International Journal on Criminology Volume 2, Number 1, Spring 2014

The Behavioral Intelligence Paradigm in Fighting Cyber-Crime by the advancement of causative learning techniques, or when inaccessible, by the very large number of spontaneous hacking groups sharing their recombination experiments. In such a paradigm, focusing on expost defense strategy based on known and identified vulnerabilities is likely to fail. Putting contemporary doctrines to the test of technological shifts By gathering data from public sources on published Cyber-Defense doctrines, we try in the second part of this analysis to assess the soundness of Cyber-Doctrines for the deterrence of behavioral intelligence-driven threats. We analyzed 38 national strategies to fight cyber-crime, implement cyber-defense, and promote resilient information infrastructures and cyber-security. We used the framework developed earlier on the history of cyber-criminality to categorize four categories of cyber-crimes, based on their destination (“targeted and long-reach” versus “immediate or non-directed”) and their preparation (“spontaneous” versus “prepared and sponsored”). Hence, we identify four classes of cyber-crime: “code warriors” (I), “cyber free riders” (II), “autonomous collectives” (III), and “sponsored attackers” (IV). Different classes of attacks require different responses. Immediate and spontaneous attacks (Class I) can be handled with robust information security, including causative learning that can deter sophisticated AI attacks. Most national doctrines have a sound understanding and appropriate range of responses for such attacks. Prepared and sponsored immediate attacks (computer theft by organized crime, free-riding, phishing, and cracking—Class II) require a coordinated range of technical and jurisdictional responses. Signature-based detection systems and knowledge-based defenses are usually sufficient to deter most threats, as far as regulation is judicially enforced. Socially and society-rooted attacks (hactivist groups, temporary or goal-driven groups with political, societal, or economic motives—Class III) involve perception warfare, information warfare, and sense-making capabilities so as to respond to rapid and emergent distributed deployment. Finally, offensive campaigns with embedded behavioral intelligence (Class IV) require transversal responses that encompass proactive deterrence “beyond tech” and “beyond claim”. Class III and Class IV threats call for real-time sense-making on unprecedented scales, involving largescale human cognitive learning on one side (III) and large-scale behavioral learning on the other side (IV). Our analysis of the evolution of national cyber-crime doctrines over the period 1994–2013 brings mixed findings. “Power-sovereign” doctrines (P-S, Class IV) emphasize the development of large specialized units, are often obsessed with critical infrastructures protection, and develop more or less publicly, offensive capabilities. While they deliver sustainable deterrence policies on State-sponsored cyber attacks, they usually develop a threat-rigidity dominant logic, which impedes their involvement in emergent societal change. The risk for P-S doctrines is therefore disconnecting with emergent hacking movements, and a lack of reactivity to distributed cognitive warfare. “Societal Resilience” doctrines (Class III), on the other hand, are more sensitive to opinion movements, try to leverage the public space, and focus their offensive capabilities on information warfare. Motivation for such doctrines is not always rooted in a democratic and progressive view of the Internet. Yet, the digitalization of society is clearly identified as both the core threat and core opportunity for cyber-defense and cyber-development. 17

International Journal on Criminology Volume 2, Number 1, Spring 2014 | Página 19