← Public Security Cameras and PrivacyMarijuana Legalization →

Cybercrime: Law Enforcement and E-Government Transnational Issues



Abstract

The given research paper aims at discussing the issue of cybercrime and its relevance and importance to the integrity of national security. In particular, the paper discusses potential justifications for the interventions on the part of the government in order to assist private industries in the process of securing critical information infrastructures. The most obvious justifications and possible types of motivation are examined. Moreover, the research paper deals with analyzing how partial or full failure of companies to comply with the demands imposed by the government in the matters of cyber security can influence the national security of the country.

Keywords: critical information infrastructure, public espionage, public good, non-excludability, negative externalities, cybercrime

Get a Price Quote
Title of your paper
Type of assignment Writer level
Spacing Timeframes
Currency Pages
First order only:

Introduction

Modern society has become indispensably attached and spoiled by overwhelming availability, confidentiality, and accuracy of its Information and Communication Technology. However, apart from substantial benefits, technology also entails the fact that old-fashioned crimes are committed in new modernized ways. Subsumed under the fancy title of the term “cybercrime”, a myriad of negative externalities are lurking dangerously in the form of fiscal fraud, theft from business, IP theft, industrial espionage, and other crimes that presuppose external access to critical information infrastructure (CII). The question arises regarding an insurmountable stumbling block in any country’s protection policy today – who bears the responsibility and suffers from the consequences of such crimes the most, and how the government can justify its interventions into private matters of businesses?

The increasing reliance of private and public sectors on technology and information flow in their daily operations has consequently led to the launch of interdependencies between the two sectors and contributed to the evolution of potential threats in the cyber space. Such increasing interdependency has shifted the paradigms of what needs to be protected by whom. While in the past, national security mainly presupposed protecting nation-state and national institutions, today it also presupposes protection of private entities due to the fact that activities of such entities are vital for nation-states’ national and economic security.

Sociopolitical and Economic Justifications of Governmental Interventions in Granting CIIP for Private Industry

Over the last couple of years the government’s share in cyber security has become a pressing policy issue. As a result of the controversy, the absence of coordinated and clear-cut efforts in cyberspace protection bore tremendous vulnerabilities. According to the recent estimation, eighty percent of “critical infrastructure” is privately owned due to a steady process of liberalization and privatization that takes place in the world nowadays (National Security Telecommunications Advisory Committee, 2003). Critical information infrastructure or CII has always been viable targets for adversaries; therefore, it is of vital importance to secure them to avoid information warfare attacks (Assaf, 2008). The decentralized nature of the World Wide Web contributes to the fact that individuals who are among the eighty percent of critical infrastructure information owners will not be interested in protecting this information for the sake of national security. The latter is of the most salient importance for the authorities, and they can easily justify their intervention into the process of protecting CII in the private sector.

Public Espionage as a Cybercrime within the Interest Field of the Government

When it comes to the private sector of country’s economy, it represents one of the most salient contributing factors to the welfare and development of the nation. The government is particularly interested in the information of this domain being successfully secured by the owners of businesses and private marketing organizations. The breach of such security would be dubbed “economic espionage”. The Economic Espionage Act outlaws computerized burglary committed in a commercial setting, 18 U.S.C. 1832 (Doyle, 2010). Therefore, it constitutes a federal crime “to steal trade secrets with the knowledge they have been stolen, or to conspire or attempt to steal them, or to conspire or attempts to receive them knowing they have been stolen” (Doyle, 2010, p.27).

However, in order to be perceived as a trade secret within the interest domain of the government, the information must correspond to one of the following three correlations: have a nexus interstate or foreign commerce, be secret, or have certain trade value for the country. The first correlation will be acknowledged if the information is associated with a product which is marketed either for interstate or foreign commerce. Information will be acknowledged a secret if it is not generally exposed and known to the public, to the business, educational, or scientific community in which the information was intended to be used (Doyle, 2010).

