Tuesday, August 23, 2011

Cybersecurity and the law

Greetings from the Australian National University in Canberra,
Professor Scott Shackelford, from Indiana University, is speaking on "Tweet softly, but carry a big stick: defining state responsibility for cyber attacks". There is a video of a previous presentation also available. Scott is preparing a book on this topic for release later in the year.

Scott started by talking about why cyber-attacks matter. He used the example of the Stuxnet attack, which damaged Iran's nuclear plant. However, he argued that so far we have not seen a "CyberWar", however I would argue that it may not be possible to say when such a war was happening, as this would be more of a covert "cold" war. There is no clear distinction between large scale criminal activities, terrorism and warfare on-line.

Scott pointed out there had not been much cyber-terrorism so far, with terrorists using the Internet for coordination and PR, not direct attacks. He speculated this was because terrorists do not have the technical skills needed. This seemed unlikely to me as terrorist groups were shown to be able to recruit engineers, so it seems likely they could recruit software engineers. It is more likely that they find it difficult to conceive an attack which would have the news value of a physical attack.

Scott mentioned that the International Court of Justice for Bozina adopted the more rigid "Effective Control Standard" "rather then the "Overall Control Standard". This requires a higher burden of proof to say that the state is responsible for the actions of individuals. This is a major issue as it will be difficult to say who is doing the attacking and why. However, it seems to me that it will be politics, not the law, which determines the actions of nations in this area.

Scott pointed out that ICANN had done well resolving domain name squatting disputes. But this seems a long way from resolving international cyber-war disputes. Perhaps we need an international criminal cyber-court. ;-)

Scott was critical of the concept of "cyber-peace" from IUT. See: "The Quest for Cyber Peace", ITU, 2011.

The RAND think tank advised the US military that it was not feasible to respond in kind to a cyber-attack. The US Government recently warned that a cyber-attack on the USA may result in a conventional military response.

Scott discussed the different views in academia over the relivance of international law to cyber-war. His own view is that it has some relevance. It seems to me this is the same issue as with laws applying to the Internet in general. Laws apply, but not very well. Some new customs grow up quickly around the Internet.
Professor Scott Shackelford Professor of Business Law and Ethics, Kelley School of Business,
Indiana University

The ANU College of Business and Economics is pleased to present a free public seminar on cyber security and privacy by visiting Professor Scott Shackelford.

The seminar is based on research from a paper being published by the Georgetown Journal of International Law entitled “Defining State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem”, and Professor Shackelford’s forthcoming book “Cyber Peace: Managing Cyber Attacks in International Law, Business, and Relations” (Cambridge University Press, 2012).

Professor Scott Shackelford earned his Bachelor’s degree, summa cum laude with honors in Economics and Political Science, from Indiana University along with the Elvis J. Stahr Distinguished Senior Award, his Masters of Philosophy in International Relations, with highest distinction, from the University of Cambridge as a Rotary Ambassadorial Scholar, and his J.D., with academic and pro bono distinction, from Stanford
Law School where he was co-Editor-in-Chief of the Stanford Journal of International Law.

A frequent speaker to a variety of local, national, and global audiences, Professor Shackelford’s current research grows from his doctoral dissertation on the governance of global common pool resources and
focuses on cyber security and privacy.

Presented by Registration required ANU College of E: hayley.mcneel(a)anu.edu.au Business and Economics

This seminar is free and open to the cyber-security community of interest.

No comments: