Chapter -4

A Comparative Analysis of Global Legal Response to Cyber Terrorism

Dynamics of Modern Terrorism

The specter of cyberterrorism has captured the attention of mass media, the security community, and
the information technology industry. Journalists, politicians, and experts from various fields have
popularized a scenario in which highly skilled cyberterrorists gain electronic access to systems
controlling critical infrastructure like dams or air traffic control, potentially causing widespread chaos
and endangering both countless lives and national security itself. Despite the ominous predictions of a
cyber doomsday, it is noteworthy that there has been no recorded instance of actual cyberterrorism
because the definition of cyberterrorism is too restricted to include many online threats due to
terrorism.1
So, how substantial is the cyberterrorism threat? Given that most essential infrastructure in
western societies relies on computer networks, the potential danger of cyberterrorism is indeed
alarming. While hackers may not share the same motivations as terrorists, they have demonstrated
the ability to breach sensitive information and disrupt crucial services. In theory, terrorists could
emulate these tactics, infiltrating government and private computer systems and potentially
incapacitating military, financial, and service sectors in advanced economies. 2 The increasing
reliance of our societies on information technology has introduced a new vulnerability, enabling
terrorists to target otherwise impregnable objectives, such as national defense and air traffic
control systems.3 As a nation’s technological advancement grows, so does its susceptibility to
cyberattacks on its infrastructure.4 The common narrative exists that there should be International
Cooperation in regard to dealing with Cyber Terrorism, but unfortunately cyber-Terrorism has not
even been conclusively recognized as a threat to national peace, security and integrity of other
1
Thomas M Chen, Lee Jarvis, Stuart Macdonald, Cyberterrorism, Understanding, Assessment and Response, (Springer,
2022).
2
United nations Security Counter- Terrorism Committee Executive directorate (CTED) available at:
https://www.un.org/securitycouncil/ctc/sites/www.un.org.securitycouncil.ctc/files/
ctc_cted_factsheet_ct_in_cyberspace_oct_2021.pdf (last visited on December 3rd, 2023).
3
Robert W. Taylor, Eric J. Fritsch and John Liederbach, Cybercrime and Cyber Terrorism (Pearson, 5th Edition, 2023).
4
Kenney, M, Cyber-terrorism in a Post-Stuxnet World available at:
https://www.researchgate.net/publication/270914520_Cyber-Terrorism_in_a_Post-Stuxnet_World (last visited on
November 29th, 2023).
1
nation states. In countries like Canada and Germany no conclusive definition of Cyber terrorism
has been defined neither mentioned although they have recognized terrorist activities. Legitimate
concerns regarding cyberterrorism’s potential danger are well-founded. However, it's important to
acknowledge that not all the anxieties expressed in the media, in Congress, and in public discourse
are rational or reasonable. Some fears are unfounded, while others are greatly exaggerated.
Furthermore, there has been a tendency to blur the line between the potential and the actual harm
inflicted by cyberterrorists, often neglecting the relatively benign activities of most hackers while
sensationalizing the specter of pure cyberterrorism5.
Since technology development is still relatively young, there were few examples of how the
international community may respond to its misuse. Therefore, the time has come to think about and
put preventative measures against such exploitation of technological advancements in place, as well
as to regulate terrorist operations employing them. The goal of the current study is to take it a step
further and assess if the international toolkit now in use is sufficient to combat the phenomena known
as “cyber terrorism.”6 Therefore, international law is a necessary tool to enable the global community
to deter cyber threats in its various jurisdictions. In order to reach a common understanding in curbing
cyber terrorism threats, the existing solutions offered by present international treaties must first be
considered in order to look at available responses against transnational cyber threats. In fact, one of
the main issues in dealing with cyber terrorism is the lack of international resolve.

The researcher has attempted to evaluate the applicability of the already existing international legal
measures to combat and control cyber terrorism in the current chapter. The researcher in this chapter
would entail on comparative analysis in United States of America, United Kingdom, Canada and
Germany. The study has thus focused on the legal concerns rather than talking about the technology
alternatives to address the situation. The researcher wants to establish an explicit system of
international criminal laws, Security Council resolutions, and traditional prohibitions to combat cyber
terrorism. The researcher will also be focusing on how Artificial intelligence has been used to counter
terrorist activities. Through this procedure, current counterterrorism conventions will be examined

5
Lewis, J. A, Assessing the risks of cyber terrorism, cyber war and other cyber threats, pg. no-12, Washington, DC:
Center for Strategic & International Studies, 2002 available at: https://www.steptoe.com/a/web/4586/231a.pdf (last
visited on November 24th, 2023).
6
Janczewski, L., & Colarik, A, Cyber warfare and cyber terrorism, P. no-145 (IGI Global Ist edition, 2007).
2
from the perspective of legal interpretation, and a more effective direct approach to dealing with this
danger will be found.

Cyber Terrorism: A Truth of the Present Scenario

Cyber terrorism has emerged as a brand-new type of terrorism. Over the past ten years, information
security systems have improved, but hackers have gotten more skilled. 7 The Internet has been utilized
by terrorist organizations for a number of purposes, including recruiting, propagandizing,
communicating, and gathering intelligence.8 Because the computer-mediated communication network
is decentralized, more challenging to govern, and available to anybody who wants to use it, terrorists
may communicate successfully through it. This makes the cyber-world potentially useful in a variety
of ways, including both directly and indirectly as a tool for carrying out an attack 9. Attacks on
websites using the weapon of cyberspace are one way to use it. The Israeli-Palestinian conflict, the
Kashmir dispute between India and Pakistan, and the NATO 10 websites during the Kosovo crises in
the early 1990s of the 20th centuries are a few examples of circumstances when such assaults took
place.11 Janet J. Prichard and Laurie E. MacDonald describe similar circumstances in their book.
Despite this, these attacks do not fulfill the requirements for “terrorism” as described by as they do
not want to topple the government or damage anybody, the Financing Convention.12
The other instance of using cyberspace as a weapon is cyber terrorism. According to Shalom Harney,
cyber terrorism is the use of computer networks for nefarious ends like putting human life in risk or
damaging crucial national infrastructure in a way that might put human life in danger. 13 In an effort to
distinguish between the many types of networks that may be the target of cyber-terrorist attacks,
Trachtman has included military and civilian defense networks, additional governmental networks
(Police, Fire), and private networks14. Public networks used by corporations and individuals for
communication, education, and other purposes are privately or publicly owned networks used to

7
Michael Kenney, Cyber-Terrorism in a Post-Stuxnet World, Orbis, Volume 59, Issue 1, 2015, Pages 111-128, ISSN
0030-438.
8
Colarik, A. M. Cyber terrorism: Political and Economic Implications (IGI Global, 2006).
9
Ibid.
10
North Atlantic Treaty Organization.
11
Lech J. Janczewski and Andrew M. Colarik, Cyber warfare and Cyber Terrorism (IGI Global 3rd Edition, 2018).
12
Ahmad, R., & Yunos, Z, A dynamic cyber terrorism framework, International Journal of Computer Science and
Information Security, 10(2), 149, 2021.
13
Babak Akhgar, Cyber Crime and Cyber Terrorism Investigators’ Handbook (Syngress 1st edition, 2021).
14
Colarik, A. M, Cyber terrorism: Political and Economic Implications (IGI Global, 2006).
3
regulate public utilities and other systems for delivering infrastructure services. Cyber terrorism may
be used with artificial Intelligence, among other things, to compromise Rail Company systems,
disable computer connections at international airports, delete voter registration information 24 hours
before an election, and more15. All of the aforementioned systems are Internet-connected in some way
since they are service providers, making them subject to infiltration. AI can be a powerful tool in
counter terrorism enabling law enforcement and counter-terrorism agencies to realize game-changing
potential, enhancing effectiveness, augmenting existing capacities and enabling them to manage with
the massive increase in data.16 AI can support law enforcement and counter-terrorism agencies, for
example, by auto- mating highly repetitive tasks to reduce workload; assisting analysts through
predictions of future terrorist scenarios for well-defined, narrow settings; identifying suspicious
financial transactions that may be indicative of the financing of terrorism; as well as monitoring
Internet spaces for terrorist activity at a scale and speed beyond traditionally available human
capabilities. One key challenge encountered with the use of AI in the field of counter-terrorism is that
the vast quantities of data needed are not always available or accessible. 17 The reality of terrorism is
that incidents are not regularly occurring events and cases of radicalization are often unique. There
are several open-source databases on terrorism that can be used for the purposes of training
algorithms, such as the Global Terrorism Database, which collects historical information on more
than 200,000 terrorist incidents globally since 1970.
Today’s Western societies rely heavily on computer communication for almost all aspects of daily
life. Nearly every component required for both routine activity and emergency planning is managed
by computer systems.18 The issue at hand is whether the characteristics of cyber terrorism mirror
those of the previously mentioned other forms of terrorism. There are undoubtedly distinctions
between entering a plane with a gun and doing so by taking over the computer system. The legal
status of cyber terrorism must be established in light of the aforementioned factors in order to combat
it with international legal tools, which are crucial to the effort made by the international community to
fight terrorism.19 Radicalization is one of the threat in most of the regions. Another global trend that
15
Rogers, M. (2021), The Psychology of cyber-terrorism. Terrorists, victims and society: Psychological perspectives on
terrorism and its Consequences, Pg no-77-92 (Wiley, 1st Edition, May 2019).
16
Maurice Dawson and Marwan Omar, New Threats and countermeasures in Digital crime and Cyber Terrorism (IGI
Global, 2nd Edition, 2022).
17
Brian Blakemore, Policing Cyber Hate, Cyber Threats and Cyber Terrorism (Routledge, 2021).
18
David Lowe, Policing Terrorism-Research Studies into Police Counterterrorism Investigations (CRC Press, 2020).
19
Ibid.
4
the regions of South Asia and South East Asia have faced in recent years is that of the digitalization,
has enhanced recognizing the threat of terrorism. Though this is a universal trend, this is more
important and growing rates of digitalization and because of burgeoning young, vulnerable and online
populations in South Asia and South-East Asia.
The Internet and social media have demonstrated their beneficial potential in South Asia over the last
decade. At the same time the world has adapted to the new paradigms of the 21 century learning to
st

abuse information and communication technologies, for instance to spread hateful ideologies and
propaganda, recruit new members, organize financial support etc. For instance, According to the
former Home Affairs Minister of Malaysia, Ahmad Zahid Hamidi, social media was responsible for
approximately 17 percent of ISIL recruitment in the country. Similarly, in Singapore, of 21 nationals
held for terrorism-related activities under the Internal Security Act, 1960 under between 2015 and
2018, 19 of them were radicalized by ISIL propaganda online, with the other two persons radicalized
by other online content encouraging participation in the Syrian conflict.20

Terrorism exhibits the characteristics of physical harm as well as the goal to instill fear and influence
behavior21.To determine the origin of bodily harm, computer systems from hospitals, energy
companies, traffic light systems, and other organizations can be disabled. As a result of these crimes,
the victims of these crimes feel anxious and apprehensive. Therefore, the terrorist need not bother to
bring a gun or a knife on an aircraft in order to commit cyber terrorism 22. When sat in front of a
computer screen, the same results are possible. The government must “do something” to impose
control over such behavior since it is its responsibility to safeguard the security and safety of the
people23.
First of all, just because someone had intentions to access secure computer networks doesn’t make

20
United Nations Office of Counter Terrorism, Countering Terrorism Online with Artificial Intelligence- An overview for
Law Enforcement and Counter-Terrorism Agency in South Asia and South East Asia, A Joint Report by UNICRI and
UNCCT available at: countering-terrorism-online-with-ai-uncct-unicri-report-web-2.pdf (last visited on December 5 th,
2023).
21
Ibid.
22
Akhgar, B., Staniforth, A., & Bosco, F, Cybercrime and cyber terrorism investigator’s handbook. Syngress, 2014.
23
Putra, M. D, New media and terrorism: Role of the social media to countering cyber terrorism and cyber extremism for
effective response. available at: https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiPhZOxw_WCAxUUZ94KHeLZA34QFnoECBAQAQ&url
=https%3A%2F%2Fpapers.ssrn.com%2Fsol3%2FDelivery.cfm%2FSSRN_ID2754370_code2529979.pdf%3Fabstractid
%3D2754370&usg=AOvVaw28ZeztNYn7nH21g59y7rS3&opi=89978449 (Last Visited on November 23rd, 2023).
5
them a terrorist. According to the requirements of cyber terrorism, the purpose component shows that
there was a desire to influence a government’s course of action. There are several key ways in which
cyber terrorism is different from earlier types of terrorism. What is indicated by “terrorism” is a
specified goal with a great potential to endanger human life. What the humans look like is
unimportant. On the other hand, the population of modern western countries is a very specific group
of people who can be affected by cyber terrorism. The electronic infrastructure that advanced and
developing nations have come to rely on is damaged by cyber terrorism. As has been said. The
susceptibility of a civilization to cyber terrorism depends on how much that society relies on
technology and computer networks. The more a state's reliance on electronic communications and
information processing networks, the greater its vulnerability to cyber terrorism will be 24. Richard
Clarke famously declared in 1999, “If you are connected, you are vulnerable.”

One may argue that increased technical progress also results in greater defenses, giving countries the
ability to repel such attacks. Even after taking into account the level of risk, it is still clear that these
criminals are aiming to hit India in order to increase their own level of expertise because India is
more susceptible to cyber terrorism than Bhutan. Because India has more at stake and is more
dependent on its information security to protect itself against a cyber-terrorism attack due to its
greater dependence on its own computerized infrastructure, India is more likely to experience these
cat and mouse games between the cyber terrorists and the information security experts than Bhutan 25.

When compared to a physical terrorist attack, which requires finding an executor, arming him with
explosives or weapons, and making sure he will pass all security checks on his way to the target
location, a cyber-terrorist only needs a reliable computer and exceptional hacking skills 26. On the
other hand, cyber terrorism is probably going to escape these costs and difficulties. As a result,
another distinctive feature of cyber terrorism is its extremely cheap costs 27. Learning the essential

24
Tehrani, P. M., Manap, N. A., & Taji, H. (2013). Cyber terrorism challenges: The need for a global response to a multi-
jurisdictional crime. Computer Law & Security Review, 29(3), 207-215.
25
Dogrul, M., Aslan, A., & Celik, E. (2011, June). Developing an international cooperation on cyber defense and
deterrence against cyber terrorism. In 2011 3rd International Conference on Cyber Conflict (pp. 1-15). IEEE.
26
Hua, J., & Bapna, S. (2012). How can we deter cyber terrorism? Information Security Journal: A Global Perspective,
21(2), 102-114.
27
Tafoya, W. L. (2011). Cyber terror. FBI L. Enforcement Bull., 80, 1.
6
technological skills and taking a crash course in "Hacking 28 are not hard to do; rather, they are
straightforward and are readily available online.

The truth is that despite all the dire predictions about the emergence of cyber terrorism, there hasn't
been a single instance of recorded cyber terrorism29. Because of this fact, people think that the
forecasts about cyber terrorism are overstated. Numerous arguments could be investigated in this
regard. The lack of any event, theoretically, does not preclude the possibility or likelihood that it may
happen at some time in the future. The most relevant and fitting example would be the Despite a
"Nuclear War" Despite the fact that it has happily not yet occurred, the superpowers in the
international system have been preparing for it nonetheless. Additionally, computer viruses can be
programmed to become active as of a specified date in the future, keeping their existence a secret up
until that time, much like physical terror organizations that have "sleeping agents" on the territory of
their rivals waiting to activate upon a phone call30.

Experts and well-known figures in the field of counterterrorism Shalom Harmony and Yossi have
noted that one potential explanation for the lack of cyber-attacks is that terrorist groups have not yet
developed the technological capability, which is the essential component of cyber terrorism.
Assuming that the lack of a cyber-terrorism event is genuinely due to the technological gap between
potential targets and potential terrorists, immediate action is required. Technology can swiftly close
any gaps. The most significant infrastructures in Western nations are networked by computers, raising
concerns about the possible threat of cyber terrorism. Since at least 10 years ago, the governments of
Western countries have taken the threat of cyber terrorism extremely seriously 31. For instance, it ran
the first exercise of its kind to see how ready the American government's computer systems were for
the impending onslaught. This operation, which took place in 2002, was given the symbolic name

28
Akhgar, B., Staniforth, A., & Bosco, F. (Eds.). (2014). Cybercrime and cyber terrorism investigator's handbook.
Syngress.
29
Putra, M. D. (2016). New media and terrorism: Role of the social media to countering cyber terrorism and cyber
extremism for effective response. Available at SSRN 2754370.
30
Awan, I., & Blakemore, B. (2016). Policing cyber hate, cyber threats and cyber terrorism. Routledge.
31
Rathmell, A. (1997). Cyber‐terrorism: The shape of future conflict? The RUSI Journal, 142(5), 40-45.
7
"Digital Pearl Harbor"32. The results surprised everyone. The "Red Team 33," tasked with trying to
break into computer systems and obstruct their operation, was nearly always successful. The
American government started making efforts to improve its technological and legislative readiness for
cyber terrorism after this trial34.

Israel designated in Government Decision B-8 essential data systems that would receive a security
update. In 1979, Tenenbaum was born in Ramat Hasharon 35. Tenenbaum gained widespread notoriety
in 1998 when, at the age of 19, and in charge of a small group of hackers 36, he was detained for trying
to break into the Israel Defense Forces and hacking computers belonging to NASA, The Pentagon,
the U.S. Air Force, the U.S. Navy, the Knesset, MIT and other American and Israeli universities, the
Lawrence Livermore National Laboratory, and other federally funded research facilities.
Additionally, he allegedly broke into the computers of Palestinian terrorist organizations and claimed
to have damaged the Hamas website37. Some of the servers had Packet analyzer and Trojan horse
software installed by Tenenbaum38. It was at the time, according to John Hamre, then-US Deputy
Defense Secretary, "the most organized and systematic attack to date" against US military systems.
The military believed they were observing sophisticated "information warfare" by Iraq. The US
government gathered agents from the FBI, the Air Force Office of Special Investigations, NASA, the
US Department of Justice, and other agencies in an effort to halt the purported Iraqi hackers. The
CIA, the NSA, and the Defense Information Systems Agency. The United States President received
warnings and briefings because the government was so concerned.

Investigators in the United States believed Tenenbaum was involved in a fraud wherein hackers broke
into financial institutions all around the world to obtain credit card details 39. After that, they sold these
32
Purchase, E., Caldwell, F. (2004). Digital Pearl Harbor: A Case Study in Industry Vulnerability to Cyber Attack. In:
Ghosh, S., Malek, M., Stohr, E.A. (eds) Guarding Your Business. Springer, Boston, MA. https://doi.org/10.1007/0-306-
48638-5_4
33
https://coralogix.com/blog/red-teaming-cybersecurity/
34
Taylor, R. W., Fritsch, E. J., Liederbach, J., Saylor, M. R., & Tafoya, W. L. (2019) Cybercrime and Cyber Terrorism.
(Pearson, 2020).
35
https://counterterrorismethics.tudelft.nl/the-israeli-counter-terrorism-landscape/#:~:text=Intelligence%20collection
%20and%20analysis%20are,finally%20on%20defense%20and%20protection.
36
https://www.wired.com/2012/07/tenenbaum-sentenced/
37
https://www.state.gov/reports/country-reports-on-terrorism-2021/
38
https://www.wired.com/2012/07/tenenbaum-sentenced/
39
he Analyzer' Hack Probe Widens; $10 Million Allegedly Stolen from U.S. Banks, https://www.wired.com/2009/03/the-
8
numbers to others, who subsequently used them to commit large credit card fraud. He spent more
than a year in the custody of the US Marshals before being extradited to the US to face prosecution.
After deciding to enter a guilty plea, he was granted bail and freed in August 2010. Tenenbaum was
sentenced to the time already served in jail by New York district judge Edward Korman in July 2012
after accepting a plea deal that could have entailed helping with the investigation. Additionally,
Tenenbaum received a $503,000 fine and a three-year probationary period. He was recently arrested
on November 13 in a case of money laundering from 2002 so that their information security systems
might be adjusted for a cyber-terrorism scenario 40. European governments have acted both alone and
together, as seen by the UK’s founding of the National Technical Assistance Center18. The European
Council passed the European Program for vital Infrastructure Protection (EPCIP) in 2005 as part of a
larger initiative to combat terrorism. This program tightens computer security protocols and increases
preparation for terrorist attacks that target vital infrastructure.

Currently, there is no effective international legal framework that specifically handles cyber
terrorism41. The risk does not seem unlikely, thus it is wise to attempt to comprehend what the legal
international community has in store for the "Day After." Thus, in constructing the appropriate legal
framework and policy framework to combat and deal with the situation of cyber terrorism in the
current chapter and the following chapter, the researcher has taken into account the international
response, their efforts, and their status.

Link between Social Media and Cyber Terrorism

One technical innovation is social media. It is reachable by the majority of people. In an effort to
attract subscribers, several social media companies are introducing fresh names and looks. Social
media has penetrated far into space, beneath the oceans, deep inside the earth, and even into the hearts
and minds of both men and women. All of this power is now available for use in support of

analyzer-ha/
40
Akhgar, B., Staniforth, A., & Bosco, F. (Eds.). (2014). Cybercrime and cyber terrorism investigator's handbook.
Syngress.
41
Dogrul, M., Aslan, A., & Celik, E. (2011, June). Developing an international cooperation on cyber defense and
deterrence against cyber terrorism. In 2011 3rd International Conference on Cyber Conflict (pp. 1-15). IEEE.
9
international terrorism42. It should come as no surprise that those in charge of these lethal forces
should think about both their official and personal obligations in this matter.

The media is regularly used by terrorists for their own gain. The basis of a terrorist plot is the material
given and media comprehension. Additionally, terrorist tactics were openly discussed in online
media. This makes studying to become a terrorist easier and faster. In addition to the technical use of
the mass media as one of the parts of the terrorist strategy to carry out the action, radical groups
employ other media, such the Internet, to promote their diverse beliefs 43. Social media makes the
formerly secret world visible44. It is hardly shocking that some youngsters between the ages of 18 and
25 are joining ISIS given the impact of social media Propaganda. The young people who fled for
Syria, ostensibly to join the Islamic State of Iraq and Syria (ISIS) network, are claimed to be victims
of the spread of extremism online45. Because so many individuals are studying religion online,
terrorism has recently sprouted new branches. This comment exemplifies how the Internet is
effectively used as a tool for propaganda to recruit followers of the Islamist movement.

Particularly the internet is becoming a more significant trigger for terrorism 46. On the internet, it is
simple to get instructions for making explosives and spreading propaganda supporting extreme
ideologies. Showing footage of police raids and arrests would be detrimental since it would inspire
more individuals to embrace terrorist actions, despite the fact that the media routinely depicts
terrorists as heroes. The vested interests of the mass media are routinely put above the public interest
and journalistic ethics. By obtaining the only rights, a high rating, or even media that is willing to
ignore the requirements of the broader public.
Because there are a number of factors that can be carried out through the media, among other acts,
interference, or attacks that can hurt or damage anything, endangering information systems'
confidentiality, integrity, and availability through propaganda and other means, the terrorists are
aware of how crucial media information is in the fight against hegemony and universalization. Due to

42
Cyber Crime and Cyber Terrorism Investigator's Handbook. (2014). Netherlands: Elsevier Science.
43
Youth and violent extremism on social media: mapping the research. (2017). France: UNESCO Publishing.
44
Cyberterrorism: Understanding, Assessment, and Response. (2014). United States: Springer New York.
45
Weimann, G. (2004). Cyberterrorism: How Real is the Threat?. United States: United States Institute of Peace.
46
New Media Politics: Rethinking Activism and National Security in Cyberspace. (2015). United Kingdom: Cambridge
Scholars Publishing.
10
unfairness and psychological risks, fear is spreading across society. Others who have been abroad to
carry out indoctrination and training can help others who haven't had to leave their home country but
wish to spread the extremist ideology. Additionally, terrorist group leaders can interact with one
another through the media if they are separated throughout a region or country via mass media47.
The effectiveness of terrorists’ media-based propaganda showed how extremist ideologies opposed to
the United States (US) and its allies’ policies had grown. Every which way. Since the number of
terrorists' supporters has continued to grow and develop, which has contributed to the resistance
continuing after the WTC attacks, it may be argued that terrorist groups intended for their mass media
to represent a new trend in the commercialization of terrorism. Terrorist groups use the media and the
internet to spread their ideology and what they believe to be the truth. They make an attempt to record
the acts they conduct before they are made public in an effort to attract the public’s attention 48.
The idea of agenda creation and framing may be used to explain the connection between terrorism
and the media. While framing refers to how the news will affect how an audience will be presented
with the phenomena and events that were reported, setting the agenda entails choosing which
phenomena will receive more media focus and which phenomena will attract more public attention 49.
It seems unlikely that the media's support of terrorism would have a negative effect on society,
dispelling assertions that there is a beneficial relationship between the media and terrorism. It isn't
expected that media coverage would encourage viewers or readers to wish to carry out terrorist
attacks, and it's also not expected that the media will just assist to promote the terrorist ideology.
Although political speech and debate are essential to the concept of a democratic society, restrictions
on press and speech freedom may be necessary in the fight against terrorism50.
As terrorism will gradually decline and eventually disappear on If news coverage of terrorist incidents
does not occupy a significant portion of what the mass media covers, it should stand on its own. The
mass media should create and implement policies on how to behave and operate in crisis situations
brought on by acts of terrorism or other criminal behavior without any influence from the
government.

47
Weimann, G. (2004). Cyberterrorism: How Real is the Threat?. United States: United States Institute of Peace.
48
Open Source Intelligence and Cyber Crime: Social Media Analytics. (2020). Germany: Springer International
Publishing.
49
Buchanan, B. (2020). The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics. United
Kingdom: Harvard University Press.
50
Weimann, G. (2015). Terrorism in Cyberspace: The Next Generation. United States: Columbia University Press.
11
The media is a source of national power, a weapon for security agencies, and a means of strategic
communication for the National Security Council. As a result, by rapidly and publicly notifying the
public and the government about any linkages to terrorism, the media not only spreads panic but also
aids in prevention and recovery. Authorities may utilize media alerts and information as a reporting
mechanism for terrorist acts that are important for security. It is intended to hasten the security
authorities' capacity to react and act in response to situations and events connected to recovery 51.

