Speech made on the 2nd Annual Regional Collaboration in Cyber Security Conference, Bangkok Thailand, September 27-28, 2011
Andro Barnovi
Deputy Minister of Defence of Georgia,
Rector of National Defence Academy
In August of 2008 Russia waged war against Georgia and we faced two parallel campaigns during that war. Not only the tanks and aviation bombed Georgian cities and villages, but also Georgian web-sites and governmental servers were placed under the type of attack which very much resembles the one exercised by Mongols in history. This is the so called “swarming” principle, when a target is being attacked simultaneously from all possible directions by multiple aggressors who immediately disappear after the attack. Surely, this immediately reminds us terrorist tactics and this is certainly the case: technological progress and globalization of information sphere brought many positive, but also many difficult challenges which can be hardly mirrored in history but are well known today >>
These attacks significantly damaged the country that had already been dragged into war. First-hand effects of these attacks were less visible. E.g. some governmental web-sites were undermined and several information agencies had problems in spreading the information. Besides, media means which are always hunting for fresh information were receiving a mass of misinformation and consequently transmitting the news often very far from the reality. This apart, banking sector has also been targeted by intruders.
In practical terms, various state and private web-sites, including official web-sites of the President, the Parliament, Ministry of Defence and the Ministry of Foreign Affairs, National Bank, Foreign Embassies, TV Channels, Press, and those of popular forums were attacked. These assaults caused the distributed denial of service (so called DDoS), defacement and infection of above-mentioned sites.
It is worth mentioning also, that aggressors applied GSM technologies in close connection with HUMINT. During the first days of the war, i.e. in times when Georgians were effectively defending their positions and Russians found it difficult to receive additional backing through narrow gorges, when Russian aviation was not yet in play, certain individuals kept contacting people they knew and giving deceptive information about allegedly bombed Georgian cities and destroyed Georgian Forces. Other cases saw even the military servicemen deceived by phone calls on the battlefield. Later, there were cases with Russian secret agents directing their troops’ fire by simple GSM phones from within the theatre.
But the invaders targeted the side effects of these attacks and these effects were much more sensible. For instance, the real effect of blocking of governmental web-sites was to hinder the spread of official information, while damaging of Georgian informational resources should hamper the distribution of media information.
On the other hand, Russian blogs and information resources actively spread misinformation causing social legitimacy problems to government actions and sowing mistrust and panic in the population.
Cyber-attacks on Georgian banks had additional objective to ruin the sector, block financial transactions and exclude any kind of outside support to Georgia. But also, banking sector problems would cause additional panic in the population, entire economy would collapse and Georgia’s resistance capabilities would significantly weaken.
Government’s rapid actions decided that intruders reached only limited goals. Other information resources that were less accessible to hackers helped significantly to detain the threats and the role of television is hard to overestimate here.
However, Russian policy had direct or indirect effect on several Georgian TV channels. This, first of all applies to pro-opposition companies, which mostly could not be directed from Russia, though were happily spreading any kind of unverified information, distributed by Russian sources. Unfortunately, no efficient legal measures existed against these companies. The same true about few informational agencies positively treated by Russia.
Thus, the attacks were implemented consciously and deliberately, which means that the operation was obviously coordinated. Although, there certainly was specific operation plan, it still did not seem that Russians have been working on it for years, because, logically, the damage level of unprotected targets could have been much higher.
Despite abovementioned, it is also obvious that it would have been impossible to plan and implement cyber-war if Russians would not have “cyber-army” – the cell created for supporting government activities if necessary. According to the assumptions of our analysts Russians had access to several hacker networks, so called “botnets”, which were very easily and coordinately activated against specific targets in Georgia. Besides, an important role was played by information campaign implemented in Russia by Moscow, where independent hackers were called to undertake sporadic attacks against Georgia. Many hacktivists happily agreed, that made intruders more elusive.
Resulting effects could be summarized as follows:
- Sense of insecurity within the society;
- Mistrust to government;
- Panic caused by misinformation;
- Hindering government information policy;
- Direct economic damage;
- Disorder of communication systems;
- Weakened coordination within governmental agencies
- Disfunction of Command and Control system and subsequent direct physical damage;
- Decrease of legitimacy of the government activities inside the country and abroad.
It could be said that information war implemented by Russians brought significant informational, economic and physical damage to Georgian population and Government. This damage would be much harder if not rapid decisions, which sometimes were not popular and caused additional problems to retaining trust of the society.
