Topic 1: Cyberterrorism
Whilst the threat of traditional terrorist attacks in the physical world continue to run high, technological developments in thelast 30 years, particularly with the advent of the commercial personal computer in 1977, have given rise to a new fear - cyberterrorism. Modern technology has led to the increased integration of daily life with technology, whether it is through email,business transactions, information gathering and data storage. Vast amounts of information and data have now betransferred to modern information technology systems that are more advanced, save space, save money and are easier touse.It might all appear to be a rosy picture, but while the greater ease of accessing information through technology has helped ineducation, business and medical fields, it has also opened the door for criminals to take advantage of this. Though manycyberattacks in the past have been the result of young programmers who choose to fool around, recent developments haveseen more serious cyberattacks that can cause harm on governments, companies and individuals. Cyberattacks such ashackers, worms and viruses without a particular political motive have proliferated since internet use ballooned. Vandalizingwebsites, disrupting services, sabotaging data and systems, launching computer viruses, harassing individuals andcompanies, and fraudulent transactions; these are just a few examples of what cyber terrorists can do. Put simply,cyberterrorism has the potential to decimate governments, cripple economies, and damage defense networks; the damagefrom cyberattacks can be military, political, commercial and even social.Given the relatively new nature of this threat, the international community has yet to create a comprehensive framework foranti-cyberterrorism work to take place. Fundamental to the framework will be international laws governing actions to preventand respond to cyberterrorism. The distinction between a cyberattack and cyberterrorism is still unclear. Furthermore, thelack of clear guidelines as to what actions would constitute a cyberwar creates ambiguity with regards to how countriesshould respond to such attacks. If prevention is the best cure possible, then mechanisms to prevent cyberattacks will need tobe developed. Although countries such as China, Russia, Israel and North Korea have all been accused of cyberattacks, thereis no international mechanism to identify cyberterrorists, let alone to track and capture them. The fact that attacks arecommitted across borders makes addressing them all the more difficult, any legislation will not only need to be adopted bymember states but also be effectively enforced, a common Achilles heel for many previous UN actions. Ambassador Ahmad Kamal, a Senior Fellow at the UN Institute for Training and Research and the former PermanentRepresentative of Pakistan to the UN, has written a report titled ‘The Law of Cyber-Space’, providing as a basis for muchdiscussion. At 270 pages, it makes for an informative and enlightening read. This came after events such as Titan Rain (thealleged Chinese orchestrated attacks on a number of American computer networks), the denial-of-service attack againstEstonia in 2007 (almost all of the national ministries’ servers were knocked off line as well as those of two major financialinstitutions), the cyberattacks against Georgia in 2008 and those against Google in 2009. The most recent instance of cyberattacks was the highly sophisticated Stuxnet worm that The Economist described as “an ingenious cyber-weapon”.Discovered in June 2010, the computer worm appears to specifically sabotage uranium-refining by disrupting centrifuges’ industrial-control systems. So far, it appears to have delayed Iran’s nuclear program by as much as two years, but its creatorremains an unknown mystery with Israel and China both alleged masterminds.In addition, during the 64
General Assembly (GA) Session in March 2010, resolution 64/211 was passed by the GA callingfor the creation of “a global culture of cybersecurity”. Sadly, it included only two action points, both of which were voluntaryand unspecific with regards to the suggested actions. It does however take stock of a litany of previous UN action andprovide a useful starting point for further research. Your task is to construct a comprehensive international response to the threat of cyberattacks, cyberterrorism and cyberwar.
Questions to consider:1.
What constitutes cyberterrorism, a cyberattack and cyberwar?2.
How can an act of cyberterrorism most effectively be prevented?3.
What response is necessary and permitted against an act of cyberterrorism?4.
What infrastructure is needed to combat acts of cyberterrorism and how do countries acquire them?5.
How can countries, governments and private entities best co-operate to deal with cyberterroism?6.
In what way to the suggestions above fit together in an international framework against cyberattacks?Resources1.
General Assembly Session – Resolution 64/211
Ahmad Kamal – The Law of Cyber-Space