Cyber Security: Challenges and the Way Forward

Article

The rapid advancement of Information and Communication Technologies (ICT) since the mid-1980s has revolutionized the Information Infrastructure (II), which comprises communications networks and associated software and facilitates interaction among people and organizations. The prevalence of information at all levels of a society-individual, ...

Dr. Muhammad Riaz SHAD
National University of Modern Languages (NUML), Pakistan


Introduction

The rapid advancement of Information and Communication Technologies (ICT) since the mid-1980s has revolutionized the Information Infrastructure (II), which comprises communications networks and associated software and facilitates interaction among people and organizations. The prevalence of information at all levels of a society-individual, organizational and state-causes to label the contemporary era as “information age.“ This is particularly true for western industrialized nations, where critical infrastructures-communications, energy, transportation, banking, water and services-are increasingly dependent on Information Infrastructure. While the information revolution has created new opportunities, improved organizational efficiency and led to unprecedented global connectivity, it has brought about new unconventional vulnerabilities and threats bearing social, economic, political and security implications.

Cyber security, meaning the protection of computers, networks and data, is a serious concern of individuals and organizations, public and private as well as national and international. This concern becomes more serious as “the internet of things“ expands. As the technology advances with a rapid pace, innovations in cyber-crime also take place. Microsoft security bulletins regarding vulnerabilities of its products and services show an ever growing number of bugs, viruses and other threats to cyber security. Scope for cyber-threat increases as cyber-space remains unregulated and cyber-crime is simple as well as inexpensive to commit. Above all, cyber-attack poses a technical challenge of identification of the responsible as it is concealed through the use of several networks. Thus, an easy escape from this problem does not exist. However, serious cyber-attacks committed or backed by a state against another state can be prevented through international cooperation, if it could be achieved. This paper assumes that cyber security, apparently a technical issue, is to a great extent an economic and political matter. In view of this, the paper focuses on the social, economic and political, rather than technical, dimensions of cyber security.


1. Key Concepts

While the technical details of cyber security are beyond the scope of this study, the basic concepts are essential to understand in order to explain it as a socio-political phenomenon. These key concepts can be divided into two sets, each containing three interrelated concepts. First set comprises the concepts of cyber security, cyber space and cyber governance.

Cyber security, also called information technology security, refers to technologies, processes and practices “to prevent, detect and recover from damage to confidentiality, integrity and availability of information in cyberspace.“1 This general definition indicates that cyber security involves not only technical but also political and legislative measures.

Cyberspace refers to “the interaction of people, businesses and other entities over computer networks, namely electronic messages and commercial on-line services.“2 The most sizeable and visible manifestation of cyberspace is internet, which is ubiquitous as it is available everywhere at the same time.

Cyber (security) governance refers to “the development and application by Governments, the private sector, and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.“3 It aims to discipline
the behavior of internet developers and users through regulatory frameworks, involves both technical and legal measures, and operates within as well as between the states.

Second set comprises the concepts embodied in the nature and scope of cyber-attacks and the concept of critical infrastructure. Cyber-attack refers to “any act by an insider or an outsider that compromises the security expecta tions of an individual, organization, or nation.“4 Cyber-attacks can be categorized into four areas: cyber crime, cyber espionage, cyber terrorism and cyber war. It is useful to differentiate between these types of cyber attacks.

Cyber crime involves the use of computer networks by individuals alone or in groups to steal confidential data or cause disruption, mostly for financial gains. It includes criminal activities such as stealing of credit/debit card information and intellectual property theft as well as disruption to a website or service.

Cyber espionage refers to the use of computer networks to get unauthorized access to personal or confidential information held by individuals, governments or organizations for intelligence or certain operations.

Cyber terrorism is associated with a non-state actor/organization that uses computer networks for terrorist activities aimed at creating fear and panic or causing physical destruction.

Cyber war includes use of computer networks by a state against an adversary (state or non-state actor) for military operations designed to disrupt information systems or systems connected to information technology in view of political goals.

In technical terms, above-defined cyber-attacks take place in three forms: account takeover, impostor fraud and denial of service (DOS). Account takeover involves the use of malware to obtain a user’s confidential information-IDs, PINs and passwords-for transferring money or doing other frauds. In imposter fraud, a fraudster presents himself to an authorized user as a person who is trustworthy or an authority, and requests a bank transaction, which seems normal to the bank. Denial of service (DoS) is a cyber-attack which makes networks or systems unavailable.

Serious cyber-attacks target “critical infrastructures“ of an organization or a state. In this context, an infrastructure refers to “a framework of interdependent networks and systems, generally interlinked at many different levels, including industries, institutions and distribution capabilities that provide a flow of products or services.“5 Five broad sectors can be identified as critical infrastructures, particularly in modern developed countries: information and communication, banking and finance, energy, physical distribution (transpor tation networks) and human services.6 Among these, information and communication infrastructure are vulnerable to cyber-attacks. Since other critical infrastructures are interconnected through information and communication networks, they are also vulnerable to cyber risks.


2. Range of Cyber-Attacks and the Motivations

Vital social infrastructures-electricity, finance, water, transportation, health and food-are increasingly dependent on ICT networks for their functioning, distribution and interconnectedness. This dependence results in both opportunities and vulnerabilities which can be exploited by people ranging from individuals to governments. “Information revolution“ experienced by the contemporary world is boon as well as bane. It is bane because ICT has an “enabling function“ for disruption, crime and state-level aggression. ICT dependence becomes more prone to vulnerabilities in times of social unrest, political tensions and other appalling events. The spectrum of cyber-attacks is quite broad, from individual activity, to activities of groups and non-state actors, to governmental actions. These attacks are driven by a range of motivations-from ideological campaigns, to financial gain, to political objectives.

It is taken from TASAM Publishing's book named "Change in State Nature: Boundaries of Security".
This content is protected by Copyright under the Trademark Certificate. It may be partially quoted, provided that the source is cited, its link is given and the name and title of the editor/author (if any) is mentioned exactly the same. When these conditions are fulfilled, there is no need for additional permission. However, if the content is to be used entirely, it is absolutely necessary to obtain written permission from TASAM.

Areas

Continents ( 5 Fields )
Action
 Contents ( 407 ) Actiivities ( 172 )
Areas
Africa 65 135
Asia 75 208
Europe 13 29
Latin America & Carribean 12 30
North America 7 5
Regions ( 4 Fields )
Action
 Contents ( 167 ) Actiivities ( 44 )
Areas
Balkans 22 92
Middle East 18 56
Black Sea and Caucasus 2 15
Mediterranean 2 4
Identity Fields ( 2 Fields )
Action
 Contents ( 172 ) Actiivities ( 66 )
Areas
Islamic World 51 143
Turkish World 15 29
Turkey ( 1 Fields )
Action
 Contents ( 197 ) Actiivities ( 48 )
Areas
Turkey 48 197

Last Added