Conceptualisation: ICT, cyber security and cyber-terrorism
The sudden burst of computerisation combined with the rapid spread ot the internet and the never-ending pursuit for improved quality of life is continuously revolutionising the way we live. This precipitated a diversity of socio-technical realities and threat vectors unimaginable in the recent past, through the daily online movement of 200 billion devices, fallen entry requirements for cyber threats actors with burgeoning dark web communities, and unending evolution of applications and products with rapid innovation (Matthew, 2014). ICT had been hailed in many quarters as the solution to many challenging developmental problems. Whether or not it has lived up to this reputation is an ongoing debate. However, it has been observed that ICT has catalysed developments along unpredicted paths, which has been influenced by erratic events of different scales and actors of various interests. The wide range ot ICT applications and rapid evolution has made its definition and conceptualisation inconsistent to all its fields of application but rather a changing concept continuously shaped by technical development and social context as seen by the different lenses of various stakeholders (Gehem, Usanov, Frinking, & Rademaker, 2015).
Generically, Information and Communication Technologies (ICT) may be defined as an extended-term for Information Technology (IT), which stresses the role of unified communication and integration of telecommunications computers as well as necessary enterprise software, middleware storage, and audio-visual systems enabling users to access, store, transmit, and manipulate information (ITU, 2007). However, a worthy point to ponder is, “how much of these sectors and interests see ICT from the same lens?” Any befitting ICT concept aligns with one or more of its many facets, perceptions, and varying impact on the various society' segments. Such an integrated approach fosters an appreciation of technology' as a vital sociocultural concept. It reveals the importance of the growing interest in cybersecurity and cy'ber terrorism and helps identify the various constructs with which ICT can be characterised or conceptualised (Sawyer & Chen, 2002).
The erratic events such as 911, rapid technological innovation and prototy'ping and the shifting boundaries of normality as we know them, actors of varying interests such as repressive regimes, state actors, hacktivists, businesses, researchers etc., and societal contexts are factors of enormous influence in the uptake and use of ICT hence the segmented concepts that may be held of ICT. To different professions (stakeholders), the primary objectives or minimum requirements of these representations differ — along the line of events, actors and contexts that influence them. For instance, a government reaching its citizens using ICT and exacting control may view ICT artefacts in the hands of the citizens, as a tool for governance hence will want every'one to have access. The activists venting ideological change often in collision with authorities will appreciate it more as a useful instrument ot mobilisation, which everyone should access with enough privacy and anonymity. The cybercriminal will possibly conceptualise it as the channel to extend his/her reach and perpetuate his/her illegality on unsuspecting victims hence may wish that only the vulnerable have access. At the same time, the law enforcement arm ot a repressive regime will prefer fewer citizens to have access for fear of utilising it to checkmate government authorities. For every stakeholder, the professional or social domain inclinations of such a stakeholder shape their conceptualisation of what ICT should embody making it difficult to untangle the various conceptual strands without a systematic approach (Sawyer & Huang, 2007; UN, 2011).
In the light ot the disparity in what ICT meant and the need for a systematic approach, Sawyer (2000) identified five generalised approaches to representing ICT conceptualisation with sublevel forms or constructs. The characterisations are namely, feature or tool view, functional or ensemble view, proxy' view, proof of concept view, and presence/absence view. The feature or tool view is the common or received view ot ICT, which characterises ICT to operate as designed to behave. The functional or ensemble view is the socio-technical appreciation of ICT. Characterisation of ICT in this view reveals the interdependence ot people and specific ICT artefacts connected through roles, use of information and action. The proxy view is that some often-quantified surrogates like penetration, spending or awareness, can capture or measure the value of ICT. Presence/Absence or Nominal View is an approach were ICT characterisation is implicit. In this view, features, functions, models, and proxy ot ICT are not defined but named. Proof of Concept View is an approach that characterises ICT as a construct of what it can do.
While most of the western world has projected ICT as an enabler for good governance, many African governments see it as a threat to their tight-fisted regime as seen in the over 40- day' internet outage in Cameroun earlier in 2017. Others see ICT as both the key and barrier to development and as a black hole into which every inefficiency can be blamed and every excuse flushed (James, 2017). It is, therefore, essential to note that even in a rapidly changing world with changing socio-cultural context, events and interests; extending beyond our current limitations and expressing the creative potentials in us through and into creative solutions that satisfy our goals are sacrosanct in our characterisation and conceptualisation of ICT.
The word “security” in general usage is synonymous with “being safe”, but as a technical term “security” means not only that something is secure, but that it has been secured. Therefore, cybersecurity is concerned with making cyberspace safe from threats, particularly cyber-threats. Cybersecurity is defined as the proactive and reactive processes working toward the ideal of being free from threats to the confidentiality, integrity, or availability of the computers, networks, and information that form part of, and together constitute cyberspace. The authors, however, offer their definition of Cybersecurity as — “A general term that refers to the theatre ot possibilities, processes, practices and actions; for organising offensive/pre-emptive ICT enabled strategies against and/or for computer systems, network systems, information systems, people, processes, natural/accidental events and technology, and for organising defensive strategies against natural/accidental occurrences, computer-facilitated/induced violations, abuses, crime and other malicious activities” Cybersecurity is a complex field, combining domains as diverse as information security, network security, system security, cyber hygiene, cyber laws/legislations, social context, critical infrastructure protection, national security, cybercrime, cyber-terrorism and cyber-warfare. Cybersecurity thus encompasses computer security, information security', ICT security', network security, infrastructure protection and more. In line with the notion of information security, cybersecurity is concerned with the protection against threats to the confidentiality, integrity', and availability of information or data. Still, it is not worried about information as a threat in “itself ” as such, i.e., with information that poses a risk - qua information, such as hate speech or revenge pom. This distinguishes the concept from the broader notion of cyber safety, which also encompasses risks constituted by the informational content of the data processed within cyberspace (Samantha et al., 2015).
