KLASIFIKACIJA MALICIOZNIH AKTIVNOSTI U SAJBER PROSTORU I ORGANIZACIJA SAJBER BEZBEDNOSTI U REPUBLICI SRBIJI

Inspiracija za rad i problem(i) koji se radom oslovljava(ju): Dugogodisnje strucno pracenje malicioznih sajber aktivnosti i stanja sajber bezbednosti u Republici Srbiji. Ciljevi rada (naucni i/ ili drustveni): Predmetno istraživanje imalo je za cilj da pruži doprinos u definisanju i klasifikaciji malicioznih aktivnosti u sajber prostoru, kao i da izvrsi uporednu analizu sistema sajber bezbednosti u Republici Srbiji u odnosu na savremene međunarodne standarde u ovoj oblasti. Metodologija/ dizajn: U radu su koriscene razlicite metode kako bi se zadovolji osnovni metodoloski zahtevi, kao sto su pravno dogmatska, analiticka, komparativna i druge metode. Ogranicenja istraživanja/ rada: Prezentacija problema organizacije sajber bezbednosti u Republici Srbiji je limitirana na predstavljanje pravnih i organizacionih aspekata ovog pitanja. R e z ultati/ nalazi: Pokazalo se da poreklo malicioznih aktivnosti u sajber prostoru može biti kriminalno, politicki motivisano, teroristicko, kao i sponzorisano od strane država, a u cilju ostvarivanja ekonomskih, politickih, vojnih i ciljeva nacionalne bezbednosti. U ovom radu predložena je definicija koja podrazumeva da sajber napad mora ukljuciti aktivno ponasanje napadaca, da mora težiti da ugrozi funkciju racunarske mreže žrtve i da mora da bude izveden u svrhu ostvarenja politickih ili ciljeva nacionalne bezbednosti. Takođe, u organizacionom smislu, identifikovano je da krizni menadžment u sajber bezbednosti podrazumeva i koordinaciju celokupne sajber politike na državnom nivou, putem  tela odgovornog za koordinaciju nacionalne bezbednosne politike. Generalni zakljucak: Sajber prostor postaje sve vise domen za izvođenje kriminalnih aktivnosti,  sto aktuelizuje potrebu da se u međunarodnoj zajednici usklade stavovi u vezi klasifikacije malicioznih aktivnosti u sajber prostoru. Definicija sajber napada, koja je u radu ponuđena, promovise pristup zasnovan na „svrsi” napada, i može da pomogne  razlikovanju sajber-kriminala od sajber-napada. Osim toga, ponuđen je teorijski okvir za klasifikaciju tipova obavestajnog rada u sajber-prostoru. Treba istaci da koncept sajber bezbednosti u svakoj državi ima svoj politicki, normativni i organizaciono-institucionalni aspekt. U vezi sa stanjem sajber bezbednosti u Republici Srbiji, zakljucuje se da je u toku proces uspostavljanja normativnog i institucionalnog okvira njene sajber bezbednosti. Opravdanost istraživanja/rada: Opravdanost rada leži u cinjenici da na međunarodnom nivou jos nije usvojena zajednicka definicija koja ce identifikovati i klasifikovati sajber incidentne. U vezi sa stanjem sajber bezbednosti Republike Srbije, ovo istraživanje dace doprinos pravilnoj izgradnji infrastrukture sajber bezbednosti koja treba da bude u skladu sa međunarodnim standardima. -------------------------------------------------- Classification of malicious activities in cyberspace and organization of cyber security in Serbia R eason for writing and research problem (s) : Many years of professional research of malicious cyber activity and the state of cyber security in the Republic of Serbia. Aims of the paper (scientific and/or social): Concerned paper had the goal to contribute to the definition and classification of malicious activity in cyberspace, as well as to carry out a comparative analysis of cyber security system in the Republic of Serbia in relation to modern international standards in this area. Methodology/Design: In the paper, among others, the legal dogmatic, analytical and comparative method had been used. R esearch/Paper limitations: Presentation of the problem of cyber security organizations in the Republic of Serbia is limited to the presentation of the legal and organizational aspects of this issue. R esults/Findings: It turned out that the origin of cyber incidents may vary, which means that they may be motivated by criminal or political factors, derived from terrorism, as well as sponsored by some states with a view of achieving particular economic, political, military and national security objectives. This work sets out a proposal for a definition that implies the following: a cyber-attack must involve active behavior of the perpetrator; must aim to jeopardize the functioning of the victim’s computer network and be carried out with the aim of achieving a political or national security goal. Also, in terms of organization, we identified that crisis management in cyber security includes the coordination of the entire cyber policy at the state level, through the body responsible for coordinating national security policy. General conclusion: Cyberspace is becoming more domains for carrying out criminal activities, which actualize the need for the international community to coordinate views on the classification of malicious activity in cyberspace. The definition of cyber-attacks, which is offered in work, promoting an approach based on “purpose” of the attack, and can help differentiate cyber-crime from cyber-attacks. In addition, it offered a theoretical framework for the classification of types of intelligence activities in cyberspace. It should be noted that the concept of cyber security in each country has its political, regulatory, organizational and institutional aspects. In connection with the state of cyber security in the Republic of Serbia, it is concluded that Serbia is currently engaged in the process of setting up a legal and institutional framework of its cyber security. R esearch/ Paper validity: The justification of the work lies in the fact that at the international level, has not yet been adopted a common definition of incidents in cyberspace. In connection with the state of cyber security of the Republic of Serbia, this study shall contribute to the proper construction of cyber security infrastructure, which should be in accordance with international standards.