Cyber attacks: the fog of identity

Abstract

Whether a criminal, warrior, terrorist, or spy, the rise of cyber attacks has created a whole new dimension to cyberspace. Despite the advancement of cyber security systems and multilateral security initiatives, the global electronic marketplace remains vulnerable to grave cyber intrusions. Unlike the war-fighting domains of sea, air, land and space, cyberspace still remains largely undefined. Cyberspace is not a stagnant domain, but rather a fast moving, malleable, omnipresent domain subject to open borders and unilateral attacks. According to national laws and strategies, the definition of a cyber-attack varies widely, creating inconsistencies in interpretation and response. Through empirical research and analysis, this paper attempts to define the various aggressors in cyberspace based on the identity of the attacker and the type, purpose and impact of the attack, and then analyze the applicable policies, laws, and regulations under national and international cyber security frameworks. The purpose of the research is to understand the barriers to the development of international norms of behavior in cyberspace and the challenges faced by the North Atlantic Treaty Organization (NATO) in defining thresholds for a domain with various levels of entry. This paper examines Article 4 and Article 5 of the NATO treaty and Article 51 of the United Nations Charter to identify the problems and challenges of applying the traditional legal regime under this new domain and then offers some recommendations to address these challenges.