Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

Systemic rivalry and balancing interests: Chinese investment meets EU law on the Belt and Road. CEPS Policy Insight No 2019-04 /21 March 2019

For years, the EU has refrained from criticising China’s attempts to shape globalisation according to its own interests. Member states have allowed the Belt and Road Initiative (BRI) to tip the balance of power towards the companies that China owns or subsidises. Alarmed by recent Chinese takeovers in strategic industries, the EU has flagged up its intention to toughen rules on foreign investment flows into Europe. The brand-new EU Strategic Outlook on China adopts a multifaceted approach and defines the ‘Middle Kingdom’ simultaneously as a cooperation and negotiation partner with whom the Union needs to find a balance of interests, an “economic competitor” in pursuit of technological leadership, and a “systemic rival” promoting alternative models of governance. This CEPS Policy Insights paper takes stock of BRI investments in Europe and of member states’ concerns about economic and national security. It examines the EU-wide legal bulwarks and regulatory responses that are intended to hedge against unfair practices. It concludes that while a more realistic and assertive European approach toward Chinese market behaviour is welcome, the EU should take China up on its pledge to embolden the BRI with ‘soft connectivity’, i.e. legal infrastructure, rather than risk mutual harm by adopting too protectionist a stance. This should benefit not just the EU and China but also the other ‘16+1’ countries along the central corridor of the BRI, which passes through the Caucasus, the Balkans and Eastern Europe – all in the spirit of the EU’s 2018 connectivity strategy with Asia

EU Kids Online III: a thematic network to stimulate and coordinate investigation into the use of new media by children (final annual report)

This report is Deliverable D1.5C (Third Annual Progress Report, to cover the period from 01/11/13 to 31/12/14). - This report is based on the work of the whole EU Kids Online network of 33 countries as well as the International Advisory Panel (see Annex 1 for a list of all members). - This third and final annual report is organised in two ways. First, we report on activities by date, noting key activities and events in accordance with the project timeline. - Second, we summarise activities by WP, noting progress and any issues arising for each. - The annexes provide additional information (meeting agendas and participants, lists of contacts and dissemination activities, etc.) as appropriate

Big data for monitoring educational systems

This report considers “how advances in big data are likely to transform the context and methodology of monitoring educational systems within a long-term perspective (10-30 years) and impact the evidence based policy development in the sector”, big data are “large amounts of different types of data produced with high velocity from a high number of various types of sources.” Five independent experts were commissioned by Ecorys, responding to themes of: students' privacy, educational equity and efficiency, student tracking, assessment and skills. The experts were asked to consider the “macro perspective on governance on educational systems at all levels from primary, secondary education and tertiary – the latter covering all aspects of tertiary from further, to higher, and to VET”, prioritising primary and secondary levels of education

Data ethics : building trust : how digital technologies can serve humanity

Data is the magic word of the 21st century. As oil in the 20th century and electricity in the 19th century: For citizens, data means support in daily life in almost all activities, from watch to laptop, from kitchen to car, from mobile phone to politics. For business and politics, data means power, dominance, winning the race. Data can be used for good and bad, for services and hacking, for medicine and arms race. How can we build trust in this complex and ambiguous data world? How can digital technologies serve humanity? The 45 articles in this book represent a broad range of ethical reflections and recommendations in eight sections: a) Values, Trust and Law, b) AI, Robots and Humans, c) Health and Neuroscience, d) Religions for Digital Justice, e) Farming, Business, Finance, f) Security, War, Peace, g) Data Governance, Geopolitics, h) Media, Education, Communication. The authors and institutions come from all continents. The book serves as reading material for teachers, students, policy makers, politicians, business, hospitals, NGOs and religious organisations alike. It is an invitation for dialogue, debate and building trust! The book is a continuation of the volume “Cyber Ethics 4.0” published in 2018 by the same editors

