2,345 research outputs found

    Maturing International Cooperation to Address the Cyberspace Attack Attribution Problem

    Get PDF
    One of the most significant challenges to deterring attacks in cyberspace is the difficulty of identifying and attributing attacks to specific state or non-state actors. The lack of technical detection capability moves the problem into the legal realm; however, the lack of domestic and international cyberspace legislation makes the problem one of international cooperation. Past assessments have led to collective paralysis pending improved technical and legal advancements. This paper demonstrates, however, that any plausible path to meaningful defense in cyberspace must include a significant element of international cooperation and regime formation. The analytical approach diverges from past utilitarian-based assessments to understand the emerging regime, or implicit and explicit principles, norms, rules, and decision-making procedures, around which actor expectations are beginning to converge in the area of cyberspace attack attribution. The analysis applies a social-practice perspective of regime formation to identify meaningful normative and political recommendations. Various hypotheses of regime formation further tailor the recommendations to the current maturity level of international cooperation in this issue area. Examining international cooperation in cyberspace and methods for maturing international cooperation to establish attribution in other domains inform political mitigations to the problem of cyberspace attack attribution. Potential solutions are analyzed with respect to four recent cyberspace attacks to illustrate how improved international cooperation might address the problem. Finally, a counterfactual analysis, or thought experiment, of how these recommendations might have been applied in the case of rampant Chinese cyber espionage inform specific current and future opportunities for implementation. Although timing is difficult to predict, the growing frequency and scope of cyber attacks indicate the window of opportunity to address the problem before some form of cataclysmic event is closing

    Cyber Law and Espionage Law as Communicating Vessels

    Get PDF
    Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

    Cyber Threats and NATO 2030: Horizon Scanning and Analysis

    Get PDF
    The book includes 13 chapters that look ahead to how NATO can best address the cyber threats, as well as opportunities and challenges from emerging and disruptive technologies in the cyber domain over the next decade. The present volume addresses these conceptual and practical requirements and contributes constructively to the NATO 2030 discussions. The book is arranged in five short parts...All the chapters in this book have undergone double-blind peer review by at least two external experts.https://scholarworks.wm.edu/asbook/1038/thumbnail.jp

    A Comprehensive Insight into Game Theory in relevance to Cyber Security

    Get PDF
    The progressively ubiquitous connectivity in the present information systems pose newer challenges tosecurity. The conventional security mechanisms have come a long way in securing the well-definedobjectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in thesystem complexities and attack sophistication, providing security via traditional means can beunaffordable. A novel theoretical perspective and an innovative approach are thus required forunderstanding security from decision-making and strategic viewpoint. One of the analytical tools whichmay assist the researchers in designing security protocols for computer networks is game theory. Thegame-theoretic concept finds extensive applications in security at different levels, including thecyberspace and is generally categorized under security games. It can be utilized as a robust mathematicaltool for modelling and analyzing contemporary security issues. Game theory offers a natural frameworkfor capturing the defensive as well as adversarial interactions between the defenders and the attackers.Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategiesof attackers by equilibrium evaluation of the security games. In this paper, the concept of game theoryhas been presented, followed by game-theoretic applications in cybersecurity including cryptography.Different types of games, particularly those focused on securing the cyberspace, have been analysed andvaried game-theoretic methodologies including mechanism design theories have been outlined foroffering a modern foundation of the science of cybersecurity

    Impact of Artificial Intelligence on Strategic Stability and Nuclear Risk : Volume II East Asian Perspectives.

    Get PDF
    Artificial intelligence (AI) is not only undergoing a renaissance in its technical development, but is also starting to shape deterrence relations among nucleararmed states. This is already evident in East Asia, where asymmetries of power and capability have long driven nuclear posture and weapon acquisition. Continuing this trend, integration of AI into military platforms has the potential to offer weaker nuclear-armed states the opportunity to reset imbalances in capabilities, while at the same time exacerbating concerns that stronger states may use AI to further solidify their dominance and to engage in more provocative actions. This paradox of perceptions, as it is playing out in East Asia, is fuelled by a series of national biases and assumptions that permeate decision-making. They are also likely to serve as the basis for AI algorithms that drive future conventional and nuclear platforms

