Mitigation of cyber attacks
Introduction
The development of internet technology has both advantages and limitations on global development. The major drawback associated with advancement in internet technology is the cyber crime, which is globally on a rise (Weimann, 2006). Cyber terrorism poses serious threats to the security of both private companies and government institutions. Cyber attacks involve unauthorized access to critical information as well as the infrastructure of business organizations and public institutions (Weimann, 2006). The resultant effects of cyber attacks are numerous, and they make both private and public entities more vulnerable to collapse (Osipenko, 2004, p 46). Thus, these institutions adopt various strategies to reduce cyber crime and where possible to completely get rid of it. In 2014, the United States and the European Union came up with cyber security standards through collaboration with private institutions (United Nations, 2006). They set strategic frameworks that could be used to address the increasing cyber threats in both private and public organizations.
Government authorities use various methods which have not been very successful in fighting cybercrime. Methods such as DDos and cyber espionage are used by the cyber attackers to hack essential infrastructure in most business institutions (Johnson, 2015). DDos or distributed denial of service attacks entails indefinitely interrupting or suspending network connections by making network resources unavailable (Johnson, 2015). On the other hand, cyber espionage involves the use of technology to obtain useful information such as business intelligence or secrets of an institution (Johnson, 2015). Due to inefficiencies of the techniques used in dealing with cyber attacks, the government and private entities may consider using destructive measures to counter-strike against the cyber attackers. This paper will answer the question of whether private companies and government institutions should be able to mitigate cyber attacks by destructively counter-striking against the attackers. The paper will also consider the viability of counter-striking policy and state whether it is a pro active policy that can help in insulating critical services from damage as well as potential harm by cyber attacks.
Consideration of private companies and government institutions and susceptibility of their services to cyber terrorism
The use of the internet has become so important that it has been made an integral part of activities in both private and government entities. Virtually all government departments use internet technology to coordinate their activities (Brenner, 2010). Private institutions have also embraced the internet use to facilitate business activities. However, various underlying challenges of the internet tend to limit the efficiency of these organizations and cripple the entire purpose of the internet (Weimann, 2006). According to FBI director, threats of cybercrime constitute a serious threat to the national security of the US. Similarly, the business intelligence, as well as critical national infrastructure, is under danger of cyber attacks (Office, 2015).
Cyber attacks have numerous impacts on business operations. In most cases, cyber attackers target the sensitive assets of companies such as financial records (Johnson, 2015, p. 41). In financial institutions such as banks, cyber attackers target the most sensitive sections by hacking systems that control monetary transactions. In essence, cyber activities do not cause physical harm on people, but they mostly result in the damage of critical infrastructure of business institutions (Johnson, 2015, p. 41). Besides, cyber activity disrupts the normal workflow in organizations, resulting in massive losses of financial nature as well as the reputation of both private and government entities.
Cyber terrorism contributes significantly to the vulnerability of companies (Conway, 2012). Business organizations that are vulnerable to cybercrime tend to have poor performance and are highly prone to collapse due to loss of customer confidence (Conway, 2012). Also, the reputation of business organizations is highly damaged by cyber activity, resulting in decreasing profitability. Business intelligence is another target of cyber terrorists. When sensitive business information is hacked, it can be used to weaken the organization through strategies and products imitations (Parker, 1998). Also, competitors can use this information to weaken the competitive abilities of a company, resulting in its failure.
Cyber terrorism increases the vulnerability of critical infrastructure in the U.S. as well as other countries that heavily depend on SCADA (supervisory control and data acquisition systems) in the regulation and monitoring of their industrial operations (Weimann, 2006). Additionally, the hacking of systems that regulate the national defense systems poses serious threats to the national security. For example, different terrorist groups must execute a cyber crime before physically attacking a country. Smugglers start by hacking the systems used by the customs unions before they can get access to the markets of a country (Office, 2015).
Cyber attackers may also target to destroy the defense systems and connectivity in companies by damaging communication infrastructures such as power grid, telecommunication, and satellites that support the security of these institutions. In this case, attackers destroy the central power supply that connects these institutions (Starostina, 2015). Additionally, cyber terrorists may attack communication network to prevent the passage of information. For example, an al-Qaeda group attacked the US critical infrastructure such as network and power grid before executing the physical attacks, according to FBI report (Office, 2015). Therefore, the management of both private companies and government institutions need to adopt effective strategies to fight against cyber attacks that jeopardize their security.
