Trends and Tactics in Cyber- Terrorism Presented by Li Jingjing Information Security Supervision Bureau (ISSB) Ministry of Public Security (MPS) China
Outline What s Cyber-Terrorism? Crime Types and Trends of Cyber- Terrorism Tactics and Countermeasures on Cyber- Terrorism Proposals
What s Cyber-Terrorism?
What s Cyber-Terrorism According to criminal law of China, terrorism is attributed to the crime endangering public security. So is cyber-terrorism. We can define it by two aspects : Intention mass loss of lives severe economic damage to generate public panic comparable to that from a physical act of terrorism. to disturb social and public order The intention of cyber-terrorism is the same as that of traditional crime.
What s Cyber-Terrorism Result The object of damage is unspecified. To be as one of endangering public security crimes, cyber-terrorism usually imperils public lives and property. The result of damage is uncertain. The scope affected and harm degree of crime result is out of the criminal s expectation and control.
What s Cyber-Terrorism The difference between Hacking and cyberterrorism characteristics Hacking Cyber terrorism Intention Result Aim to cause lesser disruption would not result in severe economic damage or loss of life. Not want to generate social panic Not intending to disturb public order The object of damage is specified ----usually imperial the information system of certain subject. The result of damage is certain----control the result at the certain scope and degree. Aim to cause mass loss of lives or severe damage of economy Want to generate social panic Intend to disturb public order The object of damage is unspecified The result of damage is uncertain
Crime Types and Trends of Cyber-Terrorism
Crime Types and Trends of Cyber-Terrorism Crime types Cyber as object: Terrorist attacks critical information infrastructure to cause mass loss of lives, severe damage of property or disorder of society. Cyber as tool: Terrorist tend to facilitate traditional forms of terrorism by using Internet to: organize and command on internet communicate with each other threaten the victims distribute terror information or rumors. recruit supporters. impart the method of terrorism. acquire intelligence in support of physical violence.
Crime Types and Trends of Cyber-Terrorism Trends Due to being the vitals of homeland security, economic development and public order, the critical information infrastructure has become the main target of cyberterrorism. Therefore, it is necessary to reinforce the security of the critical information infrastructure. With the rapidly development of internet industry, internet is exploited as important tool and channel by terrorists. Owing to application of divers information technology, the targets of cyber-terrorism will include not only computer network but also other digital devices.
Crime Types and Trends of Cyber-Terrorism Trends Compare with traditional crimes, cyber-terrorists are more easier to disguise their identities and the damage is more severe. So both investigation and information security safeguard will confront with new challenges. Cyber-terrorism often involves multiple places or countries, so it is essential to establish efficient mechanism of intelligence sharing and legal assistance between different countries or regions.
Tactics and Countermeasures on Cyber-Terrorism Protection prevention Emergency response And recovery Investigation
Tactics and Countermeasures on Cyber-Terrorism Organ organ of information security safeguard State Council of China State Informatization Leadership Group The National Network and Information Security Coordination Team Different departments of government
Tactics and Countermeasures on Cyber-Terrorism organ of information security safeguard 2000, Chinese government established State Informatization Leadership Group (SILG ) which included the National Network and Information Security Coordination Team (NNISCT ). NNISCT is in charge of : researching and enacting strategy and policy of national information security safeguard. organizing and coordinating related departments of government to protect critical information infrastructure. mobilizing and directing computer emergency response. improving information sharing and notification.
Tactics and Countermeasures on Cyber-Terrorism organ of law enforcement Organizational structure Information Security Supervisory Bureau (ISSB) of Ministry of Public Security (MPS ) Provincial Information Security Supervisory Department Regional Information Security Supervisory Department
Tactics and Countermeasures on Cyber-Terrorism Legislation 1: Cyber as object The legislation of China emphasizes the protection of critical information infrastructure. Article 285, Criminal Law Whoever intrudes into information systems concerning state affairs, construction of defense facilities, or sophisticated science and technology will be sentenced no more than three years in jail. For those who intrude into the information systems related to critical infrastructure, no matter the systems were damaged or not, the intruders will be punished.
