Is Georgia ready for Russia’s hacker attack?
Georgia was one of the first countries subjected to Russia’s massive cyber attack during the August war 2008.
9 years have passed since that time. Now the USA has become the cyber attack victim. Washington has officially confirmed that Russia was behind the cyber attacks against the U.S. Democratic Party office and Hillary Clinton’s campaign HQ. “Russia has interfered in our internal affairs,” this phrase by the U.S. President came as a shock to the whole world.
France and Germany, where the elections will be held in the near future, have openly stated that they are expecting cyber attacks on part of Russia. The New York Times, an influential U.S. periodical, has termed Russia as a ‘cyber superpower’.
We’ve asked Lado Svanadze, a cyber security expert, to evaluate our cyber security readiness for the present-day challenges and tell about the situation in the world cyberspace, in general.
It can be said that in 2008, we became the victims of Russia’s first ‘hybrid war’. The ‘hybrid war’ is an integral part of the information war, carried out through cyber attacks. Alongside the land, air and naval operations, Russia carried out information war and massive cyber attacks against Georgia during the August war.
9 years have passed since that time. Some important initiatives were implemented in Georgia with the international partners’ assistance in terms of cyber security-the Data Exchange Agency was established in 2010. Computer Emergency Response Team CERT.GOV.GE was set up at the agency in 2011. The latter is responsible for handling computer incidents within the Georgian Governmental Network and critical infrastructure. The government started working on the cyber security strategy that was first released in 2013. A list of critical infrastructure facilities was also drawn up; the Law on Information Security was passed; the Cyber Security Bureau was established at the Ministry of Defense of Georgia and the Office of the Personal Data Protection Inspector was set up.
4 agencies are currently operating in this direction: Georgian MoI Special Cyber Crime Unit that deals with cyberspace crimes; Cyber Security Bureau that is responsible for the Defense Ministry’s critical infrastructure entities; Data Exchange Agency that focuses on the Governmental Network and Personal Data Protection Inspector, who assumes a supervisory function.
-Are these measures enough?
Countries’ cyber security usually encompasses 2 key areas-strategic and technical. The strategic one includes legislation, policy development, communication with international partners and colleagues, constant data exchange. The technical area implies the equipment that meets international standards, technical means, including protective devices and software. We are facing problems in both areas.
For example, licensed programs are one of the major cyber security components that are less exposed to risks. Whereas in Georgia, it’s unlicensed software that has a relatively big share.
I would also like to emphasize public education and awareness, interaction and communication between the state and the private sector. Responsibility for country’s protection against threats, including those in the virtual space, rests upon the government. It’s the government that should make it incumbent upon the service providers and Internet providers to have technical equipment and software that will meet the international standards and it should also assume certain commitments before them. This relationship is, as a rule, regulated by relevant legislation, though our country has no such regulation yet.
-The cyber security strategy for 2017-2018 has been adopted in Georgia just recently. Does it meet the present-day challenges?
Yes, it does, but only partially. For example, the strategy doesn’t provide for a legal framework that will regulate the aforesaid commitments and relationship between the government and the providers.
However, we won’t achieve much merely with this legislation and strategy written down on paper. It’s necessary to introduce international technical standards that will be compatible with the present-day western methods. We don’t have them now. Everything is related to the financial resources. Cyber security requires huge funds. But this field should be a priority one in terms of financing too.
Lack of skilled personnel and experts is another important factor. The low level of education and public awareness is one of the major problems in Georgia. There are no academic cyber security programs at the bachelor or master’s degree level. We are seriously lagging behind and there is still much to be done with this regard.
The adoption of strategy proves that the government realizes the existing threats, but the cyber security is still not among the top priorities. Cyber threats should be securitized.
-Is there a real cyber attack threat to Georgia?
We are permanently within the scope of interest of such country as Russia. If it sets a specific objective it will resort to any possible measures, including the virtual ones, and we should be ready for that. Strengthening protection capacities is of crucial importance for us. For this purpose we need relevant investments, special programs and modern systems.
Experts’ forecasts are far from being encouraging. They project increase in cyber attacks in less developed countries in 2017. These processes will certainly concern us too. For example, in 2015, up to 23,000 cyber attacks were carried out against the French companies parallel to the Charlie Hebdo attack. It seems we didn’t have anything to do with those developments, but it happened so that the Islamic group hacked the website of the French Carrefour company’s Georgian branch.
Such tendencies will further increase: the closer we get to the western world, the more western representative offices, missions, business companies will appear in Georgia and they will need secure cyberspace for their activity. It’s our country’s duty to ensure security of the cyberspace for them.
There is a need for setting up a national team that will respond to computer incidents. It shouldn’t just focus on the entities on critical infrastructure list, but rather carry out a broader-oriented activity, focusing on citizens, medium and small entities.
-When did the world start thinking of cyber security and what was that crucial even that made the world face new reality?
Cyber security is a relatively new trend. It appeared some 25 years ago. However, throughout this short period it has managed to occupy an important and even a priority place in the international security.