Prevention of cyber attacks by destructively counter-striking back against the attackers
Government and the administration of private companies may consider the use of counter-striking policy in the prevention of cyber attacks. This method entails the use of different techniques to perform reverse attacks which destroy the networks and tools used by attackers. Various techniques are used depending on the type of attack and the vulnerability of the targeted department. The common types of attacks include hacking, attacks of critical infrastructure, DDos, and cyber espionage (Parker, 1998).
Hacking back entails electronically striking back against the hackers. This method was advocated by a former director of the national intelligence unit in the United States following rampant hacking of banks and national security systems (Exposing, 2013). He advocated for granting of permission to the management of banks to execute online counterstrikes to prevent cyber attacks. Bank senior officials tried to lobby the government to grant them permits to track and disable hackers’ systems (Exposing, 2013). This measure has been integrated into the national policies due to increased cases of cyber-related insecurity. However, the U.S. Commission on Theft of American Intellectual Property advocates for non-destructive measures such as tagging of the stolen data electronically so that it can be detected later (Ip commission, n.d). Also, the commission considers the adoption of new laws that will forbid hacking.
Cyber attackers usually execute their activities from outside the country. As such, attacking them requires cooperating with the defense system of the suspected country. According to Mark, a former prosecutor in the federal criminal justice, executing strikes back operations against cyber attackers is against the Technology and Cyber Law which states that it is illegal to tamper with a computer even if it has been used by someone to attack you (Dell and Vanson, 2014). This rule is applied both in the United States and the United Kingdom.
Government authorities may also use frying poke method to attack the cyber attackers destructively. However, according to Dave, a computer technologist, the use of frying poke may not produce the desired results. He added that this method is also very expensive and suggested a more efficient method which involves probing the computers used by cyber attackers to see the kind of tools they use in executing crime and destroy them to disable the functioning of their computers (Kesan and Hayes, 2012).
Prevention of critical infrastructure attacks
The government enforces laws and judicial actions to prevent malicious cyber activities. However, some legal measures are not efficient enough to prevent potential cyber attacks on critical infrastructure such as telecommunication, transport systems, banking, and energy distribution systems (Kesan and Hayes, 2012). Additionally, relying on the passive defense techniques as well as seeking justice from authorities which are not legally and technologically equipped may not be effective(Kesan and Hayes, 2012). Therefore, there is need to adopt more pro active policy to insulate critical infrastructure against cyber crime. Before destructive counter-striking measure can be deployed, an intrusion into company’s systems must be detected and the intruder identified.
After detection of intrusion and identification of the intruder, technology is used in executing destructive counter-strikes. Various destructive mechanisms are used depending on the type of tool used by the attackers. In 2001, the US Department of defense created several defenses to destroy a worm known as Code Red worm in response to cyber attacks (Kesan and Hayes, 2012). The department used CRclean, which would use the backdoor whenever their security systems receive a probe from the attackers. CRclean is used to neutralize the attacking agent and preventing is spread by destroying it (Kostin, 2007). Another defense called CodeGreen is used to perform scanning to detect vulnerability of computers to CodeRed. Upon the detection of vulnerability, CodeGreen prompts the attacked computers to download a path through which the attackers’ tools are destroyed (Kostin, 2007). However, serious ethical and legal issues must be observed when using these counter-striking defenses since unscrupulous agents can deliberately use them to attack their rival companies in the markets, according to Osipenko (2004). Additionally, private companies, as well as the government, should make due consideration of various factors such as the method and extent to which they intend to destroy the attackers, the cost they would incur in installing destructive defenses, and the legality of the destructive measures before deploying the destructive counter-strikes.
Prevention of DDos
Cyber attackers may use DDos (distributed denial of service attacks) in disrupting the systems in government institutions and private companies, making their network fail indefinitely (Parker, 1998). These attacks have severe impacts on the major operations. Also, they interfere with critical infrastructure within these institutions. Mostly, cyber attackers target sensitive departments in private companies such as finance with attempts to steal business intelligence (Parker, 1998). Additionally, attacks may be directed toward the national defense systems in attempts to execute physical terrorism. Competitors in business may also disrupt operations in their rival companies to take advantage of market opportunities (Kostin, 2007) Therefore, destructively counter-striking these attacks may be an appropriate measure to deal with vandalism of cyber attackers. Defense departments in both private companies and the government may use software patches that identify the tools used by attackers such as "booter –stresser" and destroy them before execution of an attack (Arbuzov, 2012). However, it is hard to deal with DDos through destructive-counter-striking since the attacked may not be able to identify exactly the tool used to attack them (Brenner, 2010). Moreover, the installation of software that can perform destructive counter-strikes is rare and expensive.
