To
an extent Chinese state media revealed some of the PLA's cyber warfare
capabilities. Its unlikely the cyber warriors depicted above would regularly
wear their helmets to work. China may have the 2nd to 4th largest
cyber warfare capability in the world.
--
In pursuit of Australia by
the Indian Ocean’s (a non-profit nor
revenue, educational site’s) interest in non-“Five Eyes” sigint-cyber
issues the following is of interest.
On April 15, 2014, ASPI’s International Cyber
Policy Centre released its inaugural Cyber Maturity in the Asia-Pacific Region 2014 report (PDF). To
read the complete ASPI Report see https://www.aspi.org.au/publications/cyber-maturity-in-the-asia-pacific-region-2014/ASPI_cyber_maturity_2014.pdf
This Report analyses the ‘cyber maturity’ of some countries in the Asia–Pacific region. Cyber
indicators cover whole-of-government policy and legislative structures, military organisation, business and
digital economic strength and levels of cyber social awareness. The research
base underpinning each of these indicator groups has collated exclusively from
information in the public domain and as such this report’s conclusions are
based solely on open-source material.
Page
9 of the report explains: “Military uses of cyberspace, particularly national capabilities, are a
sensitive topic for all regional states, and this area requires careful consideration
before engagement is sought or agreed to. What is the military’s role in
cyberspace, cyber policy and cybersecurity?
Under
the section What is the military’s role in cyberspace, cyber policy and
cybersecurity? for each country area the Report’s descriptions are as follows:
(page
19) Cambodia
While
it appears that the Cambodian Armed Forces have at least a superficial
involvement with cyber policy and security, the extent and detail of that
involvement remain unclear in open-source material. Regardless of the
level of defence force involvement, it’s understood that Cambodia has a
‘very limited’ capability to defend against cyberattacks.
(page
22) China
Open-source
reporting indicates that the PLA has several bureaus that actively conduct
cyber-espionage operations. The PLA has also published several doctrinal
information and development articles and monographs on information warfare and
the role of cyber capabilities in military operations. China’s score is reduced
by the apparent lack of coordination of these activities within the PLA.
[For a long Australia by the Indian Ocean article concerning China's sigint-cyber capabilities see New US Paper on China's Defence Sigint and Infosec Service (aka PLA GSD Third Department), July 16, 2012 at http://gentleseas.blogspot.com.au/2011/11/new-us-paper-on-chinas-defence-sigint.html ]
(page
22) India
The
Indian military is aware of cyber threats and has established several organs to
address them, including Defence CERT, the Army Cyber Security Establishment,
the Defence Information Warfare Agency, the Cyber Security Laboratory and the
Military College of Telecommunication Engineering. The establishment of a Cyber
Command has also been announced, although it’s unclear whether this has been
implemented. India’s score reflects the Indian Defence Force’s awareness of cyber threats,
but also its slow implementation and a lack of stated policy direction for
military cyber capabilities.
(page
28) Indonesia
The
Indonesian Defence Minister has announced the planned establishment of the
Cyber Defence Operations Centre to coordinate national cybersecurity efforts, including
service-specific work by the Indonesian military on cybersecurity. The centre is
also slated to draft a national doctrine on cybersecurity and conduct
implementation strategies across defence and other departments. The creation of
a dedicated ‘cyber army’ has also been proposed. The Defence Minister explained
that the force would consist of elite membership embedded in the various
branches of the Indonesian military to protect domestic networks against
cyberattack. It’s unclear what progress has been made on this initiative. This
announcement shows that there’s awareness of cyber threats in the Indonesian
military, but the response is unclear.
(page
31) Japan
The
recent Japanese National Security Strategy clearly outlines Japan’s interests
in cyberspace, including means to address current limitations in Japanese cyber
capabilities. The Japan Self-Defense Force (JSDF) Command, Control,
Communications and Computer Systems Command is charged with the development of
national cyberdefence capabilities. Under the command, the JSDF established a
Cyber Defense Unit. The defence force is seen to have the necessary structures
in place for cyber operations. The JSDF is working to improve its capability,
especially through cooperation with the US, but a shortage of qualified personnel,
an inability to respond to attacks, weak capabilities and problems in information
sharing within the force remain areas of concern.
