Cybersecurity: mapping the ethical terrain

This edited collection examines the ethical trade-offs involved in cybersecurity: between security and privacy; individual rights and the good of a society; and between the types of burdens placed on particular groups in order to protect others. Foreword Governments and society are increasingly reliant on cyber systems. Yet the more reliant we are upon cyber systems, the more vulnerable we are to serious harm should these systems be attacked or used in an attack. This problem of reliance and vulnerability is driving a concern with securing cyberspace. For example, a ‘cybersecurity’ team now forms part of the US Secret Service. Its job is to respond to cyber-attacks in specific environments such as elevators in a building that hosts politically vulnerable individuals, for example, state representatives. Cybersecurity aims to protect cyberinfrastructure from cyber-attacks; the concerning aspect of the threat from cyber-attack is the potential for serious harm that damage to cyber-infrastructure presents to resources and people. These types of threats to cybersecurity might simply target information and communication systems: a distributed denial of service (DDoS) attack on a government website does not harm a website in any direct way, but prevents its normal use by stifling the ability of users to connect to the site. Alternatively, cyber-attacks might disrupt physical devices or resources, such as the Stuxnet virus, which caused the malfunction and destruction of Iranian nuclear centrifuges. Cyber-attacks might also enhance activities that are enabled through cyberspace, such as the use of online media by extremists to recruit members and promote radicalisation. Cyber-attacks are diverse: as a result, cybersecurity requires a comparable diversity of approaches. Cyber-attacks can have powerful impacts on people’s lives, and so—in liberal democratic societies at least—governments have a duty to ensure cybersecurity in order to protect the inhabitants within their own jurisdiction and, arguably, the people of other nations. But, as recent events following the revelations of Edward Snowden have demonstrated, there is a risk that the governmental pursuit of cybersecurity might overstep the mark and subvert fundamental privacy rights. Popular comment on these episodes advocates transparency of government processes, yet given that cybersecurity risks represent major challenges to national security, it is unlikely that simple transparency will suffice. Managing the risks of cybersecurity involves trade-offs: between security and privacy; individual rights and the good of a society; and types of burdens placed on particular groups in order to protect others. These trade-offs are often ethical trade-offs, involving questions of how we act, what values we should aim to promote, and what means of anticipating and responding to the risks are reasonably—and publicly—justifiable. This Occasional Paper (prepared for the National Security College) provides a brief conceptual analysis of cybersecurity, demonstrates the relevance of ethics to cybersecurity and outlines various ways in which to approach ethical decision-making when responding to cyber-attacks

Security Life Cycle framework for Exploring & Prevention of Zero day attacks in Cyberterrorism

The rise of cyber terrorism poses a significant threat to governments, businesses, and individuals worldwide. Cyber terrorists use information technology to carry out attacks that range from simple hacking attempts to more sophisticated attacks involving malware, ransomware, and zero-day exploits. This paper aims to provide an in-depth understanding of cyber terrorism, with a special focus on zero-day attacks. As the world becomes more digitized and automated, it brings convenience to everyone\u27s lives. However, it also leads to growing concerns about security threats, including data leakage, website hacking, attacks, phishing, and zero-day attacks. These concerns are not only for organizations, businesses, and society, but also for governments worldwide. This paper aims to provide an introductory literature review on the basics of cyber-terrorism, focusing on zero-day attacks. The paper explores the economic and financial destruction caused by zero-day attacks and examines various types of zero-day attacks. It also looks at the steps taken by international organizations to address these issues and the recommendations they have made. Additionally, the paper examines the impact of these externalities on policymaking and society. As cyber-security becomes increasingly important for businesses and policymakers, the paper aims to delve deeper into this aspect, which has the potential to threaten national security, public life, and the economic and financial stability of developed, developing, and underdeveloped economies

Information warfare and modern aircraft

The purpose of this thesis is to determine if modern aircraft are currently at risk of falling Victim to information warfare attacks or if they will be in the near future (less than 10 years). Defensive measures that are currently being used to protect this critical infrastructure will be discussed and evaluated for their effectiveness in preventing the degradation caused by these attacks. Every effort has been made to use reliable sources of information to present an accurate status of modern aircraft and the aviation infrastructure with respect to information warfare. With information warfare being such a recent topic, much of the most up-to-date information has not been published in traditional medium yet and therefore, the author had to augment his research by utilizing other sources , such as newspaper articles, magazines and the Internet. It was concluded that, to date, neither the airline industry nor the FAA has experienced large-scale attacks by cyber warriors, even though the industry is becoming more susceptible to such attacks This absence of attacks SHOULD NOT BE used to lull oneself into a false sense of security with the conclusion that the industry is properly protected from information warfare attacks. The reality is that these information warfare attacks can and are being successfully executed at an extreme cost and/or danger to the ill prepared and lucrative targets

