DOI: 10.4018/IJCWT.2019010102

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

Copyright©2019,IGIGlobal.CopyingordistributinginprintorelectronicformswithoutwrittenpermissionofIGIGlobalisprohibited.

19

Cyberpeacekeeping:New Ways to Prevent and Manage CyberattacksA. Walter Dorn, Canadian Forces College, Toronto, Canada

Stewart Webb, DefenceReport, Salt Spring Island, Canada

ABSTRACT

Cybersecurityiscomingtotheforefrontoftheconcernsofnations,organizationsandindividuals.Governmentagencies,bankingsystemsandbusinesseshavebeencrippledbycriminalandmaliciouscyberattacks.Therearemanyexamplesofcyberattacksinregionsoftensionsandarmedconflict.Therearenoimpartialinternationalmeanstoinvestigatetheclaimsandcounter-claimsaboutcyberattacks.Theinternationalcommunitymorebroadlylacksawaytodealwithcyberattacksinaconcertedmanner.Anewapproachandcapabilityshouldbeconsideredforcertaincircumstances:cyberpeacekeeping.Peacekeepinghasproveneffectiveinphysicalspace,andmanyofthesameprinciplesandmethodscouldalsobeappliedincyberspace,withsomeadjustments.Itcouldhelppreventglobalattacks,andifanattackweretobesuccessful,itcouldassistwithrecoveryandconductimpartialinvestigationstouncovertheperpetrators.ThepossibilitiesofacyberpeacekeepingteamattheUnitedNationstomakecyberspacemoresecurearewellworthexploring.

KeyWoRdSCyber Operations, Cyberpeacekeeping, Cyberterrorism, Peacekeeping, Tallinn Manual

1. INTRodUCTIoN

1.1. The ChallengeTheworldiseverincreasinglyreliantoninternet-connectivetechnology.Computerspermeatealmosteveryfacetofhumanlifeinmostpartsoftheworld,connectingpeopleinwaysthatcouldnothavebeenimagined,withthedevelopingworldbecomingconnectedatthefastestrate.Theleveloftechnologyandglobalintegrationisstaggeringevencomparedtojust20yearsago.Thisinterconnectivityisacausenotonlyofcelebrationbutalsoofdeepconcernforsecurity,aswhatmakeshumanlifeeasierandmoreefficientalsogivesrisetosignificantvulnerabilitiesandthreats,eventhepotentialforamassivedownfall.

Attacksonglobalinterconnectivityhavebecomeareality.Deliberateattacksareconductedbystatesorstate-sponsoredentitiesorgroupsornon-stateandcriminalactorswhoseektoinfiltrateandbringdownsitesandaltertheinstructionsthatcomputersgivetoindustrialmachinery,suchascentrifuges,damsandevenelectricpowergrids(UnitedStatesComputerEmergencyReadinessTeam,

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

20

2018;IndustrialControlSystemsCyberEmergencyResponseTeam,2016).Alreadywehaveseentheinternet,includingthepartsofthedeep/darkweb,usedtoinciteriotsandeventoinfluencethecourseofnationalelections.Forinstance,newevidenceiscontinuallyemergingofRussianattemptsto interfere in numerous elections, including thoseof theUnitedStates andFrance (Greenburg,2017;Pope,2018).ShortlybeforeRussiainvadedGeorgiainAugust2008,itlaunchedabarrageofDistributedDenialofService(DDOS)attack,makingGeorgianmilitarymovementsandoperationssomuchmoredifficultanddangerous(Markoff,2008).TheUnitedStatesandIsraellikelyintroducedmalwaretocausebreakdowninIraniancentrifugesatNatanz.Theseexamplesshowhowcyberattackshavetranslatedintokineticdamage.Oneproblemisthat,despitetheeffects,attributionisdifficultandinternationalmeansforimpartialinvestigationarelacking.Examplesofattacksareplenty,buteffectiveresponsesarefewandmodest.

Atpresent,theworldreliesonnationalsecurityservicesandcommercialcompaniestohandlenational cybersecurity, and there is no internationalbody toprovide some formof internationalcybersecurity.While a fewcountries aredevelopingadvancedcybersecuritymeasures, they stillremainvulnerableandmostcountriesoftheworldhavelimitedcapacitytorespondtocyberthreats.Moreover,therehasnotbeenacoordinatedinternationalefforttoaddresscybersecurityorcreatemeasuresofcommonorcollectivesecurityinglobalcyberspace.Withmanycasesofinternationalandintranationalconflict,cyberattackshavethepotentialofunsettlinganalreadyfragilepeace.Thispaperseekstoexplorenewmeansofaddressingcybersecurity,buildingonthecharacteristicsandsuccessesofpeacekeepinginphysicalspace.ThepaperproposesthattheestablishmentandactivitiesofaUNcyberpeacekeepingunitcouldlessenthethreatofconflicts,helprecovery,maintainbalanceandimprovecyberrelationsinawiderangeofscenarios.Examplesfromthepastthreatscanhelpillustratethethreatsandthetypesofcaseswherecyberpeacekeepingcouldhelp.

2. eXAMPLeS ANd MULTILATeRAL ReSPoNSeS

In2007,theEstoniacasedemonstratedhowextensivelycyberattackscouldaffectanentirecountry.TheattackwaslikelyinresponsetotheremovalofaSoviet-ErastatueoftheBronzeSoldierofTallinn.Thisshowedhowactionsinphysicalspacecanhaveramificationsincyberspace.TheremovalofthestatuerepresentedtheshiftawayfromEstonia’srecentRussianhistoryanddomination.Russianotonlyprotestedbut,inalllikelihood,supportedamassivecyberattack.Animpartialdeterminationofresponsibilitywaslacking,andRussiacouldeasilydismissandignoretheallegations.ButitcouldincreaseitsthreateningpowerfromthesuspicionswhilealsopunishingEstoniaseverely.

Thewidespreadandlarge-scaleDDOSattackcampaignwasunleashed.Bankswereshutdown,governmentemployeeswereunabletosendemailstooneanotherandthemediafounditdifficulttopublishstories.RegularlifeinEstoniaturnedtoconfusion,probablywithafewfinalstrokesofakeyboardfaraway.Onlyaftermucheffortwerecomputerservicesrestored.