CIIP as a Public Good

A public good is a phenomenon whose presence may demand interventions of the government into the market matters. There are two major characteristics of public goods: they are non-excludable and non-rivalrous in consumption. The former refers to the fact that it is impossible to exclude non-payers from using the public good, or the costs of excluding non-payers would be high enough to deter a profit-maximizing firm from producing that particular good. The latter, non-rivalrous consumption, means that the consumption of the good by one individual does not influence the ability of other individuals to consume it the same way. The brightest examples of public good are clean air, street lights, and national security (Assaf, 2008). Therefore, in order to intervene into the process of protecting CII, the government has to prove that CIIP can be considered a public good.

The algorithm is clear: CIIP is a part of national security; national security, in its turn, is a type of public good. In fact, national security is a classic example of public good if one is to support this statement with the two basic characteristics of public good being non-excludable and non-rivalrous. National security is both non-excludable and non-rivalrous in consumption. An individual’s use of it does not detract from the amount consumed by others, and once it is provided, it is difficult to exclude other individuals from the security that is being generated (Assaf, 2008).

Another justification of government intervention in the private industry has to do with the presence of negative externalities. The latter occurs when a decision by one actor in the market generates negative outcomes for other actors in different markets and sectors. Consequently, this process leads to socially inefficient outcomes. In fact, any country represents a combination of sets of critical infrastructures which are all extremely interdependent. This leads to the existing correlation and dependency between the state of one set of such infrastructure and the state of other sets. The disruption of one can cause failures and breaches in other critical infrastructures. For instance, an attack on telecommunications network may have a tremendous impact on a power grid.

For instance, one might remember the incidence of a Distributed Denial of Service Attacks in Estonia (2007) and Myanmar (2010). The countries suffered DDoS attacks which were thought to be politically motivated. In both cases of DDoS, a number of computers overwhelmed the same target at the same time. Myanmar, in particular, was cut off from the World Wide Web in more than ten days after the attack. This ended up with a horrible data flood that overwhelmed the state’s infrastructure right before the general elections. A number of sectors were affected, including the communications network, power grid, etc. In case of Estonia, the country’s financial operations were compromised due to the attacks, while Governments communications networks were reduced to radio for a limited period of time (The Office of Cyber Security and Information Assurance in the Cabinet Office, 2011).

Another critical example is a large scale fraud that took place in 2009 and 2010, when an Essex-based gang committed an on-line fraud making two million pounds a months by stealing log-in details from 600 UK bank accounts. This incident became possible due to weak security on individuals’ computers (The Office of Cyber Security and Information Assurance in the Cabinet Office, 2011). The factor of interdependency played a major role in affecting the entire banking system adversely.

The above-mentioned factors suggest that encouraging the private sector to improve and adopt effective cyber security is critical for the elaboration of a proactive preventive approach to deterring cybercrime. It has been demonstrated that securing CII in the private sectors networks is salient for keeping the U.S. economy running smoothly. The encouragement can be performed in the form of implementation of relevant best practices as a factor in the contracting process of government information technology contracts. Moreover, the National Institute for Standards and Technology has developed a set of cyber security best practices available for consideration by the private sector (National Security Telecommunications Advisory Committee, 2003).

Private Industry’s Responsibility to Protect National Security by Effective Cybercrime Prevention

Modern way of life full of interdependent connections between the public and private sectors dictates the necessity for the private industries to realize that their failure in implementing effective cyber security controls imposed by the government might lead to unprecedented consequences. One might remember the case of a Stuxnet worm directed at Iran in July, 2010. A Stuxnet worm is a complex computer code that was used in a first cyber attack which targeted industrial control systems of Iran. However, the ultimate goal of the attack was manipulating the real-world equipment without operators’ awareness and reaching nuclear programs operations. In this particular case, the attack became possible due to weak and ineffective protection schemes of the private Siemens’ systems. The latter have been used in the energy sector to control nuclear and gas infrastructure, as well as in manufacturing and automotive industries (The Office of Cyber Security and Information Assurance in the Cabinet Office, 2011).

