The challenge of cyber attack deterrence

National security planners have begun to look beyond reactive, tactical cyber defense to proactive, strategic cyber defense, which may include international military deterrence. The incredible power of nuclear weapons gave birth to deterrence, a military strategy in which the purpose of armies shifted from winning wars to preventing them. Although cyber attacks per se do not compare to a nuclear explosion, they do pose a serious and increasing threat to international security. Real-world examples suggest that cyber warfare will play a lead role in future international conflicts. This article examines the two deterrence strategies available to nation-states (denial and punishment) and their three basic requirements (capability, communication, and credibility) in the light of cyber warfare. It also explores whether the two most challenging aspects of cyber attacks – attribution and asymmetry – will make cyber attack deterrence an impossible task.     

Network investigations of cyber attacks: the limits of digital evidence

Cyber attackers are rarely held accountable for their criminal actions. One explanation for the lack of successful prosecutions of cyber intruders is the dependence on digital evidence. Digital evidence is different from evidence created, stored, transferred and reproduced from a non-digital format. It is ephemeral in nature and susceptible to manipulation. These characteristics of digital evidence raise issues as to its reliability. Network-based evidence – ie digital evidence on networks – poses additional problems because it is volatile, has a short life span, and is frequently located in foreign countries. Investigators face the twin obstacles of identifying the author of a cyber attack and proving that the author has “guilty knowledge.” Even more is at stake when the cyber attacker is a trusted insider who has intimate knowledge of the computer security system of the organisation. As courts become more familiar with the vulnerabilities of digital evidence, they will scrutinise the reliability of computer systems and processes. It is likely that defence counsel will increasingly challenge both the admissibility and the weight of digital evidence. The law enforcement community will need to improve competencies in handling digital evidence if it is to meet this trend.     

Cyber terrorism challenges: The need for a global response to a multi-jurisdictional crime

With the widespread concerns about cyber terrorism and the frequent use of the term “cyber terrorism” at the present time, many international organisations have made efforts to combat this threat. Since cyber terrorism is an international crime, local regulations alone are not able to defend against such attacks; they require a transnational response. Therefore, an attacked country will invoke international law to seek justice for any damage caused, through the exercise of universal jurisdiction. Without the aid of international organisations, it is difficult to prevent cyber terrorism. At the same time, international organisations determine which state court, or international court, has the authority to settle a dispute. The objective of this paper is to analyse and review the effectiveness and sufficiency of the current global responses to cyber terrorism through the exercise of international jurisdiction. This article also touches upon the notion of cyber terrorism as a transnational crime and an international threat; thus, national regulations alone cannot prevent it. The need for an international organisation to prevent and defend nations from cyber terrorism attacks is pressing. This paper finds that, as cyber terrorism is a transnational crime, it should be subjected to universal jurisdiction through multinational cooperation, and this would be the most suitable method to counter future transnational crimes such as cyber terrorism.     

Multilateral cybersecurity governance: Divergent conceptualizations and its origin

Conventional wisdom holds that none of the main global challenges of the 21st century—whether it is climate change, nuclear weapons or cyber insecurity—can be adequately addressed without proper international cooperation. However, multilateral cooperation in many issue areas including cybersecurity is in a state of gridlock. Diverging conceptualizations of the subject matter has been offered as one driving factor behind the difficulty to cooperate at the international level.This paper contends that while international cooperation in cybersecurity has been difficult because of diverging definitions and conceptualizations of the subject, which are apparent in the international system, the problem grew into a state of gridlock because this divergence is anchored in the incompatibility of the ways in which major cyber powers organize their respective political systems at home. As such, it is argued that, the role of the multilateral system to bring about any significant progress in cybersecurity governance is very limited.     

From papyrus to cyber: how technology has directed law enforcement policy and practice

Abstract

Cyber technology, both explicitly and implicitly, impacts every facet of local, state, national and international criminal justice operations. Unfortunately, technological changes, including cyber technologies, are rarely well thought out and may have unintended negative consequences. Additionally technology, and particularly cyber technology, evolves at a much faster pace than our understanding of the ethics, laws and policies involved. Consequently, citizens, criminals and justice professionals often rely on technology without the benefit of legal protections or explicit agency policy. This paper will examine how technology, both historically (non cyber) and contemporarily (cyber), has positively and negatively affected one aspect of the Criminal Justice enterprise – law enforcement.     

