Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks

From Cybersecurity Wiki
Revision as of 11:47, 25 June 2010 by WikiSysop (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title of Reference

Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks

Full Citation

Paul Cornish, Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks, Report Commissioned by the European Parliament's Committee on Foreign Affairs (2009). Web

BibTeX

Categorization

Issues: Incentives; International Cooperation; Threats and Actors

Key Words

Casus Belli, Cyber Warfare, State Affiliation

Synopsis

This paper examines Cyber-Security and Politically, Socially and Religiously Motivated Cyber-Attacks, focusing on the European Union as an international organisation with a fragmented yet developing interest in cyber-security. The paper is presented in three parts. Part 1assesses the source and nature of cyber threats. Society’s increasing dependence on Information and Communications Technology (ICT) infrastructure creates vulnerabilities and corresponding opportunities to be exploited by the unscrupulous, ranging from low-level, individual computer hacking to serious and organised crime, ideological and political extremism, and state-sponsored cyber attacks such as those perpetrated against Estonia in 2007. ICT also has an important enabling function in each of these cases. The Internet seems to fit the requirements of ideological and political extremists particularly well, and governments can only expect the ‘ungoverned space’ of the global ICT infrastructure to be ever more closely contested. At the level of states and governments, it is clear that in some quarters the Internet is becoming viewedas a battlefield where conflict can be won or lost. The threats can inter-connect when circumstances demand– terrorist groups, for example, can be sophisticated users of the Internet but can also make use of low-level criminal methods such as hacking in order to raise funds. The challenge to cyber- security policy-makers is therefore not only broad, but complex and evolutionary.

Part 2 reviews current multilateral initiatives to address cyber-security, focusing on the work of the United Nations, the Organisation for Economic Co-operation and Development, the Organisation for Security and Co-operation in Europe, the Council of Europe, the North Atlantic Treaty Organisation, and the Group of Eight. In each case, the organisation in question has recognised the breadth and complexity of the cyber- security challenge and that its response to the cyber-security challenge can be but one part of the whole. Although national governments are the most important actors in cyber-security, others have a contribution to make, including industry and the private commercial sector. Within each organisation there are various balances to be struck: between defensive/passive/protective measures, and a more activist or offensive stance; between security measures (of whatever sort) and civil liberties; and finally between securing the specific interests of a given organisation or government, and the more general requirement to create, for the benefit of all legitimate users, an international communications and technological environment which is as hostile as possible to the activities and ambitions of cyber-terrorists and extremists, cyber-criminals and hackers.

Part 3 examines European Union’s responses to the cyber-security challenge. The EU is very closely engaged in cyber-security but cannot be said to have a comprehensive approach to the problem: the EU’s responses are diverse, lack coherence and could at times conflict. The picture emerges of a vast and ambitious undertaking in government and administration, touching upon most conceivable aspects of societal, commercial and private life, yet which appears unable to organise a comprehensive approach to cyber- security challenges which, if taken together, could be said to threaten the EU comprehensively. A more coherent approach could be achieved in one of two ways: either by uniting the EU’s cyber-security efforts around one central strategy (and perhaps even within a new institutional framework); or by seeking a more efficient co-ordination of effort, while maintaining institutional and role specialisations.

Additional Notes and Highlights

Prepared under the supervision of Dr. Gerrard Quille, Directorate-General for External Policies of the European Union Policy Department, Brussels.