Researchers propose cyberwar framework

An international team of researchers has urged nations to support the use of honeypots and data mining in the fight against cyber terrorism.

Highlighting growing rates of online crime and sabotage, the team suggested that privacy laws and a lack of international cooperation stood in the way of a more “active” approach to counterterrorism.

Arash Barfar from the University of South Florida and collaborators from Tehran suggested a cyberwar framework in the journal of Internet Technology and Secured Transactions this month.

“Considering that the consequences of the acts of terror can be catastrophic in every country, the pattern of counter terrorism has changed from passive to active,” the team wrote.

“This should also reflect in online environment.”

Barfar and his colleagues highlighted two possible uses of the internet by terrorists: as a platform for attacking critical infrastructure and networks; and to recruit, train, communicate with other terrorists and gain information about physical targets.

The researchers made 11 suggestions in their framework, calling for international “summit meetings” of judiciary systems and secret services of different countries to revise legislation and strengthen cooperation.

They recommended the development of a “privacy-sensitive data mining” plan that would allow crime fighters to trace suspicious people without attracting the ire of civil liberties and human rights groups.

Further, they warned that entrapment laws and legal loopholes could put at risk organisations utilising ‘honeypots’ – commonly used in the IT security industry to attract and detect attacks.

Private-public sector cooperation was another concern, the researchers reported, noting that organisations tended to be reluctant to disclose security breaches for fear of reputational damage.

“No system owner wants to lose its customer base just because it was attacked,” the researchers wrote.

“[But] every organisation faces the threat from cyber terrorism … building individual defences will not always be enough to reduce threats.”

The researchers’ call for collaboration echoed those of Verizon Business this week, and Citibank’s country fraud risk manager Wayne Howarth who last month told a payments technology conference that industry, law enforcement and consumers had to work together to protect credit and debit card data.

Australia was also part of a Virtual Global Taskforce of police looking to combat child exploitation, and planned to formally adopt a European cybercrime treaty that aimed to facilitate collaboration between the 47 nations involved.