Final concepts and applications

Cyber-Citizen, USA

Cyber-citizen USA

The debate over systems security

"If you see something, say something," the U.S. Department of Homeland Security (DHS) promotes the use of internet communications to warn of potential threats to national security. Targeting technologically savvy young adults, the DHS attention to domestic terrorism has increased precipitously since the events of 9/11, when the overall attention to the scope of terrorism internationally resulted in a number of strategic commissions to transform security risks into manageable operations. Cyberterrorism according to the National Strategy for Securing Cyberspace, 2003 offers recommendation to protection of critical infrastructure where industrial computer control networks monitoring energy may be vulnerable. The foregoing essay looks at the convergence of public and private efforts in counter terrorism, and particularly in the sphere of domestic hacker cyberterrorism which is now the provenance of even our smallest citizens.

Introduction

In the field of Criminal Justice, perhaps nowhere outside of Philosophy, are ethical protocol to decision making more relevant to the constitution of law. Inequitable access to resources and political representation has created a vacuum for power that has many effects, including the unfortunate devolution of economies and lives in response to war. An outgrowth of tyranny abroad, war has a tendency to promote extraordinary response by those who think they have unwittingly received the short end of the deal. High profile in circumstance, international terrorism has become one of the most studied criminal activities in the decade following the 9/11 incident in the United States, and in related events such as the London Bombings of 2004 in the UK, and elsewhere abroad.

Military professionals note that cyberspace is a unique environment in their pursuits, as missions now include the geography that is borderless, and provision against attacks must be equally as asymmetric and clandestine, as attackers have a virtually unlimited range and speed in timing in potential execution of assault on key national infrastructure. According to Col. (S) Bradley K. Ashley, USAF (2004), with cyber-terror, "massive results can be achieved without massing forces" as such attacks are "fast, easy and relatively inexpensive" (Ashley, 2004). Noted within Ashley's discussion is the number of conflicts that now have cyberspace dimensions. U.S. troops now employ hackers to engage in official military incursions online.

The theatre of war is not the only site where hackers threaten U.S. national interests through violation of key infrastructure architecture, however. As Ashley points out, "in 1998, a 12-year-old hacker broke into the SCADA computer systems that run Arizona's Roosevelt Dam" resulting in complete loss of federal control of the dam's massive floodgates (Ashley, 2004). While intentional in pursuit, hacking by a twelve-year-old U.S. citizen does not constitute "organized terrorism," and the intentionality of his mens rea in court proceedings will obviously be negligible due to minor status, the prevalence of cyber-terrorism as an "everyman" activity is made readily apparent. The dam mentioned in Col. Ashley's account, held up to 489 trillion gallons of water back from a flood plain inhabited by more than a million people. The story concludes with the citation of the use of "more than 3 million SCADA devices" to control systems monitoring and distribution in the United States today (Ashley, 2004).

The case of the twelve-year-old boy illustrates the common place nature of the crime of cyber-terrorism in the everyday activities of American companies as they work toward risk mitigation and energy resource control. How terrorism fits into the larger picture of the U.S. war on terror is discussed throughout the foregoing discussion, with four (4) objectives underlying analysis of the historical response to terror: 1) What the current policy is regarding the tracking of potential suspects in the war against terrorism?; 2) How we should weigh the fears of terrorism and desire for national security against civil liberties and individual rights?; 3) What is the just response to terrorism?; and 4) Should those who commit lethal acts of terrorism for political or religious causes receive the death penalty?

The ethical precepts to the discussion are never absent from the minds of military and other government staff assigned to the role of protection. As Ashley aptly proffers on the psychology of terror,

"in an asymmetric world, terrorists look for alternative methods to spread terror. The cyberworld may prove to be the simplest and quickest alternative to traditional physical attacks. The motives of cyberterrorists in this realm likely will be the same as those that incite physical attack. They generally seek financial gain, disruption, decreased military capability, fear/panic, publicity and news impact, decreased confidence in critical infrastructures/psychological operations, great physical damage and even loss of life. The dilemma in the cyberworld is not only to detect attackers but also to understand why they are attacking" (Ashley, 2004).

