International Defense Security & Technology Your trusted Source for News, Research and Analysis
Related Articles
Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures. It’s widely acknowledged that offensive cyberattacks will be a necessary component of any future military campaign, and the extreme cyberweapons are being developed now. U.S., Russia, China, North Korea and other countries have developed advanced cyberwarfare capabilities.
As Russia rains artillery fire down on Ukrainian cities, cyber attackers from around the world have been targeting Russian media, cryptocurrency services, and retail brands with denial of service attacks. DDOS attacks against Russian media, internet service providers, cryptocurrency sites, and retail sites—in that order—have been on the rise in the first quarter of this year, according to a new report published by Cloudflare. The company, which specializes in helping sites prevent or recover from DDOS attacks, estimates that Russia became the fourth biggest DDOS target in the period from January until the end of March (2022) , up from the sixth largest target in the final quarter of last year.
“The majority of HTTP DDOS attacks that targeted Russian companies originated from Germany, the U.S., Singapore, Finland, India, the Netherlands, and Ukraine. It’s important to note that being able to identify where cyber attack traffic originates is not the same as being able to attribute where the attacker is located,” Cloudflare notes in the report.
The United States has been accusing Chinese government and military of cyber attacks against U.S. government computer systems. Beijing denies those claims and also says it is a victim of hacking. Many countries starting with US and which now includes U.K., China, Russia, Israel and others are setting up Unified cyber commands for more effective and coordinated efforts for conducting cyberspace operations , both offensive and defensive. The offensive operations are seen as deterrent to adversaries. US, Russia and China are also implementing various defence measures to protect their Classified networks from Cyber Warfare.
The PLA Daily has made it clear that China’s “cyber territory” must be defended as vigorously as physical territory. “If China doesn’t occupy and defend its “cyber territory,” then nameless “hostile forces” will use it as a “bridgehead” to attack China. “ The control of cyberspace means for the 21st century what control of the maritime domain meant for the 19th and air and space superiority meant for the 20th century.” China has built its own internet, the “Great Firewall” that blocks many social media services, such as Twitter, Facebook, YouTube, Instagram, Snapchat and Google, along with many rights groups sites and some foreign media agencies.
US has developed SIPRNet, or Secret Internet Protocol Router Network, global military Internet system used for transmitting classified information, intelligence, targets, and messages at the secret level. In other words, SIPRNet is completely parallel Internet, uses the same communications procedures and has been kept separate from the ordinary civilian Internet.
Russia has begun testing a national internet system that would function as an alternative to the broader web, according to local news reports. Russia is another among of only a handful of countries to have developed its own internet, including its own search engines, e-mail systems, and social networks. Russian military forces have completed the creation of own electronic communication system that is completely independent from the internet and protected from unlicensed connections, allowing for fast and safe transfer of classified information. ‘Our goal was to provide an uninterrupted internet service on Russian territory under any circumstances,’ Deputy Communications Minister Aleksei Sokolov said.
Speaking e to the state-owned news outlet Tass, Putin explained that this was purely a defensive play. Runet, he said, “is aimed only at preventing adverse consequences of global disconnection from the global network, which is largely controlled from abroad. This is the point, this is what sovereignty is — to have our resources that can be turned on so that we would not be cut from the Internet.”
“As far as I understand, Edward Snowden has been working for one of the NSA’s subcontractors and had access to this network which allowed him to gain access to the data that he made public. I hope our people have not made similar mistakes when they planned the network and that they have taken additional security measures.”
Russia Secure Internet and Cyber Security
Russia adopted legislation, known as the “sovereign internet” law, in late 2019 that seeks to shield the country from being cut off from foreign infrastructure, in answer to what Russia called the “aggressive nature” of the United States’ national cyber security strategy. Russian lawmakers backed tighter Internet controls in 2019 to defend against foreign meddling in draft legislation that critics warn could disrupt Russia’s Internet and be used to stifle dissent.
Russia has introduced tougher Internet laws in the last five years, requiring search engines to delete some search results, messaging services to share encryption keys with security services and social networks to store Russian users’ personal data on servers within the country. Russian authorities successfully demanded the removal of a voting app created by prominent dissident Alexei Navalny from the app stores of both Apple and Google, alleging that it contained “illegal content.” The country also furthered its censorship efforts to block the use of encryption technology through the Tor browser and several other virtual private network services in 2021, a year that Human Rights Watch called the “year of doubling down on.