Patching the patchwork: appraising the EU regulatory framework on cyber security breaches

Breaches of security, a.k.a. security and data breaches, are on the rise, one of the reasons being the well-known lack of incentives to secure services and their underlying technologies, such as cloud computing. In this article, I question whether the patchwork of six EU instruments addressing breaches is helping to prevent or mitigate breaches as intended. At a lower level of abstraction, the question concerns appraising the success of each instrument separately. At a higher level of abstraction, since all laws converge on the objective of network and information security – one of the three pillars of the EU cyber security policy – the question is whether the legal ‘patchwork’ is helping to ‘patch’ the underlying insecurity of network and information systems thus contributing to cyber security. To answer the research question, I look at the regulatory framework as a whole, from the perspective of network and information security and consequently I use the expression cyber security breaches. I appraise the regulatory patchwork by using the three goals of notification identified by the European Commission as a benchmark, enriched by policy documents, legal analysis, and academic literature on breaches legislation, and I elaborate my analysis by reasoning on the case of cloud computing. The analysis, which is frustrated by the lack of adequate data, shows that the regulatory framework on cyber security breaches may be failing to provide the necessary level of mutual learning on the functioning of security measures, awareness of both regulatory authorities and the public on how entities fare in protecting data (and the related network and information systems), and enforcing self-improvement of entities dealing with information and services. I conclude with some recommendations addressing the causes, rather than the symptoms, of network and information systems insecurity.     

Cyber-insurance in EU policy-making: Regulatory options,the market's challenges and the US example

Over the last decades digital technologies have penetrated our daily lives affecting all aspects of our societal and economic activities. Even though the benefits of relying on information systems to run everyday tasks, organise one's business, interact with each other or enjoy public services are undisputable, the increasing use of digital technologies comes with a price: the growing exposure to cyber risks. This new type of threat has been in the center of the EU agenda for over 15 years during which a solid legislative framework for the protection S of network and information systems against cyber incidents has been developed. However, security and resilience of infrastructures and networks is one parameter of the challenge. Dealing with the financial risk emerging from a cyber incident, is another, equally important one. The need to mitigate these risks led to the emergence of a new insurance market, the cyber insurance market. Despite though the constantly growing demand for this type of insurance coverage, the market is still under development. The fast-evolving nature of cyber threats, the lack of a common language as regards risks, losses and coverages and the lack of historical data on cyber incidents are listed among the factors that slow down the market's growth. Currently, all involved stakeholders in the insurance field are considering specific initiatives that would accelerate the process of turning the EU market more competitive and efficient against its many challenges. The example of the US cyber insurance market, with its shortcomings and know-how, could also contribute to this effort, as an example of a market that has been intensively facing these challenges for almost twenty years.     

论网络空间自卫权的行使对象问题

网络攻击往往由非国家行为体发起,实践中亦罕见有国家主动承认对网络攻击负责的实例。相应地,由于网络攻击的溯源存在技术、政治和法律方面的难题,受害国很难在传统自卫权的框架下对来自他国的网络攻击行使自卫权。非国家行为体尚不能构成传统武力攻击情境下的自卫权行使对象,更不宜成为网络空间自卫权的行使对象。作为替代,近年来将"不能够或不愿意"理论适用于网络空间自卫权的主张"甚嚣尘上"。"不能够或不愿意"理论表面上具有一定的正当性,但从既有国家归因标准和常规的自卫必要性的角度来看,该理论本质上缺乏实然法层面的法律依据,而且在适用时将面临一系列的法律不确定性。中国在参与网络空间国际造法的进程中,应当警惕将非国家行为体作为网络空间自卫权行使对象的主张,并应努力防止"不能够或不愿意"理论的引入和滥用,以遏制网络空间的军事化。     

Cyber Weapons Convention

World leaders are beginning to look beyond temporary fixes to the challenge of securing the Internet. One possible solution may be an international arms control treaty for cyberspace. The 1997 Chemical Weapons Convention (CWC) provides national security planners with a useful model. CWC has been ratified by 98% of the world’s governments, and encompasses 95% of the world’s population. It compels signatories not to produce or to use chemical weapons (CW), and they must destroy existing CW stockpiles. As a means and method of war, CW have now almost completely lost their legitimacy. This article examines the aspects of CWC that could help to contain conflict in cyberspace. It also explores the characteristics of cyber warfare that seem to defy traditional threat mitigation.     

