International cyber security challenges

I. Duić*, V. Cvrtila**, T. Ivanjko***

*Croatian Radiotelevision, Zagreb, Croatia
** University of Applied Sciences Vern, Zagreb, Croatia
***Faculty of Humanities and Social Sciences/Information and Communication Sciences, Zagreb, Croatia
[email protected]

Summary - The opportunities provided by the information the principles of a review and professional research paper,
and communications technology, with a special emphasis on this paper aims to show cyberspace, in terms of security
the Internet, have become an integral part of life. However, challenges, as a dimension in which international relations
are we sufficiently aware and prepared as individuals, unfold. It is necessary to distinguish the main subjects of
nations or the international community for the threats the international cyber security environment, analyze their
coming from cyberspace or for the denial of the use of that intentions and set a paradigm of the multipolarity of
dimension of communication, commerce and even warfare? cyberspace and analyze its uniqueness and principles.
Namely, despite the growing number of users, the Internet is
still beyond or below minimum regulation. Those are NATO's Strategic Concept, adopted at the end of 2010
precisely the conditions for the organization and realization at the Lisbon summit, determines that cyber-attacks have
of hostile action in cyberspace. There are security issues become more frequent, more organized and more
within the cyberspace that represent a security risk and expensive, causing damage to the government
challenge of modern times. administration, the business sector, economies, and
potentially to the transport and supply. It also states that
The development and application of the information and cyber-attacks can reach the level that threatens the
communications technology has created a new battleground. national and Euro-Atlantic prosperity, security, and
As a special challenge to international security, cyber
stability. Foreign military and intelligence services,
terrorism arises. Cyber security will significantly affect
international relations in the 21st century. This paper gives
organized criminals, terrorists and extremist groups are the
an overview of the concepts and principles of cyber threats potential sources of such attacks. What is also emphasized
that affect the safety and security in an international in the conclusions of the Lisbon summit is the need to
context. further develop the skills of prevention, recognition,
defense and recovery from cyber-attacks, including the
Keywords: cyberspace, cyber-attack, cyber terrorism and use of the NATO planning process for the advancement
crime, international security. and coordination of the national abilities of cyber
protection, assembling all NATO bodies under a
centralized cyber protection, and a better integration of the
I. INTRODUCTION NATO cyber awareness, warnings and common response
of the member states [1].
Cyber warfare and terrorism do not know borders. It should be borne in mind that the rapid development
Action in cyberspace requires the rejection of the common and adoption of technologies through their use in
assumptions related to time and space because such everyday life opens up many opportunities for the
attacks, by means of modern information and attackers, whether they are in the form of states, terrorists
communications networks, can be performed from or criminals, because they are always at an advantage in
anywhere in a very short time. The processes of cyberspace. We can therefore conclude that, a new
globalization did not have the impact only on the concept of cyber security in which prevention represents a
achievements of civilization, but also on the development significant portion is being created.
of new threats to the civilization. It is a fact that terrorism
and national threats changed under the influence of the The initial hypothesis is that cyberspace is a growing
globalization process and the Internet information security risk and challenge of modern times. Moreover,
revolution. Strategic advantage no longer lies in the cyber security will significantly affect international
fighting power or geographical location, but in the relations in the 21st century, while the threats and
information and knowledge. International cooperation and challenges will exponentially increase.
intelligence sharing are essential for an effective
The goal of this paper is the synthesis and analysis of
prevention of cyber threats. Even though cyber threats
knowledge based on a review of recent literature and
have in the recent years been specifically emphasized in
professional and scientific articles that problematize the
the modern military doctrines of great powers and NATO,
challenges of international security in cyberspace. The
they are still shrouded in secrecy. scientific work seeks to show cyberspace as an operational
The purpose of this paper is to draw attention to cyber dimension of international relations in terms of the cyber
threats, which endanger the safety of modern states, security challenges. With the systematization of the cyber
organizations and international relations. By combining warfare strategy and the very methods of attack, links with

