CS361C: Information Assurance And Security
CS361C: Information Assurance and SecurityIt’s a Dangerous (Cyber) WorldDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLast updated: January 26, 2015 at 14:28CS361C Slideset 0: 1Cyberwar
What I’d Like to DiscussThe scope of the problemWhy cyber security is hardAre we at (Cyber) war?What responses are legaland feasibleCS361C Slideset 0: 2Cyberwar
From the HeadlinesSilent War, Vanity Fair, July 2013On the hidden battlefields of history’sfirst known cyber-war, the casualties arepiling up. In the U.S., many banks havebeen hit, and the telecommunicationsindustry seriously damaged, likely inretaliation for several major attacks onIran.Washington and Tehran are ramping up their cyber-arsenals, builton a black-market digital arms bazaar, enmeshing such high-techgiants as Microsoft, Google, and Apple.CS361C Slideset 0: 3Cyberwar
From the HeadlinesIran’s supreme leader tells students to prepare for cyber war,rt.com, 2/13/14Ayatollah Ali Khamenei has delivered asabre-rattling speech to Iran’s’Revolutionary foster children’ (in otherwords, university students) to preparefor cyber war. The supreme leader hasurged his country’s students whom hecalled “cyber war agents” — to preparefor battle.Israel, Tehran’s main adversary in regional politics, has voicedsimilar statements recently; Major General Aviv Kochavi said thatcyber warfare will change the nature of conflict. “Cyber, in mymodest opinion, will soon be revealed to be the biggest revolutionin warfare, more than gunpowder and the utilization of air power inthe last century.”CS361C Slideset 0: 4Cyberwar
From the HeadlinesHouse Intel Chair Mike Rogers Calls Chinese Cyber Attacks’Unprecedented’, ABC News, 2/24/13House Intelligence Committee ChairMike Rogers, R-Mich., said it was“beyond a shadow of a doubt” that theChinese government and military isbehind growing cyber attacks againstthe United States, saying “we arelosing” the war to prevent the attacks.“It is unprecedented,” Rogers added. “This has never happened inthe history of the world, where one nation steals the intellectualproperty to re-purpose it—to illegally compete against the country. and I’ll tell you, It is as bad as I’ve ever seen it andexponentially getting worse. Why? There’s no consequence for it.”CS361C Slideset 0: 5Cyberwar
From the HeadlinesPentagon accuses China of trying to hack US defencenetworks, The Guardian, 5/7/13China is using espionage to acquiretechnology to fuel its militarymodernisation, the Pentagon has said,for the first time accusing the Chineseof trying to break into US defensecomputer networks and prompting afirm denial from Beijing.CS361C Slideset 0: 6Cyberwar
From the HeadlinesCyber security in 2013: How vulnerable to attack is USnow?, Christian Science Monitor, 1/9/13The phalanx of cyberthreats aimed squarely at Americans’livelihood became startlingly clear in 2012 and appears poised toproliferate in 2013 and beyond.That prediction came true:2013 was the most historic year ever for cyber attacks. Theindustry saw several mega attacks that included sophisticatedDDoS attack methods. (IT Business Edge, 12/16/13)Do you think that 2014 was even worse? What’s your evidence ofthat?CS361C Slideset 0: 7Cyberwar
From the HeadlinesU.S. Not Ready for Cyberwar Hostile Attackers CouldLaunch, The Daily Beast, 2/21/13The Chinese reportedly have beenhacking into U.S. infrastructure, andLeon Panetta says future attacks couldplunge the U.S. into chaos.If we are plunged into chaos and suffer more physical destructionthan 50 monster hurricanes and economic damage that dwarfs theGreat Depression . Then we will wonder why we failed to guardagainst what outgoing Defense Secretary Leon Panetta has termeda “cyber-Pearl Harbor.”CS361C Slideset 0: 8Cyberwar
The U.S. at Risk?Experts believe that U.S. is perhaps particularly vulnerable tocyberattack compared to many other countries.The U.S. is probably moredependent on technologythan any other society onearth.Sophisticated attack toolsare readily available toanyone on the Internet.The openness of U.S.society means criticalinformation andvulnerabilities are accessible.CS361C Slideset 0: 9Cyberwar
The U.S. at Risk?More reasons we’re vulnerable:Much of the U.S. critical infrastructure is accessible on-line.Other nation states have much more control over theirnational communication infrastructure.The defense establishment is drowning in data.Technology advances rapidly but remains riddled withvulnerabilities.CS361C Slideset 0: 10Cyberwar