Speaking about a terrorist incident that somehow failed to garner social media attention is like to
declaring war on a participant who chose not to attend. If social media decided to ignore those events,
it would be irresponsible and unable to function. Whatever the case, as we have learned, it is incorrect
to consider social media as a whole in this or any other circumstance. Dramatic events, particularly
those that are broadcast on television, might cost more depending on how many viewers or online
comments they can garner on YouTube, Video, or any other social media platform. Who can afford to
act like an ostrich in such a competitive society? By definition, terrorism generates interest on social
media. As a result, in some ways, the social media serve as a barrier between the terrorist and the
actual audience he seeks to influence and to whom he must spread his message of fear in order to
realize his secondary objective52.
Governments and the media struggle with what to do with the news once it has broken. Simply stating
that the message might not be understood would be appealing but unwise. In reality, a number of
countries have attempted to do just that by imposing a partial or whole news blackout on incidents
involving terrorism53.

Terrorists do not, without a certain, come from the media. It might be argued that simply showing the
terrorist in his genuine appearance is easy and adequate. In a world where the concept of terrorism is
up for debate, such a policy is neither simple nor successful. With or without the aid of the media and
social media, the needs of domestic and international politics have established that one person's

51
Meeuwisse, R. (2017). Cybersecurity for Beginners. United Kingdom: Cyber Simplicity Limited.
52
Dycus, S., Banks, W. C., Berman, E., Raven-Hansen, P., Vladeck, S. I. (2023). National Security Law, Seventh Edition,
and Counterterrorism Law, Fourth Edition, 2023-2024 Supplement. (n.p.): Aspen Publishing.
53
Edgar, T. W., Manz, D. O. (2017). Research Methods for Cyber Security. United Kingdom: Elsevier Science.
12
terrorist is another person's hero54. This reality is only reflected in social media and traditional media.
If the media does in fact contribute to the terrorist problem, it is logical to assume that it will also
contribute to its resolution.

Few Relevant Cases and Illustrations

Computers and information systems are becoming more and more important components of both
industrialised and developing nations' infrastructure. Sensitive data from the public and private
sectors is transported and stored on sophisticated worldwide interconnected computer networks,
commonly referred to as "the Internet." Although billions of people worldwide benefit from the
Internet, it has also become a target for online terrorist attacks and a weapon for today's cyber
terrorists55. Attacks on vital computer networks by cyberterrorists could interrupt vital public services
including "water, power, hospitals, financial systems, emergency services, air/shipping control." 56
Therefore, it may be said that cyber terrorist strikes devastate a country's economic, security, and
public welfare in the real world in addition to wreaking havoc with computer networks and
infrastructure information. The United States, Canada and the United Kingdom have enacted laws to
expressly tackle cyber terrorists in the wake of cyberterrorism. Cyberterrorism is considered an act of
terrorism and a distinct type of cybercrime under US and UK, Canada regulations. Though legislation
against computer-related crimes is in effect, many states do not yet have a specific section targeting
cyberterrorism. The purpose of this article is to investigate the nature of cyberterrorism. It also
discusses and contrasts the cybercrime laws that are in effect in states of the US and the UK, Canada.
Cyberterrorism is a type of terrorism that is distinct from other offences involving computers.
The case of US airport data hacking
Incident
Russian Hacktivists, Killnet, Take Down US Airport Websites. A pro-Russian hacker organisation
claimed to have hacked multiple websites associated with US airports in October of this year. Even
54
Cyberterrorism: Understanding, Assessment, and Response. (2014). United States: Springer New York.
55
Tatar, Ü., Çalik, O., Çelik, M. and Karabacak, B., 2014. A comparative analysis of the national cyber security
strategies of leading nations. In International Conference on Cyber Warfare and Security (p. 211). Academic
Conferences International Limited.
56
Rudner, M., 2013. Cyber-threats to critical national infrastructure: An intelligence challenge. International
Journal of Intelligence and CounterIntelligence, 26(3), pp.453-481.
13
though this was extensively published in an online community, it was merely another DDoS assault
by the infamous "Killnet" hacking organisation against websites belonging to US airports. During
Russia's invasion of Ukraine in 2022, the hacking organisation Killnet, which supports Russia, was
well-known for carrying out distributed denial of service (DDoS) and denial of service (DoS)
operations against private firms and government institutions across many nations.
The "IT Army of Ukraine" is a Telegram channel that aims to lead users to attack Russian websites;
Killnet is the complete reverse of that 57. Japan, Estonia, and Lithuania are just a few of the nations
that Killnet has targeted because they have either allied with Ukraine or participated in anti-Russian
actions.
Reason behind attack
The researchers came to the conclusion that Killnet was simply interested in gaining media attention
for this attack because there was no real consequence other than the temporary destruction of US
airport websites, based on the research through well-known networks and individuals that cooperate
with hacking groups.This is how a lot of hacktivist groups express their displeasure and let the public
know that they are still active.
Actions undertaken
Quick data recovery and backup actions were undertaken to manage the attack as early as possible.
Site specific plans were activated immediately to manage the entire data recovery and backup
process.
First American Financial Corp. data breach58
Incident
A significant data leak at First American Financial Corp. occurred in 2019 as a result of subpar data
protection protocols and flawed website architecture. This event demonstrates how easily sensitive
information can end up in the wrong hands, even though it was classified as a data leak rather than a
breach because there was no hacking involved.
A website design flaw known as Insecure Direct Object Reference (IDOR) allows access to
confidential data without the requirement for authentication or verification processes. Consequently,
57
Cristiano, F., Broeders, D. and Weggemans, D., 2020. Countering Cyber Terrorism in a Time of ‘War on
Words’: Kryptonite for the Protection of Digital Rights?. Cristiano, F., Broeders D., and Weggemans D.(2020,
eds). Countering cyber terrorism in a time of ‘war on words’: Kryptonite for the protection of digital rights.
58
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), pp.129-136.
14
the documents were openly viewable by anybody who had a link to them. Furthermore, customers
could examine additional customer records by just changing the number in the URL, as First
American logged their records in sequential order 59. 885 million files in all were made public,
including:
 Numbers for bank accounts
 Bank records
 Documentation for mortgage payments
 Receipts for wire transfers containing social security numbers
 licences for drivers
Actions taken
First American was ultimately penalised over $500,000 by the Securities and Exchange Commission
(SEC) for violating cybersecurity rules by ignoring red flags and other administrative errors in 2018.
Putting multi-factor authentication (MFA) into place for online transaction accounts was suggested
during investigations.
NHS England business continuity management toolkit: catering supplier – cyber attack
Incident
A sophisticated criminal cyber-attack targeted the XXXX organisation, which supplies health and
social care facilities with bulk meals for their patients, throughout the course of the weekend of June
25, 2022. The supplier's IT systems were negatively damaged, which made it extremely difficult for
them to prepare and distribute bulk meals to patients. There was a chance that the health and social
care sectors would not be able to continue feeding patients at trusts, including home delivery, as a
result of the cyberattack60. NHS organisations implemented their business continuity plans as a result
of the interruption, which was felt throughout England. NHS organisations used their site-specific
business continuity plans to make sure meal services were still provided throughout the disruption.
For some patients, this meant changing their eating options. Furthermore, trusts stated that backup
providers had been found and could be used if needed to keep food programmes running. NHS
organisations began to store food in order to guarantee a 4-to 10-day emergency supply. When there

59
Egloff, F.J. and Smeets, M., 2023. Publicly attributing cyber attacks: a framework. Journal of Strategic
Studies, 46(3), pp.502-533.
60
Bendiek, A. and Schulze, M., 2021. Attribution: A major challenge for EU cyber sanctions. German Institute
for International and Security Affairs.
15
was a shortage of space a temporary modification to the menus was made; they were not shortened,
but more alternatives were added. Supplies were exchanged between sites as needed in some places.
This made it possible for the affected organisations to keep feeding patients without having an
adverse effect.
Actions takens
 Plans particular to the site are triggered.
 To guarantee that a complete menu could be served, alternate food options were considered.
 When appropriate, communication with regional colleagues of NHS England shared food
stocked at nearby locations.
Lessons identified
 Some colleagues were unaware of the location of the site-specific plans – The lesson is to
issue communication to all colleagues/teams where plans are stored and what they are used
for.
 Identified mutual aid relationships across localities that will be used going forwards.
 Communicating with health commissioners and working collaboratively, to ensure patients are
not impacted because of the cyber-attack.
 The trusts had good contingency arrangements61.
 The supplier positively engaged with the National NHS England Incident Management Team,
identifying potential issues and resolutions.

Non Malicious Insiders Case – British Airways

Incident
The Information Commissioner's Office (ICO) fined British Airways £20 million for failing to secure
the financial and personal information of its customers. Due to this significant mistake, the bank
account and credit card information of over 400,000 clients and staff members were accessed
following a cyberattack in 2018. The company's failure to implement sufficient cyber security
measures led to this cyber security breach. It is thought that the incident could have been avoided if
British Airways had included a few easy steps in its cyber security procedures. This might have
included standard cyber security procedures like multi-factor authentication, security testing, and

61
Halder, D., 2021. Cyber Victimology: Decoding Cyber-Crime Victimisation. Routledge.
16
restricting user access to apps to those that are strictly necessary for their job. Because these
fundamental precautions were not taken, the organisation was left open to attack, leaving employees
with insecure accounts and risky online behaviour. Additionally, an update was made for Modernizr,
a piece of software, because it was known to have a vulnerability. But BA has not upgraded this
software since 2012, which meant that this glaring vulnerability had been unpatched for years. After
that, it took British Airways more than two months to discover that the cyberattack had occurred,
highlighting a serious problem with the organisation's cyber security procedures.
What could be done?
As the ICO has concluded, the 2018 assault would not have been likely to succeed if British Airways
had taken the appropriate precautions to safeguard the vast volumes of personal data that the firm
processes. Even though these shortcomings were probably inadvertent, they lost the organisation
millions of dollars and damaged their brand. This shows that robust cyber security procedures are
typically simple, affordable, and efficient.
Cyberattacks hit military, Parliament websites as India-based group targets Canada
Incident
The federal government had been dealing with cyberattacks. An Indian hacking group claims that
these attacks have caused confusion in Ottawa, but Canada's signals-intelligence agency believes that
private information is probably not at risk due to these "nuisance" attacks 62. The government-
controlled institutions appear to have been targeted by the attacks, but the central infrastructure that
powers federal departments and agencies remains unaffected.
Actions undertaken
According to the Canadian Armed Forces, its mobile website went down at midday on Wednesday
September 15, 2023, but was backed up in a few hours. The process was successfully executed via
following the below mentioned steps:

 Evaluating and quantifying their risk of exposure to cyber security

 Creating a plan and strategy for addressing cyber security
 Creating and executing the secure IT systems so that customer needs are managed

62
Shandler, R., Gross, M.L. and Canetti, D., 2021. A fragile public preference for cyber strikes: Evidence from
survey experiments in the United States, United Kingdom, and Israel. Contemporary Security Policy, 42(2),
pp.135-162.
17
  Creating security awareness and implementing training initiatives
 Getting knowledge about incident response and security procedures
IOTW: Data breach exposes sensitive information of Canadian Government employees
Incident
The sensitive data of an unspecified number of employees was made public by contractor hacking,
prompting the Canadian government to announce a data breach. The breaches, which affected
SIRVA, the Worldwide Relocation & Moving Services and Brookfield Global Relocation Services
(BGRS), which offer location services to government employees, happened last month on October
19.
The government released a statement stating that it acted quickly to investigate the breach, which
encompasses data that the companies had on both current and past workers as well as members of the
Canadian Armed Forces and Royal Canadian Mounted Police. It further stated that the incident was
reported to the Office of the Privacy Commissioner, the Royal Canadian Mounted Police (RCMP),
and the Canadian Centre for Cyber Security.
At the time of writing, the Government did not provide details on the exact individuals affected, but
the preliminary research suggests that anyone who used relocation services as early as possible. As
per the research 1999 people may have had their information compromised 63. It further stated that this
can include any financial and personal data that staff members gave the businesses. After breaking
into SIRVA's servers, the ransomware gang LockBit has taken credit for leaking a whopping amount
of 1.5TB of stolen documents through archives.
Actions undertaken
The Canadian government declared that it is "not waiting for the outcomes" of the incident's analysis
and is proactively supporting anyone who may be impacted by the issue. According to the statement,
"current and former members of the public service, RCMP, and the Canadian Armed Forces who
have relocated with BGRS or SIRVA Canada during the last 24 years will receive services like credit
monitoring or reissuing valid passports that may have been compromised."
The government noted that it will keep meeting with BGRS and SIRVA Canada to track
developments on the matter until it has a comprehensive evaluation of the breach and its effects.
63
Kushwaha, N., Roguski, P. and Watson, B.W., 2020, May. Up in the air: Ensuring government data
sovereignty in the cloud. In 2020 12th International Conference on Cyber Conflict (CyCon) (Vol. 1300, pp. 43-
61). IEEE.
18
"Actions are being taken to confirm that BGRS and SIRVA Canada have fixed any vulnerabilities
that may have contributed to this state of affairs."
The government advised everyone who might be impacted to take preventative steps to protect their
financial and personal information online in the interim, including:
 updating login information that might be BGRS or SIRVA Canada-related.
 putting multi-factor authentication (MFA) into place for online transaction accounts.
 keeping an eye out for any strange behaviour on personal and financial internet accounts.
 According to the government, anyone who notices unapproved access to financial or personal
accounts should get in touch with their financial institution right away and the local police.
Cyber terrorism instance from Germany: The Düsseldorf University Hospital
Cybercriminals used a Citrix vulnerability on September 9, 2020, to attack Düsseldorf University
Hospital with ransomware. Düsseldorf University was possibly the hackers' intended target.
Remarkably, the ransom notes were sent to a different hospital located three kilometres away. Police
contacted the hackers based on the ransom notes, and after they realised they had the incorrect person
in mind, they shared a digital key that would help unlock the data. Additionally, the attackers
abandoned their demand for significant Bitcoin cryptocurrency payments. Nevertheless, the first
known death connected to a cyberattack occurred when a female patient with a potentially fatal illness
suddenly away after her transfer to a different hospital following the cyber event64.
Overall all these attacks are evident that the society is degrading day after day. Terrorism combined
with cyber attack is actually a ticking time bomb that is expected to destroy the entire nation.
How artificial intelligence is becoming a threat to cybersecurity and how
countries are tackling it
It is also observed that artificial intelligence is constantly imposing threats on cyber security. Freedom
of speech is allowing people to make videos online regarding the community unrest and keep
questioning the security. In the UK, "everyone has the right to freedom of expression," according to
Article 10 of the Human Rights Act 1998 65. This right "may be subject to formalities, conditions,
restrictions or penalties as are prescribed by law and are necessary in a democratic society," the