MIPRO 2017/ISS 1525

 the planned action will be set up through the application of • the first phase of the attack is the scouting of
technical, computing and network systems. potential victims. By observing the implementation of the
normal operations of targets, useful information that are
II. INTERNATIONAL CYBER SECURITY accumulated and determined through the used applications
and hardware;
The cyber domain has a great influence on the • the second phase of the attack is intrusion. Until
transformation of the international security and the very the attacker gets into the system, there is not much that
concept of security. Many authors highlight the necessity can be done against the target apart from disrupting the
of the duly understanding and setting up of cyber availability or access to certain services provided by the
doctrines. target;
The new, cyber dimension of international relations is • the next phase is the identification and
a major challenge for the theories of the preservation of dissemination of internal opportunities by examining the
power and intimidation. Cyber threats are serious, resources and the right to access the restricted and
destabilizing and on the increase. The theories and important parts of the system;
strategies of intimidation designed and implemented • in the fourth phase the intruder does damage to
during the Cold War cannot be implemented in the cyber the system or steals certain data;
domain. Many scientists are working on the understanding
of the cyber revolution in international relations. Furthermore, they indicate that today cyber-attacks
Authorities have also taken certain steps in cooperation, consist primarily of:
especially in the area of crime and the establishment of • malware via attachments in the Internet browser,
CERTs (Computer Emergency Response Teams) [2]. e-mail or other system vulnerabilities;
Tatalović, Grizold and Cvrtila write that the processes of
internationalization and globalization have brought a • denial of service (DoS) to prevent the use of
greater cohesion and efforts for a unified regulation of the computer systems and networks;
world order, more than it was in the system of sovereign
states during the Cold War. This is reflected in the core of • deletion or transformation (leaving a message) to
the states' security policies. In that context, a new concept government and commercial websites for propaganda
– human security concept – emerged in theory and purposes or in order to disrupt the informing;
political practice. In contrast to the traditional concept of • unauthorized intrusion into systems for the theft
national security, it primarily emphasizes the security of of confidential and/or proprietary information,
an individual, not the state [3]. Lin theorizes [4] about compromising of data or using the system in order to
cyber security. The concept of intimidation was the basic launch attacks against other systems.
idea of the nuclear strategy. However, the question is
whether the dissemination of the principles of intimidation In such circumstances of transformation and different
on cyberspace is a viable strategy. Even though nuclear views and understandings of security in general and
and cyber weapons share a key feature – the superiority of international security, cyber threats certainly redefine
the attack in comparison with the defense – they differ in those terms. In line with the efforts to ensure security on
many ways. Only a few countries possess nuclear one hand and specificities of cyber threats and motives of
weapons and the number of possible enemies is limited, as the actors who initiate them on the other, it will be
is then the application of intimidation. The situation is necessary to set up a new international security paradigm
completely different when it comes to cyberspace. Unlike of the cyber age.
nuclear weapons, each state has access to cyber
“weapons“, and such attacks cannot be firmly linked to
state action. The protection of national infrastructure
III. MULTIPOLARITY OF CYBERSPACE
against attack could become another common interest of
states. Experts and analysts estimate that the efforts of
Russia and China to dominate cyberspace have over the The USA, Russia and China are nations known for
past few years intensified so much that any delay in this their skilled military cyber units. In addition to the
area could present a big problem for the modern West. aforementioned states, France and Israel are working on
the development of cyber capabilities. American
Cyber-attack, whether it happens as a conflict between intelligence officers believe that there are 20 to 30 armies
states, a terrorist or a criminal act, is an attack in with respectful capabilities for cyber-war, including
cyberspace with the aim of compromising a computer Taiwan, Iran, Australia, South Korea, India, Pakistan and
system or network, but also of compromising physical several NATO countries. The United States Cyber
systems as it was the case with the Stuxnet worm. In Command, along with the agencies they work with, has
layman's, popular terms, most often mentioned in the some of the most intelligent, patriotic-minded civil
media, it is called a hacker attack. Identical methods of a servants, both military and civilian, who create plans and
hacker attack are applied for both military and terrorist capabilities for the domination in cyberspace with the goal
purposes. of preserving the national security and peace [9].
Janczewski and Colarik [5] divided cyber-attacks into Strategic domination in cyberspace has not yet been
phases, which they consider to be basically the same as
achieved by any of the entities of international relations.
the phases of conventional criminal offenses:
That is undoubtedly the goal of many nations such as the

