Cyber security can no longer be considered separate from security in the real world. The damage arising from cyber-attacks is very real and has real consequences in the offline world. Nevertheless, because of the unique characteristics of technology, and the types, perpetrators and victims of such attacks, the issue of cyber security demands the special attention of all those involved in the Internet.
Cyber security is a focus of attention in society today due to the sudden expansion in the number of Internet users, giving new significance to the age-old truth that technology can hold both promise and danger. What can be used to the benefit of society can also be used against it.
A side-effect of the sudden integration of the Internet into almost every aspect of human activity is the increased vulnerability of modern society to cyber-attack. The Internet is part of the critical global infrastructure and many other services vital to modern society (such as e-commerce and online banking) are becoming increasingly dependent on the Internet and a frequent target for cyber-attacks.
Cyber security can be viewed according to three criteria:
- Type of activity (interception of data, interference with data transfer, illegal access, spying, destruction of data, sabotage, denial of service, identity theft)
- Type of perpetrator (hackers, cyber-criminals, cyber-warriors, cyber-terrorists)
- Type of target (individuals, companies, public institutions, state bodies, critical infrastructure)
Criminal offences against computer data security (according to the Republic of Serbia Criminal Code) are as follows:
- damage to computer data and programs
- computer sabotage
- creation and introduction of computer viruses
- computer fraud
- unauthorised access to a protected computer, computer network or electronic data processing
- denial and limitation of access to a public computer network
- unauthorised use of a computer or computer network
In addition to these, the Criminal Code designates as criminal offences other acts against the safety of children, violation of copyright and the collection of personal data perpetrated using computers and the Internet, such as:
- abuse of computer networks or communication using other technologies in order to commit criminal offences against sexual liberty with respect to juveniles (arranging a meeting with a juvenile)
- showing, obtaining and being in possession of pornographic material, and exploitation of a juvenile for pornography (including digital publication and sale)
- unauthorised use of copyright material (unlawful reproduction, publication or sale of computer programs or collections of data)
- unauthorised collection of personal data (unlawful collection, download or use of the personal data of members of the public)
Privacy and data protection
Privacy and data protection are closely interwoven issues where Internet security is concerned. Data protection is a legal mechanism intended to ensure privacy.
Privacy is the right of every citizen to control his or her personal data and make decisions about them (to either conceal them or reveal them) and is a basic human right which concerns:
- Privacy of communication – no monitoring of an individual’s communication
- Privacy of information – no manipulation of data on individuals
DNSSEC (DNS Security Extensions) is a system of security standards which facilitates the verification of the integrity of data in the DNS system. It increases security for DNS service users by using a public key to cryptographically sign DNS server responses so that their integrity can be verified.
The signing of entire zones on DNS servers allows secure communications to be established, firstly between DNS servers when exchanging information, and then with the end user, who receives exact, unaltered information on where a server is located.
In its public activities, RNIDS acts in opposition to all forms of inappropriate behaviour in the Serbian Internet space, in particular:
- misuse of Internet domains (false representation, cyber-crime)
- violation of copyright and related rights, and of intellectual property rights
- violation of the privacy and security of Internet users
- violation of regulations relating to electronic communications (breach of users’ rights, spamming)
- abuse of the credulity of Internet users