64
Izycki, E. and Vianna, E.W., 2021, February. Critical infrastructure: A battlefield for cyber warfare?.
In ICCWS 2021 16th International Conference on Cyber Warfare and Security (p. 454). Academic Conferences
Limited.
65
Banks, W., 2021. Cyber attribution and state responsibility. International Law Studies, 97(1), p.43.
19
legislation continues. These rules actually overpower the government on the cybersecurity issues.
Some people are misusing these powers and creating a threat to the security systems.
Moreover, there are hate speeches which have been spread across the nation. Several statutes in
England and Wales contain laws against hate speech. It is illegal to express hatred towards someone
because of their race, gender, sexual orientation, colour, sex, handicap, nationality (including
citizenship), ethnicity, or place of origin. It is unlawful to communicate in a threatening or abusive
manner with the intention of upsetting, frightening, or harassing someone. Hate speech is punishable
by fines, jail time, or both. Hate speech is included in the description of hate crimes and occurrences
that the Police and CPS have developed. If the victim or anybody else believes that an occurrence was
caused by animosity or prejudice on the basis of a disability, race, religion, gender identity, or sexual
orientation, then it is considered a hate crime. When a hate incident goes across the line into
criminality, it becomes a hate crime. Certain UK statutes are applicable in Northern Ireland and
Scotland. The independent examination of hate crime laws conducted by the Scottish government will
serve as the foundation for a larger consultation on proposed legislation. The history explains that
hate speech with disinformation is leading to stigmatisation, discrimination and large scale violence.
Overall, it has been observed that a certain number of people are actually using the hatred of speech,
AI as a weapon to finish the human being. It also includes breaching laws and spreading
cyberterrorism.
The countries of UK, US and Canada are dealing with the hate speech, freedom of speech, destructive
AI with the usage of technology (constructive AI), laws and research via taking certain measures:
1. Technical steps
 AI and Content Moderation: Create and put into place AI-based solutions for content
moderation to more efficiently detect and eliminate dangerous content.
 Algorithmic Accountability: To stop the spread of toxic or extremist content on social media
platforms, make sure that AI algorithms are transparent and accountable66.
 Techniques for Detection and Monitoring: Make use of advanced techniques to track and
identify the spread of hate speech, films that incite violence, and content related to terrorism.
2. Law and Policy Interventions:
66
Le-Khac, N.A. and Choo, K.K.R., 2020. The Increasing Importance of Digital Forensics and Investigations in
Law Enforcement, Government and Commercial Sectors. Cyber and Digital Forensic Investigations: A Law
Enforcement Practitioner’s Perspective, pp.1-4.s
20
  Rules and Laws: Adopt or amend legislation that addresses hate speech, cyberterrorism, and
the distribution of hazardous content. Make sure that these rules strike a balance between the
right to free expression and the requirement to restrict violent or extremist content.
 International Cooperation: Encourage cooperation between countries to create uniform
guidelines and policies to prevent hate speech, cyberterrorism, and harmful content that
crosses national boundaries. Online platforms should be held responsible for the content they
host, which means they should have effective moderation systems in place and quick
procedures for removing any offensive or unlawful information67.
3. Awareness and Education:
 Programmes for Digital Literacy: Informing the young age group about digital literacy, critical
thinking, and how to identify and report dangerous content.
 Counter-Narratives: Through online campaigns, community outreach, and education, create
and disseminate uplifting narratives that oppose hate speech and radical ideologies.
 Community Engagement: Encourage members of online communities to take ownership of
reporting and discourage the spread of harmful content.
4. Research and Collaboration:
 Public-Private Partnerships: In order to develop and address issues connected to
cyberterrorism and harmful content, governments should encourage collaboration between IT
businesses, academia, and civil society.
 Research and Development: To detect and stop the spread of harmful content, fund studies on
AI ethics, content moderation, and related technologies68.
 Continuous Evaluation and Adaptation: Evaluate the results of actions taken on a regular basis
and adjust plans of action when new problems arise.
Maintaining a balance between defending free speech and preventing the dissemination of destructive
ideas and materials online is necessary in the continuous fight against cyberterrorism including AI,
hate speech, and harmful information. In this endeavour, cooperation amongst diverse stakeholders is
still essential.
Eminence of the world’s major Countries on Cyber Terrorism
67
Banks, W., 2021. Cyber attribution and state responsibility. International Law Studies, 97(1), p.43.
68
Goel, S. and Nussbaum, B., 2021. Attribution across cyber attack types: network intrusions and information
operations. IEEE Open Journal of the Communications Society, 2, pp.1082-1093.
21
The first stage in the legal study of the international reaction to cyberterrorism is the examination of
the present legal framework, which takes the form of conventions, treaties, legislation passed by
certain States, etc. Making sure that the crimes listed in the relevant treaty are not limited to execution
by physical means is the first step in establishing if any of those accords apply to cyber terrorism. As
was previously said, the current conventions were first developed as a response to specific acts of
terrorism, and as a consequence, they develop unique charges to address each case, such as hijackings
of aircraft or hostage situations. Because the bulk of them were developed at a period when cyber
terrorism was considered to be, at most, science fiction, it is not at all likely that these principles
apply to a cyber-attack.

Table 4.1: The Data of Nineteen Countries with Updated Laws

Country Data Crime Network Crimes Access Crimes Related Crimes
Unauthorized Access

Virus Discrimination

Aiding and Abetting

Computer Related
Computer Related
Data Modification
Data Interception

Network Storage

Cyber Crimes
Interference
Data Theft

Network

Forgery

Fraud
Australia √ √ √ √ √ √ √
Brazil √ √ √ √

Canada √ √ √ √ √ √ √ √
Chile √ √ √ √ √
China √ √ √
Czech √ √ √ √ √
Republic
Denmark √ √ √
Estonia √ √ √ √ √ √ √ √
India √ √ √ √ √ √ √ √

22
 Japan √ √ √ √ √ √ √ √ √
Malaysia √ √ √ √
Mauritius √ √ √ √ √ √ √ √
Peru √ √ √ √ √ √ √
Philippines √ √ √ √ √ √ √ √ √ √
Poland √ √ √ √
Spain √ √ √ √ √
Turkey √ √ √ √ √ √ √ √
United Kingdom √ √ √ √ √ √

United States √ √ √ √ √ √ √ √ √

The statutory provisions of the 19 countries are summarized in the table above. However, the
comparative examination of the legislative responses to cyber terrorism in the US, UK, Germany, and
Canada is the main emphasis of this study. Hence now we compare the legal responses to the cyber
terrorism of the above-mentioned countries
United States of America
Concerns about cyber terrorism have grown steadily in the US after September 11. 69 The
USA Patriot Act of 2001 was enacted by President George W. Bush in reaction to the 9/11
attacks on the Pentagon and the World Trade Center. Although the USA Patriot Act addresses
a wide range of topics, some of its most crucial provisions deal with computer security and
other difficulties. The Act has relaxed restrictions on electronic surveillance to make it
simpler to capture terrorists. to prevent terrorists from making money off of their acts, Anti-
money laundering laws are also included in the Act. The Patriot Act includes a number of
charges, including terrorism and cybercrime. The Act has come under fire for purportedly
infringing on ordinary Americans’ civil liberties.70
Cyber terrorists are reportedly capable of damaging crucial infrastructure, such as that utilized
for communication, energy, and government. Cell phones have also been used as evidence to
locate and incriminate terrorists71. In order to aid in the fight against terrorism, there has been
69
Weimann, G. (2004). Cyberterrorism: How Real is the Threat? United States: United States Institute of Peace.
70
Hathaway, O. A., Crootof, R., Levitz, P., Nix, H., Nowlan, A., Perdue, W., & Spiegel, J. (2012). The law of cyber-
attack. California law review, 817-885.
71
Creekman, D. M. (2001). A Helpless America--An Examination of the Legal Options Available to the United States in
Response to Varying Types of Cyber-Attacks from China. Am. U. Int'l L. Rev., 17, 641.
23
an increase in surveillance of terrorist websites after 9/11.60 In order to anticipate and prevent
computer-related threats, the creation of cyber intelligence has also been advocated as a more
unified government discipline.72 A bill on cyber security is now being discussed in the US
Senate. The policy intends to protect vital infrastructure, such as cellular service providers,
water treatment facilities, and electric and telephone firms. The American government has
demonstrated its commitment to battling terrorism in all of its manifestations, including cyber
terrorism, through the USA Patriot Act and other initiatives73.

Computer Fraud and Abuse Act of 1986 (CFAA), USC, Title 18, Crimes, Part I - Crimes,
Chapter 47 - Fraud and False Statement
Sec. 1029 Fraud and related activity in connection with access devices
“(A) Whoever-
 creates, employs, or traffics one or more false access points with the intention of misleading;
 engages in the sale of, or uses, one or more unauthorized access devices with the knowledge
and purpose to mislead, and obtains during that year anything of value worth at least $1,000;
 Creates, traffics in, has custody or control over, or possesses device-making equipment with
the knowledge or purpose to deceive;
 Owns at least fifteen counterfeit or unlawful access devices;
 executes transactions with one or more access devices issued to another person or persons that
have an aggregate value of at least $1,000 during any one-year period; without the issuer of
the access device's permission, knowingly and with the intent to defraud, solicits a person for
the purpose of-
 Offering a software application or information about getting an access device for sale;
 employs, creates, deals in, possesses in their possession, or has with the intent to mislead, a
modified or altered communication device to gain illegal access to a communications service;
 Works to mislead by using, making, distributing, keeping, or having access to a scanning
receiver;
 has knowingly installed hardware or software that is set up to add or change

72
Hubbard, D. W., Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. United Kingdom: Wiley.
73
Weimann, G. (2004). Cyberterrorism: How Real is the Threat? United States: United States Institute of Peace.
24
 telecommunication identifying information linked to or stored in a telecoms instrument,
enabling that instrument to be utilized to receive telecommunications service;
 encourages or makes arrangements for a third party to give one or more proofs or records of
transactions made using an access device to a member of the credit card system or to its
representative with the intent to mislead and get money;
 Shall be punished in accordance with subsection (c) of this section if the offense affects
intrastate or international trade.
1. Any person who attempts to commit an offense under paragraph (a) of this section will be
subject to the same penalties that are applicable to the actual infraction.
2. If one of the participants in a two- or more-person conspiracy to commit a crime under
subsection (a) of this section engages in any conduct that furthers that crime, that participant
shall be fined not more than the maximum amount permitted as a fine for such an offense
under subsection (c) of this section or imprisoned not longer than one-half the maximum term
permitted as an imprisonment term for such an offense under subsection (c) of this section,
whichever is less.
Penalties. -
 The penalty for a breach of this section's subparagraph (a) is:
 If the offence was committed before a conviction for another violation of this section:
 a fine under this chapter, a maximum of 10 years in prison, or both if the infraction falls under
subsection (a)(1), (2), (3), (6), (7), or (10); and
 a fine under this title or a maximum of 15 years in prison, or both, if the violation falls under
sub-section (a)'s clauses (4), (5), (8), or (9); if the violation occurs after a conviction for
another violation of this clause, a fine under this title or a maximum of 20 years in prison, or
both; and
 In any case, the United States will be entitled to any personal property that was used or was
planned to be used in the commission of the crime.
 The forfeiture process, including any seizure, disposal, and associated administrative and legal
actions, shall be governed by Section 413 of the Controlled Substances Act, with the
exception of paragraph (d).
 The United States Secret Service shall have the jurisdiction to investigate breaches of this
25
 section in addition to any other organization having such authority. Before the United States
Secret Service may exercise this authority, an agreement must be made between the Secretary
of the Treasury and the Attorney General.