Macroscopic characteristics of hacking trauma

Hacking trauma is often encountered in forensic cases, but little experimental research has been conducted that would allow for the recognition of wounds caused by specific weapon types. In this paper, we report the results of a hacking trauma caused by machete, cleaver, and axe weapons and the characteristics of each weapon type on bone. Each weapon type was employed in multiple trials on pig (Sus scrofa) bones and then the wounds were examined macroscopically for several characteristics that serve to differentiate the weapons.     

Critiquing the U.S. characterization,attribution and retaliation laws and policies for cyberattacks

This paper critiques the U.S. characterization, attribution, and retaliation laws and policies for cyberattacks. Characterization, attribution, and retaliation are part of the most important aspects of responding to cyberattacks. The U.S. does not have a clearly defined characterization process, other than the Government Accountability Office (GAO), Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security (DHS)’s Threat Table which characterizes the different motivations for carrying out cyberattacks by cyber threat actors. This Threat Table has hardly changed since 2005, yet, cyber threat actors continually develop their tactics, techniques, and procedures (TTPs) and conceal their real motivations for carrying out cyberattacks. Like characterization, the U.S. does not have a known attribution procedure, nor is a single agency tasked with the function of attribution. Different agencies – the Department of Justice (DoJ), the Federal Bureau of Investigation (FBI), the National Cyber Investigative Joint Task Force (NCIJTF), and the Office of the Director of National Intelligence (ODNI) – and even private sectors companies, participate in the attribution process. This invites potential contradiction and interference with the attribution process. Though, unlike characterization and attribution, the U.S. retaliation policies are contained in different documents, none has the preciseness required to be effective. This paper thus, makes recommendations for each of these aspects of cyberattack response.     

Accidental firearm fatalities during hunting

Swedish legislation concerning firearms is highly restrictive. It is illegal to possess weapons (except airguns) without a license. From 1970 through 1982, there were 79 accidental firearm fatalities in Sweden. This number, corresponding to 0.074/100,000/year, is very low in comparison with similar statistics worldwide. Of these fatalities, 47 were associated with hunting and were studied carefully. Despite an increase in both the popularity of hunting and in licensing of weapons, on change in the number of accidents per year could be confirmed. Twenty-nine accidents occurred during small game hunting, of which 24 involved shotguns, and 18 occurred during moose hunting. The mean age overall was 46 years. All victims and shooters were men. Most accidents occurred before noon and during the autumn. During moose hunting, the victim most commonly was either mistaken for game or was standing beyond game. During small game hunting, the most common reason for death was improper handling of the weapon. Firing of defective weapons caused at least 10 fatal accidents. Alcohol inebriation was uncommon. It is unlikely that more restrictive firearm legislation would further decrease the number of fatal accidents. Instead, we believe that accidental firearm fatalities during hunting can be prevented by safer and more careful handling of weapons, including unloading weapons before transporting them; by replacing older weapons with more modern and safer ones; and by not allowing children to handle weapons. No shots should be fired until it is clarified that the target really is a game animal, and when hunting with rifles, the fields of fire should be clarified beforehand. Shooters at stand must be instructed not to leave their stands until explicitly told to do so.     

Cyber insurance – What coverage in case of an alleged act of War? Questions raised by the Mondelez v. Zurich case

In October 2018, snack company Mondelez International, Inc. (Mondelez) filed an action against Zurich American Insurance Company (Zurich), requesting indemnification for more than USD $100,000,000 in losses caused by the NotPetya cyber virus. Zurich refuses to cover these damages alleging one of the insurance policy's exclusions for damage resulting from a hostile or warlike action by a government, as the NotPetya attack is said to have been sponsored by Russia. This case is noteworthy for multiple reasons: not only is it the first significant legal dispute in the insurance field concerning the recovery of costs resulting from a cyber attack, but it is also the first time that an insurance company is invoking the war exclusion to decline coverage for an allegedly state-sponsored cyber hack.This article analyzes the key issues of this important case, including attribution of a cyber attack to a State and interpretation of an insurance policy's war exclusion in a cyber context, and the likelihood of success of Mondelez's arguments. It also explores the strengths and limits of general principles of contract and public international law when applied to new technologies and cyber incidents. Finally, it discusses the potential impacts of the Mondelez case on the contents and limits of future traditional and cyber-specific insurance policies.     

Cyber terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games?