Russia managed to disconnect itself from the global internet during tests in June and July 2021, the RBC daily reported on Thursday, citing documents from the working group tasked with improving Russia’s internet security. The action is to see if an isolated Russian internet can function ‘offline’ in the event of a cyberattack that forcibly disconnects it from foreign servers.
Tests involving all Russia’s major telecoms firms were held from June 15 to July 15 and were successful, according to preliminary results, RBC cited a source in the working group as saying. “The purpose of the tests is to determine the ability of the ‘Runet’ to work in case of external distortions, blocks and other threats,” the source said. The word “holistic” shows that the exercises follow April’s passage of the sovereign internet law that will require all internet traffic in Russia to pass through official chokepoints, allowing the government to shut down outside access, block websites that they don’t like, and monitor traffic.
“We are talking about the protection of critical infrastructure, which should be located in the territory of Russia,” German Klimenko, the former internet adviser to Russian president Vladimir Putin, said in 2016. “There is a high probability of ‘tectonic shifts’ in our relations with the West. Therefore, our task is to adjust the Russian segment of the internet to protect [it] from such scenarios.”
That kind of thinking is now in the process of becoming law, with a draft bill first introduced in December receiving tentative approval from Russian lawmakers last week. Under the draft legislation, Russian internet providers must execute technical measures in their networks to counter potential threats from foreign aggressors – in effect, insulating the Russian internet (sometimes called Runet) from the rest of the web, and ensuring all traffic is carried on the country’s internal systems.
The bill seeks to route Russian web traffic and data through points controlled by state authorities and proposes building a national Domain Name System to allow the Internet to continue functioning even if the country is cut off from foreign infrastructure. The bill also proposes installing network equipment that would be able to identify the source of web traffic and also block banned content.
Russian telecom watchdog Roskomnadzor has said that it will punish Twitter and Facebook if they decline to move the database of Russian users to Russia.”The companies will either have to localise the databases within a certain period of time, which I suppose will be about nine months, or they will be punished,” Roskomnadzor head Alexander Zharov was quoted as saying by Xinhua news agency on Tuesday.
Russian military build impenetrable CLOSED internet for Military
The official name of the network is the ‘Closed Data Transfer Segment’ and Representative of the Russian Defence Ministry explained that infrastructure of the military internet has been set on the bases of the Rostelekom infrastructure they rent, as well as on their own which is not connected to the internet.
Russian presidential adviser for internet issues, German Klimenko, said in comments that he considered it correct that the Closed Data Transfer Segment has absolutely no connection to the internet. “Anything that is connected can be broken into and therefore is not safe,” he said. “Americans have had quite a lot of holes in their network. They were changing network protocols on-the-go and besides, they had a lot of separate networks for every branch of forces and lastly – their system has too many connection points with the internet, which raises the danger of unsecure access,” he said.
The structure of the Russian ‘military internet’ is similar to the one of the conventional World Wide Web, but it is accessible only on computers that use the dedicated operating system developed by the Russian Military Forces. The hardware also has to be certified by the General Staff’s directorate for protection of state secrets to ensure that it is impossible to even plug in an uncertified device, including printers, scanners and flash drives.
Every military unit has servers which encrypt information, divide it into several packages and forward it. Access to these buildings is strictly limited. The main resource of the network, as well as various third-level domains can be visited through computers which operate on the Armed Forces Mobile System, and are certified by the security service of the state secret, also known as the Eighth Agency of the General Staff. The military internet also has its own mail service that allows for strictly internal exchange of messages
The source also said that the Closed Data Transfer Segment was completed already in late summer and is now in fully functioning state, but works are under way to expand it with additional terminals in every military unit.
Russian Scientists Develop New System to Monitor Attacks on the Russian Internet, reported in April 2022
A group of Russian scientists say that they’ve developed a new tool to block such attacks—but even that is an indication that severe economic sanctions are changing life in Russia.
Engineers from Samara University developed a tool they called NetTestBox to monitor internet traffic into and out of Russia. “The information obtained by the system allows you to track unauthorized data leaks, see what part of the traffic goes through foreign channels, and, therefore, is vulnerable to external shutdown,” according to a Monday article from Russia’s Izvestia news outlet. (Like most Russian media, the site is state-controlled.)
The testbox will “allow us to detect our country’s disconnections from international data exchange points and help assess the impact of unfriendly actions on [the Russian internet]. The system can be used to form a secure and independent digital space from other countries,” the article said.