According to U.S. FEMA's Cyberterrorism Defense Analysis Center (CDAC), training professionals in the field of counter cyberterrorism is urgent. The immediacy of technical infrastructure is in the path of real threat is described as particularly relevant to U.S. interests due to the persistence of aggressive targeting of systems information systems core to national infrastructure.

An increase in severity, frequency, and sophistication each year is noted as the rationale for congressional support of FEMA's Cyberterrorism Defense Initiative (CDI) and training program(s) for personnel involved in critical infrastructure. Without exception, as the U.S. critical infrastructure grows more reliant on information technologies, the danger of exposure to both foreign and domestic hackers stands to disengage our control over various important sectors of the "economy, public works, communication systems, and computer networks" (FEMA, 2010). Critical infrastructure described in the U.S. PATRIOT Act of 2001 are those,

"systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters" (Shea, 2).

Immediately post 9/11, industries subject to rigorous scrutiny were in the sectors such as arms manufacturing, chemicals and other high risk production. Energy infrastructure was also put on the radar after the 2001 Act, and dual risk management strategies were recommended to industrial entities on government contract, and where: 1) Supervisory control related to military compliance and supply; and 2) Data acquisition (SCADA) and distributive controls systems were already in force.

By 2005, the influence on how American business was conducted after the Patriot Act, had important trickle down effects in the global governance regime. International cooperation on worldwide security protocols stemming from business contracts and foreign policy doctrine laid for by the U.S. And other allies had impact on the fiscal oversight of energy infrastructure grid management systems as seen in the Final Report of the Counter-Terrorism International Conference, Riyadh, 2005. The document articulates a framework to working with Financial Intelligence Units (FIUs) in cooperation with private oil and energy industry.

Standardization became the buzz word where it systems architectures employing SCADA technologies were "hot" priorities in emergency response. This is also pertinent to the management of unique legacy systems controlling critical infrastructure, earlier designed with the belief in mind that designated, internal measures of security were optimum to those controlled by taxonomies studied widely. Open source SAP have mitigated some of the risk here, but continued security measures must be worked on if industrial systems are to remain protected. As remote sensing conduits receiving raw data and sending out commands, SCADA control center systems provide software building blocks to critical infrastructure control networks. Sending signals to valves and switches, SCADA regulate the flow, rates and intensity of pressure to refinement and distribution of chemical and natural resources (i.e. oil and water).

SCADA also contributes to multi-scale network analysis, making SCADA systems invaluable, and simultaneously highly vulnerable to implantation of incorrect data by way of remote access. Dial-up modem connections employed for systems maintenance are a typically cited target of would be hackers. In terms of site target, chemical reserves constitute the biggest threat, as reactors once tampered with, may be changed through control rate of mixing, leading to raised temperature of effluent system to the point of explosion level.

Other critical systems targets in the National Strategy for Securing Cyberspace, 2003 include industrial control architecture dedicated to acquisition systems such as Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). PLC devices provide automated monitoring switches in industrial controls at refinement plants manufacturing facilities. Primarily a software application SAP of internal data control PLC offer networks more flexibility in communication from machine to machine, or to an entire system of manufacturing technologies.

Networked PLC advance control of channel operations in manufacturing for centralized logistics management of all activities in the product chain: processing, holding to distribution. The incorporation of DCS to PLC networks furthers accuracy in the communication of process phases. SCADA systems integration is designed to interpret/control decoupling points; hence maximizing the PLC industrial channel all the way through to end distribution.

The sheer detail at risk within critical infrastructure it systems is daunting. The possibility that one act of cyber-terrorism could cause disaster at a magnitude greater than the 9/11 enforces the relevancy that the work of it professionals and policy makers in this area has to citizens. The fact that industrial control systems may be vulnerable to infiltration by other citizens, or international parties puts laws pertaining to intersection of systems transmission at the forefront of priorities for us all.

