National Security Threats in Cyber Space

Introduction

In addition to nation-state players, the cyber world is also filled with well-organized criminal groups, independent terrorist groups, and "just for fun" hackers of all stripes. Each offers a particular kind of threat that calls for a complex, varied response. Since the potential threat is a natural part of the internet and hence cannot be completely erased, we refer to the issue as embedded. In traditional warfare, governments have to spend considerable financial and personnel resources on every front—land, air, and sea—but in cyberspace, a single person may wipe out an entire nation. Nuclear weapons need a lot of work to construct, whereas cyber weapons may demonstrate immense harm without costing a dime.

Regarding national security, cyber threats have the capacity to endanger the integrity of crucial infrastructure, disrupt the financial system, permit the theft of intellectual property and trade secrets, and deteriorate ties between the government and its constituents[1] Given this, it's critical to be aware of possible cyber risks to national security.

Cyber Security Threats to National Security

There are four major kinds of ways that cyber-criminal actions might endanger the security of the country when discussing risks to national security in cyberspace. These are organized crimes, low-level individual criminality, political and extremist activities, and government-sponsored activities. some of the threats that fall within the aforementioned categories include:[2]

Cyber Warfare
“Cyberwar or cyber warfare, conducted in and from computers and the networks connecting them are usually waged by states or their proxies against other government and military networks in order to disrupt, destroy, or deny their use.” [3] 
Cyber weapons like malware, which includes viruses, trojans, spyware, and worms, can insert damaged code into existing software, leading a computer to carry out activities or processes that its owner had not intended. Other cyberweapons include distributed denial-of-service (DDoS) attacks, in which cybercriminals use malware to take control of a sizable number of computers and turn them into so-called botnets, or collections of "zombie" computers, which then launch attacks against other targeted computers in order to stop them from operating as intended. This particular method was used in cyberattacks against Estonia in 2007[4] and Georgia in 2008[5].

Cyber Terrorism

In order to intimidate or compel a government or its citizens in support of political or social aims, it is an illegal attack and threat of assaults on computers, networks, and the information held therein. A cyberattack must also involve violence against people or property, or at the very least significant damage to inspire fear, in order to be considered cyberterrorism. Cyberterrorist organizations aim to spread widespread disorder, interfere with vital infrastructure, encourage political activity or hacktivism, or possibly cause bodily harm and even fatalities. Actors engaged in cyberterrorism employ a variety of techniques, including APT, viruses, worms, DoS assaults, hacking, ransomware, and phishing.^[6]

Because it is the only weapon that can instantly ruin a nation's psychological, physical, political, and financial well-being, cyberterrorism has a significant potential to harm national security.^[7]  The efforts and occurrences of cyberterrorism are growing quickly with the aid of cyberspace as the cyber world supports terrorism by offering a platform for propaganda dissemination, recruiting, inciting, radicalizing, funding, training, planning, communicating, and ultimately attacking. [8]

The same poses a major danger to the nation's essential infrastructure, including its defense installations, financial and banking institutions, and infrastructure for public services.

Jurisdictional restrictions are the main barrier to reducing cyberterrorism because these crimes may be perpetrated from any location on Earth and are also exceedingly difficult to track down.

Cyber aided extremism

Cyberspace provides a wide range of beneficial services for extremist organizations to thrive, including communication by giving them access to discussion forums, making it simple to transmit executive orders, organizing fundraising efforts, and offering a venue for instruction.

With all of this activity, the Internet is frequently referred to as a "virtual training camp" or "open university" for extremists, where potential recruits can be selected to attend a live training camp like those in Iraq and Pakistan or prepared to the level required to mount a terrorist or insurgent attack. [9]

An "al-Qaeda jihadi Internet forum" has posted a 51-page handbook titled "The Art of Recruitment" with the goal of demonstrating how people might be attracted to and eventually build an active jihadi cell. Recruitment has grown to be such a significant aspect of cyber extremism.[10]

Cyber Espionage- Intelligence services

Governments frequently engage in or support cyber espionage activities. They want to spy on competing countries and obtain information about troop movements or war plans. As part of their cyberespionage efforts, countries seek to gather sensitive data on other countries, such as trade secrets, credentials, internal data, system data, personal data, and classified information, with the intention of using it for their own competitive or political gain or to support disruptive activities in the adversary country. A Pakistani gang used a remote access trojan in February 2022 to spy on Indian military and diplomatic targets. The organization typically breaks into a network using USB-based malware and/or social engineering.^[11]

Conclusion

These are only a few instances of cyber dangers to national security. Even if nearly all forms of activity, such as hacking, DDoS, phishing, malware assaults, and ransomware attacks, utilize similar strategies, classifying them all as cyberwar is a mistake. Therefore, cyberwar should not be confused with cyber espionage, criminality, or terrorist use of the internet.

