Difference between revisions of "Cyber-Apocalypse Now"

From Cybersecurity Wiki
Jump to navigation Jump to search
(New page: ==Full Title of Reference== Estonia Three Years Later: A Progress Report on Combating Cyber Attacks ==Full Citation== Scott J. Shackelford, ''Estonia Three Years Later: A Progress Repor...)
 
Line 1: Line 1:
 
==Full Title of Reference==
 
==Full Title of Reference==
  
Estonia Three Years Later: A Progress Report on Combating Cyber Attacks
+
Cyber-Apocalypse Now - Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent
  
 
==Full Citation==
 
==Full Citation==
 +
Kelly A. Gable, ''Cyber-Apocalypse Now - Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent'', Vanderbilt Journal of Transnational Law, Vol. 43, No. 1 (2010). [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1452803 ''SSRN'']
  
Scott J. Shackelford, ''Estonia Three Years Later: A Progress Report on Combating Cyber Attacks'', Journal of Internet Law, Vol. 13, No. 8 (2010). [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1499849  ''SSRN'']
+
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Gable:2010&f=wikibiblio.bib ''BibTeX'']
 
 
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Rue_Pfleeger:2009&f=wikibiblio.bib ''BibTeX'']
 
  
 
==Categorization==
 
==Categorization==
  
Issues: [[States]], [[Cyberwar]]
+
Issues: [[Public Critical Infrastructure]], [[Terrorists]], [[Private Critical Infrastructure]], [[International Law (including Laws of War)]]
  
 
==Key Words==  
 
==Key Words==  
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Cyber_Warfare Cyber Warfare], [http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Botnet Botnet Attack ]
+
 
 +
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Cyber_Terrorism Cyber Terrorism]
 +
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Laws_of_War Laws of War]
 +
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#State_Affiliation State Affiliation]
 +
 
  
 
==Synopsis==
 
==Synopsis==
  
Hackers have been online since a Cornell graduate student infected MIT’s burgeoning network with the first Internet worm on November 2, 1988. But recently cyber attacks on states have proliferated both in numbers and severity. The best-known recent example of such a cyber attack was on April 27, 2007. In a matter of hours, the websites of Estonia’s leading banks and newspapers crashed. Government communications were compromised. An enemy had invaded and was assaulting dozens of targets across the country. But this was not the result of a nuclear, chemical, or biological weapon of mass destruction. Nor was it a classical terrorist attack. A computer network was responsible, with attacks coming from thousands of zombie private computers around the world. And this was just the beginning. Flash forward to August 7, 2008 when immediately prior to the Russian army invading Georgia en masse a cyber attack reportedly crippled the IT systems of the Georgian military including air defense. Georgian command and control was forced to resort to U.S. government and Google accounts while Estonian advisors helped to deflect the ongoing cyber onslaught.
+
Cyberterrorism has become one of the most significant threats to the national and international security of the
 
+
modern state, and cyberattacks are occurring with increased frequency. The Internet not only makes it easier for
These cyber attacks are far from unique. Literally thousands of largely unreported major and minor cyber attacks occur daily. Power utilities in the United States, Polish and South Korean government websites, and UK technology firms have all be hit by cyber attacks in just the past few months. Even school districts in Illinois, Colorado, and Oklahoma have lost millions to fraudulent wire transfers. Responses have been varied, with many nations such as Singapore creating new cyber security authorities responsible for safeguarding IT.
+
terrorists to communicate, organize terrorist cells, share information, plan attacks, and recruit others but also is in-
 +
creasingly being used to commit cyberterrorist acts. It is clear that the international community may only ignore
 +
cyberterrorism at its peril.  
  
Together these episodes exemplify that cyber attacks against states are increasingly common, and increasingly serious. No longer does it take thousands of planes and divisions of soldiers to destroy vital governmental institutions. It can now be done by a relatively small group of knowledgeable persons linking together zombie computers into a clandestine network that may be used to crash nearly any computer system in the world connected to the internet, from air traffic control to sewage treatment plants.
+
The primary security threat posed by the Internet is caused by an inherent weakness in the TCP/IP Protocol,  
 +
which is the technology underlying the structure of the Internet and other similar networks. This underlying struc-
 +
ture enables cyberterrorists to hack into one system and use it as a springboard for jumping onto any other network  
 +
that is also based on the TCP/IP Protocol. Other threats to national and international security include direct at-
 +
tacks on the Internet and the use of the Internet as a free source of hacking tools. These threats will not be eradic-
 +
ated easily.  
  
The central topic of this article is uncovering in brief what is being, and can be done to counter these attacks, both at the national and international level. The focus is on the last two-and-a-half years since the specter of cyber war fully entered public consciousness on the international scene with the cyber attack on Estonia. The question presented is what progress has been made since that time? In short, the answer is very little. Many nations have found mutual benefit in the status quo strategic ambiguity. National information infrastructures, and the World Wide Web in general, remain acutely vulnerable to cyber attacks. Without concerted multilateral action, such as by coordinating the more than 250 Cyber Emergency Response Teams (CERTs) currently operating around the world while also clarifying the applicable legal regime, this intolerable state of affairs will continue.
+
In the absence of feasible prevention, deterrence of cyberterrorism may be the best alternative. Without, at a
 +
minimum, a concerted effort at deterrence, cyberterrorism will continue to threaten national and international se-  
 +
curity. The most feasible way to deter cyberterrorists is tuniversal jurisdiction.  
  
The structure of the article is as follows. Part I analyzes the threat of cyber attacks to international peace and security. Part II briefly summarizes the current cyber defense policies of the major players, to the extent that information is publicly available, including the United States, Russia, China, and NATO. Part III lays out the current legal regime that may be applied to cyber attacks, highlighting the significant gaps in the system. Finally, Part IV concludes by arguing for the need for a new regime for regulating cyber attacks and proposes new minilateral and multilateral measures that should be taken to more effectively protect information infrastructures from cyber attacks.
 
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==

Revision as of 18:13, 16 June 2010

Full Title of Reference

Cyber-Apocalypse Now - Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent

Full Citation

Kelly A. Gable, Cyber-Apocalypse Now - Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent, Vanderbilt Journal of Transnational Law, Vol. 43, No. 1 (2010). SSRN

BibTeX

Categorization

Issues: Public Critical Infrastructure, Terrorists, Private Critical Infrastructure, International Law (including Laws of War)

Key Words

Cyber Terrorism Laws of War State Affiliation


Synopsis

Cyberterrorism has become one of the most significant threats to the national and international security of the modern state, and cyberattacks are occurring with increased frequency. The Internet not only makes it easier for terrorists to communicate, organize terrorist cells, share information, plan attacks, and recruit others but also is in- creasingly being used to commit cyberterrorist acts. It is clear that the international community may only ignore cyberterrorism at its peril.

The primary security threat posed by the Internet is caused by an inherent weakness in the TCP/IP Protocol, which is the technology underlying the structure of the Internet and other similar networks. This underlying struc- ture enables cyberterrorists to hack into one system and use it as a springboard for jumping onto any other network that is also based on the TCP/IP Protocol. Other threats to national and international security include direct at- tacks on the Internet and the use of the Internet as a free source of hacking tools. These threats will not be eradic- ated easily.

In the absence of feasible prevention, deterrence of cyberterrorism may be the best alternative. Without, at a minimum, a concerted effort at deterrence, cyberterrorism will continue to threaten national and international se- curity. The most feasible way to deter cyberterrorists is tuniversal jurisdiction.


Additional Notes and Highlights