How Bad Is It?Cyberwarfare greater threat to US than terrorism, saysecurity experts, Al Jazeera America, 1/7/14Cyberwarfare is the greatest threatfacing the United States — outstrippingeven terrorism — according to defense,military, and national security leaders ina Defense News poll, a sign thathawkish warning about an imminent’cyber Pearl Harbor’ have beenabsorbed in defense circles.45 percent of the 352 industry leaders polled said cyberwarfare isthe gravest danger to the U.S., underlining the government’s shiftin priority—and resources—toward the burgeoning digital arena ofwarfare.CS361C Slideset 0: 11Cyberwar
The U.S. Government Takes this Seriously“The Pentagon has concludedthat computer sabotage comingfrom another country canconstitute an act of war, a findingthat for the first time opens thedoor for the U.S. to respondusing traditional military force.”(Wall Street Journal, 5/31/11)“The Pentagon plans to triple its cybersecurity staff by 2016,U.S. Secretary of Defense Chuck Hagel announced recently. A fewdays later, FBI Supervisory Special Agent Charles Gilgen said at aconference on cybercrime that his agency’s cyber division plans tohire 1,000 agents and 1,000 analysts in the coming year. Justthose two agencies are looking for 6,000 people with cybersecurityskills in the next two years.” (Bloomberg Business, 4/15/14)CS361C Slideset 0: 12Cyberwar
Current ConcernThe Obama administration has placed an emphasis on protectionof critical infrastructure from cyber attack.On 2/12/13, the administration released an executive orderImproving Critical Infrastructure Cybersecurity and PresidentialPolicy Directive 21: Critical Infrastructure Security and ResilienceThe Nation’s critical infrastructure provides the essentialservices that underpin American society. Proactive andcoordinated efforts are necessary to strengthen andmaintain secure, functioning, and resilient criticalinfrastructure including assets, networks, and systemsthat are vital to public confidence and the Nation’ssafety, prosperity, and well-being.CS361C Slideset 0: 13Cyberwar
But Are We Already at (Cyber) War?Cyber warfare involves “actions by anation-state to penetrate another nation’scomputers or networks for the purpose ofcausing damage or disruption.” –Clarke andKnape.This definition raises as many questions as itaddresses:Can’t a non-state entity engage inwarfare?Which computers or networks matter?Which actions should qualify as acts ofwar?Is “warfare” even a useful term in this context?Why not just make our computers and networks impervious tosuch attacks?CS361C Slideset 0: 14Cyberwar
Why Are We At Risk?Arguably, the only way that anothernation-state can “penetrate [our]computers or networks for the purposeof causing damage or disruption” is1if they have insider access; or2there are exploitable vulnerabilitiesthat allow them to gain remoteaccess.So, why not just “harden” our computers and networks to removethe vulnerabilities?CS361C Slideset 0: 15Cyberwar
Why Security is Hard: Target Rich EnvironmentFrom the DoD 2010 Quadrennial Defense Review:“On any given day there are as many as7 million DoD computers andtelecommunication tools in use in 88countries using war-fighting and supportapplications. The number of potentialvulnerabilities, therefore, is staggering.”That means that there are lots of insiders, in addition to thepossible vulnerabilities in the software and hardware.CS361C Slideset 0: 16Cyberwar
Is Cyber Security Particularly Hard?But why is cybersecurity any harder than any other technologicalproblem? Or is it?Partial answer: Most technologicalproblems are concerned with ensuringthat something good happens. Securityis all about ensuring that bad thingsnever happen.In cybersecurity, you have to defeat an actively maliciousadversary. Security Guru Ross Anderson characterizes this as“Programming Satan’s Computer.”CS361C Slideset 0: 17Cyberwar
Cyber Defense is AsymmetricThe defender has to find and eliminate all exploitablevulnerabilities; the attacker only needs to find one!Not only do you have to find“bugs” that make the systembehave differently than expected,you have to identify any featuresof the system that are susceptibleto misuse and abuse, even if yourprograms behave exactly as youexpect them to.CS361C Slideset 0: 18Cyberwar
Cyber Security is ToughPerfect security is unachievablein any useful system. Wetrade-off security with otherimportant goals: functionality,usability, efficiency,time-to-market, and simplicity.CS361C Slideset 0: 19Cyberwar