1526 MIPRO 2017/ISS

 USA, China and Russia. However, as much as they might They further explain why the USA, according to the
invest in their defense system and offensive capabilities, assessment, is not the dominant power of cyberspace. If
the system of power has not been set up. As opposed to the total national cyber power was observed only on the
the bloc division of the world into two centers of power basis of the offensive capabilities, the USA would occupy
during the Cold War, intimidation based on offensive the first place. However, the outcome of a cyber-war does
capabilities is not crucial in cyberspace and there are not depend only on the offensive capabilities. The
many centers of power. The strength of those nations will important part is the dependence of a nation on the
mostly depend on the possibility of establishing an systems in cyberspace. Unlike the USA, China is
adequate defense system which is also influenced by their developing its offensive cyber capabilities, but it is also
dependence on the information infrastructure. The oriented on the defense. Cyber warriors of the Chinese
dependence on information infrastructure is in correlation military have both offensive and defensive tasks in
with the level of vulnerability of the economically and cyberspace and in contrast to the military of the USA,
militarily developed digitized countries. when talking about the defense, they also refer to the
defense of the nation, i.e. the civil networks, not just the
Due to the specificity of cyberspace, especially the military networks. In China, the networks that make up
asymmetry with the actual time and space and the their Internet infrastructure are under the control of the
geostrategic factors, a new security challenge that government. The Chinese government has the power and
requires new military concepts is put before states and means to shut down the Chinese portion of the Internet
organizations. Namely, it is necessary to develop specific from the rest of the world, which it would very likely do
defense doctrines, but also offensive plans for action in in case of a conflict with the USA. On the other hand, the
cyberspace. USA has no plans or the capacity to do so, because their
cyber connections are largely privately owned. China
The dependence on networked computers and may limit the use of cyberspace in a crisis, refusing
computer communication leaves the USA vulnerable to access to certain users. The USA cannot do it. North
possible attacks, which made the cyber world a major Korea has high scores when it comes to the defense and
source of uncertainty [6]. The vulnerability to attacks and low dependence on the network infrastructure. Namely,
the possibility of action is defined by Clarke and Knake that country may terminate its limited connections with
[8] as the national cyber power. They state that the cyberspace in an easier and more effective way than
national cyber power is the net estimate of the ability of a China. North Korea has few systems that are dependent
nation to wage a cyber-war. National cyber power takes on cyberspace that a large cyber-attack on its systems
into account three factors: offensive cyber capabilities, would have a minimal effect. The authors warn that one
national dependency on cyber networks and the nation's should bear in mind that cyber dependency is not the
ability to control and defend its own cyberspace by percentage of households with a broadband connection or
implementing measures such as stopping the traffic the number of people who have smartphones, but the
outside the state. Based on these three factors, the authors degree to which the critical infrastructure (electricity,
provide an assessment of the overall cyber power of the railways, supply chains) dependent on the network
United States, Russia, China, Iran and North Korea. To systems. Thus, a state which is largely dependent on the
facilitate the comparison and analysis, the results of the systems in cyberspace has greater challenges in the
assessment are systematized in the following table. The creation of a national cyber defense. This is why the USA
measurement scale goes from 1 to 10, with the smaller is more vulnerable to cyber-war than Russia or China. It
value representing a worse assessment and the higher is certainly more risky for the USA to engage in cyber-
value representing a better assessment. war than it is for a small country such as the North Korea.
With three large entities of international relations (the
USA, China and Russia) and the balance of power in
cyberspace, the overall cyber power of two states that
pose a threat to the world because of their totalitarianism
and nuclear problems has been analyzed. Clarke and
North Knake estimate that they do not have great offensive
Nation USA Russia China Iran
Korea capabilities, but have participated in the abuse of
cyberspace.
Offensive
8 7 5 4 2
capabilities The Iranian presidential election of 2009
Dependency sparked a huge public protest against election
on the fraud. Social media platforms, mostly the two most
2 5 4 5 9 popular, Twitter and Facebook, served for the
cyber
network organization, rebellion and spreading of anti-regime
news. The Iranian government responded by introducing
Defensive
capabilities
1 4 6 3 7 harsh police actions against the demonstrators, by
shutting down media channels, and disabling Internet
Table 1. Assessment of the national cyber power access within the country. Some members of the

