Cyber Attacks and Its Prevention: Analysis of Response Strategies

Introduction

The revolutionary emergence of the cyberspace domain has enabled various online activities to become easily accessible to countries all over the world. More people use the internet today than ever before and it has become an integral part of the economy. Despite the advantages, certain drawbacks have proved to be useful for hackers and nation-states to exploit. Cybersecurity is the technology that provides solutions to protect devices and networks from any type of viruses, worms, privacy breaches, and data theft. However, when the cyber threat reaches a national level and involves state-sponsored actors, there are many more variables that need to be configured to contend the situation. The response to cyber-attacks is not as easy to implement as it is to implement laws of war due to the underlying reason that the scope of cyber-attack is not as straight forward as the conventional wars, especially when the attack originates from another state. Inconsistency and confusion regarding the law and its implication amongst the states constitute to even higher ambiguity. There are various challenges that states face to maintain a consistent framework for combating cyber-attacks that are both realistic, attainable, and operative. However, considering the consequences of a cyber-attack, defending the critical infrastructure through layered protection is unavoidable in this century (Marks, 2013). Cyberspace is spread around the whole world which means the countries need to consider the relevant events outside of it and come up with ways to be prepared for any external attacks that may occur in the future (Inserra, 2017). In this research essay, an initial discussion has been conducted on cyber attacks and its prevention as well as the possible responses by the states that can help eradicate cyber-attacks. Later on, the responses of three different countries have been taken into account and then an analytic comparison among the states has been presented.

Response strategies for cyber-attacks beyond borders

Planning and implementing a cyber-resilient system for a state may not be as straight forward as it may seem. There are several factors and layers of variables that need to be delved into if a proper strategy is to be prepared. The concept of layered protection is extremely important in creating a strong response strategy for a state. The layer consists of both active and passive defenses which are not always followed by the states and they often choose to stick to only one type of defense. Therefore, it might be impactful to ensure the implementation of both the strategies effectively because there is no international standard that dictates how to deal with cyber-attacks (Marks, 2013). Hence, it is up to the states to decide if they are going to follow the traditional law of war or domestic criminal law. The latter option may not be feasible because a cyber-attack may not always be counted as and responded to as a law of war. On the other hand, following domestic criminal laws can cause a lack of protection from the attacks. Therefore, the balance of active and passive defenses are not maintained, the states will not be able to ensure a proper way to combat the attack.

The laws need to be followed whenever a cyber-attack from a foreign country takes place. International humanitarian law plays a significant role in this matter. This law dictates the dos and don’ts of armed conflict and suggests a balanced action that includes reducing the impact of the war while making the enemy weak (What Are the Rules of War and Why Do They Matter, 2020). There are two different types of laws of war, one being Jus ad Bellum and the other being Jus in Bello. These deal with the law of conflict management and the law of armed conflict respectively. Jus ad Bellum helps with creating the scope of states’ response to active defenses (Ndi, 2018). The UN charter’s Article 2(4) states that the states should prohibit themselves from threatening other states or forcing against other states except for the case when it is within the UN charter regulations(UN Charter (full text), 2020). This article however has some exceptions attached to it which include the use of military forces to gain peace and security internationally and the other one being the ability to enforce self-defense if there is an armed attack in place. Another subset of self-defense is the anticipatory self-defense which does not compel the states to wait for an attack, rather allows them to act if there anticipation or suspicion of attack. The acts of non-state actors further complicate the issue of Jus ad Bellum because the states are not to be blamed for the action that the non-state actor took against a specific country (Marks, 2013). Over the years, this issue was dealt with and the recent improvement of the framework is more accessible than ever before and the states are to some extent responsible for controlling the emergence of non-state actors. The states need to consider whether the cyber-attack should be responded to and this includes several factors relating to the attacks by the non-state actors.

To strengthen the defense and response of a cyber-attack, there are three analytical models present for cyber-attacks that help with enhancing the scope of the analysis of such attacks. These are the instrument-based approach, the effects-based approach, and the strict liability approach. Among these, the effect-based approach proves to be more effective for analysis based on cyber-attacks compared to the other two models. Michael N. Schmitt has proposed one of the most effective frameworks when it comes to effect based models. His article consists of six criteria that need to be completed to be eligible for analysis of cyber-attacks as armed attacks which are severity, immediacy, directness, invasiveness, measurability, and presumptive legitimacy (Schmitt, n.d.). However, this criterion needs to become more global before it can be considered as an international framework that can help attain a uniformity to the analysis of cyber-attacks.

To respond effectively to the attacks that take place outside of the country, a state responsibility needs to be established. The state needs to consider its duty towards controlling cyber-attacks and its prevention policy. Firstly, a state must ensure that the investigation related to the attacks is vigorous, the attackers are punished and helping the other states that may have been affected by the attack (Payne, 2016). International conventions help achieve these adjectives because they promote the importance of the states being aware of their non-state actors and preventing them from proceeding with cyber-attacks as well as endorse the need to consider cyber stacks as a criminal offense. It is also the duty of the state to enforce appropriate laws to prevent cyber-attacks rather than combating it after an attack has taken place (Liu, 2017). This falls under the customary international law as well as the general principles of law. These laws allow the states to enforce vigorous laws that aid in preventing attackers from conducting future attacks and entitle individuals in being responsible for that may cause harm to another individual. To further strengthen the attacks from external states, the jurists of a state should be consulted (Marks, 2013).

Cyberspace is capable of exploiting physical components like it did in the Ukraine 2015 power grid cyber-attack (Sullivan and Kamensky, 2017). Implementing Passive and active defense as well as working with militaries and allies of other countries to create an action plan is essential to strengthening the cyber-attack defenses. These goals are arduous to achieve due to the differences in the political goals of different countries and different approaches towards solving a crime. For instance, it is improbable that countries like China and Russia will cooperate in creating guidelines that include protecting privacy and freedom of the internet for individual citizens of the country.

It has been suggested by a group of UN experts that it is up to the country to ensure that their state is not being used for criminal acts that have international effects. Moreover, they suggested that states should resolve their issues peacefully and punish the criminals as needed. Several political and economic aspects will account for making the final decision of whether a state has gone beyond the specified rules or not. Jus in Bello is used thereafter to create a framework to offer an impactful framework (Sexton, 2016)

Cyber aggression needs to be contained by raising costs of hacking through retaliation techniques. Diplomatic actions such as naming and shaming bad actors, stopping cooperation with bad actors, and restricting commercial and travel access of countries that are known to be connected to cybercriminals may also p[rove to be helpful (Inserra, 2017). For instance, because Huawei and ZTE have been accused of stealing intellectual property, and they operate under the Chinese government, the USA should restrict the use of Huawei and ZTE in the USA. Pursuing legal and criminal charges and formal sanctions against criminal entities will also make the malicious cyber nations cautious before attempting any cyber offense.

USA, UK and Australia responses to cyber-attacks beyond borders

There have been significant efforts to attack the US from external countries over the years, the most recent one being hacking attempts at snipping confidential information off healthcare organizations (O'Flaherty, 2020). Considering the age-old conflict between the USA and china regarding cyber espionage, the USA naturally accused China of being the culprit. Even since the outrageous cyber-attack on Estonia in 2007, the USA has started to create a new and proactive set of strategies and weapons while taking defensive actions (The Cold War 2.0 between China and the US is already a virtual reality, 2020). The USA has been actively working on developing stronger cyber capabilities. However, there have been efforts by the USA to cooperate with China by addressing the fact that both countries have been victims of cyber-attacks (Inserra, 2017). This did not work due to the continuously published hacks that took place under the supervision of the Chinese government until 2015 when the Office of Personnel Management was attacked and was believed to be the work of China. This made the US take firmer action against the cyber attackers which made China and the US come to an agreement previously proposed by the US about both the countries being victims of cyber-attacks. Even the breach by the Russian government to the American election cycle in 2016 was also dealt with mediocrity. Therefore, it is evident that a more active role is to be initiated by the US to deal with cyber aggression. The US has been using the strategy of warning the countries whenever suspicious activities are discovered to reduce the attack number. US and UK had jointly blamed Russia for conducting the NotPetya attack (MCQUADE,2018). The US also responded actively by imposing sanctions on North Korea, blaming them for the Sony Picture Entertainment attack which leaked several confidential information (Haggard, 2015).

When it comes to relations with China, there have been accusations of China being the culprit of the riot into hacks but there has not been any official action taken by the government in this matter (Winterford and Winterford, 2020). Despite the consistent effort in being up to date with the global advancement related to cyber laws and conventions, there are still many areas that Australia is lagging in terms of advanced technology threats in comparison to other leading countries according to a 2016 report by ACCS. To compensate for the lag, there are various measures that Australia can take such as countering cybercrime, critical infrastructure protection, and research, education, and knowledge transfer. The threat report of ACSC reported that the fact that Australia has not faced any major attacks yet, proves that it is safe from future attacks. However, there could be another way to see this which is outlined by U.S courses that Australia might have been attacked but due to lack of enough protection and awareness, it has not been able to detect it.

The Budapest Convention on Cyber Crime was signed by Australia in 2013 along with the USA and UK. Compared to the USA and Australia, there have been significant actions from the end of the UK that are contributing to overseas law enforcement to agree upon international law enforcement and has been a strong part of Budapest convention on cybercrime. However, the fact that many countries deny signing it has reduced the overall impact of the UK’s contribution to it. Therefore, it has been suggested for the UK to come up with an extended set of law enforcement and also attempt to try and make rules that will be acceptable to all nations (Sexton, 2016).

Since the Snowden incident occurred, there have been efforts by the UK and the USA government to combat cybercrime but there has been a risk of private companies not agreeing to work with the government to help with analyzing activities in cyberspace. Snowden had revealed that the UK government gathers any and every data that it finds to be important without justifying if it needs it. He also mentioned that the surveillance technique of Australia was similar to that of the UK (Australia's mass surveillance 'dangerous', Snowden says, 2020). Since the Snowden incident, the legitimacy of the countries has fallen in front of its businesses and trades which has further made it harder for the countries to have access to confidential company information that might be important in tracking cyber activities.

USA and UK had accused North Korea of conducting the Wannacry attack as a response to the massive hacking of hospital and business information being compromised. Australia was also affected by this particular attack but compared to the US and UK, the level of the breach was lower in Australia and the health care sector was not affected. Therefore, the Australian government followed the approach of educating the businesses about the severity and safety concerns related to Wannacry (Nott, 2020).

The UK is also not free from the risks and the National Security Strategy/Strategic Defense and Security Review revealed the threat of cyber-attacks that are associated with the country. The threat level of the UK is not very easy to assess if the 2015 National Risk register is considered. It has mentioned that over thirty thousand emails are arriving at the government level that needs to be blocked to ensure security. ACD is considered a key capability for the UK but there is not enough insight as to what responsibilities should be performed by which department of the government. The absence of a common guideline worldwide regarding ACD has effected the UK like many other countries. There have been many claims to how ACD should be defined for a country but there has not been one common guideline that has been accepted worldwide. Overall, it is suggested for the government to have a revised and realistic policy, implementing an effective CSS to detect and define issues related to cyber warfare while helping the government and citizens well informed and transparent about its capabilities.

Conclusion

This research essay aims to indicate the ways states can respond in different ways when it comes to mitigating the attacks from external countries and then evaluating the responses of different countries to cyber-attacks. The context and information are highly related to the present situation and some examples from the past but the scope of this research essay will broaden as the years pass as cybersecurity, cyber governance, and espionage are reaching newer heights with every passing day. There needs to be awareness amongst states about the alarming rise in cybercrime and state-sponsored actors that has reached a sky-high in recent years due to it being an economical, quicker, and simpler attack than that of a traditional war. There should also be separate guidelines on preparing for and defending against cyber-attacks and responding to cyber-attacks. These can be achieved by building a strong alliance and implementing firm actions along with the states that are committed to combat crime in cyberspace. Even though the use of active defense largely improves the ability of the state to successfully fulfill its responsibilities, there are certain limitations related to technical limitations such as attack detection, classification, and tracing which pose significant limitations. Moreover, the inability of the countries to work together as a team to combat cyber-attacks is less likely to happen (Inserra 2017). Countries are also not free of this risk among which the USA, UK, and Australia have been discussed and compared which further proved the fact that there is a large range of disagreements that can hinder the proper implementation of cyber defense strategy effectively internationally. Australia has a concrete cybersecurity capability that will enable the combat cyber-attack to be an effective one and gives the ability to defend, ascertain, respond, and properly defeat cyber-attacks. Nations have a great role to play when it comes to strengthening cyber capabilities and ensuring cybersecurity. Not only is it their responsibility to ensure the security of their own country, but they must influence other countries into doing so. Implementing an inter-state law and policies comes with a variety of complexity and ambiguity. With the COVID-19 world emerging, there are a new set of vulnerabilities and risks arriving at the cyberspace which require a new set of strategies. Therefore, it is not an easy task to combat cyber-attacks as well as defend it. Therefore, to eradicate the ramifications of cyber-attacks, states must act wisely and work with other states to create a cyber-secure world. 

References

1. Marks, A. (2013). Counter cyber terrorism and international law. Computer Law & Security Review, 29(4), 391-402.
2. Inserra, D. (2017). The state of the cyber nation: A global conflict and cooperation assessment of the digital age. Strategic Studies Quarterly, 11(1), 49-81.
3. Ndi, G. (2018). War in cyberspace: A comparative analysis of the legal regimes governing the use of force in cyber operations. International Review of Law, Computers & Technology, 32(2), 230-251.
4. UN Charter (full text). (2020). United Nations. Retrieved from https://www.un.org/en/sections/un-charter/un-charter-full-text/
5. What Are the Rules of War and Why Do They Matter? (2020). International Committee of the Red Cross. Retrieved from https://www.icrc.org/en/document/what-are-rules-war-and-why-do-they-matter
6. Schmitt, M. N. (n.d.). Cyber operations and the jus ad bellum revisited. In Cyber Operations and International Law (pp. 47-70). Oxford University Press.
7. MCQUADE, S. C. (2018). The strategic implications of North Korea’s cyber-attacks. Journal of Cybersecurity, 4(1), 1-11.
8. Haggard, S. (2015). North Korea's cyber operations and strategy. Asian Survey, 55(3), 396-418.
9. O'Flaherty, K. (2020). The US government wants to know how it can crack down on hackers in the DPRK. Forbes. Retrieved from https://www.forbes.com/sites/kateoflahertyuk/2020/11/27/the-us-government-wants-to-know-how-it-can-crack-down-on-hackers-in-the-dprk/
10. The Cold War 2.0 between China and the US is already a virtual reality. (2020). South China Morning Post. Retrieved from https://www.scmp.com/week-asia/politics/article/3086887/cold-war-20-between-china-and-us-already-virtual-reality