Essay: CYBER SPACE THE NEW WARZONE

CYBER SPACE THE NEW WARZONE
April 27, 2007 Estonia, a member of  European Union and NATO, was attacked. There were no soldiers, no ammunition, and no known invader but yet there was an attack; striking number of targets across the nation. It was so severely widespread and grave that the capital wanted to invoke Article 5 of North Atlantic Treaty Organisation which states, ‘An assault on one allied country obligates the alliance to attack the aggressor.’
The sovereignty of a country was hindered, not in a classical but a modern way. It was done through a computer. Yes it was a digitally oriented attack which almost paralysed a whole nation for weeks.
Estonia commonly known as eStonia was the most digitalised country of Europe. By 2007, Estonia had introduced an e-government in which ninety percent of all bank services, and even parliamentary elections, were carried out via the internet.  Estonians file their taxes online, and use their cell phones to shop and pay for parking. The country is saturated in free Wi-Fi, while Skype, the free internet phone company headquartered in Estonia, is rapidly taking over the international phone business. Thus, in many ways this small Baltic nation is like a window into the future.  It is said that someday, ‘the rest of the world will be as wired as eStonia.’  These all factors contributed making the attack successful.
This was for the first time, the world experienced such a massive ‘Information War’.  In words of Ene Ergma, the Speaker of the Estonian Parliament and a doctorate in nuclear physics, ‘When I look at a nuclear explosion and the explosion that happened in our country in May, I see the same thing’Like nuclear radiation, cyberwar doesn’t make you bleed, but it can destroy everything.’   It is important to understand why a nuclear physicist like Ene Ergma compared cyber-attack with a nuclear one.
Cyberterrorism defined
The roots of the term can be traced back to 90s, when highly tech dependant and highly networked country USA, experienced a rapid growth in the use of Internet. This flickered several studies and debate on the prospective risks to be faced by this incipient ‘information society’.
By 1990, the National Academy of Sciences started writing reports on cyber security titled, ‘We are at risk. Increasingly, America depends on computers. . . . Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.’  At the same time, the prototypical term ‘electronic Pearl Harbour’ was coined, linking the threat of a computer attack to an American historical trauma.
The term is a hybrid of two of the biggest fear of the twenty first century. The fear of violent victimization mixed well with the distrust and consummate fear of information technology.
A more semantic definition has been coined by Dorothy Denning, a professor of computer science before House Armed Services Committee in May 2000. In her words, ‘Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.’
Information Warfare, an appeal for modern terrorist
Today more and more countries especially the developing countries, are in the sprint to digitalise. Like Estonia they are becoming more and more ‘wired’. The cyber space today have become a requisite part of a nation’s infrastructure. Of course this has enhanced governance but on the other hand has made them much more susceptible to a completely new type of threat- the Cyber Attack or Information Warfare, whatever you call it. It has become an appeal for the modern terrorists.
First, this is cheaper compared to the traditional classical terror infrastructure. No guns and no explosives, all what is needed is a computer and a connection to internet.
Secondly, cyber terrorism is much more anonymous. We should not forget, in the cyberspace there are no barriers, no checkpoints, no borders and no customs. They can just be a ‘guest’, which makes it very hard for the security agencies to track them down.
Thirdly, there is an enormous variety of targets. The complexity of the computer system, makes it highly impossible to eliminate every weakness. This puts them in upper hand.
Fourthly, the most appealing feature is the remoteness. This kind of warfare requires less physical training, less risk of mortality and investment than compared to the traditional method. The social network proves to be the best recruitment ground and the best way to spread their ideological annexes.
At last, Information Warfare has much more potential to affect a larger number of people over a larger area in a relatively small investment as compared to the classical method.
Legal Framework
The major problem with information warfare is the lack of proper legal framework. There is no such thing called ‘international treaty or convention’ over the issue. All that is left is laws by individual countries. The lack of international framework highlights the complexity or sometimes incapacity to prosecute cyber terrorists operating in jurisdictions outside of the country of attack.
The four key critical elements for establishing an effective international legal framework on the issue are: agreement on the definition of cyberterrorism; leadership by the United Nations (UN); utilization and expansion of existing international conventions, legislation and authorities to create a cohesive and robust system; and effective law enforcement.
The present structure lack these key elements. So what is done is to find whether the issue of cyberterrorism might fall within the scope of some agreements, making those instruments relevant for identifying international law applicable to cyber terrorism. How well or poorly the anti-terrorism treaties cover potential acts of cyber terrorism might reveal gaps in this area of international law.
So far, only three anti-terrorism treaties have been concluded after Internet became a global platform for communications in the mid of nineties. However none of them have been made or adopted keeping cyberterrorism in mind.
The deficiency of a precise cyber terrorism accord invites consideration of prevailing or proposed international law on terrorism broader in scope than the anti-terrorism treaties nations could apply in a response to cyber terrorism.
Sometimes the laws on cybercrime may be used to treat issues related to cyberterrorism. However, under pacts on cybercrime, states parties would treat cyber terrorism as conventional crime because the accords do not contain offenses delineating terrorism as a different kind of criminal activity. In national and international law, states have created special criminal law for terrorist acts in order to mark such acts as different from other criminal behaviour.
Islamic State of Syria and Levant, the latest user of Cyber Warfare
Talking about terrorism and not mentioning the latest sensation ISIS would not be possible. The use of cyber space by ISIS, is the best example to show how a terrorist organisation can manipulate the ‘information technology’ to spread its ambit. This type of extensive use of social networks such as Facebook and Whatsapp by a terrorist organisation in recruitment and in spreading the ideological wings was never seen before. But the organisation is not only confined to social network.
It is evident that ISIL identifies that it will be easier to strike through cyber warfare than to infiltrate through borders. Compared with earlier terrorist generations, ISIL has established an appeal to young, tech-savvy individuals far from the battlegrounds of Iraq and Syria. Says Alex Kassirrer, a terrorism analyst, ‘Al Qaeda’s media apparatus was a van driving around Yemen passing out videos, ISIS has really revolutionized how they use the tech sector, and their recruits tend to be younger individuals who grew up in the tech age.’
The Conclusion
Recently, CIA arrested a Malaysian national for allegedly hacking down more than ten thousand vital documents and supplying them to the ISIS. In a video released by hackers claiming affiliation with ISIS, they vowed an ‘electronic war’ with USA and Europe, ‘Praise to Allah, today we extend on the land and in the Internet, We send this message to America and Europe: We are the hackers of the Islamic State and the electronic war has not yet begun.’
The terrorist organisation today are following leads to use more sophisticated hacking framework.
‘It’s only really a matter of time till we start seeing terrorist organizations using cyberattack techniques in a more expanded way,’ said John Cohen, a former counterterrorism coordinator at the Department of Homeland Security.
‘The concern is that, as an organization like ISIS acquires more resources financially, they will be able to hire the talent they need or outsource to criminal organizations,’ Cohen added. ‘I think they’re probably moving in that direction anyway.’
I thus believe, the right time has arrived for the international community to response. The issue right now is young and hence easier to deal with. International organisation like the United Nation should compel the nation states to begin with the framing of a powerful accord and to establish an international legal framework especially dealing with this ‘cyberwarfare’ before it is too late. Otherwise it may prove really fatal because protecting the physical boundaries is much easier job than protecting relatively boundary less cyber network which may have a more devastating effect.
Further, I would suggest while framing the legal framework and fighting with this emerging issue, the international community should first make a clear distinction between a ‘cybercrime’ and ‘cyberterrorism’.