Specific aspects of the legal and regulatory framework for cybersecurity in different countries of the world in the context of the international security system

Размещено на http://www.Allbest.Ru/

National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute”, Ukraine

Institute of Special Communications and Information Protection

Specific aspects of the legal and regulatory framework for cybersecurity in different countries of the world in the context of the international security system

S. Horlichenko, Sci. Researcher

Summary

Cybersecurity is emerging as a critical issue in contemporary international law, with significant implications for the security of nations. The use of information and communication technologies poses potential threats to various aspects of societal and state functioning, prompting the international community to explore the establishment of a comprehensive legal framework for cooperative efforts in the area of cybersecurity.

The article describes the evolution of regulatory and legal mechanisms dedicated to securing cyberspace. The narrative emphasises that the establishment of rules governing activities in cyberspace requires careful consideration of cybersecurity, the protection of personal data, and the fight against cybercrime and cyberterrorism.

Looking to the future, the analysis of international legislation identifies areas for improvement in the area of cyberspace security under current conditions.

Keywords: cyberspace, cybersecurity, cyber threats, cybercrime, international law.

Introduction

In academic discussions, there is often a misconception that cyberspace is synonymous with the Internet alone, a misconception that stems primarily from the lack of a universally agreed definition of "cyberspace". Conversely, the US Department of Defense offers a characterisation that considers cyberspace to be "...a domain characterised by the ability to use electronic and electromagnetic means to store, modify, and exchange data through networked systems and associated physical infrastructure" [1].

Notably, on 7 November 2016, China enacted the Cybersecurity Law, which outlines regulations on the conduct of network product and service providers with respect to the collection, storage, and processing of user data, as well as the protocols and specifics governing the security of information infrastructure in strategically important sectors. The primary goal of this law is to protect China's national "cyber sovereignty" [2].

Analysis of the latest research and publications. Issues related to international cooperation in ensuring the security of cyberspace have been extensively studied by scholars such as K. Bashak [7], V. Babakin [14], M. Hraivoronskyi [17], O. Polyakov [22], and V. Lukianchykova [24]. The authors have dealt with theoretical aspects of various issues related to the establishment of international information security, and they have also discussed cooperation within regional international organisations.

The development of the European Union's cybersecurity strategy has attracted the attention of scholars such as Zabar I.M. [23], Grubinko A., Orlov O.V. [18], and Onishchenko Y.M. Their focus includes examining the EU's unified legal approach to combating cybercrime, promoting international cooperation in cyber and information security, combating cybercrime, and studying specific cases of cybercriminal activity.

Academic literature acknowledges that the importance of cyberspace, and cybersecurity in particular, gained prominence after the 1990-1991 Gulf War. This conflict, characterised by the use of advanced military technology, was accompanied by an extensive information campaign and media coverage [3].

In the aftermath of these events, the concepts of "information warfare" and "cyberwarfare" have been reassessed by scholars and policymakers. Cyberspace has come to be perceived as a "fifth space" used to achieve political objectives through information and communication technologies [4].

The aim of this research is to examine the specific aspects of the legal frameworks governing cybersecurity in different countries around the world, in the context of the international security system.

Issue overview: Cyber-attacks and the state of the global economy are often highlighted in the international media as top concerns. In particular, Japan expresses the highest level of concern about cyber threats, with notable levels of concern also observed in countries such as the United States, Germany and the United Kingdom [4].

The proliferation of information and communication technologies and the advent of the Internet have given rise to new concepts in international security, notably "cybercrime" and "cyberterrorism". At the same time, the formulation of a comprehensive cybersecurity strategy as an integral part of national security is becoming increasingly important at the global and international level. Cybersecurity policy has a key role to play in shaping this overarching strategy.

At the intergovernmental level, it is imperative to address issues related to the application of existing international legal norms and principles to the information domain, as well as the formulation of specific codes of conduct in cyberspace. This is essential for the establishment of legal frameworks to counter the unlawful use of information and communication technologies.

Summary of key material

The concept of regulating cyberspace through international law is not a new one. Since 1996, there have been ongoing attempts to establish an international legal framework for cyberspace, with proposals coming from legal experts, business representatives and states. Within the field of international legal principles, three dominant ideas have emerged regarding the structuring of cyberspace: liberal institutionalists, cyber-libertarians, and statists.

Liberal institutionalists argue for an important role for international institutions in policing cyberspace [5]. Cyber-libertarians, on the other hand, argue that cyberspace should remain free of tyranny and oppressive regulation in order to preserve Internet freedom [6]. Statists argue that it is the responsibility of the state to formulate national and international laws governing cyberspace [7].

In international law, jurisdiction is closely linked to the entities involved in international relations and the territorial boundaries where the law can be officially enforced [8]. The participants in cyberspace cover a broad spectrum, ranging from state entities and large Internet corporations to small and medium-sized enterprises and individual users. Each of these entities has a different perspective on the regulation of cyberspace.

Determining which entities are legitimate and fall under the jurisdiction of international cyberspace law remains a formidable challenge. The international community has yet to reach a consensus on the nature of cyberspace - whether it constitutes a global common or falls under the sovereignty of the states where operations take place. These complexities pose significant hurdles in defining the jurisdiction of contemporary international cyber law.

The intricacies of cyberspace further complicate issues related to arbitration. International law requires clear mechanisms for dispute resolution and arbitration to establish accountability between actors [8]. Despite the existence of arbitration in cyberspace, particularly in the areas of trade and crime, such processes are predominantly conducted within national legal systems rather than an international court [9]. This arrangement raises concerns about the impartiality of the law, as certain states may have more influence in such scenarios. However, the potential for international arbitration in cyberspace does exist. The Permanent Court of Arbitration in The Hague may be well positioned to handle cyberspace disputes, given its current jurisdiction over cases related to space, energy and the environment. regulatory legal protection cyber terrorism security cyberspace

When considering arbitration, it's important to take into account the challenges in cyberspace related to legal instruments and judicial practices, which manifest themselves at both national and international levels. High-tech countries have relatively well-developed legal frameworks for cyberspace. In the United States, for example, there are three main federal regulations: HIPAA (1996), the Gramm-Leach-Bliley Act (1999) and the Homeland Security Act (2002). Similarly, France has adopted and expanded its legal framework for cyberspace since 1988 [10].

However, the unique nature of cyberspace, characterised by its virtual nature as a global information domain where distance is irrelevant, introduces certain complexities. As a result, the universally accepted principles and norms of international law may not apply seamlessly to cyberspace through a simple extrapolation of conventional concepts. Concepts such as "act of aggression", "use of force" or "armed attack" may not be directly applicable to every computer-based attack. Moreover, the concept of "information warfare", as commonly used by political scientists and the media, cannot be directly equated with the concept of "war" in the international legal sense. While some existing state obligations can be fulfilled in cyberspace, adjustments need to be made based on the unique characteristics of this virtual domain. It is important to recognise that adapting the conceptual underpinnings of the current international legal order to address threats in cyberspace may be challenging.

The authors of the Tallinn Guidelines on the Application of International Law in Cyber Warfare argue that cyberspace should be treated similarly to other domains of human interaction and does not require a different legal approach. They argue that the fundamental principles of international law and the norms of international humanitarian law are relevant to actions in cyberspace. For example, the Tallinn Guidelines interpret the term "weapon" to include cyber technologies and suggest that significant cyber-attacks could be considered an "armed attack" under Article 51 of the UN Charter [11].

These guidelines focus on two key aspects: "jus ad bellum", which outlines the conditions for the use of force by a state in international relations, and "jus in bello", which defines aspects of humanitarian interest in conflict situations. As is widely recognised, the UN Charter serves as the primary source of jus ad bellum law, while the Hague Conventions, the Geneva Conventions and other international treaties elaborate on the norms and principles outlined in these conventions and serve as the primary sources of jus in bello.

Nevertheless, it's crucial to remember that, as the International Court of Justice's Advisory Opinion on the Legality of the Use of Nuclear Weapons states, the right to self-defence does not depend on the type of weapon used in the attack; the mere occurrence of the use of force is sufficient [1 2].

An examination of current practice reveals an expanding interpretation of the concept of "weapon". For example, the 11 September 2001 terrorist attack in New York, which involved the use of hijacked aircraft by terrorists, was effectively treated as an "armed attack" under Article 51 of the UN Charter. In this scenario, civilian aircraft, which are not inherently weapons, were transformed by their misuse into instruments of attack. Consequently, the United States, with international support, asserted its right to individual and collective self-defence.

Customary international law recognises that not every use of force constitutes an armed attack. The judgment of the International Court of Justice (ICJ) of 27 June 1986 in the case of military and paramilitary activities in and against Nicaragua established the "scale criterion" for determining an armed attack by one State against another. This criterion has subsequently been confirmed in several judgments of the International Court of Justice [13].

To be objective, it's important to note that not all states recognise the scale criterion. For example, the US State Department objected to the application of the scale criterion by the International Court of Justice in the Nicaragua and oil platforms cases [14].

Under existing international law, the use of force in response to an "armed attack" requires attribution of the attack to another state. In the context of cyberspace, identifying the perpetrator of an attack and determining whether it is state-controlled pose significant challenges. While the location of the target is obvious, the location of the source is often elusive [15].

These situations highlight the challenges of applying current norms of contemporary international law to cyberspace. Discussions with technical experts specialising in information and communication technologies, in particular with regard to military applications, could help to address many issues in this area.

When considering the establishment of new rules to govern cyberspace, current state efforts are primarily focused on specific areas such as human rights and privacy. In addition, not all states are enthusiastic about developing a modern and effective cooperation mechanism and are openly opposed to the creation of new international legal instruments. As a result, a comprehensive international legal framework for cyberspace is currently lacking.

The only multilateral treaty dealing with information technology crimes is the Convention on Computer-related Crime, ratified in Budapest on 23 November 2001. Discussions are underway to promote customary international law as the basis for international law in cyberspace. However, such a shift would require a reconsideration of existing practices and legal instruments at the national level, which is currently unlikely given the differences in national legal systems relating to cyberspace in different countries.

It's important to remember that this Convention was drafted at a time when information and communication technologies were less advanced and many forms of network threats such as "botnets", "phishing", "spam", etc. were not yet recognised. As a result, Article 1 of the Convention, which provides definitions, and subsequent articles of the Convention do not explicitly address these terms used by criminals.

We need to recognise another category of cybercrime that involves the theft, transfer and misuse of personal data for criminal purposes, in particular identity theft. Although not explicitly covered by the Convention on Cybercrime, this type of crime has increased since the adoption of the intergovernmental document. Some countries categorise these offences separately, while others argue that they can be dealt with under different articles of criminal law [1 6]. This situation underscores the need to classify such crimes as a distinct category and to harmonize international legislation in this area.

International institutions such as the International Telecommunication Union (ITU) and the Internet Corporation for Assigned Names and Numbers (ICANN) are working to develop global rules. However, these organisations face challenges because international law is primarily used to combat cybercrime and resolve technical issues, and there is a lack of comprehensive and binding legal instruments and case law [19]. As a result, the current state of international law in cyberspace is of limited effectiveness and poses difficulties for state actors in its implementation.

The development of international law in cyberspace has accelerated with the emergence of digital sovereignty. Digital sovereignty refers to the control and governance of access, information, communications, networks and infrastructure in the digital domain by global entities [20]. This concept has gained prominence in recent years, fuelled by three significant developments in cyberspace: The China-Russia collaboration in advocating digital sovereignty, high-profile cases such as Snowden and Wikileaks, and the rise of large tech conglomerates such as Google, Apple, Facebook and Amazon (GAFA).

The Snowden-Wikileaks incidents drew widespread attention to security and privacy concerns, triggering a wider discussion on the economic implications. The unchecked practices of large internet companies, in particular GAFA, raised concerns about monopolies and prompted the European Union to reassess its digital ecosystem. The EU wanted to ensure competitiveness, open access and opportunities for the Internet across Europe.

In the current landscape, the future of global cyberspace is being shaped by two concurrent and influential trends. On the one hand, there are official international efforts to demilitarise cyberspace and prevent it from becoming a new arena for armed conflict. On the other hand, a de facto process of polar confrontation is underway. Despite the efforts of international organisations such as the UN to influence this dynamic, their intentions appear fragmented. This is evident in various decisions and resolutions, including the UN General Assembly Resolution A/RES/55/63 of 4 December 2000 on the criminal misuse of information technology. The adoption of this resolution was influenced by the conclusion of discussions on the Convention on Cybercrime. Following the assessments of several international congresses and conferences on cybercrime, significant changes were made to the operative part of the resolution [21].

In applying the principles and norms of contemporary international law to the information domain, it is imperative to consolidate the existing legal framework for cyberspace. These efforts should take into account the unique characteristics of cyberspace in order to more effectively combat the illicit use of information and communication technologies.

The application of international law to entities in cyberspace faces limitations in three key areas: jurisdiction, dispute settlement and adjudication. Current developments in the concept of digital sovereignty may impede the effective implementation of international law in cyberspace by state actors. Consequently, there is a need for broader efforts to formulate rules for the use of cyberspace that emphasise the principles of freedom and inclusiveness within global norms.

In summary, key documents within the international legal framework for securing cyberspace include the UN Cybersecurity Strategy, the Declaration on Principles Governing the Conduct of States in Cyberspace, and the Convention on Cybercrime. These documents define basic concepts of cybersecurity, establish principles for the protection of critical infrastructure, and address the challenges of cybercrime. For example, the Declaration on Principles in Cyberspace outlines 13 principles for state action, emphasising the protection of human rights and Internet freedom. The Convention on Cybercrime lays the foundation for an international legal framework, establishing rules for defining and criminalising cybercrime and promoting international cooperation. These documents play a crucial role in promoting cooperation among states and establishing standards in the area of cybersecurity.

Conclusions

In essence, the creation of international legislation for the protection of cyberspace is a challenging endeavour that requires concerted initiatives by states at the national and international levels. Regulating activities in cyberspace requires careful consideration of cybersecurity, the protection of personal data, and the fight against cybercrime and cyberterrorism.

To ensure the effective protection of cyberspace, continued efforts are needed to advance international legislation and to develop new technological and organisational solutions to enhance cybersecurity. Recognising cyberspace security as an integral part of overall security, it remains imperative for States and the international community to prioritise the continued development of international cybersecurity legislation.

References

1. National military strategy for cyberspace operations (2006) (USA).

2. Почепцов, Г.Г., & Чукут, С.А. (2006). Інформаційна політика. Знання.

3. Poushter, J., & Manevich, D. (2017). Globally, people point to ISIS and climate change as leading security threats.

4. Timothy, W. (2017). Cyberspace sovereignty - the internet and the international system. Harvard Journal of Law & Technology, (10), 647-666. [in English].

5. Barlow, J.P. (2018, 7 лютого). A declaration of the independence of cyberspace. Electronic Frontier Foundation.

6. James, L. (2018). Sovereignty and the role of government in cyberspace. Brown Journal of World Affairs, (16), 55-65.

7. Basak, C. (2010). International law for international relations. Oxford University Press.

8. Kittichaisaree, K. (2017). Public international law of cyberspace: Т. 32. Lgts. Springer Cham.

9. Octopus cybercrime community. (б. д.). Council of Europe.

10. Schmitt, M.N., & Vihul, L. (2017). Tallinn manual 2.0 on the international law applicable to cyber operations. Cambridge University Press.

11. Summaries of Judgments, Advisory Opinions and Orders of the International Court of Justice 1992-1996, № ST/LEG/SER.F/1/Add.l (1998).

12. Case concerning military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America), reports of judgments, Advisory Opinions and Orders (1984).

13. Савчук, К.О. (2013). Міжнародний суд ООН як засіб мирного розв'язання міжнародних спорів у сучасному міжнародному праві. Часопис Київського університету права, (4), 341 -347.

14. Бабакін, В.М. (2011). Особливості міжнародного співробітництва при розслідуванні кіберзлочинів. Форум права, (4), 27-35.

15. Конвенція про кіберзлочинність, Міжнародний документ №2824-IV (2001).

16. Winterford, B. (2012, 6 червня). Clean IT project considers terrorist content database. itnews.

17. Орлов, О.В., & Оніщенко, Ю.М. (2014). Попередження кіберзлочинності - складова частина державної політики в Україні. Теорія та практика державного управління, 1(44), 9-15.

18. Executive summary of ITU-T SG9 meeting (fully virtual, 6-14 September 2022). (2022, 14 вересня). ITU Committed to connecting the world.

19. Couture, S., & Toupin, S. (2019). What does the notion of "sovereignty" mean when referring to the digital. New Media & Society, (21), 2305-2322.

20. Combating the criminal misuse of information technologies, Resolution adopted by the General Assembly №A/RES/55/63 (2001).

21. Поляков, О.М. (2021). Активізація міжнародної співпраці у сфері забезпечення кібербезпеки: Шляхи удосконалення в реаліях сьогодення. Інформація і право, 2(37), 129-138.

22. Забара, І.М. (2013). Міжнародна інформаційна безпека: Сучасні концепції в міжнародному праві. Теорія і практика правознавства, (2), 1-11.

23. Лук'янчикова, В.Ю. (2013). Кіберпростір: Загрози для міжнародних відносин та глобальної безпеки. Гілея: Науковий вісник, (72), 793-796.

Размещено на Allbest.Ru