Born out of military need during the Cold War, the internet was originally designed as a defensive communication network against a nuclear attack. Since the Third and Fourth Industrial Revolutions, the internet has become more of a social and commercial platform than a security tool. It has occupied a key role in revolutionizing society, politics, and the global economy
How information is transmitted throughout the network.
This internet architecture can be compared to the road networks that connect different cities and towns, where vehicles represent the packets of information that need to be sent from one computer client to another, and the roads represent the variety of routes that are available to transmit that information on.
Transmission of information is governed by an internet protocol suite that uses the transmission control protocol (TCP) and internet protocol (IP), commonly referred to as TCP/IP. Each protocol performs unique functions. The TCP helps to break information into smaller information pieces of data (packet switching) that are optimized to be transmitted more efficiently to the end user by various network routes while also reassembling this information once received by the end user. In contrast, the IP is responsible for sending and delivering packets of information from sender to receiver through a collection of different routers
By design, the internet is decentralized, which means that the network is not owned or controlled by a single, authoritative entity. Rather, control lies in the hands of the end user, whether that is an individual, internet service provider, or hosting company. Additionally, the internet was designed to be open, which means that decisions around how the internet should operate remain open and transparent amongst users.
Control lies in the hands of the end user, whether that is an individual, internet service provider, or hosting company. the network should remain as simple as possible and serve only as a transport pathway for information delivery. Thanks to the stupid network architecture, new services and applications could be introduced without changing the network’s core and, hence, without asking anybody’s permission.
The weaknesses of the internet
Decentralization and law enforcement
As a decentralized network(internet is a collection of networks owned by no one), there is no coordinated law enforcement function that is equipped or mandated to police the network. This makes cyberspace increasingly difficult to police, given that countries have different laws and regulatory policies. Law enforcement agencies are limited by jurisdictional reach. The absence of any international cyberspace governance agreement, with unclear legal consequences, leaves the internet exposed to attack.
Trusting end-to-end design
Not only does end-to-end design assume that the end points are trustworthy, but it also places significant responsibility on the end users. Network security at the end points is thus reliant on individuals’ decision to install critical safety updates, activate firewalls, and run antivirus software, for example.
Anonymity
Internet allows the anonymity of the digital presence. The separation of online and offline identities and the inability to verify an internet user can present significant risks, such as identify theft and fraud.
Vulnerability of cloud storage
Nowadays cloud storage ,a remote, highly scalable storage platform can be accessed from any network-enabled device anywhere around the world and because of the it volume of sensitive data it holds it can be a target for cyberattacks
Cybersecurity Threats
Vulnerabilities in internet design can allow for opportunistic attacks by cybercriminals, resulting in risks to individuals, businesses, and governments. These consequences include:
- Data breached or damaged data, : unauthorized access to database to steal or damage personal information
- Denial of Services (DoS): websites are taken down by flooding the target victim with traffic superior to the computational capacity of the victim
- Phishing and spoofing data are stolen through malicious impersonation
- Fraud : perpetrators intentionally misrepresent the truth for personal gain
- Ransomware perpetrators steal personal data and then threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.
- Viruses : malicious code that can propagate corrupting files and damage devices and OS
- Internal breaches: employees who, purposely or not, harm the reputation of the company by leaking confidential information, download software , use sensible information
Legal responses to computer misuse and fraud
Within the UK and EU, there are three key pieces of legislation that have shaped the response to cybercrime: the UK Computer Misuse Act 1990, the UK Fraud Act 2006, and the EU Council Framework Decision on attacks against information systems, drafted in 2005.
UK regulation
Regulation in the UK focuses on two types of cybercrime that are central to cybersecurity and cyber risk management: computer misuse and computer fraud. they are : UK Computer Misuse Act 1990, the UK Fraud Act 2006, These covers the following :
computer hacking: Unauthorized access to computer material
Viruses and malware creation: Intention to impair the operation of a computer system through the installation of malicious software
Denial of service (DOS): Intention to impair the operation of a computer system by flooding a targeted network with fake website traffic
Computer fraud : providing a computer with false data to secure a financial advantage.(offences can be committed against a computer)
EU supranational regulation and International frameworks
Given that the internet is not owned by any specific country, a coordinated establishment able to police cybercrimes worldwide does not exist. Because the borderless character of modern information attacks against computers are often trans-border in nature.to try to coordinate efforts against organized cybercrime and terrorism could be coordinated transnationally. mutual cooperation between different jurisdictions: cooperation
Additionally, while each country may draft its own regulations and policies on lawful internet use, enforcement efforts are limited by jurisdictional reach and comity.
Challenges of UK Act
The way the UK Computer Misuse Act is currently worded does not provide legal protection in cases where computer hacking is justified (e.g., by cybersecurity professionals or intelligence agencies who may be required to gain unauthorized access in the interest of national security).
Law enforcement efforts are hampered by certain states’ unwillingness to compromise their sovereignty through cooperating with international cybersecurity investigations.
The Budapest Convention is a good basis for a more effective international cybersecurity response, but it requires extensive resourcing. This includes investigating officers, monetary resources, and the relevant equipment to facilitate investigations.
Comments