Cyber-threats and warfare is an issue not only in the United States but also in the rest of developed nations. According to Cavelty (2008), the threat posed by cyber-threats calls for a greater understanding of the context in which they occur (p.29). The author supposes that to get an insight into the cyber-threat and warfare, we need to understand the concept of what he refers to as ‘information revolution’. There are vast problems faced by the information industry in form of cyber-crimes and hacking, subjecting the information techniques to cyber-threats and warfare. This has created new modern warfare prompting several nations to formulate policies geared towards combating such attacks. In a bid to protect the international community which lacks an international law to curb cyber-threats and warfare, it is logical for the United States and other nations to adjust their native law to deal with this new challenge. It has become generally impossible for cyber-crime offenders to be charged with violation of business ethics regarding cyber-crimes due to a lack of legal guidance on matters pertaining to this issue. This paper focuses on the need to re-assess the state of the information system and come up with recommendations that would make this achievable. This will follow after brief information on what these threats are and their repercussions in the information industry.
Cyber-Threats and Warfare
According to Bruno (2008), the most published hack in the computer industry was the attack on Estonia; a “paperless government,” but this is just a reflection of what happens behind the scenes without being noticed. The author reports that Cyber Defense Agency’s president and information systems expert, among others, are concerned about this issue. The United States, Israel, Pakistan, and India have been responsible for attacks on adversaries with China being the most notorious. Through hacking, it is now possible to retrieve crucial government data and this causes ripples among the US, Britain, France, among other nations. The motive of China hacking has shifted from protecting networks from possible attacks to the new phenomenon of offensive mitigations against adversary webs. China on the other hand has shifted the blame from their government and blames the practice on individual rogue citizens. Today the larger international community accuses the Chinese of launching new tactics of effecting complex cyber attacks.
On the other hand, the US has also been a victim of offensive cyber-warfare. Bruno (2008) asserts that defense analyst; William Arkin, confesses the ability of the US administration of accessing their foes’ computer networks and explore their communication system so as to alter digital information. There was leaked information that Network Attack Support Staff formation in 2004 was a measure to realign the forces’ ability for the cyber attack. A senior military officer explained that the move was aimed at creating an interface between the intelligence department and the combatants’ commanders. The US military has launched systems that are able to penetrate and jam networks of others; for instance, the airborne Suter system that can invade other territories’ communication systems and even take over. This makes it possible for the radar system of a particular territory to be unable to detect an approaching aircraft.
The tactics employed by computer hackers are not complex but can bring down an entire system’s administration. Hacking that brought down the Estonian network down started with several messages directed to government servers. This tactic harnesses a large pull of interconnected information systems and bombards a potential target network with requests while on the other hand making it impossible to the location of the attacker. This made it possible for the hackers to take charge of several computers and directed the information to the administration’s servers without the knowledge of their users. Though this tactic was a simple one, it was almost untraceable. In addition, there is a tactic that involves a malicious program attached to a computer to store information without the knowledge of the owner. This software then sends the stored information to PCs at the Pentagon mainframes. The most feared cyber-crimes are those directed at crucial infrastructural systems; for instance, the control systems of banks, nuclear plants, among others. The ability of hackers to penetrate the electronic systems of industries makes it possible for them to shut down operations.
These threats posed by cyber-crime are real and bear great consequences to the infrastructure making; and, are a major concern for the US administration. Despite the threats and vulnerability of information systems, there has been laxity in curbing the threat until recently that it has been perceived by the intelligence communities and the security system as a real problem. The challenges of dealing with cyber-crimes start right from the definition of cyber-threat. This coupled with the adverse economic losses that could arise from electronic hacking and security uncertainty due to breaching of security regulation by hackers calls for effective measures of dealing with cyber-threats and warfare. Stolfo, Bellovin, and Hershkop (2008) concur with this statement by asserting that the impacts of hacking on the financial industry are great and real following a workshop organized by a joint event by the Dartmouth College and Information Security Departments; Columbia University (p.199).