Enabling technologies and cyber-physical systems for mission-critical scenarios

Programa Oficial de Doutoramento en Tecnoloxías da Información e Comunicacións en Redes Móbiles . 5029P01[Abstract] Reliable transport systems, defense, public safety and quality assurance in the Industry 4.0 are essential in a modern society. In a mission-critical scenario, a mission failure would jeopardize human lives and put at risk some other assets whose impairment or loss would significantly harm society or business results. Even small degradations of the communications supporting the mission could have large and possibly dire consequences. On the one hand, mission-critical organizations wish to utilize the most modern, disruptive and innovative communication systems and technologies, and yet, on the other hand, need to comply with strict requirements, which are very different to those of non critical scenarios. The aim of this thesis is to assess the feasibility of applying emerging technologies like Internet of Things (IoT), Cyber-Physical Systems (CPS) and 4G broadband communications in mission-critical scenarios along three key critical infrastructure sectors: transportation, defense and public safety, and shipbuilding. Regarding the transport sector, this thesis provides an understanding of the progress of communications technologies used for railways since the implantation of Global System for Mobile communications-Railways (GSM-R). The aim of this work is to envision the potential contribution of Long Term Evolution (LTE) to provide additional features that GSM-R would never support. Furthermore, the ability of Industrial IoT for revolutionizing the railway industry and confront today's challenges is presented. Moreover, a detailed review of the most common flaws found in Radio Frequency IDentification (RFID) based IoT systems is presented, including the latest attacks described in the literature. As a result, a novel methodology for auditing security and reverse engineering RFID communications in transport applications is introduced. The second sector selected is driven by new operational needs and the challenges that arise from modern military deployments. The strategic advantages of 4G broadband technologies massively deployed in civil scenarios are examined. Furthermore, this thesis analyzes the great potential for applying IoT technologies to revolutionize modern warfare and provide benefits similar to those in industry. It identifies scenarios where defense and public safety could leverage better commercial IoT capabilities to deliver greater survivability to the warfighter or first responders, while reducing costs and increasing operation efficiency and effectiveness. The last part is devoted to the shipbuilding industry. After defining the novel concept of Shipyard 4.0, how a shipyard pipe workshop works and what are the requirements for building a smart pipe system are described in detail. Furthermore, the foundations for enabling an affordable CPS for Shipyards 4.0 are presented. The CPS proposed consists of a network of beacons that continuously collect information about the location of the pipes. Its design allows shipyards to obtain more information on the pipes and to make better use of it. Moreover, it is indicated how to build a positioning system from scratch in an environment as harsh in terms of communications as a shipyard, showing an example of its architecture and implementation.[Resumen] En la sociedad moderna, los sistemas de transporte fiables, la defensa, la seguridad pública y el control de la calidad en la Industria 4.0 son esenciales. En un escenario de misión crítica, el fracaso de una misión pone en peligro vidas humanas y en riesgo otros activos cuyo deterioro o pérdida perjudicaría significativamente a la sociedad o a los resultados de una empresa. Incluso pequeñas degradaciones en las comunicaciones que apoyan la misión podrían tener importantes y posiblemente terribles consecuencias. Por un lado, las organizaciones de misión crítica desean utilizar los sistemas y tecnologías de comunicación más modernos, disruptivos e innovadores y, sin embargo, deben cumplir requisitos estrictos que son muy diferentes a los relativos a escenarios no críticos. El objetivo principal de esta tesis es evaluar la viabilidad de aplicar tecnologías emergentes como Internet of Things (IoT), Cyber-Physical Systems (CPS) y comunicaciones de banda ancha 4G en escenarios de misión crítica en tres sectores clave de infraestructura crítica: transporte, defensa y seguridad pública, y construcción naval. Respecto al sector del transporte, esta tesis permite comprender el progreso de las tecnologías de comunicación en el ámbito ferroviario desde la implantación de Global System for Mobile communications-Railway (GSM-R). El objetivo de este trabajo es analizar la contribución potencial de Long Term Evolution (LTE) para proporcionar características adicionales que GSM-R nunca podría soportar. Además, se presenta la capacidad de la IoT industrial para revolucionar la industria ferroviaria y afrontar los retos actuales. Asimismo, se estudian con detalle las vulnerabilidades más comunes de los sistemas IoT basados en Radio Frequency IDentification (RFID), incluyendo los últimos ataques descritos en la literatura. Como resultado, se presenta una metodología innovadora para realizar auditorías de seguridad e ingeniería inversa de las comunicaciones RFID en aplicaciones de transporte. El segundo sector elegido viene impulsado por las nuevas necesidades operacionales y los desafíos que surgen de los despliegues militares modernos. Para afrontarlos, se analizan las ventajas estratégicas de las tecnologías de banda ancha 4G masivamente desplegadas en escenarios civiles. Asimismo, esta tesis analiza el gran potencial de aplicación de las tecnologías IoT para revolucionar la guerra moderna y proporcionar beneficios similares a los alcanzados por la industria. Se identifican escenarios en los que la defensa y la seguridad pública podrían aprovechar mejor las capacidades comerciales de IoT para ofrecer una mayor capacidad de supervivencia al combatiente o a los servicios de emergencias, a la vez que reduce los costes y aumenta la eficiencia y efectividad de las operaciones. La última parte se dedica a la industria de construcción naval. Después de definir el novedoso concepto de Astillero 4.0, se describe en detalle cómo funciona el taller de tubería de astillero y cuáles son los requisitos para construir un sistema de tuberías inteligentes. Además, se presentan los fundamentos para posibilitar un CPS asequible para Astilleros 4.0. El CPS propuesto consiste en una red de balizas que continuamente recogen información sobre la ubicación de las tuberías. Su diseño permite a los astilleros obtener más información sobre las tuberías y hacer un mejor uso de las mismas. Asimismo, se indica cómo construir un sistema de posicionamiento desde cero en un entorno tan hostil en términos de comunicaciones, mostrando un ejemplo de su arquitectura e implementación

