' ' - ' ' - NotaBene.ru
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Editorial collegium > Peer-review process > Policy of publication. Aims & Scope. > Article retraction > Ethics > Online First Pre-Publication > Copyright & Licensing Policy > Digital archiving policy > Open Access Policy > Article Processing Charge > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

MAIN PAGE > Back to contents
International Law
Reference:

The Problem of Defining a Cyber Attack

Shinkaretskaya Galina Georgievna

Doctor of Law

Chief Scientific Associate, Institute of State and Law of the Russian Academy of Sciences

119019, Russia, g. Moscow, ul. Znamenka, 10

gshinkaretskaya@yandex.ru
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2023.2.40051

EDN:

NYDJJZ

Received:

25-03-2023


Published:

08-04-2023


Abstract: The author discusses problematic aspects in terms of developing a definition of a cyber attack. It is noted that such illegal actions capable of disabling nuclear centrifuges, air defense systems and electrical networks, etc., undoubtedly pose a serious threat to national security. In fact, in their destructive power, cyber attacks are approaching armed action. There are no treaties or other normative documents in international law that can regulate international cooperation in the prevention and limitation of cyber attacks. A new comprehensive legal framework, both at the domestic and international levels, is needed to counter cyberattacks more effectively. The importance of using theoretical and legal developments in the field of information security in law-making activities is fixed. International efforts to regulate cyberattacks should begin with an agreement on the definition of cyberattack, cybercrime and cyberwarfare. This would lay the foundation for expanding international cooperation in the field of information exchange, evidence collection and criminal prosecution of persons involved in cyber attacks, and more importantly, for a new international legal act on cyber attacks. The author presents some recommendations for further improvement of legal measures to counteract epistemological wars.


Keywords:

cyber attacks, information systems, cyber technology, cybercrime, prevention of cyber attacks, national security, computer networks, Internet, information law, international legal regulation

This article is automatically translated. You can find original text of the article here.

The XXI century has opened a new page in international crime, namely, hacker attacks have become almost an everyday phenomenon, first as a means of robbing accounts and accounts of citizens, and then as a means of hostile influence on the computer networks of one state from another in order to make changes, destroy or damage them. There is evidence that approximately more than thirty countries have the appropriate capabilities [25, p. 1023]. Since modern management systems of any state in transport, energy, healthcare, etc. always include computer networks, a hacker attack on such networks becomes extremely malicious [14, p. 35].

Attacks on computer systems have been attempted many times in our century; the most notable in scale and demonstrativeness was the attack on Iran's centrifuges in 2010, which is attributed to Israel [26]. The instrument of this attack was the so-called Stuxnet computer worm". A few months later, the entire population of Burma was disconnected from the Internet before the first national elections in the country in twenty years [18]. Nowadays, many attacks directed directly against States or their bodies are recorded annually.

Unfortunately, international cooperation in the field of countering cyberattacks is hampered by absolutely insufficient international legal regulation. Achieving the organizational and legal regime of information security is a difficult task [11, p. 45; 17, p. 36-37; 16, p. 11]. At the same time, it should be understood that threats to information security are the flip side of the use of information technologies [15, p. 129].

To date, there are almost no relevant legal norms in international law that would contribute to countering cyber attacks on the Internet. One of the difficulties is the lack of an agreed definition of a cyberattack, which makes it difficult for specialists from different countries to come to some common recommendations. The new concepts and terms do not have a clear correspondence in different languages and are translated so far only approximately: "cyber attacks" and "cyber war" ("cyberattacks cyber attacks" and "cyber-tactical" or "computer wars"). The unfriendly actions they denote against computer control systems are often called "information attacks" ("information attacks") or "information wars" ("information wars").

Meanwhile, the presence of a limited and verified object of regulation in any branch of law is an indispensable condition for its effectiveness.

So far, only some doctrinal proposals can be considered. One of the most frequently cited definitions was made by the American international security specialist Richard Clark: "The actions of one state to infiltrate computers or networks of another country in order to cause damage or violation" [19, p. 6]. Former CIA Director Michael Hayden spoke of cyberwarfare as a deliberate attempt to disable or destroy another country's computer networks [22]. However, these definitions do not distinguish between cybercrime, cyberattack and cyberwar, so they may be applied too widely.

The first official definition of a cyberattack was given in 2011 in the Handbook of Cyber Operations by the US Department of Defense: these are operations in which "electronic means are involved to gain access to information or make changes to information contained in an information system that is chosen to influence, without destroying its physical components" [21, p. 5]. In this definition, the purpose of the attack is to affect only critical systems.

A broader approach was adopted by the Shanghai Cooperation Organization, which expressed "concern about the threats associated with the possible use of new information and communication technologies and means for purposes incompatible with ensuring international security and stability in both the civil and military spheres" [7]. "Information war" is defined in the Agreement as a confrontation between two or more states in the information space with the aim of damaging information systems, processes and resources, critical and other structures, undermining political, economic and social systems, massive psychological processing of the population to destabilize society and the state, as well as forcing the state to make decisions in in the interests of the opposing side." Moreover, it defines one of the main threats to information security as the dissemination of information that harms "socio-political, social and economic systems, as well as spiritual, moral and cultural spheres of other states" [7].

Thus, the Shanghai Cooperation Organization considers it necessary to take a broad approach to the concept of cyberattack, which covers the use of cyber technologies to undermine political stability. However, some authors expressed concern that such an approach could lead to the justification of political censorship on the Internet [23]. Obviously, such concerns are based on the experience of efforts to suppress political organizations using new media in Iran, Egypt and other countries.

Let's try to analyze the individual elements that can make up the desired definition.

The term "cyberattack" implies the requirement of active behavior: either an attack or an active defense. Both active and passive defensive measures can be used for defense, but passive defense cannot constitute a cyber attack.

An attack can be carried out with the help of any action hacking, bombing, cuts, infection, and so on but to be a cyber attack, it must be aimed at undermining or disrupting the functioning of a computer network. The actions of the armed forces can be classified based on the means of attack. For example, warfare can be classified as kinetic (conventional, physical) warfare, biological warfare, chemical warfare, nuclear warfare, intelligence-based warfare, network warfare, or guerrilla warfare.

The actions of the armed forces are also determined by their purpose, for example, let's call information warfare, psychological warfare, electronic warfare and economic warfare.

Identifying a cyberattack by target is of paramount importance for two reasons. First, and most importantly, this type of definition is simply more intuitive. Using a computer network in one of the US states to control an unmanned aerial vehicle to attack a ground unit in Pakistan is not a cyber attack; rather, it is a technologically advanced conventional war. On the other hand, the use of conventional explosives to break underwater network cables that transmit information packets between continents is a cyberattack [10].

Secondly, the practice of managing the armed forces of states has shown the logic of allocating cyber forces: in addition to the traditionally existing naval, air and land forces, cyber forces have been created in states designed to operate in cyberspace [27].

An important part of the definition of a cyberattack is also its purpose - disruption of the functioning of a computer network. This can be achieved by various means: so-called worms, viruses, "Trojan Horses" are used. As a result of the attack, the operation of the computer's operating system may be disrupted, leading to network failures; or the operating system will be intact, but the accuracy of the information it processes is compromised, it will be perceived as working correctly, but it will generate incorrect responses.

The cyberattack is aimed at a computer network, that is, a system of computers and other devices connected by communication channels. Often this connection is made over the Internet, but there are also many closed networks, such as secure networks used by government agencies. It is important to keep in mind that computer networks are everywhere; they control elevators and traffic lights, regulate the pressure in water supply networks and are widely used in household appliances such as mobile phones, televisions and even washing machines. This situation creates the danger of widespread damage from a cyberattack in almost all spheres of human activity.

A cyberattack differs from an ordinary criminal cybercrime, as a rule, by the presence of a political goal or the goal of harming national security. Any aggressive action taken on behalf of the state in cyberspace necessarily affects national security and, therefore, is a cyber attack, regardless of whether it reaches the level of cyber warfare or not. A cybercrime committed by a non-State actor for political or national security purposes is also a cyberattack. On the other hand, cybercrime that is not committed for political reasons or for the purpose of violating national security, like most cases of Internet fraud, identity theft and intellectual property piracy, does not correspond to this last element of cyberattack and, therefore, is a simple cybercrime.

