[Interview with an Expert] Challenges of Cybersecurity: Part One – Cyberterrorism

Dr. Przemyslaw Roguski is a Lecturer in Law at the Jagiellonian University, Chair for Public International Law. Previously, he has worked in private practice and as lecturer for the German Academic Exchange Service (DAAD). He is the Faculty Co-ordinantor for the School of German Law and the School of Polish Law for German-speaking lawyers. His research focuses on the law of peacetime cyber operations and different aspects of international law relating to cybersecurity, ICT and internet governance. Dr. Roguski holds law degrees from the University of Mainz (Germany), Trinity College Dublin (Ireland) and a PhD in international law from Jagiellonian University. Dr. Roguski is also an expert at the Kosciuszko Institute. Twitter: @Roguski_P

In recent years the subject of cybersecurity has become quite a hot subject. With technology pushed to the limits, every day brings a change in how we function. Nation-states have a huge interest in improving their capabilities to withstand attacks on key infrastructure. The nature of these attacks has become a challenge for everyone and brings more questions about state functioning and its future. In this two-part interview with Dr. Przemyslaw Roguski, we will try to answer some of the questions surrounding the subject and analyze the development of cybersecurity.

How important is cybersecurity for modern society? Especially considering the West’s more recent focus on terrorist organizations and radical Islamic movements such as ISIS… Is the focus on cybersecurity a necessity for our security?

Dr. Roguski: First of all, thank for inviting me to discuss cybersecurity.
Secondly, we have to determine what we mean by the term ‘cybersecurity’. Using a common definition, it basically means the security of information and telecommunication systems (ICTs)in their confidentiality, integrity, and availability. Those are very important for every aspect of our lives nowadays. So, every item that has an internet connection in it, for instance, banking systems, industrial servers, certain facilities controlling the electric grid are vulnerable to an attack against its integrity and confidentiality by various actors.

Who are those actors?

Dr. Roguski: Those are non-state actors, mostly hackers and criminals, but also state actors like rogue states, for example, North Korea, but also larger states. Terrorist organizations are also included in this group. However, to name an attack on ICTs as an act of cyberterrorism some criteria have to be fulfilled.

And what are the criteria needed to name a cyber attack an act of cyberterrorism?

Dr. Roguski: First of all, we need to distinguish cyberterrorism from cyber-enabled terrorism. We speak of cyberterrorism when a person or organization uses cyber means to commit an attack on ICT infrastructure. However, if a terrorist group simply uses ICTs in order to prepare terrorist actions that mostly manifest in the physical world, then we speak of cyber-enabled terrorism. In this case, ICTs are mainly used for propaganda, recruitment, financial support, et cetera.

Let us focus on the issue of terrorist propaganda for a moment, in terms of videos spread across social media. I can think of the infamous Tonga-Tonga attack recording used by the Islamic State, portrayed in this Hollywood-style by their, for lack of a better word, experts in video production. What is the purpose of such a brutal representation of their actions?

Dr. Roguski: That is the second purpose of cyberterrorism. In this instance, we are talking mainly about recruitment purposes. We can imagine for example bored teenagers who find such productions on the Internet. It is obvious that ‘the more bloody’ those videos are, the more interest in them there will be. We have to remember that some younger people can be extremely susceptible to radicalization. For both Islamic and non-Islamic audiences in the West, it all begins with those videos and lectures based on radical interpretations of religious texts, then getting in contact with enablers with a potential endpoint of traveling to Syria or elsewhere or possibly conducting domestic terrorist acts in their countries. This is the new face of terrorism we have to deal with.

When we talk about the security of ICT, what are the key areas that are endangered by cyberterrorist attacks? What should we focus on in terms of defense and deterrence against terrorist organizations?

Dr. Roguski: Well, of course, there are certain aspects of our economy and everyday lives that are more important or more vulnerable than other branches. There is legislation in place in the European Union and some other countries that define those strategic sectors in which the states have a greater interest in improving the security standards in order to make them more secure against attacks commenced by criminal groups or terrorist organizations. For instance, the European Union has passed the Network and Information Systems (NIS) Directive, which defines several key sectors. Those are utilities that deal with water supply, electric energy, hospitals, logistics, and so on. A couple of weeks ago we have seen attacks on hospitals in the Czech Republic that are dealing with COVID-19 patients. They were not able to operate their facilities due to this attack. This is the potential avenue that can also be exploited by terrorists. In addition to medical infrastructure, we have DNS server providers, information exchange points – those are the key points to be protected.
What is interesting, is the fact that the terrorists do not attack those targets. Their actions are mostly conducted in the sphere of financing in order to obtain funds for their activities.

Has anything changed in the perception of cybersecurity against terrorism during the past decade? When the Global War on Terror started back in 2001, nobody even suspected that in the next decade many terrorist operations will be active online. Has the approach of states and society changed a great deal since then?

Dr. Roguski: I am not sure. States have understood what the new threat is. There was a need to tighten the security against these attacks. However, what was more important, was to stop the spread of terrorist propaganda and interfere with their communication. In order to do so, States took action to cooperate with internet service providers and huge companies such as Google and Facebook, mainly for those companies to filter out the terrorist content. For example, there is the program “Tech against terrorism”, implemented pursuant to the United Nations Security Council resolution 2354 (2017) and the UN Counter-Terrorism Committee Comprehensive International Framework to Counter Terrorist Narratives (S/2017/375), which allows those internet service providers to cooperate – for instance share terrorist propaganda materials – in order to automatically remove them from platforms. This way, users of social media are not subjected to watching those videos in the first place and terrorist organizations cannot use them to radicalize others.

What about content and websites operated by Islamic State?
They are not managed by Facebook or other companies and very often are the main source of propaganda materials and recruitment information.

Dr. Roguski: That is the other aspect of this international cooperation. Because what terrorists do is that they set up severs in countries with limited technical capabilities and attempt to go under the radar of international law. The United States cannot close servers that operate in Uganda, for example.
A very important aspect of international cooperation, in this case, is surveillance conducted by the so-called Five Eyes alliance (Australia, New Zealand, Great Britain, Canada, and the US).

This may be one of the most important aspects – how do we solve the problem of threatening citizen privacy but also uncover information on terrorist movements. With rising state surveillance there is more demand on the market for services providing encryption of messages. The Tor browser and Telegram application are examples of private actions to protect freedom of communication. Arguably this creates more problems than solutions.

Dr. Roguski: In order to provide security to society, we have to remember that there are some values and rights which are going to come into conflict. The question is how to balance legitimate security interests on the one hand and the right to privacy, which is infringed by large-scale surveillance programs, on the other… We should not pick either of the extreme positions, so we cannot say that privacy is the most important value in this case due to our moral standards. The right way leads through the middle where, on the one hand, the state has the competence to implement targeted surveillance of individuals who pose a threat as well as to conduct broad surveillance to find those targets. On the other hand, we need to impose sufficient safeguards on these surveillance operations in order to ensure our individual privacy.

In the second part of our interview with Dr. Roguski we will discuss the impact of cybersecurity on military operations and how the international law reacts to cyber attacks.