Recommendations for Curbing Cyber-Threats and Wars
To curb cyber-threats and warfare, the US, EU, and NATO worked together to come up with an agreement that would create standards of cyber-defense. According to Cordesman (2002), the 41-nation Council of Europe drafted a pact that was endorsed by the US (p. 13). This document was drafted and released in 2000 seeking to address the issues arising from cyber-crimes. The United States took part in the drafting of the document for almost two years and after the convention was to be further scrutinized by Steering Committee on European Crime Problems then handed over to the Committee of Ministers. The document was later to be opened before the member states and the US as an observer nation for signature. The draft contained several recommendations for dealing with cyber-threats and warfare five of which are discussed below.
The first recommendation made in the document is that each party will adopt legislative measures and other measures that would make partial or whole intentional access to computer systems punishable under domestic law. The recommendation further stipulates that the domestic law considers it an offense to any infringement to security measures, or accessing a computer system that is connected to another information system. About the establishment of domestic law, the US has taken steps to institute a law that criminalizes cyber-crime offenses with perpetrators considered at par with terrorists. This is because according to Linden (2007), cyber terrorism entails the use of cyberspace to instigate terrorism attacks against computer systems and access to information data that can intimidate or coerce an administration’s duty of delivering its social, economic, or political obligations (p.97). These actions as noted by the author can result in loss of life, severe economic loss, contamination, and plane crash; hence, cyber-crimes are equivalent to terrorist attacks.
The House of Representatives and the Senate passed legislation that would target to subject offenders to life imprisonment for risking the lives of citizens via manipulation of computer systems. These measures were contained in the 2001 Cyber Security Enhancement Act (CSEA). Under the same legislation, all business entities are required to be sufficiently equipped with security architecture properly layered and tranched. Whenever a layer or tranche is violated, the entire source of valuable database and control capabilities are to be critically looked into for compromises, (Intelligence Unit, 2004). All reforms in legislation begin with policy setting to address the current state of affairs; for instance the setting up of the US Federal Trade Commission to curb new spamming besides building evidence, and adoption of new efforts through offering training, (Internet Society,2009). These legislative measures set by the United States, Europe, and other developing nations are the first step towards restoring sanity in cyberspace; therefore, I regard this recommendation the most crucial in curbing cyber-threats and warfare.
Secondly, the all Party to the agreement is to adopt legislative measures and other measures that would make it necessary to establish competent administrators with powers to curb cyber-threats and warfare. These authorities are to be given the power to carry criminal investigations and hearings in search of offenses and while on duty, the authorities should have the right to access computer systems. The information retrievable by the established authority include partial or whole access to computer systems and data contained therein, and to access a computer-data base medium provided the system is in its territory. According to Intelligence Unit (2004), the threats of cyber-crimes can be curbed through collective defenses but would outsmart offenders’ ability to initiate a cyber-crime. The defense mechanism has been concerned with securing trade channels and pathways to markets. The world trade today is driven by digitally transacted money/e-money in the tune of trillions of Dollars; the need for establishing counter-attack forces to curb is eminent to secure the safety of money transmitted digitally. The counter-attack forces must get government backing to deal with rogues and politically backed computer attacks emerging from espionage or otherwise across the globe.
In addition to the second recommendation above, counter-attack measures can be instigated through mobilization of resources; for instance, investment in interoperable channels of distribution of management knowledge. Through a proper analysis system, it will be easy to share data among different intelligence bodies in search of cyber-crime offenders. Investment in public intelligence worldwide is crucial in the sense that the breeding ground of cyber-crimes is cyber cafes that are under the permanent watch of the local citizens. This measure calls for the redistribution of expertise and proficiencies of counter cyber-crime and warfare technologies through the creation of national centers dealing with digital defense. The redistribution of expertise and proficient cannot be achieved with laxity in sharing cohesive ability to counter cyber-threats and warfare. For sustainability of reliability of future counter-attack forces, the focus has to be laid in SME systems at times of complex cyber-crime offenses or malware attacks. The effectiveness of the second recommendation will depend on developing a transnational strategy with a global appeal other than the drafted document by the Convention to protect the US, UE, and other developing nations. This is because cyber-crime is initiated in cyberspace available to all citizens in every corner of the world, (Gercke, 2010, p.89). Therefore the objective of the Convention’s resolutions should move towards enticing the global sphere.