As used in this section-

 Any card, plate, code, account number, electronic serial number, mobile identification
number, personal identification number, or other telecommunications service, equipment, or
instrument identifier that can be used alone or in conjunction with another access device to
obtain money, goods, services, or anything else of value, or that can be used to start a transfer
of funds is referred to as a "access device".
 A "counterfeit access device" is any access device that is made up, altered, or forged, as well
as any part that may be utilized to distinguish between an authentic and a fake access device;
 • An "unauthorized access device" is any access device that has been misplaced, stolen, out-
of-date, revoked, canceled, or obtained with the intent to deceive;
 The term "produce" encompasses actions like "create, edit, authenticate, replicate, or
assemble";
 • The act of giving, giving away, or providing control of anything with the aim to give, giving
away, or giving control is referred to as "traffic";
 "Device-making equipment" refers to tools, mechanisms, or imprints expressly designed for
use in fabricating an access device or a phony access device;
 regardless of its connection to or likeness to the credit card issuer, a financial institution or
other entity that is a member of a credit card system, including an entity that is the only
member of a credit card system;
 A "scanning receiver" is a tool or apparatus that can be used to intercept wire or electronic
communications that are forbidden by Chapter 119 or to intercept an electronic serial number,
mobile identification number, or other identifier of any telecommunications service, item, or
instrument;
 The definition of "telecommunications service" is found in section 3 of chapter I of the
Communications Act of 1934 (47 U.S.C. 153);

26
  A "facilities-based carrier" is a business that owns, operates, and maintains communications
transmission facilities and has an operating license from the Federal Communications
Commission issued in accordance with title III of the Communications Act of 1934;
 The term "telecommunication identifying information" refers to an electronic serial number,
any other number or signal that identifies a certain user account or piece of communication
equipment, as well as a specific communication transmitted from that item.
 This section does not preclude any legally valid investigative, defensive, or intelligence
activity conducted by a State, a political subdivision of a State, a United States law
enforcement agency, or a United States intelligence agency, or any activity allowed under
Chapter 224 of this title. For the purposes of this paragraph, the District of Columbia and any
Commonwealth, Territory, or Possession of the United States are all regarded as States.

1. An officer, employee, agent, or person conducting business with a facilities-based carrier does
not violate subparagraph (a)(9) when acting to protect that carrier's assets or legal rights,
unless the action is taken with the intent to use telecommunications services provided by
another facilities-based carrier without that carrier's consent.
2. The affirmative defense that the alleged conduct was carried out for research or development
in connection with a legitimate purpose is an affirmative defense in a prosecution for a
violation of subsection (a)(9), other than a violation consisting of producing or trafficking.
 Any person who does an act outside the United States that, if undertaken inside the United
States, would be a violation of subparagraphs (a) or (b) of this section shall be subject to the
fines, penalties, imprisonment, and forfeiture stated in this chapter.
 an organization that issues, owns, manages, or controls the access device, such as a bank,
account issuer, credit card system participant, or another entity governed by US law;
 The perpetrator transports any equipment used in the crime, as well as any proceeds or
property produced from it, to, from, though, or otherwise conceals or maintains it within the
United States.

Section 1030 Computer-Related Fraud and Related Activity74

74
CRS Report RS20830, Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws, by Charles Doyle.
27
Whoever-
 having intentionally used a computer without authorization or in excess of what was
permitted, and by doing so, obtaining information that the United States Government
determined needed to be protected from unauthorized disclosure for reasons of national
defense or international relations, or any restricted data, as defined in subsection (a) of section
11 of the Atomic Energy Act of 1954 knowingly holds onto it without delivering it to the U.S.
officer or employee who is authorized to receive it; transmits, or causes to be communicated,
delivered, or transmitted; or attempts to communicate, deliver, transmit, or cause to be
communicated, provided, or communicated, to anyone who is not authorized to receive it;

 Intentionally utilizes an unauthorized or too broad level of computer access to obtain-

 Information from a consumer reporting agency as defined by the Fair Credit Reporting Act
(15 U.S.C. 1681 et seq.) or information from any U.S. department or agency; information
from a financial institution's financial record; information from a card issuer as defined in
section 1602 (n) of title 15; or
 Data from any protected computer, if the action involves an international or interstate
transmission;
 willfully gains access to a nonpublic computer owned by a department or agency that is used
only by the United States government, or, in the case of a computer that is not used only for
that purpose, a nonpublic computer used by or for the United States government and that
access negatively impacts that use;
 intentionally and with the intent to defraud, accesses a protected computer without
authorization or in excess of what is permitted, furthers the intended fraud, and obtains
anything of value, unless the purpose of the fraud and the thing obtained consists solely of the
use of the computer, the value of which does not exceed $ 5,000 in any one year;
 (It) purposely causes the transmission of a program, information, code, or instruction to harm
a protected computer without authority;
 wilfully enters a secured computer without authorization and negligently inflicts injury; or

28
 intentionally enters a secured computer without authorization and causes harm; and
 By acting in accordance with paragraphs (i), (ii), or (iii) of subparagraph (A), the criminal
caused-
 a yearly loss of at least USD 5,000 to one or more individuals (and, for the purposes of an
inquiry, prosecution, or other procedure brought by the United States alone, a loss resulting
from a course of conduct that had a similar effect on one or more additional protected
systems);
 a threat to public health or safety; physical harm to any person; damage to a computer system
used by or for a government entity in furtherance of the administration of justice, national
defense, or national security; modification or impairment, or potential modification or
impairment, of a medical examination, diagnosis, treatment, or care of one or more
individuals; damage to a computer system; or knowing and intentionally defrauding traffics
(as defined in section 1029) in any country.
 The penalty outlined in paragraph (c) of this section applies to anyone who intentionally
transmits in interstate or international commerce any message conveying a threat to harm a
protected computer with the intention of extorting money or other valuables from anybody.
 Any person who attempts to violate the provisions of sub-section (a) of this section will be
subject to the punishment specified in sub-section (c) of this section.
 The following fines apply when subsections (a) or (b) of this section are broken:
(f) Nothing in this section prevents lawfully approved intelligence gathering, defense, or
investigation actions. a State's, a State's political subdivision's, a US law enforcement
agency's, or a US intelligence agency's action.
Anti-Terrorism Act of 1990, United States Code, Title 18, Chapter 113b, Terrorism, Section
2332a, Prohibited Acts of Terrorism Across National Boundaries75-
Offenses- Anyone whose actions cross international borders and who is in a situation specified in
subsection (b)-
 destroys or damages any building, vehicle, or other piece of real or personal property within
the United States, attempts to do so, or participates in a conspiracy to do so, putting another
person at a significant risk of suffering serious bodily harm;
75
Jenkins, D. (2003). In support of Canada's Anti-Terrorism Act: A comparison of Canadian, British, and American anti-
terrorism law. Sask. L. Rev., 66, 419.
29
  kidnaps, injures, kills, inflicts serious bodily harm on, or uses a deadly weapon on, any person
within the United States;

 The penalties set out in paragraph (c) shall apply to any violation of any State or Federal law.
 Handling of attempts, threats, and schemes
 Subsection (c) applies to those who try or collaborate to commit an offense under paragraph
(1).

Legal Foundations
Circumstances- The circumstances referred to in sub-section (a) are-
 Using a facility for local or international trade or the mail to accomplish the crime;
 The violation prevents, delays, or otherwise adversely affects interstate or foreign trade, or
would have done so if it had been carried out;
 The United States Government, a member of the uniformed forces, or any official, officer,
employee, or agent of the legislative, executive, or judicial branches, or of any department or
agency of the United States, constitutes the victim or the intended victim;

 The building, conveyance, or other real or personal property is entirely or partially owned,
possessed, or leased by the United States or any department or agency of the United States;
the crime is committed within the United States' territorial sea, which includes the airspace
above, the seabed and subsoil below, as well as artificial islands and permanent structures
built there;

 The offense is committed within the exclusive maritime and territorial jurisdiction of the
United States.

Co-conspirators and accessories after the fact

Any offense under this section will have jurisdiction over all principals, co-conspirators, and
accessories after the fact if at least one of the circumstances stated in subparagraphs (A) through (F)
of paragraph (1) applies to at least one of the offenders.

30
Penalties-
 Penalties- • If a killing happens or if someone dies as a result of any other conduct prohibited
by this section, the violator shall be punished by death, or by imprisonment for a period of
years or for life;
 By life imprisonment or any length of years in jail for abduction;
 Imprisonment for a maximum of 35 years for maiming;
 If the attack used a hazardous weapon or caused significant physical harm, a maximum of 30
years in jail;
 for destroying or harming any building, vehicle, or other piece of real estate or personal
property, a sentence of not more than 25 years in jail;
 any length of years up to the maximum sentence that would have been imposed had the
offense been committed, for attempting or conspiring to commit an offense; and
 Imprisonment for not more than 10 years is the punishment for threatening to commit an
infraction under this provision.

Consecutive Sentence
Regardless of any other legal rules, no one convicted of breaking this section may be sentenced to
probation, and the term imposed under this section does not run concurrently with any other sentence
of incarceration.

Proof Requirements - Prosecutions brought under this clause must adhere to the following:
Knowledge- The prosecution need not establish that any defendant knew of the jurisdictional grounds
included in the indictment.
State law- In a prosecution under this section that is based on the adoption of State law, only the
elements of the offense under State law are adopted, not any regulations pertaining to criminal
procedure or evidence.
Extraterritorial Jurisdiction - There is federal extraterritorial authority.
Any conduct that, in accordance with Section 3, renders a person an after-the-fact accomplice to a
violation of Subsection (a), including any threat, attempt, or conspiracy to do so.
Investigative Authority- In addition to any other investigative authority with regard to violations of
31
this title, the Attorney General shall have primary investigative responsibility for all Federal crimes of
terrorism, any violation of sections 351(e), 844(e), 844(f)(1), 956(b), 1361, 1366(b), 1366(c), 1751(e),
2152, or 2156. As required, the Attorney General will get assistance from the Treasury Secretary.
Nothing contained herein shall be construed as restricting the authority of the United States Secret
Service to operate as authorized in section 3056.
Definitions-As used in this section-
Behavior that crosses international borders is defined as behavior that occurs both inside and outside
of the United States; "facility of interstate or foreign trade" has the definition given to it in Section
1958(b)(2); "severe bodily harm" has the definition given to it in Section 1365(g)(3); and "territorial
sea of the United States" refers to all seas that are determined to be in compliance with international
law and extend outward to a distance of 12 nautical miles.
is meant to penalize the government for acting in a particular manner or to frighten or compel it into
doing so;
Is a violation of- Sections 32 (concerning the devastation of aircraft or aircraft facilities), 37
(concerning violence at international airports), 81 (concerning arson within special maritime and
territorial jurisdiction), 175 or 175b (concerning biological weapons), 175c (concerning the variola
virus), 229 (concerning chemical weapons), and sub-sections (a), (b), (c), or (d) of section 351
(concerning congressional, murdering or attempting to murder while carrying out an attack on a
Federal institution using a dangerous weapon), 956(a)(1) (concerning the conspiracy to kill, kidnap,
or maim individuals abroad), 1030(a)(1) (computer protection), 1030(a)(5)(A) resulting in damage as
defined in 1030(c)(4)(A)(i)(II) through (VI) (computer protection), 1114 (concerning the murder or
attempted murder of 1366(a) (concerning the destruction of an energy facility), 1751(a), (b), (c), or
(d) (concerning the assassination or kidnapping of the President or the President's family), 1992
(concerning terrorist attacks and other acts of violence against railroad carriers and mass
transportation systems on land, on water, or through the air), and many others.

2155 (concerning terrorist attacks and other violent acts against railroad carriers), 2332a (concerning
the use of weapons of mass destruction), 2332b (concerning international terrorism), 2332f
(concerning the bombing of public places and facilities), 2332g (concerning missile systems intended
to destroy aircraft), and 2332h (concerning radiological) are some examples of terrorism-related laws.
32
Sections 92 (relating to section 46502 (relating to aircraft piracy), Sections 236 (relating to sabotage
of nuclear facilities or fuel), Sections 92 (relating to prohibitions governing atomic weapons),
Sections 236 (relating to sabotage of nuclear facilities or fuel), Sections 92 (relating to prohibitions
governing atomic weapons, Sections 92 (relating to sabotage of nuclear facilities or fuel), Sections 92
(relating to section 46502 (relating

the second clause of Section 46504 (relating to assault on a flight crew with a dangerous weapon),
Section 46505(b)(3) or (c) (relating to the use of explosives or incendiary devices or endangering
human life while using a weapon on an aircraft), Section 46506 if there is a homicide or attempted
homicide (relating to the application of certain criminal laws to acts on aircraft), or Section 60123(b)

The EEA prohibits the use of computers or other devices to steal or inappropriately use trade secrets.
The theft of commercial secrets and economic espionage for the benefit of foreign governments are
the main topics of the first part. The overall topic of economic espionage and trade secret theft is
covered in the second part. The federalization of offenses that were formerly the purview of certain
states is broadened by this Act. Crimes can include sentences of up to 15 years in jail and/or fines of
up to $10 million, as well as the forfeiture of assets or earnings.

Mail and Wire Fraud Statutes, 199976

Title 18, Crimes and Criminal Procedure, Part I - Crimes, Chapter - 63 of the United States
Code Mail fraud and other types of fraud
Section 1341 Frauds and Swindles
"Whoever has, or intends to have, any scheme or artifice to defraud, or for obtaining money or
property by means of false or fraudulent pretenses, representations, or promises, or to sell, dispose of,
loan, exchange, alter, give away, distribute, supply, or furnish, or to procure for unlawful use any

76
Sloan, W. M. (2011). Mail and wire fraud. Am. Crim. L. Rev., 48, 905.
33
counterfeit or spurious coin, obligation, security, or other article, or anything represented to be or
intimated or held out to be such counterfeit or spurious art" any item or thing to be conveyed or
delivered by any private or commercial interstate carrier, or puts or causes to be deposited any matter
or thing thereon, or at the point at which it is ordered to be

Any such drug or object that is provided by the recipient is punishable under this chapter by a fine, a
maximum prison sentence of 20 years, or both. If the violation involves any benefit that has been
authorized, transported, transmitted, transferred, disbursed, or paid in connection with a major
disaster or emergency that the president has declared (as those terms are defined in Section 102 of the
Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5122)), or if it affects a
financial institution, the offender faces a fine of up to $1,000,000 or a prison sentence of up to 30
years, or both.