InconsequenceEstonia,whichhadjoinedtheNorthAtlanticTreatyOrganization(NATO)in2004,offeredtohostanewNATOcyberdefencecentre.TheNATOCooperativeCyberDefenceCentreofExcellence(NATOCCDCOE)wasestablishedin2008asamultinationalandinterdisciplinaryhubofcyberdefenceexpertisebasedinEstonia’scapital,Tallinn.1AlthoughthecentrewascreatedtohelpmeetthecollectivedefenceneedsforitsNATOmembers,theNATOCCDCOEdevelopedtheworld’sfirst,andmostin-depth,analysisontheinternationallawapplicabletocyberattacksinanarmedconflictsituation.2DespitetheimportantcommentaryintheTallinn Manual on International Law Applicable to Cyberwarfare(henceforthTallinnManual,currentlyinversion2.0),thelegalitiesofwhatconstitutesacyberattackandappropriateresponseshavenotbeenfullyflushedoutyet.AndtheNATOCOEcannotbeconsideredanimpartialinvestigatororupholderofanyinternationalcyberlaw,especiallysinceitisbiasedinfavourofNATOandWesterncountries.

A small but more important legal step had been made earlier in Europe. The Council ofEurope drew up in 2001 the Budapest Convention on Cybercrime, the first international treaty

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

21

regardingcybercrime.TheBudapestConventionwasthefirstinternationalattemptofoutliningthelegaldefinitionsconcerningcybercrimes,whichincludedillegalaccess,interceptionofdata,datainterference,computer-relatedfraudandforgeryandotheroffences.AnAdditionalProtocoltotheConventionenteredintoforcein2003,addingthedisseminationofracistandxenophobicmaterialtothelistofcybercrimes(CouncilofEurope,2003).TheglaringcriticismwiththeBudapestConventionisthatithasnotbeencontinuallyupdatedtokeepupwithevolvingthreatsandtechnology(Celik,2017,p.106).InorderfortheConventiontobeeffective,thereneedstobeanevaluationschedulesonewthreatsandtechnologycanbeadded.

TheTallinn ManualdoesnothavethelegalstatureoftheBudapestConventionbutitdoesdealwithawiderrangeofcyberattacksandcyberwarfareissues.Itisanauthoritativebutnotaunanimouslegalinterpretationwhenitcomestothedefinitionsandlimitationsoncyberwarfare.WithinfiveyearsoftheTallinnManual1.0,asecondversionwaspublishedandaddressedsomeconcernsraisedafterthepublicationofthefirstManual(Jensen,2017,p.738).Eventuallymanyoftherulesexploredinthemanualwillneedtobetranslatedintopreciselegalinstruments.

Theconsequencesofcyberattackscanbedire,evencripplingforanattackedstate.Andtheyare happening against NATO member states. But because of the lack of an immediate physicalthreat,NATOiswaryoftriggeringtheorganization’sArticle5,whichcallsforNATOmemberstocometothecollectivedefenceofoneormorememberswhenareunderattack.So,cyberattacksonNATOcountriesandmoregenerallyhavebecomeamoresubtlewayofcausinghavocwithoutmuchchanceofretaliation(Mustonen,2015).This,ofcourse,isthechallengeofmaintaining,orbuilding,peaceandlawenforcementbetweentostates.Impartialinvestigationandprosecutionfollowedbyenforcementislacking.

Otherregionalorganizationsarewrestlingwithmeanstosecurethecyberdomain,andsmallstepshavebeentaken.In2004,theOrganizationofAmericanStates(OAS)adoptedaresolutiontitled“TheInter-AmericanIntegralStrategytoCombatThreatstoCyberSecurity,”whichplacedcybersecurityundertherealmoftheOAS’Inter-AmericanCommitteeagainstTerrorismandcalledforgreaterregionalcooperation(OrganizationofAmericanStates,2004).TheOAScreatedComputerSecurityIncidentResponseTeams(CSIRTs)thathandle“alert,watch,andwarning”responsibilitiesineachmemberstate(OAS,2018).Similarly,fortheShanghaiCooperationOrganization,whichiscomprisedofChina,Kazakhstan,Kyrgyzstan,Russia,Tajikistan,Uzbekistan,IndiaandPakistan,aimstoimprovethepolitical,economicandsecurityrelations,includingcybersecurity,amongstitsmembers.In2009,theSCOcametoan“AgreementonCooperationintheFieldofInternationalInformation Security” (Shanghai Cooperation Organization, 2008). This Agreement lays thefoundationsfortheSCOtocounterdestructivecyberattacksononeofitsmemberstates.Onceagain,itisnotanimpartialinternationalbodybutagroupingofstates,heavilyinfluencedbyregionalpoliticalagendasandseekingsomemeasuresforcyberdefence.

Thoughnotapproachingtheproblemgloballyorimpartially,theincorporationofcyberdefenceinsuchmultilateralallianceshighlightstheseriousnessofcyberthreats.Infact,smallcyberattacksmightevencausewidercyberwars,iftheattacksescalatetoalliance-levelresponses.Thereisalsothe realpossibility that amajor cyberattackcould incite a conventionalmilitary response in thephysicalworld,particularlyincaseswherecyber-kineticweaponslikeStuxnet(W32.Stuxnet,2017)aredeployed.Meansandmodelsforcyber-de-escalationneedtobeconsidered.Undoubtedly,someofthelessonsandpracticesfromconflictmanagementbetweennationsandbetweenarmedpartiescanapplyincyberspace.Oneproposaltoexploreispeaceoperationsincyberspaceorcyberpeacekeeping.

3. KeePING THe PeACe IN CyBeRSPACe

Cyberpeackeepers,possiblyworkingfortheUnitedNationsormandatedbyit,couldpatrolandactincyberspaceinasimilarfashionascurrentUNpeacekeeperspatrolandactinselectedconflictzonesoftheworld.Cyberpeacekeeperscouldinvestigatemajorattacksandhackingeventsinaccordancewith

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

22

theirspecificmandates––narroworbroad.Liketheircurrentphysicalcounterparts,theycouldbetaskedtoreducetensionsbetweenspecificnationsorotherconflictingparties,preventescalationofcyberwars,andhelpcatchglobalcybercriminals.Theycouldevenassistwithrebuildinggovernmentalcomputersystemsorcriticalinfrastructure,suchasfinancialandmediaservices,afteradamagingattack.Eventually,internationalactioncouldbetakentohelpenforcenewcyberrulesafterimpartialdeterminationsofthesourcesormodesofanattackaremade.Allthesemeansarecurrentlylackingintheweaklyprotectedcyberspace.