Tactics and Countermeasures on Cyber-Terrorism 1: Cyber as object Article 124, Criminal Law Whoever sabotages radio and television broadcasting facilities, public telecommunication facilities, and endangers public safety is to be sentenced a maximum imprisonment of seven years. Only the public telecommunication facilities were mentioned in this article, however, it would be better to include all the critical information infrastructure.
Tactics and Countermeasures on Cyber-Terrorism 1: Cyber as object Modification Act Ⅲ of Criminal Law In Dec. 2001, the criminal law was amended to combat terrorism. Several articles related to terrorism were renewed. Administrative Penalties Law for Public Security In Aug. 2005, National People s Congress enacted Administrative Penalties Law for Public Security. It provides that whoever illegally intrude or impair general information system, which is not serious enough to be a crime, he will be gotten administrative penalty.
Tactics and Countermeasures on Cyber-Terrorism 2: Cyber as tool Modification Act Ⅲ of Criminal Law Any person who seriously disturbs social order by knowingly disseminating terror information of a fabricated fact will be punished with a maximum imprisonment of five years. Most of this kind of cases were committed through Internet. Administrative Penalties Law for Public Security If a person disturbs social order by distributing rumor related to danger, plague or others, and it generate public panic, he will be gotten administrative penalty.
Tactics and Countermeasures on Cyber-Terrorism Policies Chinese government constitutes many policies to protect critical information infrastructure, such as: national information security strategy It confirms the goal, tactics, measures and safeguardsupporting works of protection for critical information infrastructure safeguard. regulation and standard of grading protection of information security other policies of information security industry.
Tactics and Countermeasures on Cyber-Terrorism Prevention and Management Carry out the system of grading protection of information security. All the critical information systems are asked to be evaluated by third party and divided into 5 grades. According to the regulation and standard, the critical information system with specified grade should be taken corresponding safeguards and supervised by government. Adopt crisis evaluation of information system in order to reinforce crisis management for critical information infrastructure.
Tactics and Countermeasures on Cyber-Terrorism Prevention and Management Construct and implement notification system of network and information security. In 2004, The National Network and Information Security Coordination Team (NNISCT) established National Notification Center for Network and Information Security (NNCNIS ). NNCNIS is responsible for aggregating, analyzing, assessing, notifying and early warning information concerning network and information security.
Tactics and Countermeasures on Cyber-Terrorism Prevention and Management set up and execute classified response system of cyber-emergency, so as to enhance capability of response for critical information infrastructure on preventing preparing responding recovering. Supervise ISP and ICP fulfill the following legal responsibilities: Inform users of their legal burden when they apply Internet services. Report offences or crimes to police in time. Assist police to investigate cyber-terrorism or other cybercrimes. Provide related data according as legislation.
Tactics and Countermeasures on Cyber-Terrorism Crime Striking Fast crime detecting, reporting and responding mechanism are essential to combat cyber-terrorism. Set up online cyber-crime reporting website in each province. www.cyber-police.cn Beijing: http://bj.cyber-police.cn Shanghai: http://sh.cyber-police.cn established 24/7 contact mechanism among administrators of critical information infrastructure, ISP, ICP and Cyberpolice in order to efficiently deal with information security incidents occurred in critical information systems.
Tactics and Countermeasures on Cyber-Terrorism Crime Striking Enhance digital forensic technology and train staff regularly. Regulate investigation procedure for assuring the admissibility of electronic evidence. Seek technology supporting by Cooperating with institutes, information technology enterprises, ISP, ICP and other organizations. Improve cooperation and coordination with other countries and regions by Participating the international training of technology related to cyber-terrorism or other cyber-crimes. Supplying legal assistance for Japan, Korea, Hongkong of China, etc. Promoting intercourse and collaborate on legislation, computer forensic, staff training etc.
Proposals
Proposals Reinforce cooperation and coordination among the members of ARF for combating cyber-terrorism: Take effort to unify the definition of cyberterrorism so as to guide legislations of the members. Establish Point-of-contact on 24/7 basis between our law enforcement agencies. Set up efficient and effective intelligence sharing mechanism.
Cyber-terrorism An regional security Let s work together Thanks a lot