International Law and Cyberspace in the Age of Digital Sovereignty
Cyber crime has been on the increase for years now and it's not showing any signs of slowing down. To form it worse, the arrival of the COVID-19 pandemic in 2020 just fuelled things. Those that were expecting relief from the increasing terror of cyber crimes in 2021 are to be disappointed because the number of attacks is merely increasing day after day. We've barely crossed the primary quarter of 2021 and already several huge cyber attacks have made the headlines. Here may be a list of a number of the main cyber attacks that happened in 2021.
Today, the internet has become unavoidable in our daily life. It is impossible to imagine modern life without internet and technology. The use of internet and technology make our life simple, convenient, fast and easy. It helps us with facts and figures, information and knowledge, for personal, social and economic development. It plays a pivotal role to groom our life and activity. These internet and technology is great platform in education, speed up daily tasks, Research & Technology, business promotion and innovation, communication, digital transactions, money management etc. It would be hard to imagine a world without internet and technology. It is a whole system of interconnected networks.
But in vast and rapid growing technology, there is a concern of cybersecurity which is one of the most discussed topics in countries all around world. The cyberspace was first coined in the year 1981 by American-Canadian author Gibson. He stated that cyberspace exists anywhere there is internet. Further cyberspace is defined by US Department of defense as “a global domain within the information environment consisting of an interdependent network of information technology infrastructures, including the internet telecommunications networks, computer systems and embedded processors and controllers.
There is no any universal standard definition of the term “cyberwarfare”. Different countries tort its name and used the term “cyber attacks” also. In simple word, it is a network-based-conflict to destroy the activities of a particular state by the usage of technology. The destruction could be of any kinds such as credential stuffing, phishing, malware attacks etc. These destructions directly harm the country’s digital infrastructure. These cyber attacks amount to breach of confidential information which eventually paved a path to targeted attacks on human rights activists or journalists or any such people involved in humanitarian work.
There is an example which supports is the Saudi government hacked the communications details between their opponent Omar Abdulasziz and a journalist which eventually leads to the death of Saudi journalist Jamal Khashoggi.
Convention on cybercrime is also known as ‘Budapest Convention’. It is first international treaty seeking to address internet and computer crime by harmonizing national laws, improving investigate techniques, and increasing cooperation among nations. This convention was drawn up by the Council of Europe in Strasbourg, France and signed in 23 November 2001 and effective from 1 July 2004 with the active participation of the Council of Europe’s observer states Canada, Japan, South Africa and the United States. This convention is open for ratification even to states that are not members of the Council of Europe.
This Convention was eagerly called for Indian participation since it formation in 2001 but India has decided not to be a party to it. The reason behind India not participated in this convention because this treaty is drafted without India’s participation. As per recent data, only 69 states have ratified the convention. However this convention is not fully fledged efficient in reducing the cybercrime.
Another, Russian-led Resolution passed by UN Committee on a global cybercrime treaty. This resolution was sponsored by China, North Korea, Cuba, Nicaragua, Venezuela and Syria, among other and will up an ‘open ended working group to examine cybercrime. This resolution on a global cybercrime treaty has been framed to serve as an alternative to US-led Budapest Convention. India voted favor of this resolution.
However, the current international law is not an adequate regime for cyberspace. Cybersecurity poses a bigger threat than any other spectrum of technology. While technology enhances a man’s life in almost all the aspects whether it be the health care, transport, communication, smart cities etc. With technology protocols, still being developed and evolving at a gradual pace, it is very difficult to avoid such cyber-attacks.
Cyber threats are never static. There are millions being created every year. The notorious Sony Pictures hack is an example of an Advanced Persistent Threats (APT).
Many cyber threats are brought and sod on dark web. Dark web is disorganized but widespread criminal segment of the internet. Some cyber attacks through the use of VPN.
The complexities and challenges of international law on cyberspace are increasingly deprived by a recent trend on digital sovereignty promotions.
China and Russia cyber alliance on digital sovereignty becomes the major precursor of digital sovereignty as both countries actively promote such an idea in order to protect their national interests which mostly are related to economy and security concerns. Both countries demands greater control of their own cyberspace underpinning the principle of non-interference in multiple global internet governance such as ITU, ICANN, IANA, and internet governance forum. Yet, international customary law requires reified practices and solidified legal instruments performed at the national level.
Existing International treaties to regulate Cyber Warfare
There are various laws regarding International Aviation Law, Sea Law, Arms control treaties but it somewhere lacks in cyber law. In 2001, Council of European Convention had suggested to make a particular framework to combat Cyber Law. However, many big industrialized countries didn’t adopt to fully restrict cyber-crimes.
There is NATO accredited military organizations i.e. NATO Cooperative Cyber Defense Centre of Excellence which deals with matters regarding cybersecurity. Its main aim is to deal with cyber security cases and promote international cooperation.
The United Nations also adopted a convention against transnational crime. UN directed state to cooperate with this convention and adopt framework for extradition. It also emphasizes to make law against organized criminal groups. However, this convention is not successful as it expected. The main reason is that many countries cannot ratify this convention due to various conflicts.
The European Union Committee of the UK proposed for the creation of Computer Emergency Response Teams. It is abbreviated as CERTs. It aims to examine and give suggestion pertaining to cyber security and thus European Union works as the protective power.