The third recommendation that is vital to curbing cyber-crime is the establishment of inter-Parties legislations that would allow a Party within its jurisdiction to set domestic law that would allow another Party to access information, without prior request, that it considers vital in unraveling a cyber-crime offense in its territory. Upon such agreement, there is an exercise of cooperation between or among Parties under the chapter of this recommendation. According to CCRC (2005), the achievement and viability of inter-States cooperation was highlighted following UN’s 6th workshop dubbed “Measures to combat computer-related crime.” The workshop listed among others recommendations, that nations develop further international cooperation at all levels. The UN (United Nation) given its international character called for coordination of internal mechanisms proposed by the General Assembly, to aid intergovernmental duties aimed at the protection of cyberspace to shield it from the activities of cyber-crime offenders. In addition, the workshop recommended that all nations review their legislative laws to adapt accordingly to a given nature of cybercrime. The proposals by the UN was effected when India resolved to enact 10 years imprisonment of cyber-crime offenders and a further $14,300 penalty on breaking into computer networks, (Chakraborty, 2009).
Fourthly, the Convention recommended extradition between States for cyber offenses as established in Articles 2-11 of the document; as long as they are the crimes are punishable under the legislative laws of the two Parties. The provision provides that where extradition treaty or alternative legislation contradicts each other regarding the penalty for extradition, the minimum penalty applies as contained in the treaty or reciprocal alternative would instead be considered. According to Yar (2006), this was a just move given the repercussions of the 9/11 attack in the US. Following the attack, the US administration had to seek international cooperation in dealing with cyber-terrorists who castigated the attacks (p.11). It was based on international legislation between the US government and Afghanistan that made the launch of search of suspected terrorists believed to be in the territory. Harsh (2009) concurs with this view by asserting that Information Technology Act should apply to all persons irrespective of nationality as long as the rules are broken.
Lastly, the Convention recommended that mutual assistance be given by Parties about real-time traffic data collection evident in some specific communications within a territory and is transmitted with the aid of a computer system. For effective governance of this provision, the authenticity of domestic law will play an important role in defining conditions and procedures deemed necessary. As a reactionary measure, States have taken steps to involve the corporate world in providing cyber–crime counter-attack measures by providing tools and services that would provide surveillance and censorship. Among the corporate bodies that have so far aided in this measure include China and US firms; for instance Cisco, Microsoft, Yahoo, Google, among others, (Deibert, 2008, p. 101).
From the discussion above, it is evident that cyber-threats and warfare are serious global challenges that the modern world faces. Recommendations have been made but the effects of such legislations are yet to be experienced. National administrations should pull together ideas in a way to tackle the challenges of cyber-crimes in a collaborative way. It however noted that the efforts of the Convention are just but the beginning of a long way to go. They will ensure that cyber-crimes are checked. This war will be won when all stakeholders come together and with persistent and rigorous measures, the adverse effects of cyber-crimes may finally be put to rest.
Bruno, G., (2008). The Evolution of Cyber Warfare. Web.
Cavelty, M. (2008). Cyber-security and threats politics: US efforts to secure the information age. New Jersey: Routledge
CCRC Staff, (2005). Computer Crime Research Center: UN recommendations on fighting cybercrime. Web.
Chakraborty, A. (2009). Dhaka plans 10 years’ jail for cyber crime, Simple Thoughts, Web.
Cordesman, H & Cordesman, J. (2002). Cyber- Threats, information warfare, and critical infrastructure protection: defending the US homeland. New York, NY: Greenwood Publishing
Deibert, R. (2008). Access denied: the practice and policy of global internet filtering. Cambridge, Mass. :MIT Press.
Gercke, M (2010). ITU Cybercrime Legislation Resources: ITU Publication on Information revolution &global politics. Massachusetts: MIT Press
Harsh (2009). Cyber Crime- an overview and the measures. Web.
Intelligence Unit, Computer Crime Research Center (2004). How real is the threat of cyberterrorism? Web.
Internet Society (2009). Key issues. Web.
Linden, E. (2007). Focus on terrorism. New York: Nova Publishers.
Stolfo, S., Bellovin, S. & Hershkop, S. (2008). Insider attack and cyber security: beyond the hacker. Michigan: Springer.
Yar, M. (2006). Cybercrime and society. Washington, DC: SAGE.