The qualitative developments in the security environment in the early 21st century have led to the emergence of a new generation of threats described as non-traditional. Amongst the most important is the cyber activity, now that cyberspace has emerged as the new arena of antagonism and conflicts. Over recent years information technologies evolve rapidly and permeate all aspect of social life. The issues of cyberspace and the resulting threats to national and collective security become increasingly important due to a growing dependence of modern society on information technologies and virtual world.

Hacking attacks are becoming increasingly frequent and more complex to track down, the skills of perpetrators are constantly evolving, their schemes are becoming more complex. It is still impossible to have immediately an adequate and prompt response from the government.  It is imperative however that a scheme to rapidly identify and tackle cyber attacks and perpetrators should be established shortly. Future developments indicate rapid evolution and penetration of technologies into all areas of everyday life and that is already taking place almost everywhere. The facilitated access to anything, from anywhere, at any time will become increasingly attractive in the foreseeable future. At the same time, however, it will be easier for terrorists to make use of any information existing online. And the more information a man or a group has, the easier it becomes for them to take control of a situation and attain their objectives.

International legal regime of cyberspace

Developing technologies and the possibility arising for cyberspace to be used as a new fifth domain of confrontation give rise to a new dilemma: whether and how real and virtual world could be compared, taking account of the ever closer interaction between the two worlds. Relations in cyberspace are inherently international relations which should be regulated by the universal principles of modern international law. There is also a view that the international community should view cyberspace as an information environment which no State could claim to have jurisdiction over. In 2009 Scott Schackelford published in Berkeley Journal of International Law his paper entitled “From Nuclear War to Net War: Analogizing Cyber Attacks in International Law” where he argues that such interpretation “provides a firm legal grounding on which an international regime could be built”.[1] More or less at the same time, the Information Office of the State Council of the People’s Republic of China published the “White Paper on the Internet in China”. It is written in Chapter V on protecting Internet security that “Within Chinese territory the Internet is under the jurisdiction of Chinese sovereignty.[2] The Internet sovereignty of China should be respected and protected. “. It is written in the Russian doctrine of information security that “protecting the sovereignty of the Russian Federation in information space” is a national interest.[3] On the basis of respect for their sovereignty, China and Russia seek to have closer dialogue and to reduce the damages they cause to each other in the information space.

Western countries also view threats in the cyberspace as a real gander to nations. Back in 2010 it was written in the US National Security Strategy that cybersecurity threats represent “one of the most serious national security, public safety and economic challenges we face as a nation”. In 2011 the US Department of Defence published the Strategy for Operating in Cyberspace. It is written in the Strategy that cyberspace is an operational domain.[4] In response to those threats, the United States have established a U.S. Cyber Command for operating in cyberspace. The French national digital strategy includes objectives like protection of critical infrastructure by the State and ensuring freedom of expression. It is written in the strategy that “The role of the State in cyberspace is to ensure France’s freedom of expression and action as well as the security of its critical infrastructures in case of a major cyberattack “.[5]

It is written in the national cybersecurity strategy of the United Kingdom that:

“The National Security Strategy states that defence and protection start with deterrence. This is as true in cyberspace as any other sphere. … Cyberspace is only one sphere in which we must defend our interests and sovereignty”.[6]

Each one of those five nations which are also the five permanent members of the UN Security Council, views the protection of its critical infrastructure and information security in cyberspace as an element of the protection of its national security.

The Bulgarian cyber security strategy “Cyber Resilient Bulgaria” also states that “cyber security is a key element of the national security of the State”. Cyberspace is “viewed as the fifth domain of operations against the national interests, the territorial integrity, the national security of the sovereign states and against the rights and freedoms of citizens”.[7]

The perception of cyberspace as the fifth domain of warfare has led many countries to establish their own cyber commands and units for cyberspace operations. Back in 2009 the USA established U.S. Cyber Command (USCYBERCOM) as a sub-unified command of the Strategic Command. They also have cyber commands and divisions in the Air Force, the Naval Force, the Ground Troops, the Marine Corps and the Coast Guard, coordinated by a Joint Operations Centre. In June 2011 NATO adopted the Policy for Cyber Defence and established the NATO Cyber Defence Management Board. In 2014 Russia also established Information (and Cyber) Troops with divisions in the military districts and in the marine forces. China, Israel, North Korea and many other countries also have relevant structures. France in December 2016[8] and Germany in April 2017[9] established military cyber centres for response to cyber attacks.

