Samhitha Reddy(Research Intern)
This research paper will primarily talk about how the world today is tackling cybersecurity issues and the kind of issues that arise in the cyberspace. The paper will introduce itself with the concept of cyberspace and how it came into being and later proceed to the need to stop malicious activities resulting from cyberspace. This paper also enlightens the readers about the types of cybersecurity issues and the primary actors in that. The rising trends in cybersecurity and how everything is going haywire due to its content development is also indicated. International organisations like the Security Council and the EU’s takes and actions on cybersecurity are also highlighted. A glimpse of how cyberwar looks and the number of damages it causes is also considered in the paper.
Even though international security is a relatively new term in international relations it’s one of the most important in shaping the lives of people today. ‘Security’ as a phenomenon has been addressed by the world in the post-cold war period. It is identified that there are three ways as to how the term security is being used; the first is, being safe, protected and secure. Secondly, for the political actions and finally for the analytics and conceptualising (Heurlin, B., & Kristensen, 2020). There are various kinds of security risks in the world today and one of the latest developments in this is the cybersecurity risks. Due to the fast-paced world and globalisation, cybersecurity risks are one of the most dangerous and unfortunately there are no laws in place to protect people from the same.
Cyber as a word was initially used in the 1950s as ‘Cybernetics’, which is a science of understanding machines and animals, It was later understood as ‘computerized’. Later in the 1990s, the term cyberspace came into being, which is believed to be an undefined area where people conduct electronic activities. Today the term cyber is popularly used for security matters. A cyber-attack is said to scale upon us with the help of cyberspace. One such major creations are the silk road which is an online platform that uses digital currencies for illegal trade, money laundering and sale of drugs. These threats majorly exist for three reasons: 1) flaws in the design of the internet, 2) flaws in hardware and software and 3) the movie to put more critical systems online (Fortson, 2020).
Why is it necessary to stop cyber threats?
Development of the internet remains to be one of the biggest blessings and also the major threat in this millennium. One of the major threats that we face today is a data breach, to blackmail or manipulate decisions. Cyber threats from infiltrators on infrastructure and data breaches to phishing and cyberespionage, there are various types of cyber threats and they do not show any bias while targeting their next victim, it could be a multinational corporation, federal government or an individual. The next victim of these attacks could be any of us and we wouldn’t even realise it until the damage is done. Cyber-attacks are capable of causing electrical blackouts, breach of national security and a failure of military equipment. Cyber threats are never stagnant and are becoming more potent every day, there is a new generation of zero-day threats that are able to surprise as they carry no detectable signals. There is another trend in advanced persistent threats (ATP’s), which is a way for the hacker to be persistent in the system without being traced even by updates of rebooting. Even though cyber securities are blind to the eye, we shouldn’t be surprised if one says it could affect a person lifestyle.
From where & Why do cyberattacks occur?
There are various cyber attackers for various reasons, the usual aim of cyber-attacks is to disrupt, distort and deteriorate (Moore, 2020). Disruption occurs when there is an over-reliance on the fragile connections which can be easy to hijack and may bring the trade to its knees. Distortion is when there is an intentional spread of misinformation which would then lead to the solidity of data to be compromised. When we look as to from where the cyber-attacks come from, the primary ones are hostile nation-states, terrorist groups, organized crime organisations, hacktivist, disgruntled insiders, hacker, natural disasters and accidental actions of authorized users (Tunggal, 2020). Government-sponsored cyber-attacks pose major threats compared to others as a state would have more resources technology and tools against each other, classified networks and critical infrastructure can be harmed with the use of cyberspace. Terrorists also pose a high threat level as people joining terrorist groups in the future may have more knowledge with regards to cyber-attacks. Corporate spies may engage in the same to steal trade secrets and weak their competitors. Hacktivists usually are the less damaging hackers as they aim at spreading their political agenda than demolishing the infrastructure.
Cyber threat trends of 2020
An old trend that has been newly turned very sophisticated is Phishing. Phishing is when people are fooled to click on links and are directed to malicious websites where a virus is downloaded into the system. Hackers are using machine learning to generate messages which are much easier to draft and spread which enables hackers to steal login credentials and credit card details. Another trend is hacking is Ransomware strategies (Moore, 2020). These strategies help hackers to steal data an individual’s or an organisations database and hold it for ransom. Companies are building stronger systems to push back attempts from the hackers but they tend to concentrate on high net worth individuals to gain profits. Along with this, the use of bitcoin is enabling hackers to get paid anonymously, so the source of hack remains to be unknown. Crypto-jacking is another issue where hackers rely on personal or work computers to mine for cryptocurrency as it takes a huge amount of computer processing power and takes away the profits of the individual (Moore, 2020). Crypto jacked systems take a high amount of time and efforts to track and resolve. Cyber-physical attacks is another realm of cyber-attacks where hackers attack the electrical grids, transportations systems and treatment facilities, the technology that enabled us to develop as a human is also putting us at risk. State-sponsored attacks are the biggest threat in 2020 as states have more resources, it has become a major threat to other governments to protect their data and information (Moore, 2020). Internet of things is another emerging era where devices like laptops and tablets, of course, but also routers, webcams, appliances, smartwatches, medical devices, automobiles and even home security systems can be hacked. These devices are handy and have a great risk of cyber invasions and infections. Once hacked these devices can cause extreme financial loss. Third parties another risk where major corporations outsource their work and the workforce with these companies or the software, they are using may not be safe, which could cause havoc and viruses to enter the system from third parties (Moore, 2020).