MIPRO 2017/ISS 1527

 opposition launched DDoS attacks (distributed denial of and portraying the North Korean regime and its leader,
service) against the websites of the Iranian Kim Jong-Un, with sarcasm and mockery [10].
government. Due to the speed and ease of
communication, they used Twitter to organize and recruit
cyber activists. They also used it to exchange links on an IV. CONCLUSION
software that facilitated the inclusion of participants in
the DDoS attack [7]. It is clear from the available data The topic of the paper, cyber threats to international
that this is not an international, but intrastate security, stands out merely by its title as an interesting
conflict. This is by no means a cybercrime because the and challenging area of research. The explanation for it is
attackers were politically motivated. first and foremost that the area has not yet been
sufficiently explored, especially not in the Croatian
Because of its nuclear program, Iran was a target of an context. Due to the intensive development of
attack by the computer worm Stuxnet in June 2010. The international relations in cyberspace, conditioned and
worm was created to infect the industrial systems, and it supported by the speed of the development of
proved its danger by sabotaging the Iran's nuclear technologies and their implementation in the relations of
program. In addition to the Iran's nuclear program, it also states, organizations and individuals, this area will always
infected thousands of computers and industrial facilities be interesting and challenging. That conclusion arises
worldwide. The Stuxnet worm can hide in cyberspace for from the constant change of attitudes and technology. It is
a longer period. Analysts disclosed that the complex precisely that instability which indicates that from that
worm was written specifically for the breaching and specific, interdisciplinary field of research, in 5 or 10
taking control of the computer systems of Natanz nuclear years, it will be possible to draw some new conclusions,
facility in Iran. The worm takes very good care of itself and according to them, set some new paradigms and
for a longer period in cyberspace. Experts describe doctrines. Carr [7] states that cyber-warfare has been
Stuxnet as a sophisticated piece of software with half a present for about a decade, but that it is still not well
million program lines of code. For such a complex defined. There is no valid international agreement which
malware, it is necessary to have knowledge of the certain would establish a legal definition of an act of cyber
types of industrial control systems that are being attacked, aggression. In fact, the entire area of international cyber
and it seems that the code was written by an expert team, law is still unclear.
and not just one person [11]. Therefore, there was a
suspicion that it was done by American or Israeli The development and availability of information and
programmers. In an article published in the New York communications technologies and the ever-present
Times, Sanger [12] writes that the American President tensions between politically and ideologically different
Obama ordered the cyber-attack on Iran, i.e. on the states have conditioned the international relations in
centrifuges used for the uranium enrichment. cyberspace. Strategic domination in cyberspace has not
yet been achieved by any of the entities of international
North Korea, due to its poor technological development, relations. A large number of international entities
is not very dependent on the systems in cyberspace. That demonstrated their presence and willingness to act in
is also the reason behind the very good assessment of cyberspace. That demonstrates a multipolar dimension of
their defense capabilities. Even though it has no cyberspace in which it is very unlikely that domination or
developed offensive capabilities, it is obvious that it has bloc division will occur. The reasons lie in the mutual
recognized the importance of playing an active role in mistrust and fear of espionage in the case of linking the
cyberspace. In fact, in July 2009, a few dozen American defense systems. However, the nations that are the most
websites, including the website of the White House, were influential are the ones that are the most powerful,
under a DDoS attack (denial of service). The main economically and militarily, and at the same time are the
suspect was North Korea. That status was confirmed after most dependent of the cyber-infrastructure – the USA,
the attacks spread to South Korea. The South Korean Russia and China. NATO also plays an active role. We
media and government officials publicly accused its can conclude that in the recent years, a new concept of
northern neighbor, and the officials of the USA advocated cyber security that can be defined as a paradigm of the
a cyber-counterattack “in order to send a strong message" multipolarity of cyberspace is being created.
[7]. In November 2014. a group which calls itself GOP or
The Guardians Of Peace, hacked its way into Sony Most authors predict an escalation of conflicts and
Pictures and stole the data that included personal intelligence activities in cyberspace, which supports the
information about the Sony Pictures employees and their confirmation of the initial hypothesis of this paper. They
families, e-mails between the employees, information state that cyber-attacks are among the biggest threats to
about the executive salaries at the company, copies of the the international security. Unlike conventional conflicts,
then-unreleased Sony films, and other information [9]. such attacks will become increasingly common, and they
The purpose of the attack, attributed to North Korea, was could, as a conventional attack, cause large-scale
to deter Sony Pictures from releasing a movie which was destruction, even with fatal consequences. It is therefore
(correctly) understood as ridiculing that country’s dictator essential to establish an effective defense in which the
key role is that of prevention, international cooperation