It is written in the Plan for the Development of the Armed Forces in the Republic of Bulgaria 2020 that “capabilities will be developed in the field of communication and information systems, navigation systems and cyber defence.[10] Priority will be given to the development of a Centre for monitoring, analysis, response and recovery of the communication and information systems under the Cyber Defence Project, and to the development of the automated information system and adaptation of the field management systems within the NATO Federated Mission Networking”.

Main aspects of the fight against cyberterrorism

As cyberterrorism is a relatively new phenomenon, no common definition of it is available yet. In May 2000 Dorothy Denning have her view of what cyberterrorism was. In a testimony before the Special Oversight Panel on Terrorism Committee on Armed Services she said:

“Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact”.[11]

Another commonly accepted definition is that cyberterrorism is an attack in cyberspace with the aim of compromising a computer system or network. It can be perpetrated by a State, an individual or as a criminal offence. The media use widely the term “hacker” attack to foster public understanding of what it really is.

An international legal instrument specifically regulating cyberterrorism is unavailable yet. There is only one regional agreement promoting cooperation in the case of various forms of terrorism but it … does not include cyberattacks as a criminal offence”. This is the regional agreement of the Association of Southeast Asia Nations (ASEAN).[12] Therefore, a comprehensive legal framework for combating international terrorism is unavailable yet.

If international terrorism is “acts of violence which are illegal under international law (illegal activity of persons, groups and organisations, possibly States) that instigate, incite, facilitate, organise or participate in the perpetration of unlawful acts, which threaten the physical integrity of persons/groups of persons, which create a state of terror, cause serious material injuries and destruction with the aim to compel a third party (a State, an intergovernmental organisation, physical or legal persons or groups of persons) to perform or abstain from performing any act”, then cyberterrorism falls under this definition. In cyberterrorism, the international element exists in almost all cases. Attackers do not need to be physically present at the place of the attack. In many cases they are in another country or use the so-called “proxy” servers or a similar method whereby their activity goes via servers in other countries. This makes it extremely difficult to track down the physical perpetrator and to establish the jurisdiction.

What are the phases and actually the types of cyberattacks? There are four phases.[13] The first aims to scout potential victims and to collect sufficient information. Phase number two is intrusion. To be able to actually obtain the necessary information, the attacker must get into the system. Until then one can only disrupt the availability of access to certain services provided by the “target”. The next phase is the identification of important resources and getting access to confidential information and important parts of the system. In the fourth, final phase, the intruder does damage to the system or definitively gets the desired information.

Counteracting international crime in cyberspace

As technology develops, so does cybercrime. Crimes where computers are either the target or the means of commission of the offence qualify as cybercrime. Global computer network connections endow those crimes with a transborder character, hence computer-oriented crimes have an international legal aspect as well as a criminal law aspect and can be subject to study by the international legal doctrine as well as by the criminal law doctrine.

Cybercrimes have many forms. Some of them are: interruption of the functioning of or gaining unauthorised access to computer systems using malware; computer sabotage; blackmail in consequence of stolen/encoded content of the affected device or by threatening to disclose compromising information; identity theft or access to health status; illegal interception of computer data and espionage; counterfeiting using computers; dissemination of pornographic material and child pornography; advocating and inciting racial discrimination; cybercrimes against intellectual property; money laundering; cybercrimes against Internet of Things (IoT) devices, etc.

From the perspective of international law, the Convention on Cybercrime is, so far, the most important instrument on cybercrime. At its 50th session in June 2001, the European Committee on Crime Problems – an intergovernmental body of experts at the Committee of Ministers of the Council of Europe, adopted the final draft of the Convention on Cybercrime.[14] 43 Member States of the Council of Europe as well as Canada, the United States, Japan and the Republic of South Africa took part in the development of the convention. The Convention was signed in Budapest on 23 November 2001, entered into force on 1 July 2004 and is the first international treaty of its kind.

New Chapter IXa “Cybercrime” was added in the Bulgarian Criminal Code in 2002. Some of its provisions have been amended or supplemented over the years. Measures to protect sensitive information are laid down in the Protection of Classified Information Act and Article 94 expressly prohibits the connection of AIS or networks designated for creating, processing, preservation and transfer of classified information to public networks as Internet and similar electronic communication networks.

