According to William Hague, British Foreign Minister, the need has come to reach a global consensus regarding the protection of countries’ cyberspace.
As he pointed out in 2001, “the Internet has been an unprecedented engine for growth, for social progress and for innovation, across the globe and in all areas of human endeavour”. However, it should be borne in mind that alongside these benefits, there have been certain dark aspects which cannot be possibly ignored. And thus, there is a need for countries to deal with this issue. Despite the fact of the Internet being a great tool for developed countries, which for some years now, have radically relied on it, the Internet has also become some sort of haven for deviant actors such as cybercriminals or terrorist organizations, which have taken advantage of it in order to seek their objectives. And as such, cyberspace becomes another area of interest for States and therefore has to be protected and surveyed.
CYBER SECURITY AS A CHALLENGE
Most experts have accurately depicted this new area as something challenging; cyberspace is wide, is difficult to have a direct and effective control on it and is relatively easy to invade other countries’ cyber space. Thus, unless some sort of agreement between States is established, it is unlikely that countries will be able to deal with these problems.
Cyber security is more relevant than ever, as for the first time, States or other actors can severely wound infrastructures and economic capacities of other countries without resorting to firepower. Attacks can be launched from the distance and sensitive information could be linked eroding to a great extent the integrity or the image of a State. Some cases provide a good example of this: it would suffice to take into account the cyber attacks against Estonia in 2007, not to mention the Stuxnet case, Wikileaks, the Snowden case or Titan Rain among others.
Some aspects that should be borne in mind are the following: regarding the cases of cyber attacks aforementioned, the alleged culprits of these were the US and Israel (Stuxnet), China (Titan Rain), Russia (Estonia and cyber attacks against Southern Ossetia). What do all these countries have in common? They are among the five world powers regarding cyber issues (the 5th one would be the UK). Whether it is true that these countries were responsible for the aforementioned attacks or not, one thing is clear: they have the capacities to carry out these attacks and this gives them power. In a world of massive information, in which this is as valuable a resource as money, they have the ability to use this power for their own benefit, and countries should, therefore, be aware of the situation and try to establish appropriate cyber security strategies.
Therefore, it came as no surprise to see that countries worldwide decided to start developing national cyber security laws in order to regulate this new area. Even though these national laws have been recently created, they have been constantly adapting to the new realities in this field. These strategies would seek the protection of critical cyber infrastructures such as the following: software and hardware systems, Internet servers and information systems. The need to do so is a direct consequence of the ever-growing presence of potential attackers such as: rogue States, other States, cyber terrorists, hacktivists, individuals, terrorists… These attackers can target sundry objectives such as company web sites; governmental websites of cyber espionage and can pursue various goals. The need to secure critical infrastructures is a direct consequence of the fact of developed countries being extremely dependent on new Information and Communications Technology (ICT).
Though national cyber security strategies have varied form one country to another, there have been some main points in common, for instance: in the first place, they all have CERT divisions (Computer Emergency Response Team) which are in charge of dealing with the technical aspects of cyber security. As well as that, they are also responsible for having a direct response to cyber attacks such as: DDoS attacks (Distributed Denial of Service), installing firewalls in order to make sure that sensitive information is not leaked and guaranteeing the protection of personal data.
Apart from the national realm, there has also been an approach to this subject in the international arena. Some of the documents, proposals, and projects that have dealt with cyber security have been the following: in the EU, the Cyber security Strategy of the European Union: an Open, Secure and Safe Cyber space. In this document the strategic priorities and actions were the following: achieve cyber resilience, reduce cyber crime drastically, develop a cyber defence policy as well as develop industrial and technological resources for cyber security. This shows that for the EU, cyber security has become one of the most crucial issues concerning European countries. In the year 2001, in the 23rd November, the Convention on Cybercrime was signed; also known as the Budapest Convention. This was the first International Treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg. Among the crimes it deals with, the following must be considered: infringements of copyright, computer-related fraud, child-pornography, hate crimes and violations of network security.
Notwithstanding the fact that it attempts to fulfil different objectives, the Convention aims principally at harmonizing the domestic criminal substantive law elements of offences and connected provisions in the area of cyber-crime, providing for domestic, criminal, procedural law powers necessary for the investigation and prosecution of such offences as well as other offences committed by means of a computer system and setting up a fast and effective regime of international cooperation. This treaty was unanimously ratified by the US Senate. NATO Parliament Assembly settled in 2011 Resolution 387, based on cyber security, in order to regulate the cyber domain due to its relevance. In this Resolution it also urged NATO bodies to ensure that NATO Computer Incident Response Capability was fully operational by the end of 2012 and to use capabilities such as NATO Cyber Defence Management Board and NATO Cooperative Cyber Defence Centre of Excellence, to analyse rapid developments further in the cyber domain and to develop strategies for strengthening cyber defences across the Alliance, while exploiting the advantages of the information age through initiatives such as NATO Network Enabled Capability. In spite of the willingness of NATO member states as for the development of a cyber defence strategy common for all, the truth is that there has been some controversy regarding this strategy. On the one hand there are those countries that want the most developed countries to guarantee the cyber defence of all the other countries, with their teams, instruments, facilities and capacities. On the other hand, there are those countries that estimate that each country should be responsible for their own cyber defence.
All these aspects offer a good view of why is cyber security so outstandingly important, not only for countries, but also for other international actors such as international organisations for instance. All this seems to point to cyber security being the new challenge in the international realm; a new challenge because it seems to be constantly evolving, and countries and international actors must adapt themselves in order to deal with it, but a challenge as well as a weak, insecure or unsafe cyber space could lead to countries and other international actors suffering from really dire problems.
Juan Manuel Combarros