The main challenge when discussing national security matters in cyberspace is the absence of single global management or database for the internet, which means there is no one owner of the internet or of its activities who might be held accountable for any criminal activity occurring there.

To protect themselves from cyber-attacks threatening national security, countries have come up with their own Cyber Security strategies. India has also introduced the National Cybersecurity Strategy 2020[12] which aims at building a robust system of cybersecurity. But the need of the hour for India is to increase investment in cyber security and spend funds judiciously. Because unlike traditional threats to a nation’s security, cyber threats do not require enough investment, labor, or effort. But prevention of them requires it all.

By: Harmanpreet Kaur (Team Member, WCSF) 

---

[1] Paul N Cornish, Rex Hughes and David Livingstone, Cyberspace and the National Security of the United Kingdom, ACADEMIA, Cyberthreats, 3,  2009, https://d1wqtxts1xzle7.cloudfront.net/19695334/13679_r0309cyberspace-with-cover-page-v2.pdf?Expires=1664054974&Signature=PIYeX1wrl7Noh1mHHYiTpN9PZtF-5tr3YSTeHXWT6YM7mP-Xtbwhz6WvrwmV5rxYhI~Zu6ngD8OxtXDBA4I7z6H5X5zhUSLhPn6V0zTf5ZIJ6p8QSqRfs5AWH0Nv5OknhekoNUck84FEvmWBPxPwoPsmlYtXZiwHCpt7phBLFf17aoqcZSvo69Lw0OYiQda99cGLSh7QR7RzeWRs0UCnPoe5PvwRqhF0BfGfvu2bTpbZKRUyHxx6flnJBQbGbygebPRJ8lRe3e2QF580Obeg1I7ETE9zRpUJ5AQCmF706SG9KvceojCQMYfrfWu5KObhl2W89313ZHOS-CIyh0yQAQ__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA

[2]Derek S. Reveron, Cyberspace and National Security, 12, Georgetown University Press, 2012
[3] John B. Sheldon, Cyberattack and cyberdefense, britanicca, Sept. 25, 2022, https://www.britannica.com/topic/cyberwar/Cyberattack-and-cyberdefense
[4] Cyber law. ccdcoe, https://cyberlaw.ccdcoe.org/wiki/Cyber_attacks_against_Estonia_(2007), Sept. 25, 2022.
[5] Cyber law. ccdcoe, https://cyberlaw.ccdcoe.org/wiki/Georgia-Russia_conflict_(2008), Sept. 25, 2022.
[6] Robert Sheldon, cyberterrorism, TechTarget, Sept. 25, 2022, https://www.techtarget.com/searchsecurity/definition/cyberterrorism.
[7] Chetan, National Security Issues in Cyberspace, Legal Services India, Sept. 25, 2022, https://www.legalserviceindia.com/legal/article-7497-national-security-issues-in-cyberspace.html
[8] UN, The use of the Internet for terrorist purposes, UNODC, Use of the Internet for terrorist purposes, 3, 2012, https://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf
[9] Paul N Cornish, Rex Hughes and David Livingstone, Cyberspace and the National Security of the United Kingdom, ACADEMIA, Cyberthreats, 3,  2009, https://d1wqtxts1xzle7.cloudfront.net/19695334/13679_r0309cyberspace-with-cover-page-v2.pdf?Expires=1664054974&Signature=PIYeX1wrl7Noh1mHHYiTpN9PZtF-5tr3YSTeHXWT6YM7mP-Xtbwhz6WvrwmV5rxYhI~Zu6ngD8OxtXDBA4I7z6H5X5zhUSLhPn6V0zTf5ZIJ6p8QSqRfs5AWH0Nv5OknhekoNUck84FEvmWBPxPwoPsmlYtXZiwHCpt7phBLFf17aoqcZSvo69Lw0OYiQda99cGLSh7QR7RzeWRs0UCnPoe5PvwRqhF0BfGfvu2bTpbZKRUyHxx6flnJBQbGbygebPRJ8lRe3e2QF580Obeg1I7ETE9zRpUJ5AQCmF706SG9KvceojCQMYfrfWu5KObhl2W89313ZHOS-CIyh0yQAQ__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
[10] Abdul Hameed Bakier, Jihadis Publish Online Recruitment Manual, Terrorism Focus Volume: 5 Issue: 34, 2008, https://jamestown.org/brief/jihadis-publish-online-recruitment-manual/
[11] Center for Strategic & International Studies, https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents , Sept. 25, 2022.
[12] DSCI, National Cyber Security Strategy 2020, 2020, https://www.dsci.in/sites/default/files/documents/resource_centre/National%20Cyber%20Security%20Strategy%202020%20DSCI%20submission.pdf.