(page
34) Malaysia
Reports
indicate that the Malaysian Armed Forces have begun to develop capabilities to
protect national assets, including from cyber threats, and the Malaysian
Defence Minister has publicly supported the development of an ASEAN master plan
for Southeast Asia’s cybersecurity. Malaysia’s score reflects an awareness of cyber
risks within the armed forces, but is reduced by the lack of clear policy direction
for the development of cyber capabilities.
(page
37) Myanmar-Burma
The Defence Services Computer Directorate, under
the Army Chief of Staff, encompasses network centric warfare, military-oriented
cyber capabilities and electronic warfare. The Army’s military strategy has
been expanded to include cyberwarfare as part of ‘people’s war under modern
conditions’. Military Affairs Security (formerly the Directorate of Defense Services
Intelligence) also possesses a cyber unit, but is more politically focused, carrying
out monitoring both domestically and internationally. There are suggestions
that the unit’s capability has grown exponentially in recent years with the
assistance of other countries in the region. Russia and China have provided training
to officers, and Singapore and China have both provided physical infrastructure
support.
(page
40) North Korea
The
North Korean military is believed to have highly developed cyber capabilities
and a well-organised and extensive education and research program to support
future operations. Unit 121 is believed to be its primary offensive cyber force; personnel estimates range from 300 to
3,000 people. It’s believed that North Korea’s military has successfully infiltrated South Korean government and private sector systems, but
there’s little understanding of the military’s defensive capabilities.
(page
43) PNG
Despite
recent attempts to bolster the strength of the PNG Defence Force, which has
limited capabilities and resources, cyber issues have traditionally not been a
priority for the country. The 2013 Defence White Paper made reference to
establishing a defensive ‘Cyber Cell’ to protect a yet to be developed
‘Integrated ICT Network’, but outlined no timelines or implementation
strategies. Clear evidence of military cyber policy and capacity in cyber
operations remains limited.
(page
46) Philippines
The
Armed Forces of the Philippines have created a Security Operation Center with a
primarily defensive role, protecting military systems. However, a higher score
wasn’t given because it’s unclear to what extent the centre has been
implemented.
(page
49) Singapore
The
Singaporean Armed Forces have established a Cyber Defence Operations Hub, aimed
at protecting domestic military networks. This indicates that there’s an
awareness of cyber risks and that work is underway to address them. Singapore’s
score would be higher if there were a publicly available Singaporean Armed Forces
strategy or policy on how the armed forces will engage with cyber threats.
(page
52) South Korea
South
Korea has a capable military cyber capacity. The Defense Information Warfare
Response Center of the Defense Security Command protects military networks,
while the Cyber Command unit handles wider online security. South Korea has both defensive and offensive capabilities and in February 2014 announced its intention to develop offensive cyber capabilities specifically to target North Korea’s nuclear program.
However, recent allegations of military cyber unit interference in national elections
reduce the country’s score for this indicator. A new Cyber Defence Department,
set to be launched in May 2014, aims to halt these domestic interference
issues. The new command is to be established under the Joint Chiefs of Staff, with responsibility for all cyberwarfare missions.
It will also include an oversight committee and a whistleblower program.
(page
55) Thailand
The
Thai military currently has limited capability and authority on cyber issues,
but its leadership has expressed an interest in developing legislation to
legalise the operation of a cyber army. Thailand hosted the 2013 USPACOM Cyber
Endeavour program, which focused on communications and IT interoperability."
To
read the complete ASPI Report see https://www.aspi.org.au/publications/cyber-maturity-in-the-asia-pacific-region-2014/ASPI_cyber_maturity_2014.pdf
Pete
No comments:
Post a Comment