Theproposal is relativelynew (Dorn, 2017)3 but therewas already somemovement in thisdirectionatUNheadquarters.In2013,theUNGeneralAssemblyexaminedtheincreasingsecurityriskofinformationandcommunicationtechnologies(ICT)affectingthesecurityenvironment(UnitedNationsGeneralAssembly,2013).Alsoin2013,theChiefExecutivesBoardforCoordinationadoptedsevenprinciplestohelpmemberstates“respondtocybercrimeandcybersecurityneedsintheMemberStates”and“focusonassistingtheMemberStatestotakeevidence-basedaction”(ChiefExecutivesBoardforCoordination,2014).4

TheUN’sOfficeofInformationandCommunicationsTechnology(OICT)createdin2016a“DigitalBlueHelmets”(DBH)unitto“enhancecybersecuritypreparedness,resilienceandresponse,”mostlyforprotectionof theUnitedNationsanditsagencies(UnitedNations,2017a).TheOICTconductedresearchintopossiblecyberthreatstotheUN’sSustainableDevelopmentGoals.Ithasenvisioned DBH centres to provide the necessary “interdisciplinary cyber-security support andteachingcentres[to]bringtogetherspecialistsfromaroundtheglobetoaddressavarietyofIT-relatedissues”(UnitedNations,2017b).WiththeDBHnameincorporatingtheterm“BlueHelmets”(i.e.,aninformalnameforpeacekeepers),itforetellsofpossibilitythattheunitcouldpossiblyprevent,mitigateanddealwithglobalcyberattacksinthefuture.

TheDBHhasnotyetassistedgovernmentstoinvestigatecyberattacksorhelppreventattacksbutithashelpedmakeUNpeacekeepingoperationsmoresecureandhelpedcertainUNagencies,suchasUNOfficeonDrugsandCrime.

Establishinganinternationalcyberforensicsteamisnecessaryforthecyberpeacekeepingconcept.ItcouldbebasedontheDBHteamthatisnowgraduallydevelopingmoreexpertise.ManyattacksaredonethroughhackerswhomayormaynothaveformalaffiliationswithgovernmentsandthosehackersoftenmaskorchangetheirIPaddress,whichmakesithardertoidentifythem.AsBrenner(2007,p.420)asserts,determiningwherecyberattacksoriginate“cantakemonthsorevenyearswhendigitalevidenceisfragileandcandisappearbythetimetheinvestigatorsobtaintheassistancetheyneed.”TheDBHteamcouldundertakearolethatwouldhelpwiththeinvestigationofacyberattackwhen requested.Thiscould follow theexampleofothergovernmentalorganizationssuchas theNationalCyberSecurityCentre(NCSG)intheUK,orEuropol’sEC3.ThenewlyformedCanadianCentreforCyberSecurity(CCCS)mayalsobeapotentialmodelwheretheCCCScollaboratesnotonlywiththeprivatesector,butalsothoseinacademia(CommunicationsSecurityEstablishment,2018).Thesegovernmentalorganizationsprovidesupportforcybercrimeinvestigations.

AsoutlinedbyRobinson,etal(2018,p.3),afutureDBHteamcouldbecomprisedofpersonnelassigned by Cyber-Contributing Countries (CCCs), Cyber-Contributing Organizations (CCOs),volunteerexpertsandUNcyberstaff.Thismixofcyberstaffloanedandvettedfromvariouscountries,internationalorganizations,theprivatesector,non-governmentalorganizationsandacademiacouldengage in selected projects according to their expertise and impartiality. Although the pool ofpotentialpersonnelmayappearlarge,findingwelltrained,andspecialisedstafffromcountriesandorganizationsmaybeachallenge.However,theUnitedNationshasovercomesuchproblemsinthepastwhenassemblingpeacekeepingoperations,fact-findingmissionsandinspectionbodies.

In the future, as cyberpeacekeepers gain experience and help from advanced cyber nations(includingexpertsonloan,asisdoneinphysicalpeacekeeping),theycouldhelpinreal-timetostopcyberattacks,mitigatetheimpactofsuchattacksandassistinre-establishingnormalcybyreversingtheeffectsoftheattacks.Cyberpeacekeeperscouldalsomonitortheircyberareaofresponsibilityto

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

23

theextentpossibletopromotealastingcyberpeacebetweentwocountries(Robinson,etal.,2018,p.6).TheUNcyberrescuecrewcouldhelpmembersoftheinternationalcommunityintimesofurgentneed.

TheUNwouldhave todefine theparameters of the cyberpeacekeeping force and its cyberareas of responsibility, which could change with demand. It would have to define the how thecyberpeacekeepingunit“couldoperateinconflictandnon-conflictareasincyberspace”(Akatyev&James,2017,p.33).TheUNcyberpeacekeepingforcecouldbeexpandedtoinvestigatemassbot-generatedpropaganda.Inanycase,theforcewouldneedthecooperationofkeyUNmemberstatesandnationalorganizations.

Therecouldalsobearesearchanddevelopmentdimension.Exploitsandmalwareseekweaknesseswithincodeandevenwithhumannature—forinstance,simplecasesofnotupdatingsoftwareandwebsiteplugins,orevenclickingonanattachmentinane-mailwithoutthinkingoftherisks.Onepossibilitywouldbetoassistinthedevelopmentofcyberprotocolsforgovernment,andothersectors.Thiscouldstartsimplywithseminarsonstraightforwardmeasuresinensuringthatapotentialoutbreakcanbecontained.ItwilltaketimefortheUNandtheinternationalcommunitytocreatebindingglobalstandardsandrules,startingthoughdeclarationsandresolutionsandmovingontotreaties,tomakecertaincyberattacksillegalglobally.5Inaddition,cybersecuritymeasurescouldbetakenbetweenstatesbilaterallyorinsmallgroups,withcyberpeacekeepersplayingaroleintheimplementation.

