International Journal on Criminology Volume 2, Number 1, Spring 2014

The Behavioral Intelligence Paradigm in Fighting Cyber-Crime Finally, “Social order” doctrines (Class I) and “Technocratic” doctrines (Class II) only differ in their perception of control. The main difference lies in a control at the source (I) versus a control by a normalization of the outputs (II). Technocratic perspectives often suffer from a delayed perception of technological change, mainly inspired by an incident-response philosophy or a late entry to the field. Doctrines that favor social order generally suffer from a lack of national vision or national strategy, or have built their policies by borrowing (or aligning to) external national visions. The following graph presents the positioning of different national cyber-crime deterrence and cyber-defense strategies (year indicates date of first document analyzed). The findings illustrate the trade-off between national policies that focused on organized cyber-crime and policies driven by the surveillance (or the support) of the societal rooting of cyber-developments. Interestingly, the Russian cyber-doctrine is closer to emergent societal developments than its Chinese or U.S. counterparts. Measuring the robustness of national strategies: what to expect? Most of the studied national strategies derive their national cyber criminality deterrence with an average delay of 10–15 years with the advancement of technology. Accordingly, society-wide disruptions have been systematically overlooked. Typically, cyber-policies grow in the fxourth class, while the most disruptive change is taking place in the third. Core hacking technologies have been steadily stable in the 1990–2012 period. Advanced Persistent Threats (APTs) are not per se the result of a disruption in core exploits, but rather a paradigmatic change coming from peripheral technologies (mainly machine learning, automation, and combinatory reconfiguration). Such a paradigmatic change thrives on the obsolescence of an aging infrastructure. Combinations are made possible when flaws can be exploited cross-systems. The growing interoperability of vulnerable systems increases the probability of the on-the-fly exploitation of cross-vulnerabilities. In such a context, vendors, by pushing cyber-criminality deterrence to focus on “points of access” vulnerability assessment impede investment in behavioral learning technologies (by maintaining a poorly performing, but highly profitable, signature-based defense paradigm). The only way to counteract and deter intelligent behaviors is by outpacing and outsmarting its behavioral intelligence. Very few studied doctrines have acknowledged this core systemic vulnerability. Confidence building and security measures (CBSMs) are hence rooted in a technological and societal understanding that may foster vulnerabilities, and suffer from a critical blind spot on the nature of future technological threats. Technocratic (Class II) and social order (Class I) national doctrines are dependent on vertical and jurisdictional knowledge, while the evolution of threats is horizontal and a-jurisdictional. Most recent large-scale campaigns (APT1, Blaster-worm, etc.) have shown the limits of inter-jurisdictional coordination in responding to attacks with unpredictable attribution, unknown or undiscovered signatures, and using causative learning to adapt to common technical responses. Most of the analyzed doctrines presented an outdated perception of authorship and attribution. Attribution is assimilated in most doctrines with a geographical point of emission (or several), a central intent, and a legalist perspective on tracking back attacks. 19

International Journal on Criminology Volume 2, Number 1, Spring 2014 | Page 21