Academic journal article Journal of the Association for Information Systems

Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles

Academic journal article Journal of the Association for Information Systems

Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles

Article excerpt


Information Cyberattacks present serious threats to national infrastructure and defense systems as well as to the private sector. Cyberattacks can be defined as "actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves" (Joint Chiefs of Staff, 2009, p. 111). Such threats not only have private-led origins, but also state-led origins.

In this paper, we propose a framework that can prevent state-led cyberattacks (SLCAs), which state agencies themselves and/or employed individuals or companies conceive of and operationalize. SLCAs are capable of attacking not only military and governmental systems but also critical civilian infrastructure, such as financial systems, telecommunication systems, energy systems, transportation systems, and private corporations. In contrast, private-led cyberattacks (PLCAs) may also threaten governmental systems, as well as private companies, homes, individuals, and civilian communities, but do so mainly to gain illegal economic advantages through ransomware, phishing and/or stolen credit cards. By private actors we mean nonstate actors, including individuals, ordinary citizens, script kiddies, hackers, "hacktivists" (such as Anonymous), "patriot hackers" (a student-run cybersecurity group formerly known as the Electric and Computer Hacking Organization), cyberinsiders, cyberterrorists, malware authors, cyberscammers, organized cybercriminals, and corporations (Sigholm, 2013).

To characterize the nature of SLCAs, we collected seven typical SLCA cases and contrasted them with three illustrative PLCA cases. To compare and contrast their differences and commonalities, we organized the cases according to the following eleven perspectives: attack purposes, targets of attacks, origin country, attack means and methods, attack routes, timing, duration, preparation period, investigation period, consequences, and applicable laws. We found that the specific actors, purposes, targets, attack timing, means, methods, and circumstantial evidence pertaining to SLCAs differ significantly from those of PLCAs despite the fact that the basic technologies for both are nearly identical. Because attacking countries do not admit their responsibility, origin traceability technology alone cannot identify the origins of SLCAs. Thus, an analysis of other evidence, such as repeated introductions of malware from a particular country and/or circumstantial evidence, should be considered as well.

Assuming that the sources of anonymous cyberattacks from global origins are uncontrollable, current cybersecurity systems primarily attempt to defend their own systems reactively. To overcome such a limitation, the concept of the Bright Internet was recently proposed as a framework for preventive security that makes the origins of malicious cyberattacks transparent, traceable, and identifiable. In the current paper, we adopt the Bright Internet framework for preventing SLCAs by adopting its five principles: origin responsibility, deliverer

responsibility, identifiable anonymity, global collaboration, and privacy protection (Lee et al., 2018, Lee, 2015).

By adopting the Bright Internet framework, the premise is that transparency can deter the generation of SLCAs from member countries who conform to the principles of the Bright Internet. Among member countries, participating governments will monitor for the malicious emission of cyberattacks within their own countries according to established responsibility chains which can be inherited from the international law on the Responsibility of States (2001). However, the origins of SLCAs may not be fully identifiable if cyberterror countries do not honestly report the malicious origins, especially when plotting SLCAs.

Moreover, not all states may agree to become members of the Bright Internet. Therefore, it is necessary to add a complementary measure, which we term the Internet Peace Principles, which prohibits the use of the Internet as a weapon for attacking other countries or as a means of detoured malicious attacks. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.