The Consequences of Private Industry’s Failure to Comply with Cyber Regulations

The seriousness of consequences entailed by the private industry’s failure in complying with cyber regulations imposed by the government depends on the profile and importance of the private entity for the integrity of national security. In the previously mentioned case with Siemens’ systems, this could have led to unimaginable consequences of breaching the integrity of the energy sector, as well as nuclear and gas infrastructures. However, it is necessary to state that most organizations do try to implement proper protection strategies for the sake of their own good.

In most cases they try to avoid direct costs associated with cybercrime, such as reputational damage, loss of confidence in cyber transactions by business and individuals, reduced revenues from the public sector, and expansion of the phenomenon of underground economy. A complete failure to comply with the requirements would cause the very incompliance with the CIIP strategies and reporting procedure. One can imagine hypothetical scenario when the CISO of an American bank discovers a security breach in bank’s information system which resulted in the theft of data of a myriad of customers. The breach took place due to a security flaw adopted by the bank as required by the government. The bank did comply with the demands of the authorities implementing this particular strategy for data protection; however, something went wrong and the breach was quite serious.

Reporting this breach to the government would be the wisest thing to do; however, if a complete failure to comply with the demands of the government on the part of the bank occurs, the CISO will not report the breach and this will adversely affect the entire banking system of the country and, subsequently, will affect the entire national security integrity. Without fixing the same flaw and enhancing security, other banks will fall victims to the same breach and a whole host of valuable information will be released. This will undermine the integrity of national security. In this particular case, the CISO has met minimum requirements of the government.

However, in other case scenarios, the companies do try to be able to fix the breaches and report them to the government. In particular, in 2010, Google reported IP theft and illegal access to the Gmail accounts of human rights activists. The attack was found to have installed malware via email on computers in another 30 companies and Government Agencies (The Office of Cyber Security and Information Assurance in the Cabinet Office, 2011).

The Consequences of Private Industry’s Exceeding the Minimum Requirements of Cyber Regulations

Another possible scenario entails the private entity exceeding the minimum requirements imposed by the government. The given scenario might have controversial consequences. On the one hand, if some private entity introduces both governmental protection strategies and its own techniques, the CII is protected more securely. This will lower the chance of the critical information infrastructure being stolen and the security system being breached by the outsider. On the other hand, if the private company introduces both governmental and some sort of internal requirements, and the breach does occur anyway, this might hinder the ability of the government to act quickly in order to fix the problem. The government might not be that proactive due to the fact that it does not possess the sufficient amount of knowledge and insight into the requirements and countermeasures introduced additionally by the private industry entity. Therefore, exceeding the minimum requirements can be a debatable step on the part of the private sector.

Conclusions

Due to the fact that most of CII is privately owned, there exists a necessity for the public and private sectors to cooperate in securing this information. The government can intervene into the matters of private industry if public espionage is involved, where the information has nexus interstate or foreign commerce, appears to be a secret, or has trade value for the country. The government can also intervene due to the fact that CII is considered to be a public good given the fact that national security is a classic example of non-excludable and non-rivalrous public good.

CII is considered to be a part of national security strategy. Protecting CII is also vital for preventing negative externalities and inefficient outcomes. The seriousness of consequences in case private companies fail to comply with the demands imposed by the government with regard to CIIP differs depending on the profile and importance of the private entity to the national security. Complete failure in complying with the requirement may result in a breach of systems of multiple entities in the country and adversely influence national security system. Complying with minimum or exceeding the minimum requirements will be instrumental at assisting the government to preserve the integrity of national security. If breaches do occur in such entities, the major obligation of such organizations is to report cyber violations in order not to risk putting at danger other entities and the state’s national security.

Related essays

  1. Marijuana Legalization
  2. Gun Control
  3. Public Security Cameras and Privacy
  4. The Death Penalty essay
×
Enter discount code "20off" and get 20% discount for your first order. Limited Time offer! Order Now
X