At present, telecommunications interference of private citizens holds an up to a five-year prison sentence by U.S. federal law. How cyberterrorism is addressed, when the stakes are heightened, leaves a whole host of opportunities for citizens, and legislators to voice their opinion as new technologies for privacy invasion come on the market.

Every ISP access point imaginable is cited within the literature on cyberterrorism, including direct access networks, maintenance of dial-up modems, and of course the internet, remote systems architectures. Exponential information like SCADA systems create an incredibly vulnerable area for hackers interested in "knowledge sharing" network data toward sabotage of industrial operations and state military interests. DHS strategic responsibilities take care of the broad brush stroke where it professionals leave off, through ongoing development of crisis management, as illustrated in Table 1.

Table 1

Comprehensive national plan for continued security in cyber-systems;

Crisis management in response to attacks on critical information systems;

Technical assistance to private sector and other government entities in regard to urgent recovery plans following emergencies;

Coordination with other agencies in the federal government in design and education on protective countermeasures and warnings at the state, local and NGO organization levels;

Performing and funding research with new scientific developments in security technologies as a goal; and Serving the general public as a federal center for cyber-security.

Table 1. Crisis Management Goals (DHS, 2003).

In 2003, pursuant to section 994(p) of title 28, United States Code, the United States Sentencing Commission published Congressional guidelines to the conviction of parties in violation of Section 225 of the Cyber Security Enhancement Act of the Homeland Security Act, 2002. The amendment stipulates,

"modifies §2B2.3, to which 18 U.S.C. § 1030(a)(3) (misdemeanor trespass on a government computer) offenses are referenced, and §2B3.2, to which 18 U.S.C. § 1030(a)(7) (extortionate demand to damage protected computer) offenses are referenced to provide enhancements relating to computer systems used to maintain or operate a critical infrastructure, or by or for a government entity in furtherance of the administration of justice, national defense, or national security. The amendment expands the scope of existing enhancements to ensure that trespasses and extortions involving these types of important computer systems are addressed" (Homeland Security Act, Amendment).

The definition of 'government entity' as any infrastructure having to with state administration extends to relationships where the government is in public-private partnership, including control of energy distribution, where crimes fraud, the major emphasis on enhancements to convictions are stipulated to be in support of sentencing for 18 U.S.C. § 1030(e)(9).Section 2B3.2(b)(3)(B)(V). The provision also points to critical infrastructure, and violation of the rule as "damage to a computer system used to maintain or operate a critical infrastructure, or by or for a government entity in furtherance of the administration of justice, national defense, or national security" (Homeland Security Act, Amendment 2003).

Domestic Terrorism

The Environmental Liberation Front (ELF) a U.S. based radical advocacy group fulfills the criterion for sentencing under the classification of organised 'terrorism.' Extremist conduct in court record where the group was responsible for a range of ecoterrorist attacks on U.S. interests, the ELF is also the sole responsible party to the most costly environmental disasters in contemporary history; a $12 million arson in Vail, Colorado in 1995 and $50 million arson of a housing construction site in San Diego, California, in 2003. Actions against the group also include violation of the U.S. federal government in a dispute solicited by the Bureau of Land Management (BLM) (ADL 2010). A Brief history of Ecoterrorism is presented in 'jest' on the ELF organization website, illustrated in Figure 1.

Figure 1. A Brief History of Ecoterrorism (ELF 2010).

Destruction of property is the intentional outcome of crimes commissioned by the ELF as a 'terrorist organization.' 'Unlawful use of force' serves as additional criteria to the Federal Bureau of Investigation (FBI) filed suit, where the ELF has resorted to,

"the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives" (Harwood 2008).

Law enforcement efforts in tackling disaggregated networks of organized terrorist cells, most often in communication exclusively by internet, has increased federal and state operations in the area of coordinated security response in an attempt to root out extremist activities by those parties, prior to attack.