Some minor elements of cyber security occurred back in 1991, when the USA was carrying out the Desert Storm operation in Iraq. Those, the first cyber security records in the U.S. security concept appeared later, after September 11, 2001 terrorist attacks. Whereas in 2004, this country already developed the cyber security strategy.
As far as Europe is concerned, cyber security has become particularly topical after the Russian cyber attacks against Estonia in 2007. The next important event in this regard was the Russian-Georgian war in August 2008. In 2008, parallel to Georgia, Lithuania and the RFE/RL (Radio Free Europe/Radio Liberty) HQ in Prague were also subjected to serious cyber attacks on part of Russia.
It could be said that all the aforesaid marked the beginning of the cyber attacks era and the EU countries responded to it by elaborating cyber security strategies and developing the field at the national level.
-How did Russia develop into a cyber superpower?
Russia has tremendous resources. This country has raised cyber attacks to the national policy level. Individual hackers, as well as hacking groups, have been used, financed and patronized by the Russian government. Russia has its famous APT28 group, which is unofficially managed by the RF intelligence agencies. This very group carried out hacker attacks on various governmental agencies in Georgia in 2008-2014.
Russia’s most successful tactic is to disguise its hackers well and the intelligence agencies are involved in that. Russia has a very efficient hacker-intelligence cooperation and support mechanism.
Apart from the aforementioned Estonia and Georgia, Ukraine has also become a victim of the Russian cyber attacks. Massive cyber attacks were unleashed against Ukraine parallel to the hostilities. Poland has been also subjected to Russian cyber attacks. It is noteworthy that unlike other countries, Russia has a rather harsh tactic. It doesn’t hesitate to interfere into other countries’ domestic policy issues and the U.S. elections testify to that.
There was a regrouping of forces in the cyberspace in 2015. Russia started cooperating with North Korea, Iran and China. It was then that Russia concluded a treaty with China and cyber security was the key element of it. Many experts assume that under this treaty China provides Russia with the industrial data obtained through the cyber and corporate espionage.
-And who are other key stakeholders in the cyberspace?
USA, Russia, China, Iran, North Korea and Israel are the cyberspace key stakeholders nowadays. USA possess rather sophisticated technologies and strategies; it has a cyber command and after the recent developments Barack Obama stressed the need for its separation from the national security agency and direct subordination to the President. There have been also discussions that the cyber command should have not only the defensive function, but also the office one. Let’s see what the new President will do.
As for other stakeholders, Iran is rather strong in this regard. It possess good human resources, 80% of them were educated in the USA and Western Europe. USA and Western Europe are within the scope of their interest. In addition, they patronize President Assad’s subordinate Syrian cyber army.
China is also a powerful stakeholder. It is mainly focused on cyber espionage, new technologies, business and commercial data theft, though it carries out cyber attacks as well, mainly targeting the USA’s financial institutions.
As for Israel, it is more local-oriented and is less active in the global space.
North Korea’s cyber security is particularly interesting, at least because no one actually knows what is going on there. Some believe, there is a single computer in this country, which is owned by Kim Chen In and he has no idea how to use it. But that’s not true. North Korea has a cyber army, though its size and scope is unknown. It comprises well-trained members, who are scattered in different part of the world, carrying out their cyber attacks this way.
-USA claims, Russia interfered into its internal affairs, meddling in presidential elections. What does this statement mean? Has everything been put upside down in the cyberspace?
How it all happened to the USA? This question could be often heard nowadays. Some people have even got a feeling of nihilism: if Russia managed to hack the USA’s ruling party then what will it do to rest of the world?
It’s a cyberspace, it’s the world of technologies and no one is guaranteed against cyber attacks here, including the USA. It was a well-planned special operation, involving not only the hackers, but also the intelligence agencies and the diplomatic mission officials.
However, there are certain norms in the cyberspace too. Interference in the internal election process is just the matter of ethics. Technically, the USA can also interfere into other countries’ elections, but it doesn’t do it, at least there have been no reports on such cases. Whereas Russia, which ignores all international legal norms, in general, respects no rules in the cyberspace too.
On a side note, the recent arrests of the RF Federal Security Service’s Information Security Center officials and ‘Kaspersky lab’ employees, are also linked to the aforesaid developments.
Experts assume that Russia will further intensive such attempts and the German intelligence service statement testifies to that. Germany has openly stated that it views Russian cyber interference as the main threat in the upcoming elections. Security of the cyberspace is a very serious factor, since the warfare never stops there and we all are in an invisible war now.
Lado Svanadze, the board chairman, founder and director of ‘Internet Development Initiative’ NGO; ex-advisor to the LEPL Cyber Security Bureau of the Ministry of Defense of Georgia.
Lado Svanadze has been studying the cyber security policy, strategy and best practices since 2011. He is an author of numerous articles and scientific papers. At the same time, he is a PhD candidate at Georgian Institute of Public Affairs (GIPA), majoring in Development Policies and Strategies of Cyber Security. He was involved in elaboration of Georgia’s cyber security strategy. He is an author of the first Georgian-language academic publication on cyber security.
‘Internet Development Initiative’ is a non-profit organization engaged in various fields of activity, including facilitation of improvement of the cyber security standards and skills; study and analysis of cyberspace threats and elaboration of recommendations for the private sector.