The problems this ARW has to analyze and discuss are of paramount importance, perhaps the most important ones among those we have to face in the years ahead of us. Technology and the information revolution have changed the balance of power, both domestically and internationally, and are altering the dynamics of international relations.

Technology has altered and corroded the State's authority and strengthened nonstate actors, in particular transnational crime and terrorist organizations. The technological revolution, though positive in itself, is nonetheless successful in corrupting markets and weakening security. As has been said, cybercriminals and terrorists have already “crossed into the spectrum of information warfare”. This simply means that the same bases of sovereignty and state legitimacy are in jeopardy.

The traditional paradigms of international relations are challenged. Postinternational global theories, such as the turbulence paradigm, are now trying to read with new lenses the new state of the world.

As a consequence, states are not – or are not yet – “equipped or capable of controlling cybercrime at the individual state level”. At the same time, compliance with international agreements reduces the ability of our states to engage in information warfare.

To put it briefly, cyberspace is to our societies what the nervous system is to our bodies. The increasing dependence of our societies on technology makes it possible for organized groups of cybercriminals and cyberterrorists to inflict serious damage on our economies and national security. The more we become technologically sophisticated, the more we are vulnerable and possible targets of attacks of many types, also because cyberterrorism is “one of the fastest evolving areas of criminal behaviour”. Moreover, as a recent case study shows (J.L. Olson, 2004), “organized groups of cybercriminals carrying out coordinated attacks have a higher potential to inflict damage than do lone perpetrators”.

Research shows that defensive measures taken by governments focus at present on individual rather than on organized cybercriminality, though – as above said – the damage inflicted is higher when the criminals are organized.

There are different types of hackers. One possible categorization of them is based on their intent and motivation: interest, political protest, religion, and so on. It is also possible that cybercriminals are at the service of governments or corporations which engage them for economic or strategic intelligence reasons. The tools hackers have at their disposal are many, and more and more easy to use. The threats against our societies will grow both in seriousness and in frequency. So our national security will be more and more in jeopardy.

The Internet offers an ideal opportunity to cybercriminals to make money and to remain anonymous. Illicit profits can be made, laundered and transferred everywhere in the world in no time and with little or no risk. These profits, many times, serve to fund other criminal or terrorist activities. The link between organized criminality and terrorism being money, it is of enormous importance to elaborate measures, national and international, against criminal high-tech behaviour.

One of the major problems to be solved is related to the difficulty, or even impossibility, to detect and prosecute illicit activities which cross geographic and legal boundaries, and which, at the same time, expand exponentially due to broadband connections.

CERT/CC – the Computer Emergency Response Team/Coordination Center – has identified 1,090 computer vulnerabilities in 2001 and 4,129 in 2002, namely 4 times as much in only one year. This is also because the private sector obeys the law of profit and does not care as much about national security. One can understand the seriousness of the problem considering the state of dependence of critical infrastructures on the private sector. In the United States, for instance, “the military currently relies on commercial networks for 95% of its essential communications”.

The only way to protect our economies and military systems – I think – is to provide and increase state-dependent mechanisms of layered defences, including also encryption products which now operate with practically uncrackable 128-bit keys, and increase international cooperation among states as suggested, for example, by the Convention on Cybercrime of the Council of Europe of 2001.

Obviously, these security systems imply high costs estimated to reach up to several billion dollars, but the consequences, financial, industrial as well as strategic, of a cyber-attack on sensitive I-structures of a country risk having calamitous effects, also because the number of cyber-attacks increases at exponential rate every year.

As far as investigation is concerned, it is evident that traditional methods cannot cope with the new reality of cybercrime. Legislations and the legal sector at large should be revisited to deal efficiently with cyber illicit acts.

According to Interpol, “while organized crime groups have wasted no time in adapting new technologies to their ends, the efforts of the international community have remained fragmented and weapons of law enforcement almost obsolete”. Moreover, there is normally a time lag of some years between the upgrading of technological tools by the States vis-à-vis the immediate upgrading made by the rich criminal and terrorist groups.

