I have a huge problem with the way the resolution is worded, and this would undoubtedly lead to abuse of power and/or misinterpretation of original intent. These things matter a lot. It is understandable that few here would object to the current phrasing, but then again.. few people here are probably aware of the both the importance of such a resolution and the way it could be abused.
In addition to addressing specific issues at this moment I believe multiple essential questions will need be answered and addressed in the resolution in order to be effective. I'll just be mentioning a few things that grind my gears, but I'll start working on a document formally addressing each of the issues I have accompanied by proper motivation.
For starters.. I have problems with:
1. The lack of proper definitions, that there is no well-defined scope stating the limits of this resolution, and that either too abstract or too specific language is used. When it's too abstract, it'll lead to misinterpretation and abuse of power, and when it's too specific we could possibly exclude potential circumstances and actors this resolution is meant to protect our nations against..
Cyber technology as computers, software systems, applications or services, electronic communications systems, networks, or services, and the information contained therein,
... networks ...
Networks of what? The obvious answer would probably be computers, but without a proper scope it could just as well mean electricity networks. An idea would be to define a core concept or term that has it's own definition, like 'information carrier' or 'computer system', and then furthermore state 'or networks thereof'.
... software systems, applications or services, ...
Huh? I think this would work better (will hone later):
'programs' or 'hard- and software operating on information contained in, processed by or passing through systems by electronic or digital means (so binary printed on paper as a storage medium would technically count as well). I am aware that the use of words such as hardware and software is equally problematic. This has turned out to be a very difficult problem in IRL politics.
... software systems, applications or service ... services ...
It says services twice.
Cyber terrorism as a premeditated, politically motivated attack against information, computer systems, or devices of non-combatant targets by sub-national groups or clandestine agents for the purposes of spreading fear and terror;
Why try to reinvent the wheel here? The whole reason for defining an umbrella term such as 'cyber technology' is so you won't have to repeat yourself every time. Let's follow the DRY (Don't Repeat Yourself) principle.
I'm aware that this wording is almost an exact copy of what the US State Department defines as 'terrorism', but why copy it blindly? It seems they haven't put enough thought into this thing so I suggest we do.
attack
What does attack mean? In the infosec industry we often speak of the preservation or protection of the confidentiality, integrity and availability of both information carrier systems and the information contained therein. If you follow this definition, attack would purely mean directly gaining access to, changing or deleting information (or on the systems that store or operate on it). If a state or non-state actor would engage in spreading propaganda through online platforms such as YouTube aimed against random people, would this also be considered a cyberterror attack?
... sub-national groups or clandestine agents ...
What if the perpetrators are neither sub-national groups nor clandestine? What if it's an individual 'cyberwizard' who can terrorize us with his leet scripts that will hack the planet and does so openly and proudly from a far far away land?
2. (Redundancy alert) Instead of cyber technology I would we should speak of information systems technology (IST), Information Technology (digital) or more specifically about electronic information (processing) carriers/processors.
3. Such a resolution shouldn't just pertain to 'cyberterrorism' but more inclusively to 'cyberwarfare', where either state or non-state actors could engage in activities aimed at destabilising our respective nations' governments or at disrupting our way of life (by spreading fear and lies, by destroying economies, destroying critical infrastructure, etc)
4. The word 'cyber' can and should only be used in the contexts of terrorism, warfare and security.
Most of what I've written here should be seen as an attempt at brainstorming and throwing some ideas around. Feel free to criticize my ideas, add to them, laugh at them or ask questions about anything (related to the matter at hand).
Posted: Sun Mar 20, 2016 10:09 pm