With the ecoterrorist tendency to also be highly developed in the area of digitized technology, as those resources are critical to terrorist bombing innovations and of course collaboration on arson, cyberterrorism has proven to be a distinct priority in the monitoring and combat of recognized environmental extremists with prior criminal record in this area. Sentencing domestic terrorists in covered in the next section, but for those victims of their "protectionist" movement, the line between arson and treason is too distant.

Sentencing Terrorism

"For neither in war nor yet at law ought any man to use every way of escaping death. For often in battle there is no doubt that if a man will throw away his arms, and fall on his knees before his pursuers, he may escape death; and in other dangers there are other ways of escaping death, if a man is willing to say and do anything. The difficulty, my friends, is not in avoiding death, but in avoiding unrighteousness; for that runs faster than death." -- Trial of Socrates

Conspiracy and treason run parallel to terrorism where sovereign right of citizens to domestic peace and protection in common law countries should not be subject to organized acts of violence on behalf of extra-national, international, or vigilante regimes. As felony legal charges in the United States, the cumulative error of the cyber-terrorist offense(s) may involve sentencing to attendant charges, and including treason up to capital punishment consideration of the death penalty. At the beginning of the discussion, initial queries into the study of terrorism and its infiltration into the microscopic world of cyber-terrorist intrusion are posited as having the potential to impact national U.S. infrastructure up to the point of disaster. Review of the objectives to the preceding analysis of terrorism as threat to national security is outlined in Table 2.

Table 2

What the current policy is regarding the tracking of potential suspects in the war against terrorism?

How we should weigh the fears of terrorism and desire for national security against civil liberties and individual rights?

What is the just response to terrorism?

Should those who commit lethal acts of terrorism for political or religious causes receive the death penalty?

Table 2. Objectives to the analysis of terrorism.

If charges to terrorism seem evidentiary, and they are where proof that the commission of the act of those crimes is found to be beyond a shadow of a doubt in a court of law, sentencing may proceed. Where enforceability and latent application of law to suspected terrorists has become the site of critical debate in the past several years, is where those defendants and the extent of the their guilt are superseded by long-term incarceration, as witnessed in the U.S. Federal detention of suspected international terrorists in Guantanamo Bay, outside of normal civilian due process.

Military detention of those suspected defendants has wrought extensive criticism by the international legal community under the UN Convention of Human Rights. Nevertheless, alliance in building formative security measures into international foreign protocol where terrorism is concerned is still of great import, and as discussed, the U.S. along with the UK and other allies have implemented a range anti-terrorist missions, legislation, and even precise statute toward mitigation of cyber-terrorism.

The domestic factor linked to Ecoterrorist activities, and charges against its actors adds complexity to both investigation and sentencing of organized terror, in that U.S. citizens are both incumbent to the responsibilities of sovereign citizenship, and also to the right of protection where illegal search, seizure and arrest might be enforced through criminal procedure. In Bivens v. Six Unknown Named Agents of Federal Bureau of Narcotics, 409 F.2d 718, 1969 U.S. App. LEXIS 12867 (2d Cir. N.Y., 1969) an express case against the U.S. government revealed unconstitutional application of criminal procedure at the level of the trial court is discussed. A counter complaint, Plaintiff, Bivens charged that federal agents conducted a warrantless search and seizure, violating the plaintiff's Fourth Amendment rights. U.S. Supreme Court decision overturned the immunity defense by state actors, yet denied Bivens request for compensatory remedies and remanded the case to new trial.