Section 1342 Fictitious Name or Address77

Uses or assumes, or requests to be addressed by, any fictitious, false, or assumed title, name, address,
or name other than his own proper name in order to obtain letters, postal cards, packages, or other
mail from any post office or authorized depository of mail matter for the purpose of conducting,
promoting, or carrying on through the Postal Service, any scheme or device mentioned in Section
1341 of this title, or any other unlawful business.

Section 1343 Fraud by Wire, Radio, or Television78

Anyone who transmits or causes to be transmitted any writings, signs, signals, pictures, or sounds
through wire, radio, or television communication in interstate or foreign commerce for the purpose of
carrying out any scheme or artifice to defraud, or for obtaining money or property through false or
fraudulent pretenses, representations, or promises, shall be fined under this title or imprisoned for a
term of not more than two years. If the violation includes any advantage that has been permitted,

77
Coughlan, T. (1999). Applying the US Postal Service Statutes to E-Mail Transmissions. Rutgers Computer & Tech. LJ,
25, 375.
78
West, J. M. (2004). Federal Fraud Prosecutions of Schemes to Defraud Foreign Sovereigns of Import Taxes. Wayne L.
Rev., 50, 1061.
34
conveyed, transmitted, or transferred, the offender faces a maximum fine of $1,000,000 or a
maximum sentence of 30 years in jail. or both, for any payment or disbursement made in connection
with an emergency or catastrophic disaster that has been declared by the president (as those words are
defined in section 102 of the Robert T. Stafford Disaster Relief Act).
Relief and Emergency Assistance Act (42 U.S.C. 5122))79.
Section 1345 Injunctions against Fraud
(1) If a person is-
 Violating this chapter, or 287, section 371 (where the offense includes a scheme to defraud the
United States or any agency thereof), or section 1001 of this book, or about to do so;
 violating a banking law, as defined in section 3322(d) of this chapter, or being about to violate
a banking law; or
 Committing or preparing to commit a federal felony involving health care;
 To prevent such a breach, the Attorney General may file a civil lawsuit in any federal court.
 If someone is selling or giving away property they acquired through a financial transaction, or
plans to sell or give away that property,
 The Attorney General may file a civil lawsuit in any Federal court for a law violation (as
defined in section 3322(d) of this chapter), a Federal health care crime, or property that can be
linked to such a violation.
 To prevent such a property sale or alienation; or
 Seeks an order of protection to
 Prohibiting anybody from taking away, giving away, relocating, disposing of, or otherwise
dealing with any such property or property of like value;
 A temporary receiver should be chosen to manage the restraining order.
 A restraining order or permanent injunction must be granted without posting a bail.
 The matter must be heard by the court as soon as it is practical to do so. To prevent a
continuous and substantial injury from happening to the United States or to any person or
group of people whose protection the case is being filed, the court may take any other
necessary step prior to rendering a conclusion. A proceeding under this article is governed by

79
Relief, R. T. S. D. and Emergency Assistance Act, as amended, and Related Authorities.
35
 the Federal Rules of Civil proceeding, with the exception of situations where an indictment
has been rendered. The discovery of evidence that has been returned against the respondent is
subject to the Federal Rules of Criminal Procedure.
 As a result, several internet and computer crimes are covered by the Mail and Wire Fraud
Statutes. These laws forbid the development or promotion of fraudulent schemes to obtain
money or property via the mail, interstate communications, or international communications.
Many of the cybercrime prosecutions are governed by these laws, despite the fact that they are not
frequently thought of as cybercrime legislation. These regulations forbid any theft that is computer-
aided or -facilitated. Up to $1 million in fines or 30 years in prison are possible penalties.
United Kingdom
Cyberspace is seen by the US as being essential to every aspect of American society, including their
economy and defense. Being the birthplace of the Internet and a superpower in the digital sphere, the
United States was among the first to identify the deadly dangers lurking within the World Wide Web.
As a result, the nation has frequently revisited the issue of legal guidelines for the supposedly "un-
governable" online. The nation currently has a strong cyber la infrastructure as a result of ongoing
discussions80.
In the United States, cyber-security issues are addressed at the federal level through sector-specific
statutes and regulations. The main cyber-security regulations include the 1996 Health Insurance
Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley Act, and the Federal
Information Security Management Act (FISMA). The Department of Veterans Affairs (VA) in this
instance. Additionally, states with high populations like Massachusetts, New York, and California
already have a variety of unique cyber laws81.
However, several legislation have come under fire for being overly intrusive and regulated. For
instance, the Computer Fraud and Abuse Act (CFAA), passed by Congress in 1986, has received
much criticism for being overly onerous and undermining genuine security research. It makes it
illegal to access and later distribute protected information. The 1986 Electronic Communications
Privacy Act grants the US government subpoena-based access to electronic communications

80
Jangada Correia, V. (2022). An explorative study into the importance of defining and classifying cyber terrorism in the
United Kingdom. SN Computer Science, 3(1), 84.
81
Walker, C. (2005). Cyber-terrorism: legal principle and law in the United Kingdom. Penn St. L. Rev., 110, 625.
36
including emails, social media messaging, and more82
Furthermore, a critical need for a universally defined national cyber security framework is recognized
in light of the fact that issues in the cyberspace are getting more complex and multi-sectoral by the
day. Compliance has been impacted by the proliferation of cyber rules since businesses must navigate
a maze of federal and state legislation at various levels and in many industries. Thus, the Cyber
Security and Infrastructure Security Agency Act of 2018 was enacted by US President Donald Trump
in 2018. Additionally, in order to address the current cyberspace concerns, the United States has
actively pushed for global collaboration and some standardization in legislation.

The Terrorism Act of 2000 was established to address terrorist attacks in the UK. Activities that
endanger another person's life, endanger the public's health or safety, seriously disrupt an electronic
system, or result in another person's significant physical hurt, death, or property damage are all
prohibited. A terrorist act is one that "is aimed seriously to interfere with or seriously interfere with an
electronic system," as defined by Section 1(2) (e) of the Terrorism Act 2000. This clause is meant to
account for cyber terrorism. This word might be used to describe acts of cyber terrorism like attacks
on online payment systems and data erasure. It is important to emphasize the phrase "serious" since
cyber terrorism does not include "a costly nuisance"83.

In response to the September 11 attacks, the British government passed the Anti-Terrorism, Crime
and Security Act of 2001. On December 14th, 2001, the British Anti-Terrorism, Crime and Security
Act became law. Its objective is to ensure that the government has the power to address the increased
threat of terrorism in the UK as a result of the events of September 11. This Act has also received
criticism84.

The Terrorism Act of 2006 was introduced in response to the 2007 London bombings. Provisions in
the Act now forbid "glorifying terrorism" and spreading terrorist propaganda. Anyone who gives or
receives such training is covered under the Terrorism Act of 2006, which also allows for the
82
Shandler, R., Gross, M. L., Backhaus, S., & Canetti, D. (2022). Cyber terrorism and public support for retaliation–a
multi-country survey experiment. British Journal of Political Science, 52(2), 850-868.
83
Walker, C. (2005). Cyber-terrorism: legal principle and law in the United Kingdom. Penn St. L. Rev., 110, 625.
84
Jangada Correia, V. (2022). An explorative study into the importance of defining and classifying cyber terrorism in the
United Kingdom. SN Computer Science, 3(1), 84.
37
expulsion of individuals or groups for such actions. A new charge for participating in terrorist
training, planning or preparing a terrorist act, and disseminating documents in support of terrorism are
also added as a result of the incident 85. The Act has drawn criticism from human rights groups, and
the "glorification" issue has been raised as a concern. Section 17 of the Act makes it simpler to
prosecute terrorist acts committed outside of the United Kingdom.

Both expert terrorist groups and disenchanted and resentful individuals who are prepared to use
terrorist tactics to accomplish their own goals use the internet as a source of information. Take the
1999 London nail bombings by right-wing terrorist David Copeland as an illustration. 86 His attacks,
which lasted three weeks and targeted LGBT and multiracial groups, resulted in 179 injuries and
three fatalities. Copeland said in court that he used the Internet to acquire The Terrorist's Handbook
and How to Make Bombs: Book Two to research his murderous techniques.

In order to combat the threat of cyber terrorism, the government of the United Kingdom is seeking
security measures. To do this, the UK government has developed the National Technical Assistance
Centre, a resource for surveillance advice and interception. 87 Building public-private partnerships,
implementing more effective filtering techniques, developing a new offensive that would render data
inaccessible, and educating the general public about cyber terrorism have all been requested.
Collaborations to address security measures in the computer sector. 88 Reports indicate that terrorists
are increasingly using online technologies to launch cyber-attacks and disseminate their propaganda.
The British government has thus published a counterterrorism policy to keep up with the quick
progress of technology and prevent radicalization on the Internet.

Plextor, a Cambridge-based technology company, is urging the UK government to create a Cyber

Attack Prevention Agency in order to fully protect the nation's crucial infrastructure against
cyberterrorism. A recent government plan to utilize a new type of communication interception has

85
Weimann, G. (2004). Cyberterrorism: How Real is the Threat?. United States: United States Institute of Peace.
86
Cornish, P., Hughes, R., Livingstone, D. (2009). Cyberspace and the National Security of the United Kingdom: Threats
and Responses. United Kingdom: Chatham House.
87
Walker, C. (2005). Cyber-terrorism: legal principle and law in the United Kingdom. Penn St. L. Rev., 110, 625.
88
Hubbard, D. W., Seiersen, R. (2023). How to Measure Anything in Cybersecurity Risk. United Kingdom: Wiley.
38
drawn criticism from civil society since it will breach people's privacy.89

The discussion above demonstrates how seriously the UK government views the issue of cyber
terrorism. The government has admitted that maintaining security in all One of its primary concerns is
the government. Human rights advocates still have a responsibility to monitor anti-terrorism
legislation' application carefully and ensure that no injustices are done.

Computer Misuse Act 199090

Section 1- Unauthorized Access to Computer Material.
“(1) an individual commits an offense if
 He is aware at the time he instructs the computer to perform the function that the access he
seeks to secure or to enable to be secured is unauthorized. He then commands the computer to
carry out the action in order to prevent unauthorized access to any program or data stored on
any computer or to make it possible for unauthorized access to be prevented.
 A person does not need to have the following intentions in order to violate this section:
 Any specific program or data, a program or data of a certain type, or a program or data stored
on a specific computer.
 A person who violates this section is subject to imprisonment for a term not to exceed 12
months, a fine not to exceed the statutory maximum, or both upon summary conviction in
England and Wales;
 Upon summary conviction in Scotland, to a sentence of imprisonment not to exceed six
months, a fine not to exceed the maximum allowed by law, or to both;
 On conviction on indictment, to imprisonment for a term not exceeding two years or to a fine
or to both.
 Unauthorized access with the purpose to conduct or assist in the commission of other offenses
is covered under Section 2.
 If someone intentionally commits the "unauthorized access offence" under section 1 above,

89
Cyberterrorism: Understanding, Assessment, and Response. (2014). United States: Springer New York.
90
Macewan, N. F. (2008). The Computer Misuse Act 1990: lessons from its past and predictions for its future. Criminal
Law Review, 12.
39
 they are in violation of this provision.
 To either conduct an offense to which this section applies or to assist someone else in
committing such an offense; the offense he intends to commit or assist with is referred to as
the further offense in the sections that follow this one.
 Offenses covered by this clause include: to commit an offence to which this section applies; or
 To facilitate the commission of such an offence (whether by himself or by any other
person); and the offence he intends to commit or facilitate is referred to below in this
section as the further offence.
 This section applies to offences-
 For which the sentence is fixed by law; or
 Which, in England and Wales, could result in a sentence of five years in prison if not for the
limitations imposed by section 33 of the Magistrates' Courts Act 1980. For which a person
who has reached the age of twenty-one (eighteen in relation to England and Wales) and has no
prior convictions may be sentenced to imprisonment for a term of five years.
 For the purposes of this provision, it makes no difference whether the additional offense is to
be committed at the same time as the unlawful access offense or at a later date.
 Even if the circumstances make it impossible for the subsequent offense to be committed, a
person may nonetheless be found guilty of an offense under this section.
 A person who violates this clause is responsible for:
 Upon summary conviction in England and Wales, a term of imprisonment of not more than 12
months, a fine of not more than the maximum permitted by law, or both; upon summary
conviction in Scotland, a term of imprisonment of not more than 6 months, a fine of not more
than the maximum permitted by law, or both;
 To a sentence of up to five years in jail, a fine, or both upon conviction on an indictment.

Telecommunications Act, 198491

Section 43 - Improper use of public telecommunication system
A person who: uses a public telecommunication system to send a message or other item that is

91
Britain, G. (1984). Telecommunications Act 1984: Chapter 12. (No Title).
40
egregiously offensive or of an indecent, obscene, or menacing nature; or uses a public
telecommunication system repeatedly for that purpose while sending a message that he knows to be
false or that is intended to annoy, inconvenience, or cause unnecessary anxiety to another person; is
guilty of an offense and subject to imprisonment upon summary conviction. Anything done when
delivering a programming service (as defined by the Broadcasting Act of 1990) is exempt from the
provisions of the aforementioned sub-section (1).

Germany92
In Germany, the right to personal freedom and data privacy have a long history and are consistently
upheld. German data privacy rules are tight, and the government only has a restricted power to
monitor individuals online93. However, as cyber-attacks on businesses and people increase in
frequency, legislative developments and discussions highlight the necessary but challenging juggling
act between safety and freedom in cyberspace94.

