The University of Southampton
University of Southampton Institutional Repository

An analysis of threat perceptions: combating cyber terrorism: the policies of NATO and Turkey, evaluated using game theory in the context of international law

An analysis of threat perceptions: combating cyber terrorism: the policies of NATO and Turkey, evaluated using game theory in the context of international law
An analysis of threat perceptions: combating cyber terrorism: the policies of NATO and Turkey, evaluated using game theory in the context of international law
In 2007 Estonia faced a series of cyber-attacks on its cyber infrastructure, which caused widespread damage to the country’s economy, politics and security. However, despite this series of cyber-attacks, NATO did not apply Article 5 of the North Atlantic Treaty due to lack of consensus on applying Article 5 in the Estonian case. Although various approaches have been developed by scholars, there is no common application of international law in the United Nations Charter regarding cyber threats or attacks. Moreover, whilst there has been no common definition of ‘cyber terrorism’ by the international community, some scholars regard ‘cyber-attacks’ as acts of war. There is a paucity of literature dealing with the application of international law on cyber threats. A new Strategic Concept was adopted in 2010. Its most important development was to identify the significance of cyber threats to all NATO body members. When updating its own technology, the organisation needs to be ready to defend itself against all kinds of asymmetrical warfare, whether from within or beyond its operational range. At the same time, cyber terrorism and cyber threats have continued to affect all societies within its purview, damaging, threatening, destroying and influencing many states, such as Estonia in 2007, Georgia in 2008, Iran in 2010 and international organisations belonging to NATO in 1999. However, the terms of Article 5 of the North
3
Atlantic Treaty were imprecise as to whether cyber-attacks can be regarded as a form of threat; for this reason, NATO accepted the case-by-case concept on cyber threats/attacks in terms of the application of Article 5 by the Wales Summit in 2014. Despite the fact that the Charter of the United Nations has not been revised, if its Articles are broadly evaluated, cyber-attacks would be accepted as a threat or use of force against the territorial integrity of a state. The main purpose of this thesis is to analyse and evaluate what has been carried out regarding NATO’s operational arrangements and its Cyber Defence approach, and, secondly, to explain this in the lens of Game Theory. Furthermore, it will demonstrate why the web is paramount to NATO’s system-driven operations, and why it requires a Cyber Defence arrangement. In particular, the research endeavours to analyse Turkey in this regard. The cyber-attack on Estonia in 2007 will be used by way of a case study to explain the development of threat perceptions, risks, international law, cyber security policies and application of Game Theory.
Keywords: Cybercrime, Cyber Terrorism, Game Theory, NATO, North Atlantic Treaty, Turkey, Cyber Defence Policy, The United Nations, The UN Charter, NATO Cyber Defence Centre of Excellence, NATO Computer Incident Response Capability (NCIRC)
University of Southampton
Erendor, Mehmet Emin
2804264a-8127-43b3-9dc6-4d87b7d888c9
Erendor, Mehmet Emin
2804264a-8127-43b3-9dc6-4d87b7d888c9
Palmer, Philip
e0d68c8d-85d6-497a-a468-80d72a60c228

Erendor, Mehmet Emin (2017) An analysis of threat perceptions: combating cyber terrorism: the policies of NATO and Turkey, evaluated using game theory in the context of international law. University of Southampton, Southampton Law School, Doctoral Thesis, 322pp.

Record type: Thesis (Doctoral)

Abstract

In 2007 Estonia faced a series of cyber-attacks on its cyber infrastructure, which caused widespread damage to the country’s economy, politics and security. However, despite this series of cyber-attacks, NATO did not apply Article 5 of the North Atlantic Treaty due to lack of consensus on applying Article 5 in the Estonian case. Although various approaches have been developed by scholars, there is no common application of international law in the United Nations Charter regarding cyber threats or attacks. Moreover, whilst there has been no common definition of ‘cyber terrorism’ by the international community, some scholars regard ‘cyber-attacks’ as acts of war. There is a paucity of literature dealing with the application of international law on cyber threats. A new Strategic Concept was adopted in 2010. Its most important development was to identify the significance of cyber threats to all NATO body members. When updating its own technology, the organisation needs to be ready to defend itself against all kinds of asymmetrical warfare, whether from within or beyond its operational range. At the same time, cyber terrorism and cyber threats have continued to affect all societies within its purview, damaging, threatening, destroying and influencing many states, such as Estonia in 2007, Georgia in 2008, Iran in 2010 and international organisations belonging to NATO in 1999. However, the terms of Article 5 of the North
3
Atlantic Treaty were imprecise as to whether cyber-attacks can be regarded as a form of threat; for this reason, NATO accepted the case-by-case concept on cyber threats/attacks in terms of the application of Article 5 by the Wales Summit in 2014. Despite the fact that the Charter of the United Nations has not been revised, if its Articles are broadly evaluated, cyber-attacks would be accepted as a threat or use of force against the territorial integrity of a state. The main purpose of this thesis is to analyse and evaluate what has been carried out regarding NATO’s operational arrangements and its Cyber Defence approach, and, secondly, to explain this in the lens of Game Theory. Furthermore, it will demonstrate why the web is paramount to NATO’s system-driven operations, and why it requires a Cyber Defence arrangement. In particular, the research endeavours to analyse Turkey in this regard. The cyber-attack on Estonia in 2007 will be used by way of a case study to explain the development of threat perceptions, risks, international law, cyber security policies and application of Game Theory.
Keywords: Cybercrime, Cyber Terrorism, Game Theory, NATO, North Atlantic Treaty, Turkey, Cyber Defence Policy, The United Nations, The UN Charter, NATO Cyber Defence Centre of Excellence, NATO Computer Incident Response Capability (NCIRC)

Text
Final_PhD_thesis
Available under License University of Southampton Thesis Licence.
Download (2MB)

More information

Submitted date: January 2017
Organisations: University of Southampton, Southampton Law School

Identifiers

Local EPrints ID: 404985
URI: http://eprints.soton.ac.uk/id/eprint/404985
PURE UUID: d9952eea-729a-4e22-8715-1692e9b09bab

Catalogue record

Date deposited: 18 Feb 2017 00:23
Last modified: 16 Mar 2024 05:01

Export record

Contributors

Author: Mehmet Emin Erendor
Thesis advisor: Philip Palmer

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×