1528 MIPRO 2017/ISS

 and the adoption of the internationally recognized, legally
binding norms.

Due to the increase in cyber-terrorism and crime, it is

necessary to organize systematic education and to
strengthen operational military, intelligence, police and
civil centers for the defense from cyber-attacks.

If we take into consideration all that has been stated in the

elaboration, and the confirmation of the initial hypothesis,
we can conclude that cyber security has become one of
the prerequisites of the democratic concept of life in the
modern society.

REFERENCES

[1] NATO, “Strategic concept for the defence and security of the
members of North Atlantic Treaty Organization,” 2010, Available:
http://www.nato.int/nato_static/assets/pdf/pdf_publications/20120
214_strategic-concept-2010-eng.pdf (3.2.2017.)
[2] N. Choucri and D. Goldsmith, “Lost in cyberspace: harnessing the
Internet, international relations, and global security,” Bulletin of
the Atomic Scientists, vol. 68, no. 2, 2012, pp. 70-77.
[3] S. Tatalović, A. Grizold, and V. Cvrtila, Suvremene sigurnosne
politike. Zagreb: Golden marketing-Tehnička knjiga, 2008.
[4] H. Lin, “A virtual necessity: some modest steps toward greater
cybersecurity,” Bulletin of the Atomic Scientists, vol. 68, no. 5,
2012, pp. 75-87.
[5] L. J. Janczewski and A. M. Colarik, Cyber warfare and cyber
terrorism. Hershey: Information Science Reference, 2008.
[6] J. S. Nye, “Cyber war and peace,” 2012, Available:
http://www.project-syndicate.org/commentary/cyber-war-and-
peace (3.2.2017.)
[7] J. Carr, Inside cyber warfare, 1st ed. Sebastopol, CA: O’Reilly
Media, 2010.
[8] R. A. Clarke and R. K. Knake, Cyber war: the next threat to
national security and what to do about it. New York: Ecco, 2010.
[9] Risk Based Security, “A Breakdown and Analysis of the Sony
Hack,“ 2014, Available:
https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-
analysis-of-the-december-2014-sony-hack/#thebeginning
(9.4.2017.)
[10] G. Siboni and D. Siman-Tov, “Cyberspace Extortion: North Korea
versus the United States,“ INSS Insight No. 646, 2014, Available:
http://www.inss.org.il/uploadImages/systemFiles/No.%20646%20
-%20Gabi%20and%20Dudi%20for%20web.pdf (9.4.2017.)
[11] M. Petrović, “Obrana od cyber-napada”, Hrvatski vojnik, vol. 9,
no. 385, 2012, pp. 26-29.
[12] D. E. Sanger, “Obama order sped up wave of cyberattacks against
Iran,” The New York Times, 2012, Available:
www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-
wave-of-cyberattacks-against-iran.html?pagewanted=1 (3.2.2017.)

MIPRO 2017/ISS 1529