Several laws in Germany regulate cyber security. Data and communication are shielded from abuse,
hacking, and sabotage by Sections 202a and 303a of the Strafgesetzbuch (German penal code).
Punitive measures are directed against computer sabotage under Section 303b of the same Code. The
German IT Security Act of 2015 is the primary piece of legislation governing cyber security. The
legislation mandates that operators of critical infrastructure maintain a minimum standard of IT
security and notify the Federal Office for Information Security [BSI], Germany's national cyber
security organization, of any IT security issues. Additionally, any German business that handles
personal data is under the scrutiny of the federal data protection authority or one of the 16 local data
protection agencies95.
The new Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU, or the
Act), was adopted in Germany in 201796. The General Data Protection Regulation (GDPR) was
92
Schönbohm, A. (2012). Germany's Security: Cyber Crime and Cyber War. Germany: Edition Octopus.
93
Schallbruch, M., Skierka, I. (2018). Cybersecurity in Germany. Germany: Springer International Publishing.
94
National and International Security in Contemporary Changing Reality: National and International Security in
Contemporary Changing Reality. (2012). Poland: Andrzej Frycz Modrzewski Krakow University. Security Sciencies
Faculty.
95
Shakarian, P., Shakarian, J., Ruef, A. (2013). Introduction to Cyber-Warfare: A Multidisciplinary
Approach. Netherlands: Elsevier Science.
96
Broy, D. (2017). Germany: Starting implementation of the GDPR-brief overview of the government bill for a
41
implemented by the Act, which became effective on May 25, 2018. The previous German Data
Protection Act (BDSG), which it replaced. The Act contains a number of additional provisions that
must be followed, even though it only supplements the GDPR: the appointment of Data Protection
Officers (DPOs), sensitive personal data, data subjects' rights, changing the purpose of processing,
video surveillance, fines and sanctions, creditworthiness and scoring, etc97.

The urgent issues of cybercrime have been successfully combated thus far by the German judicial
system. However, given that Germany has one of the tightest data privacy laws in the world [9], the
balance between security and freedom in cyberspace is a complex one. Germany has nonetheless
established a strong cyber legal framework to protect its digital sovereignty and data security.
The foundations of democracy and freedom shouldn't be susceptible to attack from terrorism.
Consideration and acceptance of a number of principles would lessen the possibility that any violent
behavior could ever achieve this purpose in politics and the media. Such guidelines have previously
been developed within the media, whether it be television (see remarks by Whittle or Krichen) or the
press (see Gor and others). A working set of guidelines for dealing with terrorism may be created by
summing together several ways and identifying 10 reporting-related factors:

o Inform a broad audience freely.

o An event must be covered accurately.
o The coverage has to be impartial.
o If one opinion or voice is presented, at least one alternative or opposite voice must also be
heard.
o The audience should be informed about the sources of a piece of information.
o The procedures and channels of gathering information should be transparent.
o The reporting should be careful in its choice of terminology (“terrorists”, “martyrs”).
o Basic privacy and human dignity should always be respected.
o The coverage should empower the audience to get involved in a (national) debate.
new Federal Data Protection Act. Eur. Data Prot. L. Rev., 3, 93.
97
National and International Security in Contemporary Changing Reality: National and International Security in
Contemporary Changing Reality. (2012). Poland: Andrzej Frycz Modrzewski Krakow University. Security Sciencies
Faculty.
42
 o Once a piece of information turns out to be wrong, that should be made publicly clear.

Canada98
The 1985 edition of the Canadian Criminal Code's Data Modification, Network Interference, Network
Sabotage, and Virus Dissemination Part XI: Willful and Forbidden Acts in Respect of Certain
Property
According to Section 430:
"1. Everyone who knowingly does wrong does mischief.
Ruins or harms property;
makes a piece of property dangerous, useless, broken, or ineffective; interferes, obstructs, or
otherwise interferes with a property's right to be used, enjoyed, or operated legally; or interferes,
obstructs, or otherwise interferes with a person's right to use, enjoy, or otherwise operate legally on a
property.
(1.1) Everyone who willfully destroys or modifies data does so maliciously;
 Makes data worthless, ineffective, or useless;
 interferes with, obstructs, or disrupts the authorized use of data; or
 Limits access to data to anybody who is entitled to it or hinders, interrupts, or interferes with
anyone else using data lawfully.
 Anyone who engages in mischief that actually puts their life in jeopardy is guilty of an
indictable crime and faces a life sentence.
 Every person who causes harm to property that is the subject of a will or has a value more
than $5,000.
 Is punishable for an indictable offense and a sentence of not more than ten years in jail;
 Is accountable for a crime that carries a quick conviction.
 Anyone who causes harm to property, other than the property listed in subsection (3),
 Is responsible for an indictable offense and faces a maximum two-year jail sentence;
 Is accountable for a crime that carries a quick conviction.

98
Canada's Cyber Security Strategy: For a Stronger and More Prosperous Canada. (2010). Canada: Government of
Canada.
43
  Each and every person who tampers with data
 Is punishable for an indictable offense and a sentence of not more than ten years in jail;
 Is accountable for a crime that carries a quick conviction.
(5.1) Anyone who intentionally does an act or purposefully refrains from committing an act that is in
his or her best interest, if either action has the potential to seriously hurt another person, damage
property, or compromise data, is responsible.
 Is responsible for an indictable offense and faces a maximum five-year jail sentence;
 Is accountable for a crime that carries a quick conviction.
 No one commits mischief in the sense of this provision simply because:
 He quits his job because he and his employer could not come to an agreement on any topic
pertaining to his employment;
 He quits his job as a result of his employer's and a representative's failure to reach a settlement
about his employment;
 He stops working as a result of his involvement in a group of workers or employees who were
acting reasonably to defend themselves as workers or employees.
 No one engages in mischief within the sense of this section merely by attending to,
approaching, or being in close proximity to a residence or other location for the aim of
gathering or disseminating information.
 Interception of data, unauthorized access, and further virus dissemination

Offenses against Property Rights, Part IX Having a tool to access computer services99
The Sec. 342.2 (1) states as:
"Anyone who, without lawful justification or excuse, manufactures, possesses, sells, offers for sale, or
distributes any instrument, device, or component thereof, the primary use of which is to commit a
violation of section 342.1, under circumstances that are reasonably likely to lead one to believe that
the instrument, device, or component has been used, is being used, or was intended to be used to
commit a violation of that section.
 Is responsible for an indictable offense and faces a maximum sentence of two years in jail;
99
Rojas, C. (2013). Creativity and Its Discontents: China's Creative Industries and Property Rights Offenses. By Laikwan
Pang. Durham, NC: Duke University Press, 2012. ix, 299 pp. 24.95. The Journal of Asian Studies, 72(2), 455-457.
44
  Is guilty of a crime punishable by a summary judgment.
Data Theft; Part IX: Crimes against Property Rights100:
Sec. 322 (1) of the Act runs as:
“(1) anyone who removes or fraudulently transforms anything, whether it be alive or inanimate, for
their own use or the use of another person, without having the authority to do so, is guilty of
stealing.
 to rob the owner of something—or a person with a particular property or interest in it—
permanently or completely of that object or of his property or interest in it;
 to deposit it as security or promise it;
 to part with it with a need for its return that the party doing so might not be able to fulfill; or
 To handle it in a way that prevents it from being put back in the state it was in before it was
stolen or transformed.
 When someone moves something, causes it to move, is moved, or starts to become moveable
with the goal to take it, that person has committed theft.
 Even if something is taken or converted without any attempt at secrecy or disguise, it may still
be considered fraud.
 The question of whether something is seized for conversion purposes or if the person
converting it is in lawful possession of it at the moment of conversion is immaterial for the
purposes of this Act.

Computer Related-Fraud; Part X: Fraudulent Transactions Relating to Contracts and Trade101

Section 380 of the Act states:
1. Whether or whether it constitutes a false pretense within the meaning of this Act, "anyone
who defrauds the public or any individual, whether known or unknown, of any property,
money, valuable security, or any service, by deceit, falsehood, or other fraudulent methods,
 If a testamentary document or more than $5,000 is the subject of the offense, the offender is
guilty of an indictable offense and risks up to 10 years in jail;

100
Clough, J. (2011, March). Data theft? Cybercrime and the increasing criminalization of access to data.
In Criminal Law Forum (Vol. 22, pp. 145-170). Springer Netherlands.
101
Clough, J. (2015). 30. Computer related fraud. Research Handbook on International Financial Crime, 50(2012), 366.
45
  is guilty of a crime punishable by an indictment and faces up to two years in jail, or of a crime
punishable by a summary conviction when the value of the crime does not exceed
2. Anyone who affects the public market price of stocks, shares, goods, or anything else that is
offered for sale to the public through dishonesty, falsehood, or other fraudulent means,
whether or not it is a false pretense within the meaning of this Act, with the intent to defraud,
is guilty of an indictable offense and subject to imprisonment for a term not exceeding ten
years.
India
Information Technology Act, 2000102
The Standing Committee determined that the ideas of cybercrime and cyber terrorism were not
appropriately addressed by the 2006 Bill's proposed modifications. The Department of Information
Technology (DIT) states that the Act can be amended in order to comply with the provisions of the
Indian Penal Code and Criminal Procedure Code.
The Standing Committee, however, considered that changes to make cybercrime a more severe felony
punishable by longer terms and greater penalties would not be supported by India's long-standing
punitive judicial system. The Standing Committee recommended that the DIT create stringent, robust,
and appropriate regulations to stop cyber terrorism in the country.

The Committee was informed that the 2006 BilL4 did not devote enough time to the issue of cyber
terrorism. The Information Technology Act as a whole did not have a single provision while the
country was waging war against the terrible crime of terrorism following the Mumbai attacks on
November 26, 2008. The Department was questioned on whether implementing laws making
common cybercrimes like morphing, cyber terrorism, and other acts criminal by the harshest fines
and incarceration will help curb the spread of these crimes. The Department assumed that morphing
would be covered by sections 43 and 66 of the Information Technology (Amendment) Act, 2006
notwithstanding.5 The Division of Information Technology also thought that cyber terrorism should
be considered a crime subject to a fine and a ten-year prison sentence in line with sections 120 B and
121 of the Indian Penal Code. The Standing Committee did point out that neither the IT Act, 2000 nor

102
Shah, H., & Srivastava, A. (2014). Signature provisions in the amended Indian Information Technology Act 2000:
legislative chaos. Common Law World Review, 43(3), 208-230.
46
the 2006 Bill contain any definitions of the term "cyber terrorism." In the end, many of the Standing
Committee's concerns were resolved by the 2009 Amendments.

Section 66F. Cyber terrorism Penalties103

Whoever, -
 With the intention of undermining India's unity, integrity, security, or sovereignty or to
terrorize the general public or a specific group of the general public by:
 Refusing access to any individual with authorization to utilize a computer resource or causing
them to be denied access; or
 Attempting to breach or gain access to a computer resource without authorization, or using
more access than is permitted; or
 introducing or causing to introduce any computer contamination; and through such conduct,
causes or is likely to cause death or serious bodily harm to persons, damage to or destruction
of property, disruption of supplies or services vital to community life, or negatively impacts
the critical information infrastructure listed in Section 70; or
 • breaches or accesses a computer resource knowingly or intentionally without authorization
or gains access beyond what is permitted, and as a result, gains access to information, data, or
a computer database that is restricted for reasons of national security or international relations,
or any restricted information, data, or computer database, with reasonable grounds to believe
that such information, data, or computer database obtained may be used to cause or is likely to
cause harm. Cyber terrorism is an offense committed in ways that are harmful to India's
sovereignty and integrity, the security of the nation, friendly relations with other countries,
public order, morality, or public decency. It can also involve court contempt, defamation,
incitement to commit an offense, or benefiting any other foreign country, group of people, or
entity.
 Anyone who acts or conspires to commit cyber terrorism will face prison time, which may last
a lifetime.

103
Halder, D. (2011). Information Technology Act and cyber terrorism: A critical review. Available at SSRN 1964261.
47
Penalty for violation of secrecy and privacy, Section 72104
Any person who has acquired access to any electronic record, book, register, or database in
accordance with any of the authorities given by this Act, rules, or regulations issued thereunder, save
as expressly provided in this Act or any other law now in force
Anyone who divulges such an electronic record, book, register, communication, information,
document, or other material to another person without the authorization of the subject is subject to a
fine of up to one lakh rupees, up to two years in prison, or both.

Section 75. Application of the Act for offenses or violations committed outside India105
 Subject to sub-section (2), the provisions of this Act apply to any offence or violation
committed outside India by any person, regardless of nationality.
 This Act shall apply to an offence or contravention committed outside India by any person if
the act or conduct constituting the crime or contravention includes a computer, computer
system, or computer network situated in India, for the purposes of sub-section (1).

 The discussion about the legal requirements of many nations illustrates that there is
widespread worry about terrorist use of the internet and computers. Additionally, it shows
that, with a few notable exceptions, all nations do not take cyber terrorism seriously. The term
"cyber terrorism" has only been used in a small number of laws. There should be concern over
the possibility of cyber terrorism.

Intercontinental Cyber Terrorism Inventiveness and Meetings

 Since the beginning of human history, the characteristics of human populations and societies
have changed depending on their way of life, such as prominent jobs, tools, and
104
Bisset, B., Mills, B., Quigley, K. (2017). Too Critical to Fail: How Canada Manages Threats to Critical
Infrastructure. United Kingdom: McGill-Queen's University Press.
105
McCoy, E. L. (2018). Cyberterrorism. United States: Cavendish Square Publishing LLC.
48
 communication. In the early ages, it was gathering, hunting, agricultural, industrial, and now
the age of Information Society "most of the people work with information related jobs, instead
of dealing directly with physical objects," and each of these societies has related offences and
crimes106.

 Because of the fast advancement of computer and internet technologies in recent decades,
cyber terrorism has arisen as a global threat. Because of its destructive character, it has
become a concerning issue for the legal community in terms of obtaining effective weapons
and means to destroy cyber terrorists. It has generated a completely new set of issues for law
enforcement authorities worldwide107.

 Cyber terrorism has reintroduced the cold war condition. The United Nations and the
European Union have always played and continue to play important roles in preventing and
combating terrorism. Control the threat. Because the Internet has no jurisdictional boundaries,
cyber terrorists may strike other countries without physically being present. As a result, the
subject of cyber terrorism receives more international support and collaboration108.

 Every national or international Incident Response and Security Team should be given the
global duty of keeping track on terrorist activities and cybercrime trends in cooperation with
international organizations. However, in order for computer security incident response teams
to effectively battle global cyber terrorism, a certain conditions must be satisfied. When
describing the technical elements of the crime and identifying the targets, the parties involved
in the investigation should use the same terminology109.

 The shared and contradictory societal interests that underlie crime should also be understood.
It is important for everyone involved in the inquiry to be aware of their technical skills.
106
Salaheddin J. Juneidi, “Council of Europe Convention on Cyber Crime”, p. 1, paper presented in 5th
European Intensive Programme on Information and Communication Technologies Security (IPICS), 2002.
107
Albert Marcella & Greenfield, Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence
of Computer Crimes, p. 205, 2nd ed., Auer Bach Publications, Taylor & Francis Group,UK, 2007.
108
Samuel, C., Sharma, M. (2019). India's Strategic Options in a Changing Cyberspace. India: Pentagon Press LLP.
109
Blakemore, B. (2016). Policing Cyber Hate, Cyber Threats and Cyber Terrorism. United Kingdom: Taylor & Francis.
49
 Additionally, there should be broad agreement on how to respond to the different types of
violations. The best method for combating cyber terrorism and cybercrime on a worldwide
scale is this one. This method is based on international agreements that the participating
countries' governments have ratified. Considering that they assist in the official identification
and conviction of those who commit terrorism and cybercrime. All UN members should ratify
a global extradition treaty that covers cybercriminals without any exceptions. For would-be
criminals, this would be a powerful deterrent110.

 The reach of any law is constrained by national boundaries, but the Internet is global. It is
difficult for many countries to control activities in borderless internet. Due to the Internet's
global reach, criminals may simply disguise their identities and commit crimes across
international borders without being present in person. The cyber trail of the crime may lead
the investigating agency to enlist the help of law enforcement authorities in other countries if a
hacker in New Delhi attacks the VSNL system. As well as Australia, England, and the United
States to find. The hacker may have used service providers in New York, London, and
Melbourne to reach the VSNL server in Delhi, despite the fact that the crime first seems to be
local. As a result, the agency's electronic trail leads them across multiple nations. It is possible
for several nations—both friendly and hostile—to collaborate on the electronic trail. By the
time coordination with foreign businesses is established and the trial is conducted, important
data will have been destroyed or lost111.
 Any conduct done outside of India by any person, regardless of nation, is subject to the
extraterritorial jurisdiction of the new Indian cyber legislation, provided that the offense also
involves a computer or computer network with an Indian basis. Due to the absence of
extradition agreements between our nation and a number of the nations where the hacker may
reside, it is challenging to enforce this provision of the IT Act of 2000112.
 There have been several worldwide conferences on the shared subject of cyber terrorism. A
few of them are listed below.
110
Sirohi, D. M. N. (2015). Cyber Terrorism and Information Warfare. India: Vij Books India Private Limited.
111
Centre of Excellence - Defence Against Terrorism, Ankara, Turkey, .. (2008). Responses to Cyber
Terrorism. Netherlands: IOS Press.
112
Tehrani, P. M. (2017). Cyberterrorism: The Legal And Enforcement Issues. Singapore: World Scientific Publishing
Company.
50
  Any conduct done outside of India by any person, regardless of nation, is subject to the
extraterritorial jurisdiction of the new Indian cyber legislation, provided that the offense also
involves a computer or computer network with an Indian basis. Due to the absence of
extradition agreements between our nation and a number of the nations where the hacker may
reside, it is challenging to enforce this provision of the IT Act of 2000.
 There have been several worldwide conferences on the shared subject of cyber terrorism. A
few of them are listed below.
 Criminal activity is difficult to identify because to the operational speed and storage capacity
of computer hardware; law enforcement organizations lack the essential technological
knowledge to deal with cybercrimes;
 Because of their fear of needless harassment and the waste of time and resources on a
pointless attempt, the victims of these crimes are reluctant to report the occurrence to the
police. They are also deterred from doing so by their concern for possible unfavorable
publicity.
 Loss of goodwill, public trust, investor faith, shame, and other causes contribute to cybercrime
non-reporting.
 Although cyber terrorism was not specifically discussed at this conference, it was indirectly
and directly tied to the worries expressed. As a result, the global society has started to discuss
how the internet is used by terrorists.

Conclusion
Cyberspace is seen by the United States as being essential to every aspect of American society,
including their economy and defense. Being the birthplace of the Internet and a superpower in the
digital sphere, the United States was among the first to identify the deadly dangers lurking within the
World Wide Web. As a result, the nation has frequently revisited the issue of legal guidelines for the
supposedly "un-governable" online. The nation currently has a strong cyber la infrastructure as a
result of ongoing discussions.
In the US, sector-specific laws and regulations are used to address federally-level cyber-security
threats. The Federal Information Security Management Act (FISMA), the 1999 Gramm-Leach-Bliley

51
Act, and the 1996 Health Insurance Portability and Accountability Act (HIPAA) are the key cyber-
security laws. The FISMA upholds cyber-security requirements for federal government entities and
their contractors whereas the HIPAA handles issues in the healthcare sector. Other laws, like the
2006 Veterans Affairs Information Security Enhancement Act, are specialized to a single topic and
are particularly concerned with a single government institution, in this case the Department of
Veterans Affairs (VA). Additionally, states with high populations like Massachusetts, New York, and
California already have a variety of unique cyber laws.

However, several legislation have come under fire for being overly intrusive and regulated. For
instance, the Computer Fraud and Abuse Act (CFAA), passed by Congress in 1986 and making it
illegal to access and later distribute protected information, has received a lot of flak for being overly
onerous and for discouraging reputable security research. The U.S. government is able to access
electronic communications, including emails, social media messages, and more, with a subpoena
thanks to the Electronic Communications Privacy Act, which was established in 1986.

Furthermore, a critical need for a universally defined national cyber security framework is recognized
in light of the fact that issues in the cyberspace are getting more complex and multi-sectoral by the
day. Compliance has been impacted by the proliferation of cyber rules since businesses must navigate
a maze of federal and state legislation at various levels and in many industries. As a result, the Cyber
Security and Infrastructure Security Agency Act of 2018 was enacted by US President Donald Trump
in 2018113. Additionally, in order to address the current cyberspace concerns, the United States has
actively pushed for global collaboration and some standardization in legislation.
New multimedia technology and the internet have ingrained themselves into our daily lives in the
modern world, making things easier, quicker, and less expensive. Computers are increasingly useful
in all aspects of human society, not just for communication and information processing, but also for
typing, editing, drawing, copying, printing, and musical purposes. They can also be used as door
locks, microwaves, remote controls, remote car starters, wireless mobile phones, and more.
Information and communication technology (ICT) is so useful that terrorists and other social outcasts
have exploited it as a tool and a target to further their agendas. The Internet has developed into an

113
Lewis, T. G. (2023). Critical Infrastructure Resilience and Sustainability Reader. United Kingdom: Wiley.
52
information highway (I-Way) or superhighway for warfare. Because of this, the term "cyber-war" or
"net war" is used in I-Way. China and Pakistan 114 are engaged in an online cyberwar with the United
States and India.
Through this digital superhighway, terrorists might quickly reach their targets. One of the most
difficult problems in today's global environment is cyber terrorism. Serious research, investigation,
and protest against this awful national and global evil are now needed in society.
Modern technology-based cyber threats include cyber terrorism. It affects both the nation and the
world. Cyber terrorism takes the form of warfare, in which one country uses information to harm
another. This might be considered a "net war." Using websites and command and control networks,
such as Al-Qaida's website http://www.mojahedoon.net, international terrorists carry out attacks.
Which connections to Osama Bin Laden, the December 13, 2001 attack on the Indian Parliament,
which used a fake gate pass obtained through the internet, and the September 11, 2001 attack on the
World Trade Organization and the Pentagon's command network. An electronic mail threat to assault
the Indian Parliament and the US embassy on December 16, 2005, is one instance of cyber terrorism
in India. As was already mentioned, many nations have passed or changed their national laws;
however, when one nation's laws criminalize high-tech and computer-related crime while another
nation's laws do not, it may be impossible to cooperate in the investigation of a crime and to extradite
the offender to stand trial. International legal help systems that are not suitable it is possible for
criminals to escape justice in one country while undermining efforts made by other nations to protect
their citizens through extradition.
Few countries have taken action to incorporate legal measures in their statutes to combat cyber
terrorism, as we have seen, and the effectiveness of those who have taken the lead is also
questionable. Having any efficient legal control mechanism becomes more challenging, if not
impossible, given the rise of cybercrime on a national level, its global consequences, and the various
legal systems of different countries.

114
Delerue, F. (2020). Cyber Operations and International Law. United Kingdom: Cambridge University Press.
53
54
 Annexure: 1
Particular/Country Indian Canada Germany
Definition Of Cyber Terrorism Defined Under section 66F of the Cyber Terrorism not defined Cyber Terrorism not defined
Information conclusively. Conclusively.
Technology Act
Definition of Terrorist Activity Terrorist Activity is defined under Terrorist Activity defined under Preparation of Serious Violent
section 15 of the Unlawful section 83.01(1)(b) of the Criminal Offense Endangering State denied
Activities (prevention) Act, Code Followed in Canada. under section 89a of the Criminal
1967 Code followed in Germany.
{Definition mention in the
annexure}
Terror Financing Defined Under section 40 of the Governed by the Anti Money Defined Under section 89c of the
Unlawful Activities (Prevention) Laundering regime of Canada. German Criminal Code.
Act, 1967. Punishment 6 months
Punishment not more than 14 -10 years.
years imprisonment or
fine or both.
Terror Assistance Section 17,19,20,21,22 of Not Identified as an offense by Section 89b of the German criminal
the Unlawful Activities codification code, imprisonment of maximum 3
(Prevention) Act, years, or fine.
1967

Terrorist Activities by the use of Cyber Recognized as an offense. Not Recognized as an offense Not Recognized as an offense
Space
Definition of Cyber Space No Conclusive definition No Conclusive definition No Conclusive definition

Authority Regulating Cyberspace Ministry of Electronics and Office of Privacy Commissioner & Ministry of Interior, Federal Office of
Information Technology Communications Security Information Systems
Establishment

55
Cases dealing with Cyber Terrorism Conviction has happened on the No Conviction as the crime is not No Conviction as the crime is not
basis of existing provisions. Identified as an Offense Identified as an Offense
Number of Cyber Incidents in 2022 13+ lakh Cyber Incidents reported 1,50,000+ Cyber 1,46,000+ Cyber
in 2022. Incidents reported in Incidents reported in
2022. 2022.

Ranking in Cyber Security (Global 10th 8th 14th

Cybersecurity Index)
2021 International Telecommunication
Union
Liability of the Intermediary Rule 3 (VII) of the Information
Technology (Intermediary
guidelines and Digital Media
Ethics Code)
Rules, 2021
Ratification of The Convention on Not a member state, nor a
Cybercrimes (Budapest Convention) observer state of the convention
(Article 32 There is no specific
provision of cyber terrorism under
the convention)
Acts/ Rules governing Cyber Space Information Technology Act,2000 Personal Information Protection and Network Enforcement Act , 2017 with
with allied rules and guidelines. Electronic Documents Act
Rules specifically governing social Information Technology
media. (Intermediary guidelines and
Digital Media Ethics Code)
Rules, 2021
Personal Information Protection and Network Enforcement Act , 2017
Electronic Documents Act
(PIPEDA),2000
The only liability of the
intermediary arises when it acts as a
safe harbour to
such activities.
Member State of the Convention, Member State of the Convention,
Ratification done in 2015 Ratification done in 2009
allied rules and Guidelines
(PIPEDA),2000 (Specifically governs the spread of
(Primarily protects the personal Fake News and Hate Material spread
data, and governs the Data breach) through Social Media Intermediaries)
The only liability of the
intermediary arises when it acts as a
safe harbor to such
activities.
Broadcasting Act, 2022 with allied Network Enforcement Act, 2017 with
Rules and guidelines allied rules and Guidelines

56
 Data Privacy Legislation Digital Personal Data Protection Personal Information Protection and General Data Protection
Act, 2023 introduced in the Lower Electronic Documents Act Regulations (GDPR), 2016 is
house of the Indian (PIPEDA),2000 followed in Germany as followed
Parliament in rest of Europe.
Rapid Response Team Indian Computer Emergency Canadian Cyber Incident Response Computer Emergency Response
Response Team Center (CCIRC) Team- Bund (CERT-bund)
(CERT)

57