computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F<br />
26th Ann. Int’l Computer Software<br />
and Applications Conf., IEEE, 2003,<br />
pp. 622-627).<br />
Thus, regardless of the technical<br />
measures used, law and policy must<br />
be in place to guide defenders as<br />
they craft responses to cyberattacks.<br />
Although a response might be legal,<br />
policy dictates the latitude in applying<br />
the law, taking into consideration<br />
such factors as the impact on society,<br />
diplomatic relations, and even<br />
privacy concerns, such as a given<br />
response’s level of intrusiveness. The<br />
currency of the topic of cyberpreparedness<br />
is evidenced by the recent<br />
front-page news account of the legal<br />
and policy discussions that ensued<br />
prior to the cyberattack sponsored<br />
by the US Department of Defense to<br />
dismantle an online forum used by<br />
terrorists to plan kinetic attacks on<br />
US troops (E. Nakashima, “For Cyberwarriors<br />
Murky Terrain; Dismantling<br />
of Saudi-CIA Web Site Illustrates need<br />
for Clearer Cyberwar Policies,” The<br />
Washington Post, 19 March 2010, pp.<br />
A1 and A16). Policy issues included<br />
the impact on US-Saudi relations and<br />
whether the response should be conducted<br />
as an intelligence or military<br />
operation.<br />
In addition, techniques for conducting<br />
principled analyses must be<br />
ready to help minimize legal uncertainty<br />
about cyberincidents and allow<br />
the most complete range of effective<br />
responses. Whether the response is<br />
conducted via kinetic or cyber means,<br />
it must be lawful (T. Wingfield, The<br />
Law of Information Confiict: National<br />
Security Law in Cyberspace, Aegis<br />
Research Corp., 2000).<br />
LEVERAGING THE<br />
LEGAL CELL<br />
We propose merging the three<br />
dimensions of cyberpreparedness<br />
by adding a new type of virtual cell<br />
to cybersystems: the legal cell.<br />
Virtual cells within such systems<br />
serve as dynamic virtual<br />
communities in which cyberopera-<br />
tors can interact in support of making<br />
informed decisions. Cyberoperators<br />
encompass subject-matter experts<br />
in cyberoperations along with the<br />
related communities of the diplomatic<br />
corps, intelligence analysts, the<br />
military, politicians, legal authorities,<br />
law-enforcement agents, economists,<br />
and those responsible for creating<br />
and maintaining the national critical<br />
infrastructure. Cyberoperators can<br />
create, join, leave, and even dissolve<br />
cell instantiations.<br />
The legal cell provides cyberoperators<br />
with the means to obtain<br />
advice from experts in information<br />
operations (IO) law. Within cyber C2/<br />
BM systems, cells subscribe to infor-<br />
We propose merging<br />
the three dimensions<br />
of cyberpreparedness<br />
by adding a new type<br />
of virtual cell to cybersystems:<br />
the legal cell.<br />
mation and the system publishes it<br />
continuously in a digestible format.<br />
This differs from the information-pull<br />
approach incorporated into most of<br />
today’s C2/BM systems when used in<br />
conjunction with kinetic warfare.<br />
Through the legal cell, IO experts<br />
can maintain a current picture of the<br />
cyberspace situation and provide<br />
advice as needed. This is an important<br />
capability, given the rapid tempo<br />
of cyberbattles and the high degree<br />
of space compression, which asserts<br />
that the physical distance from a<br />
target does not matter as it would<br />
with kinetic weapons and that a<br />
flattened command structure is necessary<br />
for conducting cyberwarfare.<br />
On instantiation of a legal cell, the<br />
system populates it with presumptions<br />
and algorithms. In this context,<br />
presumptions follow black-and-white<br />
if-then rules automatically enacted by<br />
mobile agents, whereas algorithms<br />
involve more complex data processing<br />
than with production rules but,<br />
like presumptions, are processed<br />
without human intervention and<br />
whose results trigger a course of<br />
action.<br />
These three elements—the law,<br />
presumptions, and algorithms—are<br />
what Tikk and Wingfield refer to as<br />
the “pyramid,” representing decision<br />
making along a continuum of<br />
operational speed and the inherent<br />
limitations on what types of problems<br />
computers solve in support of decision<br />
making.<br />
ATTACK RESOLUTION<br />
Given the unpredictability and<br />
quickness of cyberattacks, a rapid<br />
response is critical, necessitating<br />
use of at least some autonomic<br />
systems. According to a report by<br />
the National Institute of Standards<br />
and Technology (NIST) outlining a<br />
smart grid cybersecurity strategy<br />
and requirements (http://csrc.nist.<br />
gov/publications/drafts/nistir-7628/<br />
draft-nistir-7628_2nd-public-draft.<br />
__<br />
pdf).<br />
Ultimately, the cyberoperation<br />
leader will ascertain the effect of<br />
the attack’s automated response,<br />
particularly in the military because<br />
a commander cannot delegate<br />
responsibility for the actions of their<br />
command. While a commander may<br />
delegate the authority to execute<br />
certain actions on to a subordinate<br />
within the command, the commander<br />
still retains full and complete responsibility<br />
for the outcome of those<br />
delegated actions, for good or bad.<br />
Some defensive systems that involve<br />
using kinetic weapons require extensive<br />
automation, such as those used<br />
for ballistic missile defense, in which<br />
the duty cycle for core functions of<br />
the so-called “kill chain”—detect,<br />
track, assign weapons, engage, and<br />
assess outcome—cannot be performed<br />
by humans swiftly enough to<br />
achieve the desired levels of operational<br />
effectiveness.<br />
APRIL 2010<br />
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F<br />
91