RD Interview: With the U.S. Army getting ready to release a new strategy for cyberspace in November 2015 and Russia working on its own information security strategy, Russia Direct talked to a leading cybersecurity expert to spot new cyber trends.
Navy Rear Admiral William E. Leigher, one of the nation's top military experts on cyber security, is reflected in a computer screen displaying a numerical code, while posing Thursday, November 7, 2013, in Portland, Maine. Photo: AP
In recent years, information and cyber security issues have become an important and integral part of the national security of many states. With the information revolution and global spread of the Internet, issues of information and cyber security are attracting more and more attention. Moreover, as the events of the Arab Spring demonstrated, cyberspace should not be underestimated as a tool in forming and manipulating public opinion.
With the U.S. Army getting ready to release a new strategy for cyberspace in November and Russia working on its own information security strategy, Russia Direct talked to Pavel Sharikov of the Institute for U.S. and Canadian Studies at the Russian Academy of Sciences, whose research focuses on cyber security and international security issues.
In the interview below, Sharikov discusses key ideas from his recently published book, “Issues of Information Security in the Polycentric World,” which analyzes the main global challenges and threats in the field of information security.
Russia Direct: Your book “Issues of Information Security in the Polycentric World” was just published. Of course, you discuss systemic changes in global affairs and highlight the special impact that the information revolution has had on it. How in particular does it affect the transformation of the international system?
Pavel Sharikov: Well, let me start from a historical background. We are talking about the new system of international relations that has been forming since 1991, ever since the collapse of the Soviet Union. It signified not only the end of the Cold War era and Cold War system of international relations but also the victory of democratic and liberal ideas over communism. We saw that more and more countries chose a democratic path.
And it is very interesting that historically these two phenomena– formation of a new international relations system and the global spread of the Internet– coincided in one time period. So, the Internet is an inherent feature of international relations, it is a global enabler that allows different actors, both state and non-state actors, to develop economic growth, to pursue political interests internationally. My book basically addresses the issues how the Internet, cyberspace and information security are developing in this new system of international relations.
RD: How would you distinguish between cyber security and information security. Is one part of the other or are they different or even mutually exclusive?
P.S.: I think they are very much interdependent and this is more a question of national linguistic terminology because information security is a term that is mostly used in Russia. We still have our doctrine of information security signed by then Prime Minister Putin in 2000 and that doctrine did not have the word “Internet” in the text.
In the U.S. everything is vice versa. They rarely use the term “information security” – they use the term “cyber security,” which refers more to technical security and the safety of information infrastructures. So when this term appeared in American scholarly research a few decades ago, no one could ever have thought that the Internet would be such an effective tool for shaping the minds of people. So, right now these two terms are similar but distinct, and I tend to refer to “the problems of information security” rather than “the problems of cyber security,” but still this is a discussion that is going on.
RD: Since we are already in the third decade of the new world system, what are the main cyber trends in the contemporary world and what impact do they have on states’ behavior and their policies?
P.S.: It is very hard to answer this question briefly. So, the Internet has become an inherent feature of everyday life of every person around the world. The more developed a country is, the more it is economically prosperous, the more people use the Internet. I think there is very specific interdependence between these two things.
People start using the Internet all the time because of cell phones, because of mobile technologies. A very interesting phenomenon is the social network. The statistics I quote in my book demonstrate that more and more people in different countries use social networks. But what is more important is that governments are starting to use social networks for all kinds of different purposes.
Unfortunately, the thing I failed to mention in my book because it happened after it was finished pertains to elections. During elections, the candidates try to reach out to every voter and there is no better way to do that than using the Internet and social networks, especially Facebook. And I am not talking only exclusively about the U.S., the same thing is happening in Russia. We see how during regional elections some candidates use the Internet for fundraising, for crowd-funding and basically informing people about their political program and plans.
Another very important trend is the fact that a lot of states are developing cyber units in their military forces. Russia, China, and U.S. are reported to wage destructive cyber attacks against each other. This is very dangerous because such technologies are very destructive, they can destroy national infrastructures and, thus, end up influencing the lives of thousands of people. However, there is no international agreement or internationally agreed approaches to dealing with such threats.
What is more dangerous that not only states possess these cyber weapons but also non-state actors, such as terrorist networks, transnational corporations, NGOs, etc. Basically the Internet allows anyone to join digitally and to be some sort of force or power that could have a significant impact on states’ policies.
So, basically, I think these are the most urgent trends, although there are many others of course.
RD: What could be done to minimize threats to information security?
P.S.: Of course we are taking here about international law and some sort of agreements. In my book I consider a lot of approaches that different organizations and states suggest to use in order to address these kinds of issues.
Basically, what is needed is a universal approach that would state that the interests of different stakeholders are taken into account, including state and non-state actors. There appears to be some sort of a new conflict. I think a very dangerous thing, what a lot of experts are talking about, is a hybrid war. Nobody knows what it is; however such definitions already appear in official American national security documents, in some Russian documents as well, I think.
The fact that nobody knows what it is does not allow people, nations and states to address such issues and to minimize the effect and the threat.
I think diplomacy is the only answer here: some sort of international agreement that would take into account the interests of different stakeholders. There is such thing as Internet governance and such organizations like ICANN (The Internet Corporation for Assigned Names and Numbers).
Also we see that Russia and the U.S. are the two countries that disagree the most about the very idea of how to govern the Internet. This controversy appeared long before the Ukrainian crisis of course, but because of the fact that Russian-American relations are at their worst since the end of the Cold War, this is yet another problem in U.S.-Russia relations.
RD: Is information warfare a reality? If it is, what are the most important weapons in this new kind of information war?
P.S.: First of all, information warfare is a term that is widely used but very much antagonizes experts like myself. There is such thing as war, which we know for thousands of years, but basically, there is no such thing as information war. There is such a thing as an information operation when a state or whoever wages an information attack using technological or information tools against the population, technologies or infrastructure of an enemy. But it goes along with other hostile activities with traditional weapons: guns, tanks, aviation, etc.
So, information attacks or operations are already reality. Hybrid war, I think, is something slightly different, it includes information operations but it’s not only the information operations that hybrid war is about.
Again we are coming here to the question of information security and cyber security. As for cyber security, the main weapons that are used are different software tools to attack the technologies – something that we have seen with the Israeli STUXNET virus attacks on Iranian nuclear facilities a few years ago. Another thing is the field of privacy when the personal data of people or organizations is violated and used against them. These are not all but the major cyber security concerns.
As for information security, it lies in the field of having an impact on peoples’ minds. Basically it is propaganda which existed in both the Soviet Union and the U.S. during the Cold War but for some reason the experts do not use the term propaganda very often, though I think it is evident that what’s going on is basically propaganda. So, I would say that there are a lot of tools used by Americans, Europeans, Ukrainians and Russians to have an impact, to divide people and to convince people of something. I am afraid we have the result of that if we look at the way people have started to think in Russia about the U.S. – the attitude has worsened very much. I think this could lead us to a new Cold War, which could much more unpredictable, dangerous and unwanted.
RD: How do you see propaganda as a tool in such information warfare?
P.S.: Firstly, I can agree that propaganda is a tool in hostile activities that are being conducted by both Russia and U.S. against each other. But the most difficult thing in solving this issue is the absence of an international agreement: there are no international tools to prevent propaganda or false information and its impact on people’s minds.
I was thinking about some sort of international information security regime that would make all kinds of media entities take responsibility for information they provide. Such laws or norms exist in national regulations but they do not exist internationally.
For example, when in 2008 CNN showed how the Russian Army allegedly “invaded” Georgia, the impact was immense, it was huge. And nobody cared that a few days later CNN admitted that the information it spread was actually false. The effect of accusing Russia had been achieved and today we partly face the consequences of those actions.
I might be mistaken but recently I noticed a lot of times when some information appears and later, like half an hour later, it is cancelled and someone says that nothing like that actually happened. But nobody really cares when this information is cancelled. The effect that this information achieves is what these entities actually want people to think.
RD: What are the most urgent issues and challenges of contemporary information society?
P.S.: My observation is that the more democratic government is, the more widely the Internet is used by people in a country. Conversely, the more authoritarian a regime is, the more it tries to limit the use of the Internet by the population.
So basically what we saw during the “Arab Spring” when the social protests burst out, the governments tried to shut down the Internet immediately so that people would not be able to communicate and plan their actions.
There is very certain dependence between democratic governments and free use of the Internet and authoritarian governments and a lot of limits on using it. I would say that, the more government tries to limit the use of the Internet by its people, the less secure the population of a country is. This conclusion probably looks very strange, but I am pretty sure about that.
RD: Cyber security is a crucial part of information security, broadly speaking. Currently the U.S. actively discusses possible sanctions against countries that allegedly conduct cyber attacks. Do you see it as a new trend in international politics?
P.S.: I think, years from now, experts will think about how effective the very idea of sanctions is. So far it is really hard to say.
I think the problem between China and the U.S. in cyber space is not new. I remember in either 2010 or 2011 – there was probably the most fascinating theoretical question that I also address in my book – when Google shut down their office in China because the Chinese government imposed so many regulations and wanted them to abide by some very “weird” laws.
At that time, there was a very interesting theoretical international studies problem when a non-state actor, Google, was engaged in a conflict with a state, China. Later it appeared that this type of conflict is not unique and there were other conflicts between state and non-state actors.
Unlike the Cold War era, when basically all conflicts were somehow related to Soviet-American relations, in the multipolar world, there are a lot of different centers of power.
There is another theoretical problem between China and the U.S. in this field – the problem of cyber deterrence. A lot of studies have been conducted comparing nuclear deterrence with cyber deterrence and they concluded that cyber cannot be a deterrent. You cannot deter a conflict with cyber weapons or with a threat of using a cyber weapon. This fact makes the new conflicts more unpredictable, more dangerous, and more exciting to study.
RD: How is Russia positioned in terms of cyber security?
P.S.: I know that Russia’s military cyber capabilities are very much secret and there are very few pieces of information that appear in the open media. Russia is reported to have such cyber units and these units are reportedly engaged in cyber defense and probably some cyber offense operations. I think if some state or actor, let’s say the U.S., would have a goal to somehow destroy Russian cyber capability they would have already done that and we would witness an action like that. So far I think everything is pretty good and the fact that this interview will be on the Internet proves that Russia is pretty much safe.