China’s Internet Security Measures
One out of every five Internet users in China has been victimized by hackers. Hacker attacks against industrial facilities, such as chemical plants and power stations, aren’t the subject of much public attention in China, but they nevertheless pose a major threat. The results of a survey of more than one hundred industrial companies conducted by Siemens in 2014 demonstrate the extent of the threat cybercrime poses to manufacturing companies in China. More than 80 percent of the companies reported having experienced a computer virus infection or some other type of attack. Some companies even reported that they had had to temporarily suspend production and had lost money as a result.
A 2015 report from the Australian Security Policy Institute, found that China and North Korea are ill equipped to defend themselves against cyberthreats despite what the Pentagon deems their strong offensive capabilities in cybercrime. An assessment of cyber competence among 20 Asia-Pacific countries ranging from the U.S. to Fiji found China has improved its oversight and abilities in the digital realm but it has “failed to translate this into tangible policy or program.”
Cybercrime is a growing threat to China’s economy, and the government in Beijing has now taken notice. President Xi Jinping has made IT security a top priority. The first measure that’s been taken involves placing strict regulations on the use of foreign IT products in sectors critical to China’s security, such as banking. The goal here is to close off potential points of entry for hackers and foreign intelligence services and strengthen the domestic cyber industry.
China recently said that it will create a national data repository for information on cyber attacks and require telecom firms, internet companies and domain name providers to report threats to it. The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.
An MIIT policy note also said that the ministry, which is creating the platform, will be liable for disposing of threats under the new rules, which will take effect on Jan. 1. Companies and network providers that fail to follow the rules will be subject to “warnings, fines and other administrative penalties”, it said, without giving any details.
“The building of national defense cyberspace capabilities is an important part of China’s military modernization,” the Foreign Ministry and the Cyberspace Administration of China, the country’s internet regulator, said in a strategy for global online cooperation on the ministry’s website. China will help in the military’s important role in “safeguarding national cyberspace sovereignty, security and development interests” and “hasten the building of cyberspace capabilities”, the strategy said, but also called on countries to “guard against cyberspace becoming a new battlefield.”
China has built Great Firewall to keep unwanted foreign influences out of China. It has been developing a system of internet controls that stopped citizens from connecting to banned foreign websites—from Google, Facebook, and Yahoo to The New York Times—and blocked politically sensitive domestic content, preventing mass organizing online.
The result is a balkanized Internet within China, known as the Chinternet or Great Chinese LAN. The OpenNet Initiative performed an empricial study that concluded that China has “the most sophisticated content-filtering Internet regime in the world”. Some technical methods used are IP blocking, which denies the IP addresses of specific domains, packet filtering, which scans packets of data for controversial keywords, credit records, and speech and facial recognition.
An important characteristic of the Chinese internet is that online access routes are owned by the PRC government, and private enterprises and individuals can only rent bandwidth from the state. The first four major national networks, namely CSTNET, ChinaNet, CERNET and CHINAGBN, are the “backbone” of the mainland Chinese Internet. Later dominant telecom providers also started to provide Internet services. In 2015 January, China added seven new access points to the world’s Internet backbone, adding to the three points that connect through Beijing, Shanghai, and Guangzhou.
And China does not want these capabilities to remain only in China. A 2021 report from the International Cyber Policy Centre (ICPC) suggested that Beijing wants other countries to govern the internet the same way it does. It already exports digital infrastructure to more than 60 countries through its Belt and Road Initiative, and Chinese companies export surveillance products to developing countries in Africa, South America, and central Asia.
China has installed a secure operating system known as “Kylin” on government and military computers designed to be impenetrable to US military and intelligence agencies. Kevin Coleman, a private security specialist said its deployment is significant because it has “hardened” key Chinese servers. “This action also made our offensive cyber capabilities ineffective against them, given the cyber weapons were designed to be used against Linux, UNIX and Windows,” he said, citing three popular computer operating systems.
At the beginning of 2014, an alliance of fifteen private Chinese IT manufacturers was founded in the Beijing district of Zhongguancun ( 中 关 村), the Chinese equivalent of Silicon Valley. They stepped up endeavours to develop a Chinese operating system based on Linux that would run on government computers and the computers of security relevant businesses such as banks. By taking this step, Beijing hopes to gain protection from espionage from the USA and demonstrate the innovative power of the Chinese IT economy.
In Feb 2022, Huawei, one of tech war’s main supporting actors, recently completed the rollout in China of its new operating system, HarmonyOS 2.0, which aims to reduce China’s dependence on US technology. While HarmonyOS is a success story in terms of Chinese innovation and scientific and technological progress, it also gives the party-state significantly more power in cyberspace.