Fourth Amendment procedural law articulates that only partial consideration is necessary to sustain claim against the state when it has been proven that the plaintiff has sustained unlawful arrest, often seek remedy to improper execution of warrant. Due to the presence of law enforcement 'belief' that a former suspect was conducting XYZ in the commission of a criminal act (i.e. terrorism), higher court decision is largely the result of such complaints, and typically those decisions are incumbent upon legal technicality rather than ardent ideological conjecture (i.e. civil rights activism). In judicial opinion, 'incomplete' is equivalent to 'illegal.' Terrorist suspects, and including those categorized as 'cyber-terrorists' or 'eco-terrorists' are often subject to search and seizure activities. Repudiation of immunity in court will be dependent upon a 'neutral and detached magistrate,' and where it is evidenced that unreasonable delay is the result. As seen in the Biven decision, the scope adjudication is most often determined by abstained warrant; even when 'good faith belief' supported those allegations.

Strict application of Fourth Amendment protections in the U.S. Supreme Court will sustain damages are recoverable upon proof of injuries by the federal agents. Despite what the law enforcement officers perceived to be a reasonable act of 'duty,' the unwarranted, visual strip search and arrest of a private citizen, Bivens, accused of drug possession resulted in a reinstatement of civil protections. At present, there is no express remedy to fourth amendment complaints. 'Justice' here, means that federal courts exercise what is called "essential" or indispensible" judicial relief at the behest of a litigant on a case-by-case basis when it is determined that such a violation of constitutional rights against state violations has been presented.

The goal of sentencing terrorists or otherwise is to mete out punishment according to the protocol of convictions defined by most sentencing on criminal conduct. Criminal sentencing serves as vehicle of restitution for state prosecution on behalf of victims whom have sustained harm during the commission of those acts. This includes intentional felonies where mens rea is clearly involved (i.e. terrorism) or inadvertent secondary felony or misdemeanor offenses linked to a target offense. According to the Sentencing Reform Act of 1984 guidelines to application of sentencing rules regarding criminal convictions may be enhanced state-to-state, and according to jurisdiction (i.e. gang enhancements, CA). Enhancements increase standard criminal sentences up to five times the level of conviction per target offense. This is very often the case where organized terrorism is found to be instigative or constitutive to the target offense.

Much like investigative procedure, legal certainty is critical to criminal court procedure to ensure that defendants will not be convicted until evidentiary proceedings have determined guilt beyond a reasonable doubt. Uniformity in law is primary to sentencing policies due to the fact a preponderance of evidence must support both conviction of guilt in the most heinous crimes, while also stipulating dismissal where undue punishment would otherwise be sought.

Protection of the constitutional rights of the individual under consideration is articulated in the Act's Section 994(f); uniformity in provision wards against unwarranted sentence disparities "among defendants with similar records who have been found guilty of similar criminal conduct." At home, this was consistent fire by those critics arguing against predetermined (not to mention pretrial) sentencing for international terrorists. The potential for error is just too great.

The dual element factor in criminal law application and enforcement, where acts must be attended by mental state, reflects the bit of flexibility in the Guidelines on definitions of 'conduct.' When exceptions to rules are stated, there must be valid reason in the record of court decision, and those would be terrorists, whom are found to be otherwise are actually served by rule adherence, as consistency in this area is perhaps the most effective technical mechanism against decisions deemed "unfair" on appeal.

Punishment serves to limit the freedoms of those convicted of terrorism by way of retraction of liberties (i.e. free association) to fines, confinement in prison and death. The extent of harm and endangerment posed to U.S. citizens in this era of terrorism is particularly candid, and it is not at all surprising that civil rights advocates are also wavering on liberties in everything from airports security measures, to privacy limitations on the job. Sentencing and its totalizing capacity to enforce state violence in retribution for equivalent violence done against citizens and national infrastructure, is inevitably charged with risk. Those released from Guantanamo Bay for example, whether guilty or not in the end, were subject to extraordinary public humiliation. Public humiliation is, by the way, a violation of federal and international laws on the rights of prisoners. Still, the efficacy of conviction as a "moral" punishment to terrorism stands as an ethical moniker to the polemics of law, where punishment is both: 1) the end result of due process in conviction; and 2) form of social justice against what citizens view as organized unlawful conduct.