The United Nations adopted a resolution in 2010 regarding the creation of a global culture of cyber security. It emphasizes to protect critical infrastructure and information which is an essence for a global cyber security.
Exploitation in Cyberspace and International Law
The National Institute of Standards and Technology defines the terms ‘vulnerability’. It means weakness in an information system, system security procedures, implementation that could be exploited or internal controls triggered by threats source. TrendMicro, a cybersecurity firms defines the word ‘exploit’ in computer that it is a code that take advantages of software vulnerability or a security flaw.
Herb Lin defines ‘cyber exploitation’ as a cyber offensive action conducted for the purpose of obtaining information. Concerns about the negative impacts of exploitation understood in this manner are reflected in international law and environmental law. The term ‘exploitation’ is very unique in the context of cyber warfare. Generally, this term is used in the context of children and women. However, it used in cyber warfare. Pejorative exploitation is widely used in any context. It simply means having control over another.
Recent occurrences of cyber attack
Channel Nine- It is an Australian broadcaster and was hit by cyber attack on March 28, 2021. Due to this attack channel was unable to render the news bulletin on Sunday and several other shows were also affected. The headquarters, at Sydney was unable to access to access internet and hence business and publishing tools were also down. Initially, the channel claimed that it was due to technical difficulties but was later confirmed as cyber attack.
Harris Federation- It is Landon based federation and was hit by ransomware attack in March, 2021. Due to this, the federation was forced to disable devices and email along with 50 secondary and primary academics managed by it. It was reported that 37,000 students were affected.
CNA Financial- It is one of the biggest cyber insurance firms at USA and suffered attack on March 21, 2021. The firm was forced to shut down for three days to prevent any further compromise. The customers and employees were primary victim. A new version of the Phoenix Crypto Locker was utilized and it is a form of ransomware.
Florida Water System- The cyber attackers made an attempt to poison the water supply at Florida. A bit of the plan was managed by increasing the amount of sodium hydroxide. The criminals breached Oldsmar’s computer system and the amount of sodium hydroxide increased from 100 parts per million to 11,100 parts per million.
Microsoft Exchange Mass Cyber Attack- This attack affected the people all over the globe, where the actors exploited four zero- day vulnerabilities in the exchange server. According to the report the nine government agencies and 60,000 private companies got affected alone in USA.
Airplane Manufacturer Bombardier- It is a popular Canadian plane manufacturer and suffered a data breach in February, 2021. The attack resulted, 130 employees to suffer which were located in Costa Rice.
Computer Maker Acer- It is global renowned computer giant. The Acer suffered ransomware attack and was asked to pay a ransom $50 Million. According to the report, a cyber criminal named REvil was the actor behind the attack. The criminals leaked the some pictures of stolen data.
University of Highlands and Islands- The attackers forced the university to close 13 colleges and also the research institutions for a day. The attack was made used Cobalt Strike which is simply a penetration testing toolkit used by the researchers of the security for reasonable purposes.
Sierra Wireless- It is the multinational IoT device manufacturer, which suffered cyber attack on March 20, 2021. The manufacturers and IT systems had to take a break.
Accellion Supply Chain Attack- It is security software provider, suffered attack and the main target was its file transfer named FTA. Many clients and organization including grocery giant Kroger, telecom industry leader Singtel, the university of Colorado, cyber security and Australian Securities and Investment Commission were the victims. A lot of data was stolen from various other companies too.
Challenges to overcome in combating cyber security
The main or most challenging task in cyber warfare that needs to be addressed is the determination of the original identity of the attacker since cyber space allows for the anonymity of the individual. Although, there is many international statute might be successful in the combating of all the cyber-attacks. But there is a need to identify the intruder. In this virtual world, it is very uneasy to trace the real geographical locations or the identity of intruder.
If one has identified as a attacker, there is another challenges in determining the legal proceeding or jurisdictions against the attackers. There is no any concrete framework for the cyber space.
Another challenge is arbitration of cyber crime and how it entices the cyber criminals. International arbitration has many drawbacks as it include sensitive and personal details of the parties if leaked can create havoc or defame the parties. However, now the proceeding not necessarily to be held in the same jurisdiction, it may be held through virtually. This is also not a safe that transferring data to cross-border for proceeding. In this regard, there is a scope for attacker’s countries to immune his guilty citizen. Jurisdiction is the most fundamental issues in cyber space.
Cyber space is dynamic. It is very challenging to implement International law that seeks to address cyber-crimes. The technology advancement is directly proportional to the cyber security in the recent world. Although many countries in the world have signed treaties and implanted law in combating cyber-attacks but it is not very sufficient due to the geographical differences and morality factors that differ in each place. What could be illegal in one country might be legal in another country. So, it is very difficult to agree all countries to ratify treaties pertaining to cyber space.
It is necessary to implement strategic law to fully combat cyber-attacks and gives a new direction in prospering a nation. It needs a common understanding of nations to develop how International law applies.
Hence, it is also necessary to aware people to illegal usage of websites and pages and also teaches them about phishing, malwares and certain viruses which harms their private data.
2nd Year BA LLB (Hons.)
Central University of South Bihar, Gaya