    Governance of Dual-Use Technologies: Theory and Practice

    Get PDF
    The term dual-use characterizes technologies that can have both military and civilian applications. What is the state of current efforts to control the spread of these powerful technologies—nuclear, biological, cyber—that can simultaneously advance social and economic well-being and also be harnessed for hostile purposes? What have previous efforts to govern, for example, nuclear and biological weapons taught us about the potential for the control of these dual-use technologies? What are the implications for governance when the range of actors who could cause harm with these technologies include not just national governments but also non-state actors like terrorists? These are some of the questions addressed by Governance of Dual-Use Technologies: Theory and Practice, the new publication released today by the Global Nuclear Future Initiative of the American Academy of Arts and Sciences. The publication's editor is Elisa D. Harris, Senior Research Scholar, Center for International Security Studies, University of Maryland School of Public Affairs. Governance of Dual-Use Technologies examines the similarities and differences between the strategies used for the control of nuclear technologies and those proposed for biotechnology and information technology. The publication makes clear the challenges concomitant with dual-use governance. For example, general agreement exists internationally on the need to restrict access to technologies enabling the development of nuclear weapons. However, no similar consensus exists in the bio and information technology domains. The publication also explores the limitations of military measures like deterrence, defense, and reprisal in preventing globally available biological and information technologies from being misused. Some of the other questions explored by the publication include: What types of governance measures for these dual-use technologies have already been adopted? What objectives have those measures sought to achieve? How have the technical characteristics of the technology affected governance prospects? What have been the primary obstacles to effective governance, and what gaps exist in the current governance regime? Are further governance measures feasible? In addition to a preface from Global Nuclear Future Initiative Co-Director Robert Rosner (University of Chicago) and an introduction and conclusion from Elisa Harris, Governance of Dual-Use Technologiesincludes:On the Regulation of Dual-Use Nuclear Technology by James M. Acton (Carnegie Endowment for International Peace)Dual-Use Threats: The Case of Biotechnology by Elisa D. Harris (University of Maryland)Governance of Information Technology and Cyber Weapons by Herbert Lin (Stanford University

    Back to the Future? : Planning for uncertainty. A call for bridging the security and development communities

    Get PDF
    Master's thesis in Global Development and Planning (UT505)We currently see a foreign policy environment that is becoming more complex and volatile. Cyber is now established as a frequently used tool in foreign policy. Its disruptive qualities are concerning in terms of its implications on contemporary established economic and political structures. Cyber capabilities are cheap, accessible, omnipresent, and the domain from which it operates, namely that of cyberspace, is an inherent unregulated space. The concept of the security dilemma has resurged into cyberspace, and actors on a national and international level, are currently engaged in a digital arms race. Cyber capacity building was created as a tool by the cybercommunity to mitigate some of these challenges. Due to the impact that ICTs have on a societal scale, its implementation into a development context is inescapable. Nevertheless, the development community has been hesitant to implement security issues in its literature and is thus failing to engage on security-related matters sufficiently. One of the problems is the existence of silo mentalities. Hindering academic cross-pollination is limiting both communities in terms of creating mutually beneficial policies, which is a relatively stable foreign policy environment—described as an environment where sustainable political solutions can take root

    Prospects for the Rule of Law in Cyberspace

    Get PDF
    The application of international law and legal principles in cyberspace is a topic that has caused confusion, doubt, and interminable discussions between lawyers since the earliest days of the internationalization of the Internet. The still unresolved debate over whether cyberspace constitutes a fundamentally new domain that requires fundamentally new laws to govern it reveals basic ideological divides. On the one hand, the Euro-Atlantic community led by the United States believes, in broad terms, that activities in cyberspace require no new legislation, and existing legal obligations are sufficient. On the other, a large number of other states led by Russia and China believe that new international legal instruments are essential in order to govern information security overall, including those expressed through the evolving domain of cyberspace. Russia in particular argues that the challenges presented by cyberspace are too urgent to wait for customary law to develop as it has done in other domains; instead, urgent action is needed. This Letort Paper will provide an overview of moves toward establishing norms and the rule of law in cyberspace, and the potential for establishing further international norms of behavior.https://press.armywarcollege.edu/monographs/1295/thumbnail.jp

    Cyber Peace

    Get PDF
    Cyberspace is increasingly vital to the future of humanity and managing it peacefully and sustainably is critical to both security and prosperity in the twenty-first century. These chapters and essays unpack the field of cyber peace by investigating historical and contemporary analogies, in a wide-ranging and accessible Open Access publication
    • …
    corecore