Unlike its US rivals, iOS and Android, HarmonyOS requires third-party developers to go through an extensive identification process involving identity cards, passports and bank credentials. These developers, the growth drivers of such platforms, will be rendered, at least to some extent, subject to Chinese law regardless of where they live. That will enable Chinese authorities to bring previously unassailable individuals within the range of Chinese law by threatening them with sanctions, fines or bans. It will also give China increased leverage over newly developing cyber territories.
At the Beijing Winter Olympics, athletes and journalists had to make use of officially provided wi-fi at designated hotels and venues in order to access the “unobstructed” internet, including services like Twitter, YouTube or Facebook, all banned in China. The mobile app provided by Beijing authorities to all participants – My2022 – was found by independent researchers to be a Trojan horse that could secretly harvest users’ data, which, under Chinese laws, can be passed on to the state.
The Chinese have also developed a secure microprocessor that, unlike US-made chips, is known to be hardened against external access by a hacker or automated malicious software, Coleman said. “If you add a hardened microchip and a hardened operating system, that makes a really good solid platform for defending infrastructure,” he said.
According to Xinhua, the state news agency, ninety per cent of its microchips and sixtyfive per cent of its firewall products originated in other countries in 2012, primarily the US. The government views foreign technology as a potential threat to national security. Covertly installed back doors enable surveillance of computers and networks, for example. Therefore, stringent constraints on the use of foreign IT products are already in place in areas critical to security.
US Secret Internet Protocol Router Network (SIPRNet)
The Secret Internet Protocol Router Network (SIPRNet) is “a system of interconnected computer networks used by the U.S. Department of Defense and the U.S. Department of State to transmit classified information (up to and including information classified SECRET) by packet switching over the TCP/IP protocols in a “completely secure” environment.
It also provides services such as hypertext document access and electronic mail. As such, SIPRNet is the DoD’s classified version of the civilian Internet. SIPRNet is the SECRET component of the Defense Information Systems Network. Other components handle communications with other security needs, such as NIPRNet which is used for nonsecure communications, and JWICS which is used for Top Secret communications.
Among its many features, computers cleared for SIPRNet access connect to the network via secure dial-up or LAN connections, access web pages written in standard HTML using a standard web browser, can upload and download files via FTP connections, and can send or receive email messages through SMTP services using email programs such as Microsoft Outlook. All data transmitted on SIPRNet between secure facilities must be encrypted by approved NSA encryption systems. While the public Internet can be used to transmit encrypted SIPRNet packets (“SIPR over NIPR”), no access is permitted between the two networks.
Approximately 3 Million people with secret clearances have access to SIPRNet, which includes Pentagon and military officials, Intelligence agencies, FBI, as well as diplomats in US embassies all around the World
Users are issued a username and a “strong” password (of 10 characters or more, at least two capitals, two numbers and two special symbols), which must be changed at least every 150 days. In theory at least, the user has to stay at the computer at all times while logged on, logging off even to go to the toilet or get a cup of coffee.
Again in theory, any memory stick or CD connected to a computer with Siprnet access must automatically be labelled secret and stored securely. If a personal device such as an iPod is connected it can be confiscated. In practice these multiple layers of security were relaxed to make the system as easy to use as possible.
Perspecta to modernise Secret Internet Protocol Router Network
Perspecta has secured a contract from the US Air Force (USAF) to modernise the Secret Internet Protocol Router Network (SIPRNet) to improve management operations. The SIPRNet Enterprise Modernization programme is intended to streamline the network’s infrastructure to improve management operations and achieve security compliance. Under the contract, Perspecta will develop, install and integrate a new single infrastructure and active directory domain for the USAF.
The standardisation of the management architecture will allow all airforce bases to meet security requirements and maintain updates to ensure preparedness for persistent network attacks and cyber threats. In February 2018, the Defense Information Systems Agency (DISA) completed the SIPRNet Access Migration Project. The project transformed SIPRNet into a virtual network. Other improvements included greater bandwidth capacity and reduced network size.
These classified networks are definitely not connected to the Internet, but this does not mean that malware or well-resourced hackers can never found their ways into these critical networks. The network at Creech Air Force Base was crashed in early September that impacted “critical services,” and has not been completely rebuilt, according to US government contracting records.The officials would not say whether the failure was due to internal technical faults, a cyber attack, or a state-sponsored hacker.
In the year 2008, The Pentagon acknowledged a significant cyber attack, Operation Buckshot Yankee, where a foreign intelligence agent used a USB drive to infect military computers used by the Central Command in overseeing combat zones in Iraq and Afghanistan with a specially
References and Resources also include:
