Cybercrime and cybersecurity: The need for International Cybersecurity Law
Due to globalisation and the fast-growing development of the internet across the world, the rapid increase in cyberattacks such as cyberespionage and cyberwarfare has made cybercrime a key national security issue.
Due to globalisation and the fast-growing development of the Internet across the world, as well as the new digital technologies and e-commerce in the last two decades, cyberspace represents not only an important platform for today’s economy and information exchange, but also provides opportunities for criminal activities. One major event was the creation of the Silk Road, an online platform that allowed users to use the anonymity provided by the digital currencies (such as bitcoin) to launder money, sell drugs, weapons and initiate other criminal acts. Another way in which technology can be put to wrong use is as a means for criminals to attack and generate harm to governments, individuals and companies. In fact, the rapid increase in cyberattacks by hackers, non-nation actors, terrorist groups and others over the past decades, has made cybercrime a key national security issue.
Gaining unauthorized access to personal information of individuals and/or governmental data and services through computer hacking is not only a crime in itself, but also facilitates other criminal activity such as cyberwarfare and cyberespionage. The latter can also be coupled with cyberterrorism, since both have been used as a political medium motivated by ideological, religious and/or political beliefs that may vary by group or region. Two major cybercriminal groups motivated by different political and ideological beliefs are Anonymous and Da’esh, the latter an extremist Islamist terrorist group also known as the Islamic State (IS). Both have been using cyberspace through social media platforms to spread their beliefs and political opinions, send threats to governments, take accountability for terrorist activities, lead rebel social movements, and in the case of Da’esh (and previously the religious terrorist group ‘Al Qaeda’) recruit jihadists. In the case of the military, political cyberespionage can be fatally dangerous, since accessing sensitive and confidential military information can seriously limit the armed forces’ response to national security threats as well as diminish its defence strategy and action.
The borderless nature of cyberspace makes it difficult for law enforcement to respond to crime and deviance. The lack of training and knowledge with regard to cybercrime by local police agencies and personnel as well as the lack of regulations on cybercrime, coupled with the rise in cyberattacks in recent years, has led governments to create specialised security agencies and units and enhance their role in investigating international cybercrime. The United States of America was the first to do so. A perfect example would be the Federal Bureau of Investigation (FBI) and its National Security Branch (NSB) to investigate cybercrime, and the Department of Homeland Security (DHS) to coordinate effective cybersecurity strategies. For that, a number of laws have been passed in recent years, such as the Comprehensive National Cybersecurity Initiative of 2008, the Cybersecurity Workforce Act of 2014, the National Cybersecurity and Critical Infrastructure Protection Act of 2014 and the Cybersecurity Information Sharing Act of 2015.
Because cybercrime is affecting the security of states, understanding the context in which politics and international affairs occur is key, as countries’ national security interests are usually very divergent. This would probably set a boundary for an international agreement on the creation of a common International Cybersecurity Law. Also, the rise in cyberattacks over the years sheds light on the threats and seriousness of this rising criminal behaviour which needs an urgent international response. Hence, since cyberspace and cybersecurity are not limited to national borders, the question of how international cybersecurity law can respond to cybercrime can be answered by reflecting on the following sub-questions: Is cybercrime perceived as an international threat? If so, what law shall be deemed applicable to cybercrime and cybersecurity? How can the applicable law be enforced? And by which actors?