computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F<br />
90<br />
COMPUTER<br />
SECURITY<br />
Integrating Legal<br />
and Policy Factors in<br />
Cyberpreparedness<br />
James Bret Michael, Naval Postgraduate School<br />
John F. Sarkesain, Aerospace Corp.<br />
Thomas C. Wingfield, George C. Marshall European<br />
Center for Security Studies<br />
Georgios Dementis, Hellenic Navy<br />
Gonçalo Nuno Baptista de Sousa, Portuguese Navy<br />
Cyberwarfare countermeasures must consider more than<br />
technological capabilities.<br />
Attacks in cyberspace<br />
are commonplace. The<br />
effects of such attacks<br />
can range from minor<br />
nuisances, such as defacing webpages<br />
or temporarily denying service<br />
to noncritical systems, to major disturbances<br />
that interrupt international<br />
commerce or threaten to destabilize<br />
a nation-state.<br />
Anyone can wage an attack in<br />
cyberspace: individual citizens,<br />
criminal syndicates, terrorist organizations,<br />
even entire nations. Such<br />
attacks can be extremely sophisticated<br />
and involve many actors. The<br />
cyberattacks on Estonia in 2007 by<br />
so-called “patriotic hackers,” criminal<br />
elements that leased out botnets,<br />
and alleged state-sponsored information<br />
warriors combined some<br />
of the characteristics of a military<br />
campaign with those of a covert<br />
operation (www.economist.com/<br />
________________________<br />
world/international/displaystory.<br />
cfm?story_id=E1_JNNRSVS).<br />
__________________<br />
CYBERPREPAREDNESS<br />
Regardless of who perpetrates<br />
a cyberattack, defenders of the<br />
attacked systems must be prepared<br />
to respond, even if only to mitigate<br />
the attack’s effects. Cyberpreparedness<br />
can be said to have three<br />
dimensions (E. Tikk and T. Wingfield,<br />
“Frameworks for International Cyber<br />
Security: The Cube, the Pyramid, and<br />
the Screen,” presentation, Int’l Cyber<br />
Conflict Legal and Policy Conf., 2009):<br />
technical feasibility—the<br />
“possible”;<br />
legal—the “permissible”; and<br />
policy—the “preferable.”<br />
From a technical vantage, a<br />
defender could use a computerbased<br />
tool such as NetSPA to assess<br />
a computer network’s vulnerability<br />
to attack and develop appropriate<br />
countermeasures (K. Ingols et al.,<br />
“Modeling Modern Network Attacks<br />
and Countermeasures Using Attack<br />
Graphs,” Proc. Ann. Comp. Security<br />
Applications Conf., IEEE, 2009, pp. 117-<br />
126). However, a defender also needs<br />
a distributed command, control, and<br />
battle management (C2/BM) system<br />
to maintain situational awareness of<br />
and respond to cyberattacks in nearreal<br />
time (N. Howes, M. Mezzino,<br />
and J. Sarkesain, “On Cyber Warfare<br />
Command and Control Systems,”<br />
Proc. 9th Ann. Int’l Command and Control<br />
Research and Technology Symp.,<br />
2004; www.dodccrp.org/events/9th_<br />
____________________<br />
ICCRTS/CD/papers/118.pdf).<br />
_________________<br />
LAW AND POLICY<br />
Turning now to the “permissible”<br />
and “preferable,” the customary<br />
guiding principles of jus in bello,<br />
“customary legal standards for the<br />
conduct of war”—discrimination,<br />
necessity, proportionality, and chivalry—also<br />
apply to cyberwarfare,<br />
as does the jus ad bellum, “law governing<br />
the transition from peace to<br />
war” (J.B. Michael, “On the Response<br />
Policy of Software Decoys: Conducting<br />
Software-Based Deception in<br />
the Cyber Battlespace,” Proc. 26th<br />
Ann. Int’l Computer Software and<br />
Apps. Conf., IEEE, 2002, pp. 957-962).<br />
Cyberattacks can have the equivalent<br />
effects of attacks waged with kinetic<br />
weapons, rising to the level of a “use<br />
of force” under international law (J.B.<br />
Michael, T. Wingfield, and D. Wijesekera,<br />
“Measured Responses to Cyber<br />
Attacks Using Schmitt Analysis: A<br />
Case Study of Attack Scenarios for<br />
a Software-Intensive System,” Proc.<br />
Published by the IEEE Computer Society 0018-9162/10/$26.00 © 2010 IEEE<br />
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F