Cyberspace is an exceptional, human-made domain that was created for the facilitation of communication and can be characterised as a worldwide interconnected infrastructure. It has enabled free interchange of data via a networked system for more than half of the world’s population. Emerging threats in cyberspace currently pose new hazards and challenges to societies around the world. These threats have the potential to undermine the safety of citizens and disrupt political, social and economic life.
To intellectualise cyberspace security, we need to understand the difference between two risk magnitudes: risk to cyberspace and risk through cyberspace. The risk of cyberspace can be considered as a threat to the physical infrastructure of communication technologies. The threat through cyberspace, on the other hand, is a danger posed by cyberspace itself and is enabled by the usage of its technologies.
The risk to cyberspace
Even though the internet was developed to become a mainly strong network, its growth and change of status from a small web of interconnected devices to the global hub of social and economic life introduced a wide range of security vulnerabilities to its physical structure. After being targeted many times with a malicious intent to bring disruption, many states have acknowledged cyberspace as a ‘key national asset’ and have planned to establish special organizations that will protect critical infrastructure, thereby reducing risks to the normal functioning of the network.
It is important to remember that cyberspace is a prerequisite for the existence of universal capitalism in its current form. Therefore, emerging risks to cyberspace threaten to undermine international capital marketplaces and disturb prevailing economic order. Consequently, the security needs of cyberspace infrastructure and flow of information coincide with some of the national security essentials and have to be sheltered by government actors. To this end, the Communications Security Establishment Canada (CSEC) and the National Security Agency (NSA) have established national encryption standards and protection protocols.
Furthermore, the task of safeguarding critical infrastructure from deliberate attacks and other risks pressed many states to develop policies related to the ‘offensive operations in cyberspace’.
Risks through cyberspace
The technological burst of the previous decade was linked to the creation of civic networks that facilitated the establishment of social and political activities of numerous nations more efficiently and permitted uncountable entities to promote their ideas without the assistance of intermediaries like radio and press. New media channels enabled a substantial shift in the landscape of public discourse by carrying sweeping variations to countries like Egypt. Nevertheless, cyberspace has also been progressively utilised to disseminate the minority opinions of terrorist organisations.
Such elements have utilised information and communication technology for disseminating their military doctrines and promoting extremist activities. Many jihad-oriented groups have been recognised to explore the anonymous nature of cyberspace for radicalisation and recruitment amongst different societies. Furthermore, they have also used them for funding terrorist activities and building interaction with radicals all over the world. Additional challenge presented by cyberspace is the ever-increasing criminal activities: online extortion, Distributed Denial of Service (DDoS) attacks, and unauthorised access.
Cyber Terrorism in Pakistan
The presence of extremist and radical groups on the internet is an old phenomenon as they have been manifesting their appearance in cyber space since their inception. However, their dependency in cyberspace operations has expanded for the last two decades. The cyber terrorism threat has evolved into a multi-faceted and complex riddle where various conceptual doctrines are changing the world into a cyber-war. By 2000, all terrorist groups virtually had set up their online presence around globe and cyber space activities were conducted by terrorist organisations operating in Pakistan.
Terrorist organisations including Islamic State (IS), Jamat ud Dawa (JuD), Baloch Liberation Army (BLA) and Lashker-e-Tayyaba (LeT) have been showing their presence online and utilising social media for assistance and execution of terrorist attacks and uploading/sharing videos of their attacks on social media which creates a sense of insecurity among the people. These organisations use cyber space for fundraising, online recruitment, psychological warfare, propaganda, and information-sharing. Therefore, existing cyber laws and national cyber security policy 2021 should be implemented in Pakistan efficiently and effectively for curbing, controlling and coping with modern crimes and potential threats to our people and critical national infrastructure.
Cyber warfare is usually defined as a cyber-attack or series of attacks that target a country. It has the potential to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of lives.
According to the Cyber security and Infrastructure Security Agency, the goal of cyber warfare is to ‘weaken, disrupt or destroy’ another nation.
A cyber-army is a group of soldiers highly skilled in information technology with cyber skills. Cyber-armies are the unseen military cyber power which countries should employ to maintain national cyber security.
The establishment of National Centre for Cyber Security (NCCS), PECA-2016, FIA NR3C, CERT, and National Cyber Security Policy of Pakistan are valuable initiatives of our government to curb, control and cope with potential threats of cyber-crimes in Pakistan. The United States Cyber Command (USCYBERCOM) is a United States Armed Forces Unified Combatant Command.
Numerous risks to cyberspace and through cyberspace result in a long-term negative impact on business, development, defence and government activities. Therefore, all cyber threats have to be properly addressed by security agencies and other organisations by proper implementation of cyber laws along with policies, risk and vulnerability assessment frameworks, and awareness amongst the common people.