Security Council to create International law on cybersecurity
As of now, there is no international law on cybersecurity and a lot of scholars argue that there is an emerging need for it. However, there are provisions available in the charters of security council have been newly emerged which help nations tackle cybersecurity problems. Since its establishment in 1945, the security council has concentrated on having troops ready in case of any security threats and ensure there is no major war breaking out in any part o the world. But recently the security council has been more worried about the untraceable cyber-attacks which possess more harm than physical warfare. Any measures to breach of peace and security needs to be done in accordance with article 41 and 42 (Fortson, 2020). Article 41, gives the security council autonomous power to interrupt economic relations like air, postal, other means of communication and severance of diplomatic relations (Fortson, 2020). If article 41, is found to be ineffective then article 42 is implemented where force is used to restore diplomatic relations (Fortson, 2020). As there is a growing need to curb this borderless crime, the provision in article 25 empowers the security council to create international laws which are binding. The major reason why the security council hasn’t been able to draft any sort of law yet is due to the member states not coming to terms as to the definitions of what cyber-warfare and cyber attacks are. Authoritative countries like China and Russia look at information security because they are more concerned about the information breach. Other western countries view cybersecurity as the way in which the breach has occurred due to their large part of their views on freedom of speech. One of the first provision to be included has occurred in the 1999 January, where Russia has introduced a resolution in the first committee for international computer security treaty (Fortson, 2020). This resolution was adopted by the general assembly without a vote, but push for the international treaty was not welcomed by the western states, as they saw it as a break to acquire information. Despite the disagreements, the UN hasn’t overlooked the need for cybersecurity. UN has set up a treaty organization which is called the ‘International Telecommunication Union’ to look into the practical areas of cybersecurity (Fortson, 2020). ITU is an agency under article 57 of the UN which sets up technical standards and considers cybercrime as one of its top three priorities.
International law with regard to cybersecurity
In a United Nations Security Council Background guide written by Rachael Brunot, she identifies two areas of international law which can be applied to cybersecurity. If any states use ‘internationally wrongful threat of force” or “a threat to international peace and security” (Brunto, 2020). The UN security council possess the right to step in. here, cybercrime needs to reach an extreme act where UNSC to step in and take action. This usually happens in terrorist attacks where they target the governments or government-sponsored attacks, where one government is spying on the other. Additionally, if there is any state-level threat for ransomware, the severity of the threat and the loss of data needs to be very critical for UNSC to get involved. Another aspect identified by her is the law of neutrality, where nations have the right to remain silent (Brunto, 2020). Cyber-attacks are typically conducted through third party computers which hide its inception. These neutral nations could be used by these attackers through their networks and infrastructure, this act of self-defence might pull them into conflict. In 2004, the UN established the UN group of government experts on developments in the field of information and telecommunications to regulate how governments should interact in cyberspace. In 2015, this group released a non-binding international standard for behaviour in cyberspace (Brunto, 2020). Some recommendations are that states should not consciously authorize illegal hacking to occur within their borders. UN has also taken human rights into consideration where the UN group on cybercrime and cybersecurity called for safeguard on human rights in 2013. Issues have become more compromised since then, as Russian hackers hacked US power grids and Iranian hackers hacked US universities database, and 340 million data records have been exposed(Brunto, 2020). As of today, there is no new implementation in the UN GGE so this requires urgent solutions and all the nations need to participate in the same to protect themselves.
Cybersecurity in the European Union
The EU cybersecurity strategy was adopted in February 2013 and it was followed by a directive from the European Commission to strengthen security systems in the EU (Drent, Homan,&Zandee, 2013). this was done to encourage the people’s confidence in online purchasing. This directive has set a baseline as to how laws in the future can be evolved. This strategy has three aims: (1) to strengthen the security and resilience of networks and information security systems, (2) to prevent and fight cybercrime and (3) to establish a more coherent cybersecurity policy across EU (Drent, Homan,&Zandee, 2013). One of the most important aspects that need to be done to tackle cybersecurity issues is to establish a national-level computer emergency response team (CERT), this is an authority to speak on behalf of a nation in the European level meetings (Drent, Homan,&Zandee, 2013). This also seems to be a tough job to be done as member states have different authorities taking care of this, it would great effort to bring all of these organisations together and unify the same in every country. A European cybercrime centre was established in Europol in 2013 in the Hauge and Rand corporation of Europe conducted a study where it was recognised that this centre could be the centrepiece in EU’s fight against cybercrime (Drent, Homan,&Zandee, 2013). The centre advises nations in their fight against cybercrime and helps develop future directives. The cybersecurity strategy of the EU is meant to encourage the development of public-private partnerships. But, these partnerships also face difficulties as there is a vast number of stakeholders.