Anti-war and the cyber triangle : strategic implications of cyber operations and cyber security for the state

[From the introduction:]The main driver for this choice of research was the growing influence of Internet-related issues in contemporary politics in various fields. 2009 saw an intensification of this link between information and communication technologies and international relations, particularly in the field of intelligence and military, with the revelation of notorious cyber operations such as AURORA, Ghostnet and Night Dragon (see chapter II). While those events started to attract the broader attention of academics, it was not until the discovery of the Stuxnet malware in 2010 (see chapter IV) that the issue gained momentum in other fields as well. A computer malware targeting a nuclear enrichment facility in a foreign country amidst a latent conflict certainly raised a lot of questions that demanded answers. Its sophisticated design and potential implications for international relations as well as strategic studies was one of the main inspirations for this research.While the emergence of literature on espionage and sabotage in conjunction with the Internet can be traced back to the 1990's, Kello recognises that even in 2013 it remains a weakly developed area, stating that '[t]he range of conceivable cyber conflict is poorly understood by scholars and decision-makers, and it is unclear how conventional security mechanisms, such as deterrence and collective defence apply to this phenomenon' (Kello, 2013: 7). Thus, the aim of this research is to contribute to the literature in this way '[…] in addition to elucidating empirical cyber events, scholars can guide the design of policies to affect them' (Kello, 2013: 38-39). Undertaking research in a field which is state-of-the-art and therefore, highly volatile, presents a particular academic challenge. It does also however enable a researcher to make a potentially crucial contribution, a dent, in the current debate. In areas of research in a vacuum exists, it is imperative for scholars to contribute to filling up that academic lacuna. The main outcome therefore is supposed to be a contribution to the academic debate on the strategic relevance and conduct of cyber operations and the state’s response to it. The intellectual tools developed as part of this research may be of future use for policy-makers. The underlying question for the research is: What are the strategic implications of cyber operations for the state?The Economist recently saw 'intensifying cyber threats' as one of the top challenges for 2014 (The Economist, 2014). The revelations of the past years, starting with Stuxnet, Operation AURORA, APT-1, Red October and activities derived from the NSA Documents revealed by whistleblower Edward Snowden indicate that this threat will not abate soon. More and more states are readying themselves for future conflicts by developing defensive as well offensive cyber operations capabilities (Lewis, 2013b: 9-55). The latest domain for conflict resolution is currently being explored and exploited too by a growing number of different stakeholders. Based on the increased number of stakeholders and the intensity and number of occurrences of said events (see section 3.5 and appendix), its contemporary relevance is high and has been increasing for several years and looks set to continue. Guiding principles in the field of strategy is an important part of this development. Though the debate on strategic implications of cyber operations started in the early 1990's, and promoted under the auspices of the RAND Corporation, '[i]ntellectually, we are in a position not unlike that faced 65 years ago as we began to develop our thinking about nuclear weapons' (Kramer, 2012: I). Nye agrees, stating that 'in comparison to the nuclear revolution in military affairs, strategic studies of the cyber domain are chronologically equivalent to 1960 but conceptually more equivalent to 1950. Analysts are still not clear about the lessons of offense, defense, deterrence, escalation, norms, arms control, or how they fit together into a national strategy' (Nye, 2011: 19). Thus, an intensive academic analysis of this field is pivotal, especially within the framework of strategic studies, in order to enable strategic adaptation and decision-making (Kello, 2013: 14). The timeliness of events, paired with the lack of a properly developed strategic framework, signify the increased contemporary relevance for research of the strategic implications of cyber operations for the state.Definitions are very important in political science, and only more so for research in the field of cyber operations. In the absence of commonly agreed upon definitions for cyber operations, and a multitude of other terms such as cyber warfare, digital warfare, information warfare, electronic warfare (see sub-sections 3.1 and 3.2 as well as section 4) which are at once related and disparate, mean that clarity in definitions is centrally important. While definitions might normally differ slightly, all elements included in the definition of cyber operations might vary. This includes the stakeholders (and their representation as entity in the cyber domain), the means to conduct cyber operations, the platform where it is conducted (for example all digital devices, Internet only, electromagnetic spectrum) and the operations through which it is conducted (for example, if cyber espionage is included or not).Therefore, the coherent and comprehensive definition is of vital importance for the understanding of the research and more so for its outcomes. The terminology of this research applies for the state in the cyber domain, cyber operations and cyber strategy. Thus, the three key definitions which are developed in this research can be found below.The state and its representation in the cyber domain is defined in chapter I: The state’s representation of the cyber domain is the Critical National Information Infrastructure (CNII). The CNII is composed of a particular part of the information infrastructure which is vital to the function of the state according to the state-teachings of Jellinek: territory, people and legitimate use of violence.The definition of cyber operations as developed in chapter II: A cyber operation is the targeted use and hack of digital code by any individual, group, organization or state using digital networks, systems and connected devices, which is directed against CNII in order to steal, alter, destroy information or disrupt and deny functionality with the ultimate aim to weaken and/ or harm a targeted political unit.Subsequently, the definition of a cyber strategy in chapter IV: The development and employment of cyber operations, potentially integrated and coordinated with other operational domains and forms of information operations, to achieve or support the achievement of political objectives