Due to the low cost and difficulty of attributing an act that prima facie has signs of a cyber attack, it is necessary to highlight such a sign of a political cyber attack as its public-legal nature. Since non-State actors may commit or may be victims of cyberattacks, it is the target, not the subject, that should distinguish a cyberattack from a simple cybercrime. Cybercrime is a broad concept that is analytically distinct from a cyberattack. Although, as in the case of the concept of cyberattack, there is no generally accepted definition of cybercrime, there is recognition of some elements of cybercrime. In particular, cybercrime is usually understood as the use of computer tools to commit an illegal act. Cybercrime is most often defined as any crime committed or committed using a computer, network or other technical device [20]. This means that cybercrime, unlike a cyberattack, is determined by its means, that is, a computer system and covers a very wide range of illegal actions. These usually include fraud on the Internet, Internet piracy, storage and distribution of child pornography on a computer and computer hacking. At the same time, the computer network remains intact, and the goal is not of a political nature. Finally, like all crimes, cybercrimes are usually understood as being committed by individuals and not on behalf of the State. An act is a cybercrime only when a non-State actor commits an act that qualifies as a criminal offense under domestic or international law.

At the moment of a cyber event, it often does not immediately become obvious what kind of phenomenon we are dealing with, and this makes it difficult to respond immediately.

The current Russian legislation [8; 9] does not yet separate cybercrimes from cyberattacks, or rather, all provisions regarding illegal acts using information technology relate to cybercrimes [12, p. 25].

It is widely believed in the doctrine of international law that international humanitarian law can be applied to cyber attacks without distinguishing cyber attacks as a special subject of regulation [13, pp. 421-430].

Indeed, there are no special rules regarding computer attacks in the current laws and customs of war. But this does not cancel the actions of international humanitarian law. The remarkable Russian scientist F.F. Martens proposed to apply in such cases the norm, which was called the "Martens clause": the absence of a contractual provision clearly prohibiting any particular behavior during an armed conflict does not mean that international law resolves it. This now generally recognized norm is included in the preamble The Hague Convention of 1899 "On the Laws and Customs of Land Warfare" and then appeared in a number of documents of international humanitarian law, including the Geneva Conventions of 1949. [1; 3; 4; 5; 6] and developed in Additional Protocol I to the Geneva Conventions: "In cases not provided for by this Protocol or other international agreements, civilians and combatants are protected and subject to the principles of international law arising from established customs, from the principles of humanity and from the requirements of public consciousness" (Article 1.2) [2]. In addition, Article 36 of the same Protocol obliges the States Parties, when studying, developing, acquiring or adopting new types of weapons, means or methods of warfare, to determine whether their use, in some or all circumstances, falls under the prohibitions contained in the Protocol or in any other norms of international law., used by them [2].

Thus, we can conclude that international humanitarian law applies to computer attacks, but the subject of regulation is not clearly defined.This opinion, in general, prevails in the scientific literature [24, p. 1149]. At the same time, until the early 2000s, it seemed sufficient to apply international humanitarian law by analogy.

Currently, taking into account the growing number and diversity of computer network users, including those carrying out hacker attacks; bearing in mind the potentially growing destructive power of cyber attacks, it is becoming increasingly necessary to adopt international regulatory documents in the field of preventing and suppressing cyber attacks. The formulation of the concept and definition of a cyber attack can be the first step towards the development of a coherent regulation.

References
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.

First Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The subject of the research in the article submitted for review is, as its name implies, "The problem of developing a definition of a cyber attack." The title of the work needs to be clarified ("The problem of defining the concept of "cyberattack", "The problem of defining the concept of "cyberattack", "Basic theoretical approaches to defining the concept of "cyberattack", etc.). Despite the fact that the word "cyberattack" is often written with a hyphen on the Internet, according to the current norms of the Russian language this word is written together. The stated boundaries of the study are fully respected by the author. The methodology of the research is not disclosed in the text of the article, but it is obvious that the scientists used universal dialectical, logical, formal-legal, comparative-legal, hermeneutic research methods. The relevance of the research topic chosen by the author is beyond doubt and is justified by him as follows: "Since modern management systems of any state in transport, energy, healthcare, etc. always include computer networks, a hacker attack on such networks becomes extremely malicious [13, p. 35]." In addition, "Unfortunately, international cooperation in the field of countering cyber attacks is hampered by completely insufficient international legal regulation." One should agree with the scientist that "One of the difficulties is the lack of a consistent definition of a cyber attack, which makes it difficult for specialists from different countries to come to some common recommendations." The author does not directly say what the scientific novelty of the study is. In fact, it could have manifested itself in the original definitions of the concepts "cyberattack", "cybercrime", "cybercrime" proposed by the scientist, but for some reason this was not done. The author highlights some essential features of the concepts under study, but the researcher stopped there. Thus, in this form, the article submitted for review does not make a special contribution to the development of the sciences of information law and public international law. The scientific style of the research is fully sustained by the author. The structure of the work is quite logical. In the introductory part of the article, the author substantiates the relevance of the chosen research topic. In the main part of the work, the scientist examines the theoretical approaches proposed in modern scientific literature to the definition of the concept of "cyberattack", makes an attempt to distinguish it from the concepts of "cybercrime" and "cybercrime". The final part of the article contains conclusions based on the results of the study. The content of the work corresponds to its title, but is not without some drawbacks. Thus, the author writes: "One of the most frequently cited definitions was made by the American international security specialist Richard Clark: "The actions of one state to penetrate computers or networks of another country in order to cause damage or violation" [16, p. 6]. Former CIA Director Michael Hayden spoke of cyberwarfare as a deliberate attempt to disable or destroy another country's computer networks.[8] However, these definitions do not distinguish between cybercrime, cyberattack, and cyberwarfare, so they may be applied too broadly." The scientist needs to highlight other shortcomings of the definitions given by him as examples (at least, this is an incompleteness of the identification of essential features). The scientist notes: "The first official definition of a cyber attack was given in 2011 in the Handbook of Cyber Operations by the US Department of Defense: these are operations that involve "electronic means to gain access to information or make changes to information contained in an information system that is targeted without destroying its physical components" [18; 19]. In this definition, the purpose of an attack is to affect only critical systems." It should be added that this definition does not indicate the negative nature of the purpose of the cyber attack. In general, a critical analysis of the theoretical approaches proposed in the literature to the definition of the concept of "cyberattack" should be carried out more carefully. The author writes: "However, some authors expressed concern that such an approach could lead to the justification of political censorship on the Internet [20]. Obviously, such concerns are based on the experience of efforts to suppress political organizations using new media in Iran, Egypt and other countries." The scientist does not express his point of view on this controversial issue, and this would be quite logical. At the end of the main part of the article, the author needed to offer his original definitions of the concepts of "cyberattack", "cybercrime", "cybercrime", but for some reason this was not done. Meanwhile, this is exactly where the scientific novelty of the work could manifest itself. The bibliography of the research is presented by 24 sources (international documents, normative legal acts, monographs, scientific articles, analytical materials, including in English). This is sufficient both from a formal and factual point of view, but some provisions of the work need to be clarified and the author's argumentation strengthened. There is an appeal to opponents, both general and private (R. Clark, M. Hayden, etc.) and it is quite sufficient. The scientific discussion is conducted correctly by the author, but his positions on controversial issues are not always sufficiently justified, as has been pointed out repeatedly. There are conclusions based on the results of the study, but they are general in nature and do not have the property of scientific novelty ("Thus, until the early 2000s, it seemed sufficient to apply international humanitarian law by analogy. Currently, given the growing number and diversity of computer network users, including those carrying out hacker attacks; bearing in mind the potentially growing destructive power of cyber attacks, it is becoming increasingly necessary to adopt international regulatory documents in the field of preventing and suppressing cyber attacks. The formulation of the concept and definition of a cyber attack can be the first step towards the development of coordinated regulation"), and therefore need to be clarified and specified. The conclusions should reflect all the scientific achievements of the author on the issues he studies. The article was not read by the scientist. It contains typos, spelling, punctuation, syntactic, and stylistic errors. The interest of the readership in the article submitted for review can be shown primarily by specialists in the field of information law and public international law, provided that it is substantially improved: clarifying the title of the work and its individual provisions, disclosing the research methodology, introducing the necessary elements of scientific novelty, supplementing and specifying conclusions based on the results of the study, eliminating violations in the design jobs.

