Preventive measures against state-led cyberattacks by the bright internet and internet peace principles

Abstract

The Internet has enriched the convenience and productivity of our daily lives, but the anonymity, transnationality, technical incompleteness, and lack of consideration on security issues of the Internet have led to serious cyber-security problems. In particular, State-led Cyberattacks (SLCAs) have caused a severe economic damage and threatened national security because SLCAs could be directly or indirectly provided with finance and technology in secret by a government with a political purpose. There are various efforts and developments in security technology, laws, institutions, and international cooperation areas to solve this problem. Recently, Bright Internet was proposed as a preventive security measure against cyberattacks by monitoring cyberattacks in advance and detecting the origin of the attack after an assault. However, Bright Internet has a limitation that its five Principles are only valid within Bright Internet member countries because cyber-terror countries do not agree to join the Bright Internet members and, as a result, there is a need for a complementary measure. The study, therefore, selects seven distinctive SLCA cases and three illustrative Private-led Cyberattack (PLCA) cases and analyzes them by attack purpose, means and methods, target, attack timing and others. As a result, while implementing the Bright Internet’s Principles based on a revised technology, laws, and international cooperation, the study suggests a preventive framework referred to here as Internet Peace Principles (IPPs) that is a new international agreement that every state should follow to deter SLCAs. IPPs suggest that the State should maintain peace and security and settle the disputes peacefully and abide by the international obligations in cyberspace, but not use the Internet as a weapon for attacking other countries or a means for detouring attacks. IPPs are derived by the combined approaches of Extension of Physical Conventions like the UN Charter, the Geneva and Hague Conventions, and the Responsibility of States for Internationally Wrongful Acts to Cyberspace, Expansion of International Cybersecurity Conventions like the UN Group of Governmental Experts’ recommendations, Council of Europe Cybercrime Convention, and the Tallinn Manual to Global Member Countries, and Adoption of Analogical International Norms like the Treaty on the Non-Proliferation of Nuclear Weapons and the Outer Space Treaty. For the preservation of a consistent international peace and order, IPPs propose as follows. All states should maintain international peace and security in cyberspace. States should not knowingly allow their ICTs to be used for internationally wrongful acts, should prohibit preemptive cyberattacks against critical infrastructure and civilians. Also, states should prohibit the use of SLCAs except for self-defense, should prohibit an unlimited use of cyber means and methods, and should cooperate to prevent, investigate, and prosecute cyberattacks. The offending state should take responsibility for the attack results, and an attacked state is entitled to request compensation and take legitimate countermeasures. The UN may take collective measures for the prevention and removal of cybersecurity threats, and an international governing body, namely BIGG is necessary to implement the Principles.