Robustness: A New US Cyber Deterrence Strategy

The growing trend of computer network attacks provokes the necessity for a comprehensive cyber deterrence strategy to deter aggressors from attacking U.S. critical infrastructure. The current U.S. cyber deterrence strategy based on punishment is ineffective in deterring aggressors as evidenced by the increasing number of computer network attacks against U.S. critical infrastructure. Therefore, the U.S. should look towards an alternative strategy based on robustness to deny enemy objectives and absorb attacks. To identify the superior cyber deterrence strategy, this study uses a qualitative assessment based on open-sourced information to evaluate the effectiveness of each strategy. The findings of this study show that a deterrence strategy centered on robustness can be more effective in deterring aggressors. As a result, the United States would be better served to reform its cyber deterrence strategy by establishing a capability to absorb computer network attacks and deny enemy objectives as a deterrent

Understanding the threat of cybercrime: A comparative study of cybercrime and the ICT legislative frameworks of South Africa, Kenya, India, the United States and the United Kingdom’

As broadband infrastructure investments in developing nations intensify and barriers to accessing the internet diminish, the more they increasingly become the quintessential destination for cybercrime. For their lax cyber laws and general cybercrime illiteracy, developing nations such as South Africa, Kenya, and India have become the destination of choice for cybercriminal enterprises. The focus of this dissertation is to comparatively analyse South Africa’s ICT regulatory framework against those of developing and developed nations and to determine its effectiveness in addressing the threat posed by cybercrime. This dissertation hopes to contribute towards establishing a greater understanding and appreciation of the scourge of cybercrime by studying the frameworks, structures, and arrangements, installed to safeguard against the threat of cybercrime in both developing nations, namely Kenya and India, and developed nations, namely the United States of America and the United Kingdom. Some of the key challenges identified in the dissertation, arising from the analysis of South Africa’s cyber laws and policy framework, point to legislation that is out of date and in desperate need of revision, a lack of definitional clarity for cybercrime related terminology, jurisdiction limitations to investigate international cybercrimes, no harmonisation with international laws, standards, and a poor record of implementing strategy and policies. The dissertation concludes that the battle against cybercrime cannot be won without first understanding what cybercrime is. Developing a common understanding of cybercrime and related terminology, and recommends the revision of the necessary ICT strategies, policies, and regulatory frameworks. Concluding international cooperation and mutual assistance agreements to assist with transnational cybercrime investigations and prosecutions is paramount. Establishing cross-sector, intra-ministerial, public-private, and multinational partnerships is also vital to managing the threat of cybecrime. Lastly, this dissertation recommends the development of dedicated cybersecurity and cybercrime mechanisms for the prosecution and safeguarding of the nation’s critical information infrastructure, the mission critical information of corporates and the personal information of citizens against cybercrime

An Assessment of North Korean Threats and Vulnerabilities in Cyberspace

This thesis answers the fundamental questions of what North Korean capabilities and intent in cyberspace are and what North Korean threats and vulnerabilities are associated with these. It argues that although North Korea’s cyberspace resources and capabilities have increased and reached a level that represents an advanced persistent threat, its cyberspace operations have remained restrained and regional. It also argues that North Korea’s valuable assets include its ability to control cyberspace within North Korea and its ability to engage in cyberspace activities and operations from abroad. The thesis recommends that the United States government exploit these assets by denying and disrupting the use of cyberspace by covert cyber units outside of North Korea, as well as by enabling and ensuring the less monitored and less controlled use of cyberspace by civilians inside of North Korea