Here, however, there is a problem with the enjoyment of civil rights, with particular reference to privacy, as proved by the provisions of the Patriot Act in the U.S.

Another serious problem is the absence of expertise among members of the judicial sector. New training on computer forensics is needed both for them and for members of the intelligence community. Data-mining software is also needed to track cyber-trails. Obviously, the use of encryption by criminal groups is a serious obstacle for investigations. The situation is very difficult, but we cannot simply accept the statement of Europol's crime Department Director when he says: “With cybercrime, it's become obvious that we've lost the battle even before we've begun to fight. We can't keep up”. A strong international cooperation is the key to try to be on the winning side. The afore mentioned Convention on Cybercrime, adopted by the Council of Europe, is a good example of what should be done.

From the legal and judicial point of view, it is evident that we are far behind the necessary level of modernization and harmonization of our juridical systems. Our traditional laws were devised to protect physical property and physical “goods”, and not the virtual assets of the world of computers.

Moreover, as it has been said, “many cybercrime investigations are ineffective because they focus on evidence, quantity, tracking, location, injury, and loss, just as though these physical elements are pertinent in the virtual world of cyberspace”.

On its side, the Internet offers cybercriminals and terrorists many opportunities, among which it: can be used anonymously, helps in raising money, is a recruiting tool, is an information gathering system, can be used to steal information and manipulate data, can be used to make propaganda, allows a group to appear more dangerous than in reality is the case, etc. In short, it is an extremely dangerous weapon in the hands of people who do not put limits, juridical or moral, to their actions.

Some other remarks concerning NATO seem to be important. During these last years, the Atlantic Alliance and the European Union have contributed consistently to European security, freedom and prosperity, with a partnership that has proved beneficial. With the enlargement of the E.U. and the perspective of the adhesion of the Balkan countries to the European Union, NATO is slowly handing over to the E.U. the responsibility of security in some Balkan states, with European forces engaged in peace support operations. The objective of peace-enforcing-making-keeping missions is to stabilize the region in order to be able to withdraw from it after the local authorities have full control of the situation. But, obviously, organized crime and its bedfellows, corruption and violence, appear currently as the main actors that hinder the achievement of this objective.

These criminal activities pollute politics, economy and reconstruction, and fuel disturbances, ethnic rivalry and violence. In areas of conflict the main threats are not only those created by war, material and humanitarian devastation, but also those created by the vacuum of legitimate and strong authority. This vacuum has given space to all kinds of crimes, both local and international, making the convergence of criminal activities with extremism and terrorism much easier.

Local police forces have problems of legitimacy, while international ones have problems of training and understanding of the local realities.

Military forces in peace operations are visible, predictable, and rational and, therefore, easy to be bypassed by local criminal ‘forces’ that are invisible, unpredictable and do not act rationally, at least in western eyes. To see does not mean to understand.

Intelligence is fundamental for foreign troops in areas of crisis, and has to go hand in hand with the operations. This synergy has however been often prevented by national approaches and susceptibilities.

It is obvious that fighting against the “untouchables” of the local society and the criminal organizations ruling in some countries of the area requires a type of knowledge and tools that the military and police did not have until now. The actors in the fight against these structures should therefore adopt the same global approach, adopting a functional and flexible network security disposal, with operations based on shared information and common analysis of the ‘enemies’ and of the objectives to be reached.

It is my hope that this Workshop, enriched by the contribution of so many experts coming from different countries and cultures will contribute to the solution of at least some of the problems and ‘invisible threats’ – corruption, trafficking in documents, high-tech crime and money laundering – that are challenging our societies and our security

I am deeply indebted to J.L. Olson (The Threats of Systematic and Organized Cybercrime and Information Warfare, 2004) for many of the ideas expressed in these few pages, as well as to M. Coen, PhD, Belgian Counsellor of Embassy, for her valuable advice. The editors wish to thank Silvia Ciotti Galletti for her invaluable assistance.

Umberto Gori, University Centre for Strategic and International Studies (CSSI), Florence, 2006