Cybersecurity has progressively advanced from the confined realm ot technical experts into the political limelight. With events such as the discovery of the nuclear-industry sabotaging Stuxnet computer worm, numerous tales of cyber espionage by foreign states, the growing dependence on the “digital infrastructure” along with the sophistication of cybercriminals and the well-publicised activities of hackers’ collectives, the impression is created that cyber-attacks are becoming more frequent, more organised, more costly and altogether more dangerous. As a result, a growing number of countries consider cybersecurity to be one of their top security issues (Dunn Cavelty, 2012). After 2010, the tone and intensity of the debate changed even further: the latest trend is to frame cybersecurity in strategic-military tenns and to focus on countermeasures such as cyber-offence and cyber-defence, or cyber-deterrence (Dunn Cavelty, 2012).
In current discussions on cybersecurity, there is a focus on critical infrastructure due to increasing dependence of societies on the smooth functioning of all sorts of computer-related applications and ICT artefacts such as software-based control systems — a combination of vulnerabilities, technology and transnational interdependence. There is an increased focus on states as the primary cyber “enemy”, coining the term cyber-espionage as well as an increase in “hacktivism”, a portmanteau combining hacking and activism and denoting a phenomenon of deliberately challenging the self-proclaimed power of states to keep information considered vital for national security secret (e.g. Wikileaks, hacker collectives such as Anonymous and LulzSec). There is also recognition for what may be described as a process ot “cross-fertilisation” of cyber-threats and terrorism, where cyber-threats support the claims to the dangerous nature of the terrorists and the terrorist character of the attacks makes them more worthy ot attention (Dunn Cavelty, 2012).
In addition, the public discourses that tout the potential effects of cyber-attacks as disruptive, crippling, and devastating in the increasingly networked societies, interconnected economies and national securities are becoming critical influencer to cybersecurity conceptualisation. A factor of immense impact to the African narrative of cybersecurity conceptualisation is the rapid proliferation of mobile devices that has extended the prevalent traditional fraud of the 90s and the convergence lifestyle they promote (Marco, 2015). This class of economic fraud which got its street name from the 419 Article of the Nigerian Criminal Code that addressed it, is one of the early instances of Social Engineering and is now aided in leaps and bound by the rapid proliferation of mobile devices with little or no compensation in digital education for ICT adopters in Africa. With over 80% mobile penetration between 2000 and 2009 in Africa many previously personal activities have since been taken online and into the mobile devices (Caiazzo, 2015). This in many ways, positively and negatively tints the lens with which we interact with ICT and interpret the concept of cybersecurity' considering how convenient and as well vulnerable it makes life especially in the absence of necessary infrastructure, institutions and policies for the ICT user protection characterising the teething African cybersecurity ecosystem (Gehem et al., 2015).
Barry Collin, a senior research fellow at the Institute tor Security and Intelligence in California was the first to coin the term “cyber-terrorism” in 1997. He defined it as the convergence of “cybernetics” and “terrorism” (Fischer, Rollins, & Theophany, 2014). Professor Dorothy Denning described it as the convergence of terrorism and cyberspace, and this is by far the most cited definition (Denning, 2000). James Lewis defined cyber terrorism as “the use of computer network tools to shut down critical national infrastructures or to coerce or intimidate a government or civilian population” (Lourdeau, 2004). The US Federal Bureau of Investigation (FBI) defined the whole concept ot terrorism as “the unlawful use of force or violence against persons or property to intimidate or coerce; a government, the civilian population, or any segment thereof, in furtherance of political or social objectives” Jessica, 2016).
Cyber terrorism shares a lot ot primary attributes with traditional terrorism. In breaking down the concepts of cyber terrorism to its fundamental elements, there are at least five elements, which must be satisfied to construe cyber terrorism.
i. Political motivation for the cyberattacks and should lead to death or bodily injury.
ii. Fear element and/or physical harm through cyberattack techniques.
iii. Attacks must be severe attacks and against critical information infrastructures such as financial, energy, transportation, and government operations.
iv. Attacks that only disrupts non-essential services are not considered cyber terrorism.
v. The attacks must not primarily be focused on monetary gain.
Cyber terrorism includes warfare attacks against a nation state and forcing ICT infrastructure and assets to fail or to destroy them. The objective is to create fear within a target population where monetary gain is not the focus. Based on the nature of a borderless world, challenges that the authorities may face are a clear line of cyber terrorism activities, technical impediments, legislative aspect, enforcement and prosecution ot internet offenders, and public-private partnership (Zahri & Syahrul, 2017).