Cyberterrorism and cybercrime tools

The examples produced show that virtual space is increasingly the arena where a growing number of important processes of operation of the public administration, as well as the private sector take place. The dependence of each individual, enterprise of government on information technologies make them increasingly vulnerable to cyber attacks with unexpected consequences. In order to minimize the harm that malevolent acts in cyberspace and cybercrimes can do, specific measures need to be taken at different levels: individual and public, national and international.

The European Cybercrime Centre (EC3) of Europol outlines eight cybercrime trends in its report “The Internet Organised Crime Threat Assessment – iOCTA” 2016:

  1. Crime-as-a-Service – the number of specialised providers of cybercrime tools and services (free or against payment) increases. This opens up opportunities for terrorists to make use of these tools in the future;
  2. Ransomware – encryption of information on private or public computers and demanding ransom to decode it, becomes increasingly common. The development of electronic currency as a means for paying the ransom is a great contributor to this type of cybercrime;
  3. Criminal use of data – data have become key goods for cyber criminals;
  4. Payment fraud – attacks against ATMs have thrived across the European Union. Organised criminal groups begin to manipulate or compromise payments with NFCs;
  5. Online child sexual abuse – The use of end-to-end encrypted communication channels and content sharing in combination with largely anonymous payment systems contribute to increased live streaming of violence against children;
  6. Abuse Darknet – this is not the universally accessible global network. It is only visible using special software and/or communication protocols. Darknet continues to provide criminals, participating in many illegal activities, with a secure environment to communicate in. Extremist groups now use technologies for attacks to a limited extent. But the availability of those tools and services facilitates trade in illegal goods like weapons and all the requisites for more intensive use of those tools and services are in place;
  7. Social engineering – the use of false sights to steal information from users registers high levels. Sending messages, presented as coming from the director of an organisation, to the employees for the purpose of infecting the computers is becoming a key threat;
  8. Virtual currencies – cryptocurrencies like bitcoin remain the preferred format chosen by cybercriminals to receive payments from victims of blackmailing. This is also the currency which cybercriminals use to pay for services in the digital grey economy and Darknet.[15]


The potential of the damages which could be caused by actions in cyberspace and by possible cyberterrorist attacks should by no means be underestimated or ignored. This is true because terrorism per se is not interested in laws, human rights and freedoms, international relations and diplomacy and it finds in the online environments a new medium for action and new opportunities to attain its goals. Claims by many analysts and experts that the world has gone unnoticedly into a Cold Cyberwar are not in vain. The following question stands out – isn’t cyberwar the lesser evil compared to traditional war? On one hand, the cyberattack against a strategic site does not involve loss of life – everything can be done remotely. On the other hand, however, the effect on transport management systems, electricity supply, chemical production, event on the food industry, could lead to even greater loss of life. One thing is for certain – war is war, whether led on the battlefield or in cyberspace, and the damages it causes can be equally devastating and injurious.

[1] Shackelford, Scott. “From nuclear war to net war: analogizing cyber attacks in international law.” (2009).

[2] „The Internet in China“, Information Office of the State Council of the People’s Republic of China, June 8, 2010, Beijing, available at

[3] Margolin, Jack. Russia, China, and the Push for “Digital Sovereignty”, The Global Observatory, 2 December 2016

[4] Department of Defense, Strategy for Operating in Cyberspace (2011)

[5] The French national digital security strategy: meeting the security challenges of the digital world, October 2015, available at

[6] Schmitt, Michael, Tallinn Manual On The International Law Applicable To Cyber Warfare – Prepared by the International Group of Experts at the Invitation of The NATO Cooperative Cyber Defence Centre of Excellence, Cambridge University Press (2013)

[7] National Cyber Security Strategy “Cyber Resilient Bulgaria 2020”, available at

[8] „Френската армия си отглежда хакери, за да я пазят при кибервойна“, Дневник, 6 April 2017, available at

[9] „Берлин задейства военен център за отговор на кибератаки“, Капитал, 5 April 2017, available at

[10] План за развитие на въоръжените сили на Република България до 2020 г., available at

[11] Denning, Dorothy, “Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House or Representatives”, 23rd May 2000, available at

[12] Convention on Offences and Certain Other Acts Committed on Board Aircraft, Tokyo, 1963, available at english.pdf

[13] Duic, I., Cvrtila, V., Ivanjko, T., “International Cyber Security Challenges”, 2017, available at

[14] Council of Europe – Convention on Cybercrime, available at

[15] Europol – The Relentless Growth Of Cybercrime, 27 September 2016, available at