Of course, oneof the limitationsof the international order, and an avenue that needs tobedevelopedfurther,isenforcement.Adefensivecyberforcewouldrequirerulesofengagementthatmayormaynotbelimitedtothedigitalrealm.AdefensiveactioncouldbetosimplyblockattackscomingfromacertainIPaddressorgroupsofIPaddresses,butitcouldalsomeandealingwiththeattackersincyberspaceoreventhephysicalseizureoftheircomputerequipmentthroughnationallawenforcementagenciesafterdeterminingtheattack’spointoforigin.AnoverviewofthepotentialrangeofcyberpeacekeepingtasksisgiveninFigure1.

AcyberpeacekeepingoperationcouldbeapprovedbytheSecurityCouncil,justastheCouncilapprovesapeacekeepingoperationinthephysicaldomain.Inaddition,acyberoperationcanbeapprovedalongsideaphysicaloperationorbeapartofit,particularlyifthephysicalconflictincludescyberattacks.Iftheconflictisentirelyinthecyberrealm,apurelycybermissioncouldbeinstituted.WhileUNactionagainstmajorpowersisunlikely,duetotheirveto,therehavebeenimportantcaseswheretheyhavecalledforUNassistancetoresolvedisputesbetweenthem,e.g.,theCubanMissileCrisisof1962(DornandPauk,2009).Moreover,therearecasesinconflictregionsandevencurrentpeacekeepingoperationswhereacyberpeacekeepinginitiativeisneeded.Theprevalenceofthese

Figure 1. Possible UN cyberpeacekeeping activities

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

24

cyberattacksinthepresent-dayworldalsoprovidesincentivefortheaffectedcountriestoseekoutassistancefromacyberpeacekeepingthirdparty.

4. CyBeRATTACKS IN CoNFLICT ReGIoNS

Ifwelookattheattacksofthepast,wecanseecaseswhereacyberpeacekeepingcapabilitywouldhavebeenuseful.Forinstance,NorthKoreaisbelievedtobebehindcyberattacksdirectedatbanksinatleast18countries,accordingtotheRussianfirmKaspersky(Pagliery,2017),whichitselfissuspectedofbeingundertheinfluence,ifnotcontrol,ofanauthoritarianstate(Robertson&Riley,2017).So,onceagain,animpartialmeansofinvestigationwouldbehelpfultoexaminethepreliminarydataandinvestigatefurther.Justasphysicalpeacekeepingusessoldiersborrowedfromnations,thecyberpeacekeeperteamscouldconsistofcyber-warriorsandexpertsdrawtogetherfromnationstatesforaparticularmissionortimeperiod.

AUNcyberpeacekeepingforcecanassistintrackingdownthevectorsofattackandevenpointoforiginandcreatetheframeworkforlegalordiplomaticaction.Thethreat,andrealityof,cyberattacksare a global threat and reality. States should bear a degree of responsibility if an internationalcyberattack, like any attack, originates from their state (Couzigou, 2018).But great expertise isneededtopinpointthecourseofattacks.

Israelwastargetedinacyberattackin2009duringitsoffensiveintheGazaStrip.Itisbelievedthatitwascarriedout“byacriminalorganizationfromtheformerSovietUnion,andpaidforbyHamasorHezbollah”(Pfeffer,2009).Butthesearesimplyallegations,onesthatneedtobeinvestigatedandverified.Particularly,iftheallegationsareusedtolaunchmilitaryattacks,itisimportanttohavesomeinternationalverificationprocess.Suchaverificationprocessneedstobeindependentlyrunbyanimpartialbody,suchastheUnitedNations,evenifitreliesofinputsfrommembernations.

Cyber incidentscanalsoaffectcountries thathostUNpeacekeepingmissions.For instance,cyberattacks started in the late1990sbetween IndiaandPakistan,whichhost inKashmiraUNobservermission(Vatis,2001),whichitselfmustbeprotected.Theattacksbetweenthenationsinthe1990smaybesimpleandcrudecomparedtowhatishappeningnowglobally,butIndianandPakistanihackershavecontinuedtohonetheirskills.InJanuary2017,IndianhackersarebelievedtohaveattackedMultanInternationalandKarachiairportwebsitesandeveninstalledransomware,amalwarethatencryptsacomputer’sharddriveuntilaransomispaid,usuallyinbitcoinsorotherdigital currency (Shekhar, 2017).This should cause concern, because if an international airportweretobelockedoutoftheircomputerserversitwouldcausehavocandincreasesignificantlythechanceofcasualties.Thenboththephysicalandthecyberpeacekeepingforcewouldneedtoactinaconcertedfashion.Inaddition,apeacekeepingmissioncouldalsofinditselfsubjecttoattack,soastaunchcyberdefencewillbeneeded.

Oneofthemainconcernsofpoliticiansandsecurityofficialsisamajorcyberattackthatcripplesthe country’s power grid, causing many additional catastrophes. A glimpse of this was seen inDecember2015,whenacyberattackonUkrainianutilitiesresultedinapoweroutagethataffectedmorethan225,000customers.TheUSgovernmentlaterconcludedthatthepowergridshutdownwasacyberattack.iSightpartners,nowFireEye,concludedthatitwascarriedoutbyaRussiangroup,AdvancedPersistentThreat,referredtobythecybersecuritycommunityas“Sandworm”(Volz,2016).AstudydonebytheElectricityInformationSharingandAnalysisCenter(2016,p.5)concludedthattheperpetrators“perform[ed]long-termreconnaissanceoperationsrequiredtolearntheenvironmentandexecuteahighlysynchronized,multistage,multisiteattack.”Thisattackwasplannedforsometimebeforeitwasexecuted.Regardless,theverificationprocessofwhichactorcarriesoutthese,orfuture,cyberattacksisessential.

Asmentioned,theverificationoftheattack’spointoforigincanbeastartingpointforthelocalandinternationalauthoritiestoactagainstsuchperpetrators—provideditwasnotsanctionedbyaveto-wieldingmemberoftheUNSecurityCouncil.Buteventhatstate’svetoofacyberinvestigation

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

25

couldpointtoitsinvolvementorpatronage.Andifthecyberattackwassanctionedbyanotherstateoranon-stateactor,suchasaterroristgroup,additionalactionscanbetakentomitigateorpunishthisactivity.