Consumer protection in an electronic environment

Consumer protection laws have not evolved on par with the development of electronic media. As a result, consumer protection laws do not address all major areas of legal concern that affect the electronic commerce (e-commerce) consumer. Furthermore, differing laws in the area of consumer protection make harmonised consumer protection neigh on impossible. Currently, there is a plethora of laws on the protection of consumers but most of these laws are within the sphere of conventional consumer protection legislation which does not adequately address the legal challenges posed by the proliferation of electronic transactions (e-transactions). Specific e-transaction laws are now to be found in certain international and regional documents emanating from organisations including: the United Nations (UN); the Council of Europe; the Organisation for Economic Cooperation and Development (OECD); the African Union (AU); the Economic Community of West African States (ECOWAS); the Southern African Development Community (SADC); the Common Market for Eastern and Southern Africa (COMESA); and the East African Community (ECA). These legal instruments have already been implemented in certain states’ national legislation, while other countries have yet to accede to them. Despite these legal instruments, e-commerce consumers are faced with inadequate or obsolete legislative provisions and are yet to enjoy full protection equivalent to that accorded to the “traditional” consumer. Furthermore, given the trans-national nature of the internet, divergent laws will inevitably prove to provide inadequate protection to e-commerce consumers. In this research, international and regional legislative instruments, as well as the national laws of selected countries such as the United States (US), the United Kingdom (UK), the Republic of South Africa (South Africa), the Federal Republic of Nigeria (Nigeria), and the Commonwealth of Australia (Australia) are examined. The strengths and gaps in each of these instruments and laws are identified with the aim of harmonising the principles they espouse in a single, cogent, and comprehensive body of rules which could take the form of an international convention. An international convention should be based on national and international best practices. The national adoption of the minimum standards espoused in the proposed Convention will ultimately, promote harmonisation.Mercantile LawLL. D

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies