in charge 1. Major focus: protection of infrastructure or social stability?
2. Digital sovereignty vs global positive interdependency Aims and principles 3. Threats vs opportunities balance Implementation mechanism 1. Openness vs secrecy 2. Measurable aims and time horizons 3. Harmonization with national legislation and international norms
Information on PIR Center program “International Information Security and Global Internet Governance” net.pircenter.org
Contacts (Oleg Demidov) [email protected]
GCSP SPAS, Geneva, 28.11.2014