Unfortunately,theglobalcyberthreatisunlikelytodiminish,butwillincreasewithtimeinboththequantityandcomplexityofattacks,unlesssomemeansarefoundtopreventit.ThisisespeciallytrueforthevolatileMiddleEastandfortheongoing(anddeepening)conflictwithIran.

5. SToPPING eSCALATIoN To A FULL CyBeRWAR

ManybecameawareofthecyberthreatsagainstnationsaftertheattackonEstoniain2007.Theworld’sattentionwasrefocusedin2010ontargetedattacksbywhatwouldotherwiseseemtobeaninertvirus–StuxnetthattargetedIran’snuclearprogrammeattheNatanzfacility.Thisvirusspreaditselftoseveralcountries,butifaninfectedcomputerwasnotthetarget,itwoulddonothing.

StuxnettargetedProgrammableLogicControllers(PLC)whichareusuallyusedforindustrialpurposes(W32.Stuxnet,2017).TheprevalenceoftheconcentrationofthemalwareinIranandhowthemalwaretargetedPLCsbuiltbytheGermancompanySiemensdemonstratedthatthismalwarewasasurgicalweapontocrippleIran’snuclearprogrambygoingafterthecentrifugesatoneofthecountry’snuclearfacilities.Stuxnetcanbeseenasanimprovementorcomplementtoconventionalattacksduetotheprecisionandreductionofhumancasualties.AfterhundredsofUraniumcentrifugesweredamaged,suspicionsarosethattheUnitedStatesandIsraelwerebehindtheStuxnetattack(Katz,2010).Inanycase,forcesfromwithinIraninitiatedattacksoftheirown.

In2012and2013, twomajor attacks seem tohaveoriginated from Iran, signalling that thecountrydevelopeditsowncyberwarfarecapabilityinthewakeoftheStuxnetattacks.In2012,over35,000computersofSaudiArabia’sArmacocompanyhadtheirdatapartiallywipedordestroyed(Mount,2012).Theninaseparateattackin2012,halfadozenAmericanbanksweretargeted,andtheircustomerswereunabletologintotheiraccountsonline(Perlroth,2012).In2013,hackerswereable togainaccess tocommandandcontrolsystemofa20-footflood-controldamontheBlindBrookinRyeBrook,NewYork(Thompson,2016).Thehackingofthisdamwouldnothavecausedsizeabledamageifthedamwatersweretohavebeenreleased,butitdidraiseconcernsintheUnitedStatesgovernmentaboutthepotentialramificationsifahackerweretoseizecontrolofalarger,morecriticalinfrastructure–somethingsimilartowhatoccurredinUkrainetwoyearslater,whenasizeableportionofUkraine’spowergridwasshutdownbecauseofsuccessfulhacking.

Althoughnationsrarelyadmittocarryingoutcyberattacks,theabovegivesaglimpseofwhatafullcyberwarcouldentail.Whenthesourcesofattackscanbeidentified,oratleastevidencegathered,byanimpartialactor,thechancesofanattackandofescalationwouldbeless.Andthepossibilitiesforinternationalinterventionwouldbegreater.Theremaybesituationswhereinterventionisessential,suchasafull-scalecyberattackonacountry’scyber-linkedinfrastructure,e.g.,powerplants,airandroadtrafficcontrols,flooddefencecontrolsandthefinancialsector.

CyberattackscarriedoutintheMiddleEastcouldpossiblyescalatetoapossiblepointofnoreturn.TheUnitedStatesandIsrael,withIraninopposition,couldhavetargetedsensitiveandcriticalinfrastructureinaseriesofadditionalcyberattackexchanges.Themitigatingforceinthiswastherestraintdemonstratedbythethreecountries.However,whathappensifthestatesinvolvedinthenextexchangeofcyberattacksdonotdemonstratethesamelevelofrestraint?AfutureexchangecouldbecomethecyberequivalentoftheCubanMissileCrisis.Inthatcrisis,theinterventionoftheUnitedNationsprovedcrucialtonon-violentconflictresolution(Dorn&Pauk,2009).

Unfortunately,itisnotjuststateactorsthatcandragtwoormorestatesintoacyberconflict;hackergroupscandestabilizetheinternationalcyberorderbycarryingoutattacksoninfrastructureduringtimesofheightenedtensionsbetweentwostates.

This might be mitigated by a cyberpeacekeeping force as it will provide assurances to theinternationalsystemthatthereisacheckandbalancetotheseattacksandanavenuetopursue,and

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

26

helpforvictimsofcyberattacks.Itcanprovidemechanismsthatcanidentifyathreatandpossiblymitigate,andrepair,damagethatwasdone.

6. WHAT WoULd SUCH A FoRCe LooK LIKe?

TheUNcyberpeacekeepingforcemustbemalleableandbeabletosolveavarietyoftheworld’scyberdefenceissues,notmerelyonemalwareorvirusatatime.EspeciallywhenUNmemberstatesfurthercodifyalegalsetofrulesthatclearlydefinewhatacyberattacklookslike,cyberpeacekeepingcouldhelpenforcethoserules.Forexample,thecyberpeacekeeperscouldhelpverifythat,intimesofpeace,nostateattackstheinfrastructureofanotherandthatnationalenforcementmeasuresaretakenbyastateifacitizenwithinthestateisfoundtobetheculprithacker.Tofurtherthepoint:ifaRussianhackerisfoundtobeattackingtheUSgovernment,theRussiangovernmentcouldprovideverifiableassurancestotheUnitedNationsthattheculpritwouldbearrestedanddulyprocessedthroughthelegalsystem.TheUnitedNationscouldthenverifyifthishasoccurred.Thiswill,atleast,putmorepressureongovernmentstoholdhackersaccountable.Ofcourse,itwillneedthesupportofmanyothergovernmentstoapplypressure,astheUnitedNationsseekstodoinmanyareas,suchashumanrights,democracyandsupportofpeaceprocesses.

Cyberpeacekeepingcanbedoneinconjunctionwithregionalgroupsthathavecyberdefenceinitiatives.Through thecooperationof these regional initiatives, suchas thosedoneby regionalorganizations,theUnitedNationscanoutlinewhatanaggressivecyberattackinpeacetimeisonagloballevel.Thiswouldassisttheinternationallegalframeworktodefineacyberattackandthenhelpimplementinternationalresponses.

7. oBSTACLeS

TheprospectforaUNcyberdefenceinitiativedependsonUNmemberstates.Theymustaskforit.Butnationalcyberdefenceandoffencearecloselyguardeddomainsofintelligenceandmilitaryagencies.Bysharingcyberdefensivestrategiesandcodeswithothermembersoftheinternationalcommunity,theUnitedNationsmightmakeperpetratorsmoreawareofthosemeasures.Thesamegoesforidentifyingattacks:therewillbeadaptation.SomememberstatesmightnotwanttheUnitedNationstohavethepowertolaunchinvestigationsintocyberattacksandespionageactivitiesastheywouldbeatriskofbeinguncovered.

Oneofthefundamentalproblemsisthattherearemillionsofcyberattacksamonthanditwouldbedifficulttopreventmanyofthoseattacksbecauseofthesheernumber.However,theUNcyberdefenceinitiativewouldonlybeoneactortoserveasawatchfulguardianincyberspace.Therecouldbepartnershipswithothercyberdefenders,thoughthismightfaceobstacles.Forone,apartnershipwithcertainstatesmaynotbefruitfulsinceforinstance,China,RussiaandtheUnitedStateswouldbehesitanttosharecybersecretsorevenalerttheUNofcyberattacksthattheycarryoutinmostcircumstances.However,theUNcyberdefenceinitiativecouldseekoutpartnershipswithmultilateralorganizationssuchastheShanghaiCooperationOrganizationortheresponseteamscreatedbytheOAS.Whenitcomestopartnershipswithindustry,thisalsomaybefraughtwithconcernsoverstate-influenceaswehaveseenwithKasperskyLabs(Robertson&Riley,2017).Still,therewouldbeplentyofopportunitiestoexplorepartnershipswiththewiderangeofactorsandnations,graduallybuildinganetworkoftrustedexpertise.

TheUnitedNationshasattemptedtodefinewhatcybernormsshouldbefortheworldstage,butthoseeffortshavenotbeenentirelyfruitful.Foryears,theUnitedStateshopedthattheeffortsthatithadputinplacewouldbesufficientasasetofnormsforthegovernanceofthecyberdomain(Grigsby2017,pp.111-112).Russiaarguedthatnewtechnology,suchastheinternet,shouldrequireanewtreaty,buttheUnitedStatesopposedthatposition(p.112).Neithercountrytruststheotherwiththeircyberintentions.In2013,theUNGroupofGovernmentalExpertsonDevelopmentsintheFieldof

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

27

InformationandTelecommunicationsintheContextofInternationalSecurity(GGE)putforwardanumberofcybernorms,forexamplethatinpeacetimenocountryshouldcarryoutcyberattacksonanotherandthatsuchactivityshouldbereported(GGE,2015,p.2).Itisobviousthatabodyneedstobecreatedtowhomsuchreportscanatleastbesent.

ThecreationofacyberpeacekeepingunitattheUnitedNationswouldmeanthatcountriesseekingwaystode-escalateacyberconflictwouldhaveameanstoverifyanagreementor internationalstandards.TheGGE,afterseverallandmarkreports,wasunabletoreachconsensusinJune2017but,in2018,theHigh-levelPanelonDigitalCooperationwasestablished(UnitedNations,2018).Thispanelalsoaimstoimprovedigitalcooperationamongstcountries,privateenterpriseandotherstakeholders.Cyberattackswillundoubtedlybeanissueforthispanelandcyberpeaceoperationscouldserveaspartofthesolution.

Moregenerally,nationshavecededpartoftheirsovereigntytotheUnitedNationswhentheysignedtheUNCharter.TheSecurityCouncilhasbeengiventhelegalrightandresponsibilitytomaintaininternationalpeaceandsecurity.TheSecurityCouncil,andtoalesserextenttheUNGeneralAssembly,hasoften responded toworldcriseswithvarious typesofpeaceoperations.The firstpeacekeepingforce,theUnitedNationsEmergencyForce,wascreatedtorespondtothe1956SuezCrisis,whichithelpedresolve.Alreadyformanyyearspreviously,theinternationalcommunityandtheproposersofUNEFhadwrestledwithhowtoapplymilitaryforceunderinternationalcontrol.Similarly,deliberationsforacyberpeacekeepingrolecanallowtheavenuestobeexploredbeforethecrisisorconflictcriesoutforaUNrole.Acyberpeaceoperation(cyberpeacekeeping)mayserveasthetoolinaworldincreasinglydefinedbycyberinteractions.

Aswehaveseenwiththecreationofregionalcybersecurityinitiativesinregionalorganizations,cybersecurityisrecognized.Buttheyareregionalattempts,notglobalones.HavingaUNcybersecuritypeacekeepingforcemayseemtobeahugeleap,butcaneasilybeasimplesteptowardensuringinternationalpeaceandcybersecurity.

8. CoNCLUSIoN

Therearenumerousavenuesforthenationsoftheworldtocollectivelyengageincyberdefence.TheUnitedNations,astheworldorganizationresponsibleforinternationalpeaceandsecurity,couldbepivotal.Eventhoughtheconceptofdigitalpeacekeepingisnewandnotfullydeveloped,theUnitedNationscanhavearoletomotivatememberstatestolookatcollectivecyberactionthroughtheworldorganization.Cyberattacksarenotgoingaway,buttheywillcontinueandevolveinsophisticationanddamage.TheseattackshavealreadycrippledEstoniain2007andalitanyofwidelyrangingattackshaveoccurredinIndia,Israel,andPakistan,tonameonlyafew.Similarly,theUnitedNationswillneedtoevolve itsapproachtocurrentandnear-futurecyberattacks.NolongercanpeacekeepingoperationsinthephysicalspaceignorecyberthreatsagainstthemissionsoragainsttheconflictingpartiesonthegroundwhomtheUnitedNationsseekstomoderate.Thesafetyoftheinternationalpersonnelinforeignlandscouldbeatstakeasthesecyberattacksbecomemoresophisticated.Similarly,thenationsoftheworldwouldbewisetoexploreUNactionincyberspacetoprotectthemselvescollectivelyandthusmakethepeoplesoftheworldsafer.

