The document discusses the impact of the Edward Snowden revelations on cyber security in South Asia. It notes that the revelations have accelerated a global cyber arms race and the proliferation of national internet surveillance programs. Countries are also working to decrease reliance on US internet technology and ensure data remains within their national borders. The document predicts more state-sponsored hacker groups will emerge in South Asia, and that the revelations will accelerate trends like targeting critical infrastructure through Stuxnet-like attacks. Overall, the Snowden leaks have increased cyber insecurity globally and stimulated efforts for technological independence and internet sovereignty.
ciso-platform-annual-summit-2013-South asia cyber security landscape post snowden hluchan
1. The South Asian Cyber Security Landscape PostSnowden
Introduction – Yours truly…
• Independent Cyber Security Analyst
• Specialization: the cyber security landscapes of the wider Middle
East, Central Asia, and Indian Subcontinent
• Former staff member at iDefense, Inc., now independent
• Longtime professional linguist of Arabic, Turkish, Farsi, Dari, Tajik,
Hindi, Urdu, and German
• Interest in hacking and computers since childhood…
• Research: chronicle evolution of cyber security landscape in
Middle East, Subcontinent, and Central Asia, as objectively
and neutrally as possible
• Better understanding through comparative analysis –
especially geopolitical and socio-economic contexts driving
these cyber security landscapes!
2. The South Asian Cyber Security Landscape PostSnowden
The Edward Snowden revelations of massive scale espionage
activities conducted by the US’ NSA and other intelligence agencies
continues to have profound effects on the collective cyber security
landscape of the entire world.
This includes of course the South Asian cyber security
landscape…
3. The South Asian Cyber Security Landscape PostSnowden
The Snowden revelations seem to be working
like a giant catalyst stimulating wider global
cyber security arms race…
“National internets” in which countries can better
enforce their respective laws, controls, and
sovereignty in general…
Discussion of fully domestic internet infrastructure
that ensure transmitted data does not leave
respective national borders!
Examples:
“Internetz”
The Iranian “halal internet”…
Etc. etc. …
4. The South Asian Cyber Security Landscape PostSnowden
A number of countries working on their own internet surveillance
programs, much like PRISM…
• India working on National Cyber Coordination Centre
• Said to target metadata more than actual content, with only
metadata of concern or interest flagged for later content
analysis
• Controversial in India itself; calls for oversight, better privacy
laws, etc. likely to intensify
Pakistan itself taking similar action -- talk of beefing up PKCERT, put
in place cyber security strategy for Pakistan, setting up an interservices cyber command, etc. etc. – the trend continues…
Talk of possible treaties between India and Pakistan preventing
targeting of nuclear installations, etc. - likely wishful thinking…
5. The South Asian Cyber Security Landscape PostSnowden
More “state actor” hacker groups likely to proliferate in South Asia,
along the lines of what we already see in the Middle East…
Syrian Electronic Army, led by Ali Farha (above) – targeting Viber, Twitter,
Tango, Washington Post, Al-Jazeera, any news outlets it perceives as
against Bashar Al-Asad…
6. The South Asian Cyber Security Landscape PostSnowden
Syria’s closest regional political ally is Iran, with wide-ranging military
security cooperation ongoing between both countries…
Gen. Ghassem Soleimani’s Quds Brigade (left) currently training Al-Asad
military; in 2012, Deutsche Welle publishes claim of Iran Information
Ministry cyber security assistance to Syria.
7. The Cyber Security Landscapes of the Middle East and
the Indian Subcontinent: A Brief Comparative Analysis
Base ingredients for this to happen are already present…
8. The South Asian Cyber Security Landscape PostSnowden
Brazil, Russia, India, China, and South Africa (BRICS countries)
recently had a meeting in which they expressed their desire to
decrease reliance across the board on US sourced internet
technology…
• Drive for greater technological independence in India long-time part
of Indian political discourse!
• Huawei!
• Snowden revelations likely to accelerate these efforts, though
results of these efforts likely not forthcoming overnight…
Snowden revelations have indicated that US is targeting China's
Tsinghua university, one of China's leading research and
development universities…
• Snowden revelations confirm not altogether unknown fact:
essentially, everybody spying against everybody!
9. The South Asian Cyber Security Landscape PostSnowden
Especially post-StuxNet, SCADA attacks have been high on the agenda as goals among
Middle Easter hacker Groups! Snowden revelations will definitely accelerate this
trend…
… but translations of the Hebrew
captions revealed nonsense words,
strongly suggesting a forgery.
The SEA itself soon denied having
done the attack in a Twitter release…
Headlines ensued in June 2013 that the Syrian
Electronic Army had succeeded in breaching a
SCADA system at a water and electricity utility
station in Haifa, Israel…
10. The South Asian Cyber Security Landscape PostSnowden
Conclusions…
• Snowden revelations to accelerate global cyber arms race
dramatically!
• New national cyber espionage programs of various kinds will
proliferate all over the world, surprises likely forthcoming…
• Commercial companies specializing in cyber espionage likely to
proliferate
• Some headquartered in countries with lax or nonexistent cyber
laws, to safeguard offensive cyber espionage from legal
pursuit…
• “National” or “indigenous” internets will get fairly significant impetus,
especially for ensuring route of data not to cross systems in US or
other outside country
• Of ancillary importance here: TLDs able to be made using nonEnglish characters
• To some limited degree, Balkanization of internet? Debatable,
uncertain…
• Essentially, cyber IN-security is the new normal.