Prevention of cyber espionage
Cyber espionage entails unauthorized gaining of access to information or secrets of a person or institution (Powers, n.d). Cyber attackers may use cyber espionage to obtain sensitive data from the government or private companies which are then used to perform more severe crime (Powers, n.d). Also, a rival company may use cyber espionage to gain access to the secrets of it competitor. Attacks through cyber espionage are usually undetectable, thus, cannot be easily dealt with by use of ordinary anti-malware software (Starostina, 2015). The commonly used methods in dealing with cyber espionage involve taking protective measures such as data policy, BYOD, and use of separate networks to hold intellectual property to prevent unauthorized access (Starostina, 2015). Thus, executing destructive measures to counter-strike against cyber espionage may not be possible. For example, the department of defense in the United States has failed to deal with cyber espionage executed by Chinese, which steals more than $ 100 from the US economy annually by gaining access to intellectual property as well as proprietary information (Exposing, 2013).
Whether destructively counter-striking against cyber attackers is a pro active policy to insulate critical services and potential harm or it’s a mere hack back vigilantism
Various challenges arise in the fight against cyber terrorism. Private companies and government institutions do not have the freedom to use any measure when dealing with cyber attacks since people have the freedom to own and use computers and internet technologies. Therefore, the legality of the method used in striking fights against cyber activity must be considered (Brenner, 2010). Additionally, economic as well as ethical considerations should be made before deploying a particular method of striking back against the attackers. Some techniques are very expensive to use while others are both costly and unethical. Execution of cybercrime involves the use of technology which is protected by cyber and technology law (Cyber crime, n.d). Therefore, destructively counter-striking measure may not be a pro active policy to insulate major services in private companies and government against cyber crime (Goodman et al., 2003)
Pro activity entails taking preventive measures to control a problem before it occurs. Thus, a pro active policy involves measures that would prevent cyber attacks from affecting critical services in private companies and government entities. A pro active policy ensures that operations in private and government institutions are carried out smoothly by ensuring that critical services are fully insulated against cyber attacks (Watkins, B., 2014). Critical services include services such as money transactions in financial institutions, national defense, communication, and public health services (Johnson, 2015). Private companies and public institutions have installed anti-malware software to prevent critical services from cyber attacks. However, measures used are not efficient enough to protect critical services against cyber attacks, and private institutions are considering destructively counter-striking against cyber terrorists as a pro active measure that would insulate their services against cyber attacks (Kesan and Hayes, 2012). Various challenges face this approach, making it ineffective in mitigating cyber activity or potential harm by these activities (Kesan and Hayes, 2012).
There is controversy over cyber counterstrikes (Maras, 2012, p.105). Determining the difference between “hack back” vigilantism and having the legitimate right to defend public and private property is difficult (Kesan and Hayes, 2012). Additionally, undertaking mitigative counter-striking and deliberately intruding into other people secrets is difficult to differentiate. Also, according to Kesan and Hayes (2012), destructive counterstrikes may be perceived as vigilantism since there are legal procedures for obtaining justice. Therefore, as much as destructive counterstrikes is an effective approach to mitigating cyber attacks, various considerations have to be made before its deployment. According to technology and cyber laws, people have legal right to use technology, and nobody should intrude and destroy the network of another person just because it was used to interfere with their operations (Dell and Vanson, 2014). Additionally, using the technology to obtain information also constitutes intellectual property. Therefore, cyber attackers have their rights just like other criminal and therefore, judicial procedures should be followed to prove them guilty. For example, the US Congress is trying to advocate for more powers to be allocated to the department of defense and private institutions such as banks to help them fight Chinese cyber espionage which steals more than $100 annually through access to intellectual property as well as proprietary information (Exposing, 2013).
Destructively counter-striking against cyber terrorists is an efficient approach to executing active defense against cyber crime. However, the method lacks legal grounds and does not provide credible deterrents to potential harm by cyber attacks (Beck et al., 2012). Additionally, insulation of critical services against cyber attacks would require more consistent strategy with legal support which does not jeopardize the rights of others (Beck et al., 2012). Under the current regime, use of destructive counterstrikes technology in the protection of systems in business institutions constitutes cyber-vigilantism, and it is illegal (Maras, 2012).