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

28

ReFeReNCeS

Akatyev, N., & James, J. I. (2017). Legislative Requirements for Cyber Peacekeeping. Journal of Digital Forensics.Security and Law,12(3),23–38.

Brenner,S.(2007).AtLightSpeed:AttributionandResponsetoCybercrime/Terrorism/Warfare.The Journal of Criminal Law & Criminology,97(2),379–475.Retrievedfromhttps://scholarlycommons.law.northwestern.edu/jclc/vol97/iss2/2

Celik,M.2017.CyberWar:AnExpectedApocalypseoraHypedThreat?InU.Tatar,Y.Gokce&A.V.Gheorghe(Eds.),StrategicCyberDefense:AMultidisciplinaryPerspective(pp.101-110).Amsterdam,IOSPress.

ChiefExecutivesBoardforCoordinationforCoordination.(2014,January13).SummaryofConclusions,SecondRegular Session of 2013. UN Doc. CEB/2013/2. Retrieved from https://www.unsceb.org/CEBPublicFiles/Chief%20Executives%20Board%20for%20Coordination/Document/REP_CEB_201311_CEB2013-2.pdf

CommunicationsSecurityEstablishment.CanadianCentreforCyberSecurity.(2018).Government of Canada.Retrievedfromhttps://www.cse-cst.gc.ca/en/backgrounder-fiche-information

CouncilofEurope.(2003,January28).AdditionalProtocoltotheConventiononCybercrime,concerningthecriminalisationof theactsofracistandxenophobicnaturecommittedthroughcomputersystems.EuropeanTreatySeries.

CouncilofEurope.(2017).DetailsofTreatyNo.185–ConventiononCybercrime.Retrievedfromhttp://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185

Couzigou, I. (2018).Securingcyber space:TheobligationofStates topreventharmful internationalcyberoperations.International Review of Law Computers & Technology,32(1),37–57.doi:10.1080/13600869.2018.1417763

Cybersecurity.(2018).Retrievedfromhttps://www.sites.oas.org/cyber/en/pages/default.aspx

Dorn, A. W. (2017). Cyberpeacekeeping: A New Role for the United Nations? Georgetown Journal of International Affairs,18(3),138–146.doi:10.1353/gia.2017.0046

Dorn,A.W.,&Pauk,R.(2009).UnsungMediator:UThantandtheCubanMissileCrisis.Diplomatic History,33(2),261–292.doi:10.1111/j.1467-7709.2008.00762.x

ElectricityInformationSharingandAnalysisCenter.(2016,March18).AnalysisoftheCyberAttackontheUkrainian Power Grid. Retrieved from https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf

Greenburg, A. (2017, May 9). The NSA Confirms It: Russia Hacked French Election “Infrastructure.”Wired. Retrieved from https://www.wired.com/2017/05/nsa-director-confirms-russia-hacked-french-election-infrastructure/

Grigsby,A.(2017).TheEndofCyberNorms.Survival,59(6),109–122.doi:10.1080/00396338.2017.1399730

GroupofGovernmentalExpertsonDevelopmentsintheFieldofInformationandTelecommunicationsintheContextofInternationalSecurity.(2015,July22).ReportoftheGroupofGovernmentalExpertsonDevelopmentsintheFieldofInformationandTelecommunicationsintheContextofInternationalSecurityA/70/174Retrievedfromhttp://www.un.org/ga/search/view_doc.asp?symbol=A/70/174

IndustrialControlSystemsCyberEmergencyResponseTeam.(2016).Year inReviewFY2016PieChart.Retrieved from https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_IR_Pie_Chart_S508C.pdf

Jensen,E.T.(2017).TheTallinnManual2.0:HighlightsandInsights.Georgetown Journal of International Law, 48(3), 735-778. Retrieved from https://www.law.georgetown.edu/international-law-journal/wp-content/uploads/sites/21/2018/05/48-3-The-Tallinn-Manual-2.0.pdf

Katz,Y.(2010,December24).Stuxnetmayhavedestroyed1,000centrifugesatNatanz.Jerusalem Post.Retrievedfromhttps://www.jpost.com/Defense/Stuxnet-may-have-destroyed-1000-centrifuges-at-Natanz

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

29

Markoff,J.(2008,August12).BeforetheGunfire,Cyberattacks.NewYorkTimes.Retrievedfromhttp://www.nytimes.com/2008/08/13/technology/13cyber.html

Mount,M.(2012,October16).U.S.officialsbelieveIranbehindrecentcyberattacks.CNN.Retrievedfromhttp://edition.cnn.com/2012/10/15/world/iran-cyber/?iid=EL

Mustonen,T.(2015,January6).DefRepAnalysis:NATO’scybershiftmaynotlinktoArticle5.DefenceReport.Retrievedfromhttp://defencereport.com/defrep-analysis-natos-cyber-shift-may-not-link-to-article-5/

NATOCOECCD.2017.TallinnManualProcess.Retrievedfromhttps://ccdcoe.org/tallinn-manual.html

Organization of American States. (2004, June 8). Adoption of a Comprehensive Inter-American Strategyto Combat the Threats to Cybersecurity: A Multidimensional and Multidisciplinary Approach to Creatinga Culture of Cybersecurity. Retrieved from http://www.oas.org/xxxivga/english/docs/approved_documents/adoption_strategy_combat_threats_cybersecurity.htm

Pagliery,J.(2017,April4).NorthKorea-linkedhackersareattackingbanksworldwide.CNN.Retrievedfromhttp://www.cnn.com/2017/04/03/world/north-korea-hackers-banks/index.html

Perlroth,N.(2012,September30).Attackson6BanksFrustrateCustomers.New York Times.Retrievedfromhttp://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html

Pfeffer,A.(2009,June15).IsraelSufferedMassiveCyberAttackDuringGazaOffensive.Haaretz.Retrievedfromhttp://www.haaretz.com/israel-suffered-massive-cyber-attack-during-gaza-offensive-1.278094

Pope,A.E.(2018).Cyber-securingourelections.Journal of Cyber Policy,3(1),24–38.doi:10.1080/23738871.2018.1473887

