So, first there has to be a common,unambiguous definition of the terms across the nation as we start harmonizing law. We need to understand what we are talking about. For instance, there has been a debate on the distinction between cyber crime, cyber warfare and cyber terrorism. We can add one more term to this, cyber activism.
The tools and techniques are common across all of these. The difference lies in the actors and motivations behind these attacks. Cyber warfare is appropriate when state actors are involved and the motivation is to achieve political objectives.
Cyber warfare then becomes another in the off countries that can be used in conflicts, or political conflicts. For this have been used excessively giving recent tax. Mainly for physiological impact and propaganda. Set out to attempting to influence what a little change it is to invest. Cyber terrorism such as Al Qaeda attempting to influence young Muslims in the United States to join the Jihad. And some are active as a mockers when the, when social groups launch attacks in order to bring attention to social and political issues. Both within a country and across multiple countries. For instance, activists in Middle East countries campaigning on social media for political change, or hacking groups attacking organizations that supported the persecution of Julian Assange.
And so all of those are examples of social activism. Now the tools and techniques aren't the same. However, the impact can be very similar. All of these attacks can lead to billions of dollars in damages. And harmful to average citizens who are trying to use the services that are being offered.
The fundamental problem in such definitions is in the differing perceptions. First, the distinction between state and non-state actors is often blurred.
The non-state actors have tacit and financial support as well as patronage of government. Organizations in a lot of the cases. So should the governments be held responsible, or the non-state actors? The non-governmental groups have been linked to governments in Iran, Russia, and China. It is very difficult to prove this nexus conclusively, hence this ambiguity. Second, the definition of terrorism differs based on perception. A social activist for one country could be a terrorist for another country, making the distinction even fuzzier.
One could be a criminal in one country, and it could be a hero in another country. So again, we need to make sure that we understand and clearly define these rules and laws.
Now, let's look at the motive.
Are the intelligence agencies and military of states are increasingly engaging.
In espionage and some works of activities against other nation in cyber space. Distinction between cyber, cyber crime and cyber warfare is blurring. Given that it is difficult for leadership or one state to distinguish for their attacks, on the website, our online type of data are actions of individual demand of street. Motivated by financial gain, political or religious ideology or actions taken by this that stays intelligence agency of military. It is very difficult to differentiate between potential acts of cyber war, of cyber crime from cyber activism. Hence, the motive is unclear.
Now, let's look at the attribution.
That is one of the biggest challenges in enforcement of cyber warfare rules
when it applies to cyber laws.
Can we unambiguously identify the perpetrators of cyber crime to be able to apply an international law? There are three categories of attribution problems. The first deal with attacks through the internet, which are the most notorious for lack of attribution.
These attacks can be camouflaged due to the underlying architecture of the internet that allow the attackers to act remotely by exploiting lack of security in many hosts. Which allowed them to use machines in a third country for launching attacks.
Without proper cooperation across borders, or surveillance across borders, it is hard to have high confidence in attribution. The second problem deals with delivering attacks on secure systems through other media, such as thumb drives, CDs, and DVDs.
For instance, Stuxnet worm was introduced into Iranian nuclear facilities through thumb drive. For these secure systems, forensics intelligence should identify the source of the weapon.
But the forensics procedures are not developed, and they face the same problem of the weakness of the Internet. And the lack of the data that is available.
The third attribution issue is the malware in the hardware that is embedded now and the software that is preloaded onto the computers. It is very hard to find out at what stage the malware was tainted when the trojans are inserted, and when a lot of the cases were very difficult to find out even if a trojan was created.
Dịch vụ chuyên ship đặt hàng nhà sản xuất ở Trung Quốc
ReplyDeleteĐơn vị nhận order đặt hàng nhà sản xuất ở Trung Quốc
Dịch vụ nhận order đặt hàng nơi gia công tại Trung Quốc