In practical terms, several decisions were made, which seemed to have no alternatives. First of all, hosting of government resources was rapidly changed and their absolute majority was switched to the hosting promptly offered by partner nations.
Following decision was to block Russian resources. Moreover, several social networks and popular forums were blocked, because it was practically impossible to control misinformation. Russian TV channels were also blocked.
As for the banks, they have never stopped functioning, but they ceased online activities immediately after the first attack.
Of course, there were spheres absolutely impossible to struggle against. For instance, blocked Russian resources could be reached by proxy servers and despite our attempts to also block those servers, Russians dynamically renewed them and information was rapidly spreading in an interested population.
Considering natural interest of the society to any kind of information, no Georgian resources were blocked despite of the fact that they were spreading destructive information in terms of preserving the spirit of unity of the population in war.
We all know that hard decisions of the government always provide fertile grounds for someone who tries to shape the tensions of the population according to their selfish interest. During the war, we had enough examples in Georgia when political and societal leaders openly protested against these hard decisions, and in doing so, they unconsciously served the enemy’s interest. Unfortunately, in certain cases formal logic was on their side, because Georgian legislation was not sufficiently refined to effectively combat these challenges.
It is interesting, that the cyber-war caused very harmful results for a country that by the August of 2008 was relatively underdeveloped in terms of informational technologies. Only 7% of the population had access to the internet for the moment. Georgia was connected to global networks through 10 channels half of which passed through Russian territory. Other parts of the connections, which mainly were implemented by Turkish and Azeri providers, were afterwards routed through Russia, and this created convenient conditions to wage cyber-attacks and isolation of Georgian segment from global net.
Cyber-attacks were well coordinated – the list of targeted Georgian web-sites was ready available on Russian blogs, forums and web-sites along with viruses and special programs to carry out these attacks.
Attackers also gained control on the routers of the third country internet providers, so they could control part of Georgian internet traffic and isolate certain segments of the internet.
During last years, informational technologies are rapidly growing in Georgia. In comparison to 2008, in 2010 already 28% of population (4 times more) was using internet. The volume of electronic services provided by state and private sector has dramatically increased. Hence, it is obvious that we need to have well equipped professionals capable to act flexibly and dynamically in crises situations.
As a conclusion, we could say that cyber war, despite its special character, still significantly depends on traditional components of security. Its physical side is so important and I would call it cyber geopolitics. This implies the placement of the cables connecting to global networks, the level of diversification of those and the points of their interconnection. Is it possible to protect the segments of global network? Is it not necessary to apply special norms and mechanisms, including in international legislation? It is worth mentioning that in this part we deal mainly with private companies which are not obliged to consider interests of any state or group of states. Thus, this issue is very difficult and needs a broad consensus.
It is very clear also, that traditional ingredients of information policy and security are still relevant. This implies the concepts of society’s general development and social consolidation and consensus, level of trust to the government, unity of values and etc.
These concepts are important not only to decrease damage during cyber-war, but also for countermeasures and effective defence. Significant parts of the society should have enough knowledge in relevant technologies, to at least protect their own selves and to not fall victim to intruders. Importance of having proper skills in business sector and in governmental agencies is obviously hard to overestimate.
After the war Georgia received following lessons:
- - More coordination;
- - Smarter/refined legislation;
- - Better education;
- - Diversification of physical infrastructure.
It is not easy to implement all the above mentioned because it needs huge resources, time and energy. But in case of their proper combination it is indeed not impossible. As an example, cyber security strategy has been developed in Georgia after the war, and National Security Council became main policy coordinating body of the country. Strategy considers challenges to legal normative base and institutional coordination issues. Moreover, mechanisms of increasing social consciousness and establishing educational base are identified.
From practical activities, it is worth mentioning that quite recently, Computer Emergency Response Team (CERT) was created in Georgia and it already became the member of Trusted Introducer – which is the union of similar European centers.
We also have specific decisions in educational system. For example, in the National Defence Academy of Georgia the special program on informational technologies was launched on BA level and on MA level we are working on special program on cyber security.
We understand and from our lessons, that partners’ cooperation in this sphere is crucially important. For this reason, we work on mentioned changes not alone but together with our friends. On the other hand, we have regional approach in our schools and trying to enhance the educational level in the entire region, not only in Georgia.
I hope that, by means of sharing experience and knowledge with each other we will all be able to respond these challenges and reach a better goal over time.
Comments