Robertson,J.,&Riley,M.(2017,July11).KasperskyLabhasbeenworkingwithRussianIntelligence.Bloomberg.Retrievedfromhttps://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence

Robinson,M., Jones,K., Janicke,H.,&Maglaras,L.2018.DevelopingCyberPeacekeeping:Observation,MonitoringandReporting.arXiv:1806.02608

Shanghai Cooperation Organization. 2018. Agreement between the Government of the Member States ofthe Shanghai Cooperation Organization on Cooperation in the Field of International Information Security(Unofficial English Translation). Retrieved from http://www.ccdcoe.org/sites/default/files/documents/SCO-090616-IISAgreement.pdf

Shekhar,S.(2017,January2).TheIndia-PakistancyberwarintensifiesasretaliatoryransomwareattackcrippleswebsitesofIslamabad,MultanandKarachiairports.Daily Mail.Retrievedfromhttps://www.dailymail.co.uk/indiahome/indianews/article-4082644/The-India-Pakistan-cyber-war-intensifies-retaliatory-ransomware-attack-cripples-websites-Islamabad-Multan-Karachi-airports.html

Thompson,M.(2016,March24).IranianCyberAttackonNewYorkDamShowsFutureofWar.Time Magazine.Retrievedfromhttp://time.com/4270728/iran-cyber-attack-dam-fbi/

UnitedNations.(2017a).CyberRisk.Retrievedfromhttps://unite.un.org/digitalbluehelmets/cyberrisk

UnitedNations.(2017b).DigitalBlueHelmets:Research.Retrievedfromhttps://unite.un.org/digitalbluehelmets/research

UnitedNations.(2018).Secretary-General’sHigh-levelPanelonDigitalCooperation.Retrievedfromhttp://www.un.org/en/digital-cooperation-panel/

UnitedNationsGeneralAssembly.(2013,June24).GroupofGovernmentalExpertsonDevelopmentsintheFieldofInformationandTelecommunicationsintheContextofInternationalSecurity.68thSession.Retrievedfromhttps://ccdcoe.org/sites/default/files/documents/UN-130624-GGEReport2013_0.pdf

UnitedStatesComputerEmergencyReadinessTeam.(2018,March16).Alert(TA18-074A):RussianGovernmentCyberActivityTargetingEnergyandOtherCriticalInfrastructureSectors.DepartmentofHomelandSecurity.Retrievedfromhttps://www.us-cert.gov/ncas/alerts/TA18-074A

International Journal of Cyber Warfare and TerrorismVolume 9 • Issue 1 • January-March 2019

30

Vatis, M. A. (2001). Cyber Attacks During the War on Terrorism: A Predictive Analysis. Hanover, NewHampshire:Institute for Security Technology Studies at Dartmouth College.Retrievedfromwww.dtic.mil/cgi-bin/GetTRDoc?AD=ADA395300&Locat

Volz,D.(2016,February25).U.S.governmentconcludescyberattackcausedUkrainepoweroutage.Reuters.Retrieved from https://www.reuters.com/article/us-ukraine-cybersecurity/u-s-government-concludes-cyber-attack-caused-ukraine-power-outage-idUSKCN0VY30K

W32.Stuxnet.(2017,September26),Symantec.Retrievedfromhttps://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99

eNdNoTeS

1 Estoniawasawillinghostafter itsufferedamassivecyberattack in2007onitswebsitesandcyberinfrastructure.TheNATOCOEwassetupto“provideacapabilitytoassistalliednations,uponrequest,tocounteracyberattack”(NATOsummitcommunique,Bucharest,April2008).TheCOEroleisto:improve cyber defence interoperability; develop policies, concepts, doctrine, and standards; enhanceinformationsecurityandcyberdefenceeducation;providecyberdefencesupportforexperimentation.Italsoprovidescyberdefencesubjectmatterexperts(SMEs)toNATO,especiallyforcyberdefencetestingandvalidating.

2 TheCOEledandfacilitatedthedraftingoftheinfluentialTallinn Manual on the International Law Applicable to Cyber Operations(version2.0,CambridgeUniversityPress,2017).Formoreinformation,see:NATOCOECCD.“TallinnManualProcess.”AccessedFebruary8,2017.https://ccdcoe.org/tallinn-manual.html

3 See:NikolayAkatyevandJoshuaI.James,“CyberPeacekeeping,”inDigital Forensics and Cyber Crime,ed.JoshuaL.JamesandFrankBreitinger(Cham:Springer,2015),126-39.MichaelRobinson,HelgeJanicke,andKevinJones,“AnIntroductiontoCyberPeacekeeping,”Computers and Society,October2017.Accessedathttps://arxiv.org/pdf/1710.09616v1.pdf.Dorn,A.W.2017.Cyberpeacekeeping:ANewRolefortheUnitedNations?.Georgetown Journal of International Affairs,18(3),138-146.doi:10.1353/gia.2017.0046

4 Thesevenprinciplescanbeparaphrasedasfollows:(1)Cyberincidentsshouldbedealtwithinaholisticmannerthroughcriminaljusticeandinternationalcooperation;(2)UNentitiesshouldaimtorespondtocybercrimeandcybersecurityneedsinMemberStateswithintheirrespectivemandates.(3).AllUNprogrammingshouldrespecttheprinciplesoftheruleoflawandhumanrights;(4)UNprogrammingshouldfocusonassistingMemberStatestotakeevidence-basedaction;(5)Programmingshouldfostera“whole-of-government”response.(6).SupporttoMemberStatesshouldaimtostrengtheninternationalcooperation; (7)Programming should include efforts to strengthen cooperation between governmentinstitutionsandprivate-sectorenterprises.

5 The2001BudapestConventiononCybercrimeisthefirstinternationaltreatyoncrimescommittedviatheInternetandothercomputernetworks.Itdealswiththingslike“infringementsofcopyright,computer-relatedfraud,childpornographyandviolationsofnetworksecurity.”Ithassomeearlyindicationsofenforcementpowerthroughandsearchproceduresofcomputernetworksandinterception.See:CouncilofEurope.“DetailsofTreatyNo.185–ConventiononCybercrime.”accessedJune12,2017http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.