Conclusion
Cyber activity is globally on the rise, and if effective measures are not taken, it will become a global crisis. Both private companies and government institutions suffer both financial and reputational losses due to cyber attacks. Critical services such as national defense and public health must be protected against cyber attackers. However, due considerations with regards to ethical, technological, legal, and economic implications of the strategies used in fighting cyber crime should be made before deploying any strategy. Private as well as government entities consider destructive counter strikes as an appropriate and a pro active policy to mitigate current cyber attacks as well as insulating critical services against potential harm by these attacks. However, this method lacks legal grounds and consistency in preventing potential cyber attacks. The absence of a framework of analysis to distinguish between mitigative counterstriking and perceived vigilantism challenges the use of destructive counterstrikes. Also, the circumstances under which destructive counterstrikes are applicable and who should be allowed to conduct them are not legally stated. Furthermore, the use of such method constitutes a jeopardy and infringement into other people rights. Therefore, using destructive counter-strikes to mitigate cyber attacks is a mere hack back vigilantism and not a pro active policy.
Bibliography
Arbuzov S., 2012 On prospects of corporate criminal liability institution in Russia. Russian law journal.
Beck, D., Siemends, l., Rene L., 2012. “Cyber Insurance—Mitigating Loss from Cyber Attacks.”. Pillsbury Law.
Brenner, S. 2010 Cybercrime: Criminal threats from cyberspace. Santa Barbara, CA: Praeger Publishers.
Conway, M. 2012 Reality bites: cyber terrorism and terrorist use of the Internet First Monday 7(11).
Cyber crime: Its impact on government, society and the prosecutor an aid for assisting the prosecutor in the investigation, trial and conviction of the Cyber/computer criminal (no date) [Online]. Available at: http://pdf.usaid.gov/pdf_docs/Pnada641.pdf [accessed May 23, 2016].
Dell and Vanson Bourne. 2014. Protecting the Organization against the Unknown: A New Generation of Threats
Exposing One of china’s Cyber espionage units (2013). [Online]. Available at: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf [accessed May 23, 2016].
Goodman, E., Stephen J. Lukasik, and David W. Longhurst. 2003. Protecting Critical Infrastructures Against Cyber-Attack, Adelphi Paper 359, International Institute for Strategic Studies, London, U.K. [Online]. Available at: http://www3.oup.co.uk/adelph/hdb/Volume_359/Issue_01/ [accessed May 23, 2016].
Ip commission report 052213 (no date). [Online]. Available at: http://www.ipcommission.org/report/ip_commission_report_052213.pdf [accessed May 23, 2016].
Johnson, T.A. 2015 Cyber-Security: Protecting critical infrastructures from Cyber attack and Cyber warfare. Canada: Apple Academic Press.
Kesan, J.P. and Hayes, C.M., 2011. Mitigative counterstriking: Self-defense and deterrence in cyberspace. Harvard Journal of Law & Technology, 25(2), p.429.
Kostin P 2007 Study of computer information carriers used in committing economic crimes. Synopsis of a thesis, Nizhniy Novgorod.
Maras, Marie-Helen. 2012 Cybercrime Laws: “Which Statute for which Crimes.” Computer Forensics: Cybercriminals, Laws, and Evidence. Sudbury, 104-106.
Office of the secretary of defense (2015). [Online].Available at: http://www.defense.gov/Portals/1/Documents/pubs/2015_China_Military_Power_Report.pdf[accessed May 23, 2016].
Osipenko A., 2004 Global computer networks crime fighting: International experience. Monograph.
Parker, D.B. 1998 Fighting computer crime: A new framework for protecting information. New York: Wiley, John & Sons.
Powers, S., The Threat of Cyberterrorism to Critical Infrastructure.
Starostina Y., 2015 Computer hacking is a hacker’s tool, not that of protector (Cybercrime research center).
United Nations. 2006 European Institute for Crime Prevention and Control.
Watkins, B., 2014. The Impact of Cyber Attacks on the Private Sector. Briefing Paper, Association for International Affair
Weimann G., 2006. Terror on the Internet. The New Arena, the New Challenges. International Journal of Public Opinion Research, 19(3), pp.391-393.
Zwienenberg, R. (2012) 4 factors for avoiding cyber espionage attacks. [Online]. Available at: http://www.csoonline.com/article/2132450/privacy/4-factors-for-avoiding-cyber-espionage-attacks.html?page=2 [accessed May 23, 2016].