Second Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "The problem of defining a cyberattack". The subject of the study. The article proposed for review is devoted to the problems of "... developing a definition of a cyberattack." The author has chosen a special subject of research: the proposed issues are investigated from the point of view of international law, international humanitarian law, information law, while the author notes that "... hacker attacks have become a daily phenomenon, first as a means of robbing accounts and accounts of citizens, and then as a means of hostile influence on computer networks of one state from another with the purpose is to make changes, destroy or damage them." NPAs, conventions, and agreements relevant to the purpose of the study are being studied. A large volume of Russian and foreign (in English) scientific literature on the stated issues is also studied and summarized, analysis and discussion with these opposing authors are present. At the same time, the author notes: "... international cooperation in the field of countering cyber attacks is hampered by completely insufficient international legal regulation." Research methodology. The purpose of the study is determined by the title and content of the work: "... the presence of a limited and verified object of regulation in any branch of law is an indispensable condition for its effectiveness", "... The Shanghai Cooperation Organization considers it necessary to demonstrate a broad approach to the concept of cyberattack, which covers the use of cyber technologies to undermine political stability", "The term "cyberattack" implies the requirement of active behavior: either an attack or an active defense. Both active and passive defensive measures can be used for protection, but passive defense cannot constitute a cyber attack." They can be designated as the consideration and resolution of certain problematic aspects related to the above-mentioned issues and the use of certain experience. Based on the set goals and objectives, the author has chosen a certain methodological basis for the study. The author uses a set of private scientific, special legal methods of cognition. In particular, the methods of analysis and synthesis made it possible to generalize approaches to the proposed topic and influenced the author's conclusions. The most important role was played by special legal methods. In particular, the author used formal legal and comparative legal methods, which made it possible to analyze and interpret the norms of acts of Russian and international legislation and compare various documents. In particular, the following conclusions are drawn: "Any aggressive action taken on behalf of the state in cyberspace necessarily affects national security and, therefore, is a cyber attack, regardless of whether it reaches the level of cyber warfare or not. A cybercrime committed by a non-State actor for political or national security purposes is also a cyberattack," etc. Thus, the methodology chosen by the author is fully adequate to the purpose of the article, allows you to study many aspects of the topic. The relevance of the stated issues is beyond doubt. This topic is important in the world and in Russia, from a legal point of view, the work proposed by the author can be considered relevant, namely, he notes "... there are almost no relevant legal norms in international law that would contribute to countering cyber attacks on the Internet. One of the difficulties is the lack of an agreed definition of a cyberattack, which makes it difficult for specialists from different countries to come up with some common recommendations." And in fact, an analysis of the opponents' work should follow here, and it follows and the author shows the ability to master the material. Thus, scientific research in the proposed field is only to be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. It is expressed in the specific scientific conclusions of the author. Among them, for example, is this: "... it is necessary to highlight such a sign of a political cyber attack as its public-legal nature." As can be seen, these and other "theoretical" conclusions can be used in further research. Thus, the materials of the article as presented may be of interest to the scientific community. Style, structure, content. The subject of the article corresponds to the specialization of the journal "International Law", as it is devoted to the problems of "... developing a definition of a cyberattack." The article contains an analysis of the opponents' scientific works, so the author notes that a question close to this topic has already been raised and the author uses their materials, discusses with opponents. The content of the article corresponds to the title, since the author considered the stated problems and achieved the goal of his research. The quality of the presentation of the study and its results should be recognized as improved. The subject, objectives, methodology, research results, and scientific novelty directly follow from the text of the article. The design of the work meets the requirements for this kind of work. No significant violations of these requirements were found, except for descriptions of "infection" (infection), "operational work" (operation room work), "combatants are fighting", etc. The bibliography is quite complete, contains publications, NPAs, conventions, agreements to which the author refers. This allows the author to correctly identify problems and put them up for discussion. The quality of the literature presented and used should be highly appreciated. The presence of scientific literature showed the validity of the author's conclusions and influenced the author's conclusions. The works of these authors correspond to the research topic, have a sign of sufficiency, and contribute to the disclosure of many aspects of the topic. Appeal to opponents. The author conducted a serious analysis of the current state of the problem under study. The author describes the opponents' different points of view on the problem, argues for a more correct position in his opinion, based on the work of opponents, and offers solutions to problems. Conclusions, the interest of the readership. The conclusions are logical, concrete "... given the growing number and diversity of computer network users, including those carrying out hacker attacks; bearing in mind the potentially growing destructive power of cyber attacks, it is becoming increasingly necessary to adopt international regulatory documents in the field of preventing and suppressing cyber attacks. The formulation of the concept and definition of a cyber attack can be the first step towards the development of coordinated regulation," etc. The article in this form may be of interest to the readership in terms of the systematic positions of the author in relation to the issues stated in the article. Based on the above, summing up all the positive and negative sides of the article, I recommend publishing it, taking into account the correction of grammatical descriptions.
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.