Politically Motivated Computer Crime and Hacktivism: A Fine Line between Cybercrime and War? Not Really.

Tuesday, January 01, 2008

A Fine Line between Cybercrime and War? Not Really.

StrategyPage.com ran an article on the blurring line between criminal attacks and acts of war in cyberspace.

"In the computer age -- and 2008 is definitely in the computer age -- the difference between an act of war and crime is often a matter of interpretation as well as degree.
Attack a nation's highways and railroads, and you've attacked transportation infrastructure. You've also committed an obvious, recognized act of war.
An electronic attack doesn't leave craters or bleeding human casualties, at least not in the same overt sense of an assault with artillery and bombs. However, the economic costs can be much larger than a classic barrage or bombing campaign."

This article, like others, points out the problems and appears to want to label many attacks as acts of war or terrorism. The problem is real but answers are not simple. Cyber attacks are no different from physical attacks - what separates crime from terrorism or acts of war is not the medium or even the impact but the motivation, resources and organization behind the attack.

If a seventeen year old in China vandalizes a website because he disagrees with its content, it is a criminal act. If a nation state (whether directly or indirectly) orchestrates an online denial of service attack against another nation state, it's probably an act of war. The problem is the victim rarely knows who or why they have been attacked.

The difference in cyberspace is that it is very difficult to understand the adversary's motive. Corporations and other organizations rarely investigate the actual source of or reason behind the attack. Law enforcement and intelligence agencies are usually ill-equipped and underfunded or staffed.

These types of investigations are not impossible, but they are both costly and time consuming. Yet, as society's dependence on information infrastructures grows, so does the impact of attacks. Understanding the nature of the threat is vital to proper response. Simply labeling every attack as 'cyberwar' or 'cyber terrorism' is counter productive. Society - corporations, governments, academia and security vendors - need to invest in new and better methods and technologies to investigate cyber attacks.

Unfortunately, it will probably take a serious attack before this happens.

War -- or Crime -- in Cyberspace

No comments:

Post a Comment

About Encurve, LLC

Encurve, LLC - Building Intentional Security^TM.

Intentional - Purposeful. Deliberate. Planned.
That's what security should be.

Closing the gap between business leaders and security practitioners is what intentional security is all about.

Encurve, LLC offers a wide range of services:

Security Assessment & Management Services
Employing our real-world experience and proprietary methodologies to help security organizations become for focused and efficient.

Executive Advisory & Support Services
Providing the strategic and business focused analysis required by business leaders to make investment and risk decisions without getting lost in the technology.

Security Business Development
Enabling companies to provide professional or managed security offerings to their customers through the development of core and differentiated capabilities.

Brochures

Encurve's Security Capabilities
Encurve's Protect OnDemand^TM Solutions for Demanding Security Situations
Incident Response Capability Assessments
Due Diligence Services
Security Assessment Training
About Encurve and Intentional Security

Contact Encurve, LLC to start Building Intentional Security^TM.

Building Intentional Security^TM and Protect OnDemand^TM are trademarks of Encurve, LLC in the United States and other countries.