Information protection in automated systems
Date: February 15, 2004Source: Computer Crime Research Center
By:
In this connection we may imagine problems of qualification of computer crimes and moreover criminal prosecution of guilty, when cyber criminals will be using quantum computers.
It is obviously that present qualification of information security threats demands further development and specification. It is not accidentally that objective side of offences is characterized by more deep detailed elaboration in Cyber Criminality European Convention. Convention distinguishes illegal access (article 2) and illegal data interception (article 3), interference with data (article 4) and interference with system (article 5), misuse of devices (article 6), computer related counterfeit (article 8), child pornography related to computers (article 9), copyright and adjacent rights violations (article 10) [3].
Information protection is a set of methods that maintain integrity, confidentiality, authenticity, reliability and accessibility of information under influence of threats of natural and artificial character. The humanity, at different stages of its development, solved this problem with peculiar to its current stage character. Computer invention and further impetuous development of information technologies in second part of 20 century made a problem of information protection as topical, urgent, and critical as informatization is actual for the whole society.
Computerization gave birth to a new kind of crime. Total amount of misuses in sphere of computer technologies and extent of damage are increasing steadily. It can be described by several facts:
- high development and mass introduction of information technologies and processes based on computer use in many fields of human activity;
- great number of experts in field of computer technologies and raising the level of their skills;
- law imperfection in field of information relationship and information security;
- imperfection or absence of technical means of information security in concrete technologies;
- low level of revealing computer crimes.
This, in turn, caused necessity of reconsidering computer criminality as social phenomena and elaborating of corresponding techniques on fighting against it, including revealing and investigating crimes committed with use of computer technologies.
Efforts on creating system of fighting computer crimes are focused on several directions:
- legal provision of fighting computer crimes;
- development of secured information technologies;
- development of security means with purpose of existing information technologies updating.
Funds necessary for these tasks solution are too significant and every year they are needed more and more. Production volumes of physical control and computer security means only in USA were 1.8 billion USD in 1990, about 5 billion in 2000 year. However these expenses are much less than possible losses.
Computer crimes in countries with developed information telecommunication infrastructure became wide distributed, thus number of special articles are included in criminal laws.
First law on information security was adopted in USA in 1906. Today there are about 500 legal documents on information security, disclosure and computer crime in the US. Problems of information security are examined by American administration as one of key elements of national defence. National policy of US in field of information protection is formed by the National Security Agency (NSA). At that, the most important strategic tasks that define national policy in this sphere as a rule are solved at level of National Security Council, decisions are processed as directives of the President of the USA.
Adequate response to changes of social relationship found representation in normative documents of EU Council (there are more than 100 documents), resolutions, conventions, recommendations and directives of Europarliament and European Union. Concrete reflection of informatization processes is expressed in laws, normative and ethical rules of subjects of information relationship of all developed countries.
Analysis of legal regulation of information relationship in Ukraine and international experience allows to determine a number of basic methodological, principal regulations of information law that is public legal basis of information right:
- main object of regulation – social information relationship;
- main subject of social relationship – information (bulletin, data, knowledge, secret etc.);
- method of legal regulation – system complex application of constitutional, civil, administrative, labor and criminal law methods (it defines inter-branch character of public legal regulation) and use of private legal regulation methods (at level of agreements, customs, traditions, norms of social morals, professional and business ethics);
- by legal origin as inter-branch complex concept of Ukrainian national law it has private legal and public legal nature;
- information law has connection with other inter-branch institutes of law: copyright, property right, intellectual property law etc., and creates complex, aggregated hyper system of law with them.
National (state, public) law of Ukraine has significant corpus of legal acts (laws and by-laws) that directly or indirectly regulate information relationship in society. The total of legal norms in sphere of social information relationship defined in laws and by-laws have reached critical amount. This trend conditions on possibility and necessity of picking them out in a separate, autonomous and inter-branch institute of law – information law and corresponding legal systematization at level of scientific discipline and law [4].
The state of information telecommunication systems and level of their protection is one of the most important factors that influence information security of a state. Economical losses from computer crimes are at the same level with advantages obtained after introduction of computers in practice, and we can not estimate social and moral damage at all.
State policy of Ukraine in sphere of information protection is determined by a priority of national interests, has a purpose to make information threats impossible, and is performed by way of carrying out of regulations, specified in legislation and Technical Information Protection Convention, and also development of programs on information protection and separate projects.
There are some measures on state policy realization in sphere of information protection: creating legal basis on realizing state policy in sphere of information protection, consecution and order of developing corresponding normative legal acts; definition of perspective directions of development of normative documents on questions of information protection on basis of analysis of corresponding home and foreign normative base, development of specified normative documents; definition of domestically produced computers and basic software, office and telecommunication equipment, designed for restricted information processing, other protection means in state and local authorities, National Academy of Sciences, Armed Forces, other military departments, internal affairs authorities; development of certification system of domestically produced and foreign technical means of information protection; definition of real demand for experts in system of technical protection of information, development and improvement of the system of training, retraining and raising the level of skills for experts in technical protection of information.
Materials of this article may be used for perfection of information protection in automated systems. Given thesis and conclusions may be used in two main directions: theoretical methodical basis for improvement of information protection from unauthorized access and improvement of current law on information protection and criminal responsibility for offences with help of computers.
[1] N. Nizhnik, G. Lepikov, Information technologies in state authorities, Information technologies and information protection, Collection of scientific works, Zaporizhzhya: 1998, p.97.
[2] R. Kaluzhny, R. Kolpak, IT use of organized criminality for influencing society, Fighting organized criminality and corruption (theory and practice), Scientific practical magazine, #3, 2001, p.160.
[3] V. Golubev, Computer Crime Investigation, Monograph, Zaporizhzhya: University of Humanities “ZIDMU”, 2003, p.52.
[4] R. Kaluzhny, V. Gavlovski, V. Tsymbaluck, M. Gutsaluk, Problems of reforming information law of Ukraine, Legal, normative and methodological provision of information protection system in Ukraine, Kyiv: 2000, p.17-21.
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2004-08-04 11:42:17 - pointing the ways to an automated society sakina |
| Total 1 comments |
