international standards to regulate aggressive cyber-behavior from a foreign state_rr

Download International Standards to Regulate Aggressive Cyber-behavior from a Foreign State_RR

Post on 22-Mar-2017

224 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State

    International Standards to Regulate Aggressive Cyber-behaviour from a Foreign State

    Mansoor Faridi

    Fort Hays State University

    May 10, 2015

    Author Note

    Mansoor Faridi, Department of Informatics, Fort Hays State University.

    Mansoor Faridi is a graduate student at Fort Hays State University specializing in

    Information Assurance Management. He lives in Toronto, Canada where he manages the

    Compliance function for a major Canadian Financial Institution.

    This position paper is a deliverable for Public Policy, Law, and Ethics in Informatics

    (INT610) course.

    Correspondence concerning this paper should be addressed to Mansoor Faridi.

    Contact: [m_faridi@mail.fhsu.edu]

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State ii

    Table of Contents

    Abstract .......................................................................................................................................1

    Introduction ..................................................................................................................................2

    Regulation of Foreign States Aggressive Cyber-behavior .........................................................3

    Background ..3

    Significance ..4

    Present Frameworks Regulating Aggressive Cyber-behavior ......................................................5

    Problem Definition ...5

    Current Status ...................................................................................................................6

    Developing and Implementing Global Standards Regulating Aggressive Cyber-behavior .......10

    Challenges ......................................................................................................................10

    Roadmap ........................................................................................................................12

    Conclusion ................................................................................................................................14

    References ..................................................................................................................................16

    Appendices

    Appendix A Cyber-attack representations

    Appendix B Examples of recent incidents of nations' cyber warfare

    Appendix C Cyber-attacks on various Nations (by category)

    Appendix D Estimates cost of cybercrimes in U.S. and Globally

    Appendix E Model to develop global standards regulating aggressive cyber-behavior

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State 1

    Abstract

    Where technological advancements have improved our quality of life, it has also exposed us to

    previously unknown threat vectors, such as, aggressive cyber-behaviour from a foreign State.

    This significant issue has materialized in the form of huge financial losses (and otherwise), and

    disruption of critical service provision. The main reason behind this problem is owing to absence

    of international standards regulating foreign States aggressive cyber-behavior. The global

    community has failed to develop a united front to develop and implement effective solutions to

    tackle this issue proactively. Some global and regional organizations have developed frameworks

    that also fail to address this issue fully, as their scope is domestic, focussing on individuals

    cyber-behaviour (as opposed to State), and solutions are theoretical in nature with no provisions

    defining investigation and prosecution mechanism. Since the rules of engagement of modern

    cyber-warfare are different than conventional military conflict, therefore, nations need to take

    this distinction into consideration when approaching the issue. Another important aspect is

    codification of international standards including the definition of scope, jurisdiction, forensic

    procedures, resources, investigative and prosecution authorities. This difficult feat is possible

    with mutual cooperation, active involvement, and maintaining compliance (by member nations)

    with these international standards regulating foreign states aggressive cyber-behavior.

    Keywords: best practices, coe, continuous improvement, cyber-hacktivism, cyber-law, cyber-

    terrorism, cyber-warfare, impact, interpol, nato, jurisdiction, sovereign, united nations, wegener

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State 2

    International Standards to Regulate Aggressive Cyber-behavior from a Foreign State

    Mansoor Faridi

    Fort Hays State University

    Introduction

    This position paper supports the argument that there exists an imminent need to develop

    and implement international standards to regulate aggressive cyber-behavior from foreign State.

    First section provides background and significance of the issue, illustrates the magnitude

    of this problem with examples of sovereign nations attacking each other in cyber-space,

    concluding with estimates of financial losses incurred due to this aggressive cyber-behavior.

    Second section describes the issue in detail along with a description of frameworks

    developed by various global organizations to regulate cyber-behavior. However, all frameworks

    lack in scope (focus on regulating individuals cyber-behavior as opposed to that of the State),

    and intent (theoretical in nature without defining jurisdiction and prosecuting authorities).

    Third section lists and discusses major challenges hindering the development and

    implementation of the aforementioned global standards; it also provides some recommendations

    along with a roadmap to design, develop, and implement global standards. The section concludes

    by detailing an overall approach emphasizing collaborative engagement and launching of this

    initiative through globally recognized platforms, with respected world bodies supporting

    investigation and prosecution mechanisms.

    This position is based on an overall approach in a global context where centralized

    institutions are responsible for designing, developing, implementing, regulating, prosecuting, and

    enforcing international standards. The approach has been inspired by industry best practices and

    global standards and frameworks with a focus on continuous improvement to keep the standards

    agile, relevant, and up-to-date!

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State 3

    Regulation of Foreign States Aggressive Cyber-behavior

    In my opinion, there is an imminent need to design, develop and implement robust,

    effective, and comprehensive international standards to regulate aggressive cyber-behavior

    instigated by a foreign nation state against another entity, such as another state, organization,

    person, etc. These standards should be supported by an international body (such as the United

    Nations, Interpol, etc.) to ensure its legal enforcement and effective implementation on a global

    scale. The sub-sections below describe the background and significance of this issue.

    Background

    In traditional warfare, strategic objectives are realized by executing offensive maneuvers.

    This cripples a nation by inflicting damage to its airfield, ports, roads, ordnance depot, defense

    and communication capabilities, etc. However, with technological advancements, the focus has

    shifted to a more sophisticated mode of warfare, which is equally lethal but entirely virtual

    [emphasis added] in nature (See Figure 1, Passeri, 2015). This is eloquently summed up by Noah

    Feldman (2015), Harvard Law professor, Cyber- attacks as a strategic matter do not differ

    fundamentally from older tools of espionage and sabotage. In fact, cyber-warfare is politically

    motivated hacking to conduct sabotage and cyber espionage (Cyberwarfare, 2015;

    See Appendix A, Chart A).

    The change in venue where the war is being fought has led to a paradigm shift. This

    aggressive cyber-behavior is akin to cases of road-rage. Fortunately, we have traffic laws to deal

    with such menace; however, we do not have a holistic set of international standards regulate

    aggressive cyber-behavior from foreign State actors. This is defined as attacks or series of

    attacks on critical information carried out by terrorists and instills fear by effects that are

    disruptive or destructive and has a political , religious and ideological motivation (Schjolberg,

  • International Standards to Regulate Aggressive Cyber-behavior from a Foreign State 4

    2007, p. 2). Table 1 below illustrates recent examples of cyber-attacks instigated by sovereign

    nations on other nations and entities (See Appendix B for details; Cyberwarfare, 2015).

    Table 1

    Instances of nations cyber-warfare

    Next sub-section highlights the gravity and impact of cyber-crimes supported by

    statistics, and signifies how cyber-crimes expose the vulnerabilities of our data and information,

    as it relates to its privacy, security, integrity, and availability.

    Significance

    Through cyber-warfare, nations (or proxy agents acting on their behalf) try to gain illegal

    access to data and information, in order to sabotage, conduct espionage, harm critical

    infrastructure, assets, and disrupt mission criti