Over the past two decades there has developed a voluminous literature on the problem of cyber terrorism. The themes developed by those writing on cyber terrorism appear to spring from the titles of Tom Clancy’s fiction, such as Clear and Present Danger, The Sum of All Fears and Breaking Point, or somewhat more cynically, Patriot Games. This essay examines both the gap between the presumed threat and the known cyber terror behaviors and the continuing literature which suggests an attack is imminent. It suggests that at least part of the explanation lies both in the continuing failure to distinguish between what Denning (Activism, hacktivism, and cyber terrorism: The internet as a tool for influencing foreign policy, 1999) referred to as hactivism and cyberterrorism and also the failure to distinguish between the use of digital means for organizational purposes (information, communication, command and control) and the use of digital communications to actually commit acts of terror.     

Data Breach,Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.     

Jurisprudence: A Transfer Science

This article juxtaposes dogmatics and deconstruction to argue that the latter is no more than an inverted or decomposed species of the former. Taking the contemporary attraction of law to other disciplines as her starting point, Vismann traces the history of linguist interest in law. Focussing on Derrida’s exemplary and essentially glossatorial analyses of legal textuality, and of the paradoxes and aporias of legal language, she argues that deconstruction offers few surprises to lawyers long trained in the philological ironies of power. A more constructive understanding of the conjunction of dogmatics and deconstruction would thus look to the role of law as a science of transfer from the real to the symbolic and would in this vein focus on the hardware of legal acts of transfer, such as filing systems and thus propose a prehistory of cyber legality. This revised version was published online in July 2006 with corrections to the Cover Date.     

网络犯罪的特点及提高侦查能力的途径

网络在为人们提供方便和便捷的同时,也给网络犯罪提供了一个低成本、高效率的作案平台,利用网络实施的网络犯罪已涉及绝大部分社会犯罪现象,给互联网安全和社会稳定带来了很大冲击,成为了一个不容忽视的社会问题。应该弄清当前网络犯罪的特点、原因,公安机关提高侦查、打击网络犯罪的能力,以有效遏制网络犯罪,使互联网能更好的服务大众、服务社会发展。     

Detecting buried metallic weapons in a controlled setting using a conductivity meter

Forensic personnel may face a daunting task when searching for buried weapons at crime scenes or potential disposal sites. In particular, it is common to search for a small firearm that was discarded or buried by a perpetrator. When performing forensic searches, it is recommended to first use non-invasive methods such as geophysical instruments to minimize damage to evidence and to the crime scene. Geophysical tools are used to pinpoint small areas of interest across a scene for invasive testing, rather than digging large areas throughout the site. Prior to this project, there was no published research that tested the utility of the conductivity meter to search for metallic weapons such as firearms and blunt and sharp edged weapons. A sample comprised of 32 metallic weapons including firearms, blunt and sharp edged weapons, and scrap metals was buried in a controlled setting to test the applicability of a conductivity meter for forensic searches. Weapons were tested at multiple depths and after data collection was performed for one depth, the weapons were reburied 5 cm deeper until they were no longer detected. Variables such as weapon size, burial depth, transect interval spacing (25 and 50 cm), and metallic composition were tested. All of the controlled variables influenced maximum depth of detection. For example, size was a factor as larger weapons were detected at deeper depths compared to smaller weapons. Metal composition affected maximum depth of detection as the conductivity meter detected items comprised of ferrous metals at deeper depths than non-ferrous metals. Searches for large buried items may incorporate a transect interval spacing of 50 cm but small weapons may be undetected between transects and therefore a transect interval spacing of 25 cm is recommended. Overall, the conductivity meter is a geophysical tool to consider when searching for larger-sized metallic weapons or to use in conjunction with an all-metal detector, particularly when searching for buried metallic evidence in obstructed areas.     

Preventing lethal violence in schools: the case for entry-based weapons screening

Violence-related behavior in schools has declined in recent years, but the perception of risk remains high. Disturbingly high percentages of students and teachers report staying home out of fear, and many students bring weapons to school for protection. Current proposals for preventing school violence include punishing the violence-prone, expulsion for weapon carriers, and creating a culture of nonviolence through various behavioral methods like conflict resolution. None of these proposals address the issue of lethal violence and hence personal safety. The risk of lethal violence in schools (related mainly to firearms) could be substantially reduced by creating an effective barrier between firearms and people. This could be achieved by using entry-based weapons detection systems similar to those now used in airports and courts. Decreasing the risk and fear of violence by converting schools into weapons-free zones would also be expected to increase attendance and improve scholastic performance. Randomized, controlled studies should be undertaken to evaluate the efficacy and cost-effectiveness of entry-based weapons detection systems for achieving these outcomes.