The Threat of Cyberattacks
Ko Shikata
Professor, Faculty of Law, Chuo University
Area of Specialization: Criminal jurisprudence
The Threat of Cyberattacks
One cannot discuss the socio-economic issues of today without cyberspace. The internet is important from an academic perspective not only because it provides great conveniences to people's lives, but also because it has brought upon socio-economic changes with a speed that is unprecedented in human history. The pace at which time passes in cyberspace is said to be several times faster than in the real world. This fast pace of time is sometimes referred to as "dog years." Since the life span of dogs is a fraction of that of humans, it stands to reason that for a dog, a year passes much faster than it does for humans. This is the analogy used when talking about the passage of time in cyberspace.
Furthermore, new systems do not always emerge as perfect. They always emerge with faults, which are improved as people use them. When talking about the systems of cyberspace, new platforms always have unanticipated vulnerabilities, and as people use them, problems are discovered and systems are improved. In cyberspace in dog years, this cycle moves extremely rapidly.
Cybercriminals discover new vulnerabilities of the constantly emerging new platforms faster than anyone else, and seize criminal opportunities that yield great profits. As damage occurs, these platform providers quickly resolve the vulnerabilities. However, before that, the criminals have already earned plenty of profits, and have been to their way to discover the next vulnerability.
One of the core elements of the threat of cyberattacks is this pattern of the constant and structural emergence of systematic vulnerabilities in cyberspace that are the source of criminal opportunities.
Are Conventional Crime-Fighting Measures Effective Against Cyberattacks?
In criminology, criminal acts are said to start with criminals finding victims and then seizing the opportunities to attack them. Criminology attempts to study the following three measures for preventing crime: preventing the emergence of criminals, protecting victims, and reducing criminal opportunities. These three measures are also points of discussion for cyberattack prevention.
Firstly, how do cyber-criminals emerge? For today's children, cyberspace is an important part of their growing environment. Psychological research into what has an impact on the developmental growth of children seems to have just begun. In criminology, some researches have conducted outside Japan on the impact of what is known as the hacker culture. However, in Japan, there are hardly any researchers engaging in this topic.
Secondly, with regard to the measures to protect victims, security vendors develop and provide the technologies to protect the systems owned by individuals or companies. However, as I have stated above, the technology needed to repel new attacks is always employed after the actual incident, which, by necessity, produces a slight time lag. Even if this is the case, if you act quickly enough, much of the damage can be prevented. However, individuals and companies that are the targets of these attacks may not always utilize the proper defenses due to a lack of awareness, leading to huge damages caused by these crimes. The systems of individuals and companies with weak defenses may unknowingly get taken over by the criminal, and are rendered into a "bot," which acts under the direction of the criminal to help them commit crimes.
Thirdly, with regard to the measures to reduce criminal opportunities, platform providers who are the creators of cyberspace must be sufficiently conscious of security, and discover vulnerabilities as fast as possible to employ measures to resolve them. Major ICT companies are sufficiently aware of this need, and are generally taking the necessary measures, but not all ICT companies are always conscious of this, and are not always taking the proper measures.
In criminology, the discovery and apprehension of criminals are often seen as a measure for reducing criminal opportunities. The act of discovering and apprehending criminals in cyberspace is much more complicated endeavor than in the real world. This is because technological and legal difficulties. Examples of the technological difficulties that law enforcement faces include the high level of anonymity, the deletion of communication records and the ability to easily conceal criminal acts.
In observing the above points, it would seem that the approach of research in the three crime prevention measures that traditional criminology engages in, which include preventing the emergence of criminals, protecting victims and reducing criminal opportunities, is also the correct approach with regard to cybercrime. However, the speed at which each of these measures is planned and executed must be much faster when dealing with cybercrime compared to conventional crime. The problem seems to lie in the fact that the legal system has not sufficiently established to respond in such a fast manner.
The Jurisprudence Must Respond Quickly to the Rapidly Changing Nature of Cybercrime
As I have explained above, there are legal challenges to discovering and apprehending cybercriminals. Because your online activities are constitutionally considered as communication or expression, many types of investigations which are allowed as discretionally investigation in the real world must be conducted as compulsory investigation in cyberspace which requires a warrant issued by the court.
What further complicates matters is the fact that most online activities can easily go beyond national borders and be conducted on a global scale, while law enforcement faces a definitive wall of national borders when engaging in cross-border criminal investigation. This is because investigative authority and the national authority to punishment are important parts of national sovereignty. There is a consensus that discretionary activities like online browsing are not seemed to infringe on the sovereignty of other countries, but compulsory investigation cannot be conducted in other countries without international investigative cooperation or international administrative cooperation. However, these procedures require several months for a single case, and even after waiting, you may not even get an answer.
These are problems not only for Japan, but for all other countries. Laws in various countries are being reformed to address the special characteristics of cybercrime, but it appears that no country is able to respond rapidly enough to the changing nature of the cybercrime. What makes it even more complicated is dealing with international criminal law including the framework of international investigative cooperation, which requires agreement among various countries.
The field of jurisprudence, which includes criminal jurisprudence, must allow scholars for freedom to generate ideas for dealing with the rapid changes in the nature of cyberspace and cybercrime, and to rapidly respond through legislation and other measures. At the very least, we must be cautious about being cemented to the conventional thinking that applies only to real-world crime, so as not to prevent the ability to respond quickly when dealing with cybercrime.
- Ko Shikata
Professor, Faculty of Law, Chuo University
Area of Specialization: Criminal jurisprudence - Ko Shikata was born in 1963, and brought up in Tokyo. He graduated from the Faculty of Economics, The University of Tokyo in 1987. He joined the National Police Agency in the same year.
He completed his master's course in administrative management at the University of Michigan's graduate school program in 1997.
He completed the doctoral program at the Chuo University Graduate School of Policy Studies in 2007. He is a Doctor of Policy Studies.
He assumed his current post in April 2018 after working as a professor of the Police Policy Research Center, the Director of the Criminal Investigation Department, the Kanagawa Prefectural Police Headquarters, the Director of Cybercrime, the National Police Agency, professor at the Faculty of Policy Management, Keio University, the Director of International Cooperation, the National Police Agency , and the Director of the Highest Training Institute for Investigation Leaders.
His research focuses on detailed discussions surrounding research to deal with modern crimes for which measures have not been established, such as cybercrime and stalker crime, while also working to build a field of criminology and criminal policy studies based on complex systems as part of his long-term general focus of research.
Major publications include Shakai Anzen Seisaku no System-ron teki Tenkai (A Systemic Approarch to Social Safety Policy) (Seibundo, 2007) and Cyber Hanzai Taisaku Gairon (Overview of Couter-measures against Cybercrime) (Tachibana Shobo, 2014).