Cyber-security: new frameworks needed to meet new threats

Commonwealth nations, large and small, must join forces to combat new forms of cyber-terrorism which are not only threatening the security of governments but emerging as rogue and illicit censors.

Mark Stephens, one of London’s top media lawyers and Vice President of the Commonwealth Lawyers Association, told delegates to the Commonwealth Parliamentary Association conference that the game of censorship has escalated to “new and dangerous levels.”
He said that until recently, national courts have relied on the transparency of the rule of law to define what is defamatory, unflattering, critical of governments and even in breach of Official Secrets legislation.
However the game has now changed and regimes themselves are sometimes using firewalls – as seen in China and Saudi Arabia – to impose censorship, both on private companies but also to rein in journalists or media. Google in China, he said, was the most recent example.
The workshop also heard reports from Smt. Meira Kumar MP, the Speaker of Lok Sabha of India, New Zealand MP, Mr Shane Ardern and Dr Lim Wee Kiak MP from Singapore.
Dr Kiak said Singapore has been working to provide a new legal and logistical framework to counter cyber-terrorism and is now drafting a cyber-incident command and control structure to ensure that national responses are fast and co-ordinated.
“The challenge for all of us is to see how together we can stop them, share information and have a collective response.”
Mr Stephens told delegates said that the newest form of cyber-terrorism – known worldwide as Denial of Service attacks (DNS) – poses entirely new and complex challenges as they require a network of tens of thousands of compromised computers, collectively known as ‘botnets’, to flood a website’s servers with simultaneous page view requests. This effectively cripples the site as it means legitimate traffic is unable to get through.
Building these illegal networks require hackers first to gain control of the PC and then to exploit vulnerabilities within the computer’s operating system. Installing malicious software then provides ‘always on’ remote access.
Mr Stephens told delegates to the workshop on ‘Threats to International, National and Personal Security’ on Tuesday that enterprising cyber criminals have now even been found to be offering these so-called botnets for ‘lease’ for use in spur-of-the-moment attacks.
“Once a machine has been compromised it can be called into action by the hacker at a moment’s notice,” he said.
“Security experts at MacAfee estimate that between March and July this year, 14 million computers worldwide were enslaved by botnets. All the hacker needs to do is run a small program that communicates with all the computers they control and it can then command those computers to start dialing out across the internet to a specific server or website. The same outcome can be achieved by large, state controlled computers acting the same way.”
Delegates heard that moves to stop publication of material deemed top secret or confidential would have been tested in a court of law in the past but now, the unscrupulous can simply make similar electronic attacks against any site – be it an opposition party, to a commercial enterprise to NGOs and ‘netizens’.
“This can easily escalate into a cyber war which no state can win and which will galvanize miscreants to attack government sites…the short point is that denial of service attacks will reap retribution on legitimate governments and businesses and present a challenge for all of us across the Commonwealth,” Mr Stephens said.
“The question for us is how to properly and fairly regulate the internet, in the collective interest and the good of society…responsibly we must reach out to help protect legitimate forces of dissent around the world, so that others may receive all shades and colours of opinion on matters of moment of the day”.

Image: iStockphoto