Another aspect of EU cybercrime issue is civil-military aspects. One of the biggest drawbacks in this sector is that there is no proper doctrine established at the EU level. Under European Union Military staff the EU only has a basic cyber defence system for its networks (Drent, Homan,&Zandee, 2013). EU is also promoting an early involvement in academia in developing the defence industrial and base of the country. The threats in the synergies between the civilian and military approaches are various and cyber assets should be further protected. there is scope in the future that all stakeholders will work hand in hand. But the role of defence in military strategies is yet to be fully understood.
Incidents of cyberwar
There have been a few instances where cyberspace has been brutally infringed that cybersecurity has become the epitome of priorities that need to be resolved. In May 1999 the website of US Whitehouse has been attacked and it has remained shut for three days, this occurred due to the accidental bombing in the Chinese embassy in Belgrade (Hunker, 2010). Russian and Estonian governmental organizations were subject to three weeks of cyber-attacks in 2007 (Hunker, 2010). In 2009, Georgia was under attack prior to the kinetic military action in with Russia and against Kyrgyzstan. China and Russia have denied all sorts of links to these occurrences, it was later realized that this occurred from a system in Brooklyn, New York (Hunker, 2010). Also, a devious attack has occurred in a complex in Syria, reportedly with North Korean workers in it. It was reportedly a nuclear weapons plant being built and was bombed undetected by Israel jets by surpassing the air defence networks of Syria through Cyberattacks (Hunker, 2010). This growing trend of high threat in cyberspace is making all the countries vulnerable and the need for cybersecurity law is also growing.
National Cybersecurity strategies
The NCCs are a new phenomenon that emerged in the US in 2003, it was one of the first countries to recognize the importance of cybersecurity (Gehem, Usanov, Frinking, &Rademaker, 2015). As of late the extent of basically all cybersecurity techniques have extended from securing people and associations to ensuring society in general, which is an aftereffect of expanding dependence of all parts of our life on ICT. Practically all NCSS underscore the reception of a coordinated and far-reaching approach and the significance of open private cooperation intending to cybersecurity dangers (Gehem, Usanov, Frinking, &Rademaker, 2015). Numerous cybersecurity episodes unmistakably exhibit that without end-users receiving fundamental. PC security cleanliness rules they will keep on being exceptionally defenceless against future cyber-attacks (Gehem, Usanov, Frinking, &Rademaker, 2015). Given the worldwide idea of the Internet, the international element of national cybersecurity and upgraded international cooperation is one of the needs in numerous NCSS (Gehem, Usanov, Frinking, &Rademaker, 2015). Concurring on the internationally acknowledged principles of conduct in cyberspace may be troublesome, be that as it may, even between close partners.
As we have seen throughout the paper, cybersecurity issues have many faces, it can occur by various means for various reasons. And if we look at the current situation regarding international security with relations to cyber laws, they still remain to be very vague and it needs a lot of development in the future. Security Council, EU and other international bodies need to solidify doctrines and treaties regarding this. If a fast action has not been taken regarding this issue it could unleash unknown disasters unto the world. A clear set of rules and guidelines need to be established on state-sponsored hacking and only ethical hacking should be permitted. Giving a person the ability to sit in a room and damage the world would be the biggest setback in this ever-growing digital world.
Heurlin, B., & Kristensen. (2020). INTERNATIONAL RELATIONS. Retrieved 23 June 2020, from https://www.eolss.net/Sample-Chapters/C14/E1-35-04-02.pdf
Moore, m. (2020). Top Cybersecurity Threats in 2020. Retrieved June 2020, from https://onlinedegrees.sandiego.edu/top-cyber-security-threats/
Tunggal, A. (2020). What is a Cyber Threat?. Retrieved June 2020, from https://www.upguard.com/blog/cyber-threat#why-protect-against-cyber-threats
Fortson, C. (2020). Cyber Security and the Need for International Governance. Retrieved June 2020, from https://www.natlawreview.com/article/cyber-security-and-need-international-governance
Brunto, R. (2020). United Nations Security Council Background Guide. Retrieved June 2020, from http://www.ccwa.org/wp-content/uploads/2018/09/UNSC-Final.pdf
Drent, M., Homan, K., &Zandee, D. (2013). Civil-Military Capacities for European Security (pp. 53-63, Rep.). Clingendael Institute. Retrieved June 29, 2020, from www.jstor.org/stable/resrep05404.8
Hunker, J. (2010). (Rep.). NATO Defense College. Retrieved June 29, 2020, from www.jstor.org/stable/resrep10354
Gehem, M., Usanov, A., Frinking, E., &Rademaker, M. (2015). ASSESSING CYBER SECURITY: A META-ANALYSIS OF THREATS, TRENDS, AND RESPONSES TO CYBER ATTACKS(pp. 57-72, Rep.). Hague Centre for Strategic Studies. Retrieved June 29, 2020, from www.jstor.org/stable/resrep12567.7