Is It Getting Better?“The three golden rules to ensure computersecurity are: do not own a computer; do notpower it on; and do not use it.” –Robert H.Morris (mid 1980’s), former chief scientist ofthe National Computer Security Center“Unfortunately the only way to really protect[your computer] right now is to turn it off,disconnect it from the Internet, encase it incement and bury it 100 feet below theground.” –Prof. Fred Chang (2009), formerdirector of research at NSACS361C Slideset 0: 20Cyberwar
Some Sobering FactsIt is undecidable whether a givenpiece of software containsmalicious functionality.Once PCs are infected they tend tostay infected. The median lengthof infection is 300 days.“More than 5.5 billion attempted attacks were identified in2011, an increase of 81 percent over 2010, with anunprecedented 403 million unique malware variants that year,a 41 percent leap.” (Symantec Internet Security ThreatReport, 2012)CS361C Slideset 0: 21Cyberwar
The Cost of Data BreachesThe Privacy Right’sClearinghouse’s Chronology ofData Breaches (January, 2012)estimates that more than half abillion sensitive records have beenbreached since 2005. This isactually a very “conservativeestimate.”The Ponemon Institute estimates that the approximate currentcost per record compromised is around 318.“A billion here, a billion there, and pretty soon you’re talking realmoney” (attributed to Sen. Everett Dirksen)CS361C Slideset 0: 22Cyberwar
Security is About Managing RiskIn Building Secure Software, Viega and McGraw assert thatsoftware and system security is “all about managing risk.” Thiscan be done through:Risk acceptance: some risks are simply tolerated by theorganization.Risk avoidance: not performing an activity that would incur risk.Risk mitigation: taking actions to reduce the losses due to a risk.Risk transfer: shift the risk to someone else.There is generally much more money in a bank than in aconvenience store; but which is more likely to be robbed? Why?CS361C Slideset 0: 23Cyberwar
But is it War?How real is the threat?Is the warfare metaphor ahelp or a hinderance?Are cyberattacks bestviewed as crimes, “armedattacks,” both, or somethingelse entirely?Is this issue about semanticsor substance?Does it really matter?CS361C Slideset 0: 24Cyberwar
Why Does it Matter?Many experts believe that cyber attacks are a serious risk toU.S. national interests today.America’s failure to protect cyberspace is one of the most urgentnational security problems facing the new administration that willtake office in January 2009. . It is a battle we are losing. Losingthis struggle will wreak serious damage on the economic healthand national security of the United States. –CSIS report onSecuring Cyberspace for the 44th Presidency, Dec. 2008But others argue the threat is overrated and is largely hype by thesecurity establishment.Is it really warfare or is it just crime, that should be dealt with bythe criminal justice establishment?CS361C Slideset 0: 25Cyberwar
Warfare: Cyber and OtherwiseIn modern parlance, a shooting war is called kinetic warfare, where“kinetics” is concerned with the relationship between the motion ofbodies and its causes.Recall Clarke’s definition of cyber warfare: “actions by anation-state to penetrate another nation’s computers or networksfor the purposes of causing damage or disruption.”Can activity in cyberspace have kinetic consequences such asproperty damage and loss of lives? Does it have to have suchconsequences to qualify as an act of war?CS361C Slideset 0: 26Cyberwar
The Pentagon ViewCyber Combat: Act of War, Wall Street Journal, 5/31/11“The Pentagon has concluded thatcomputer sabatoge coming fromanother country can constitute an actof war, a finding that for the first timeopens the door for the U.S. to respondusing traditional military force. .One idea gaining momentum at thePentagon in the notion of ’equivalence.’If a cyber attack produces the death,damage, destruction, or high leveldisruption that a traditional militaryattack could cause, it would be acandidate for a ’use of force’consideration.”CS361C Slideset 0: 27Cyberwar
Notable Cyber CampaignsFirst Persian Gulf War (1991): Iraq’s command and controlinfrastructure is targeted. Radar and missile control network isfragmented and sections of radar coverage are taken offlinewithout central control being aware of the outage.Estonia (2007): Cyberattacks disabled the websites ofgovernment ministries, political parties, newspapers, banks, andcompanies. Russia was suspected of launching the attack inretaliation for the removal of the Bronze Soldier Soviet warmemorial in central Tallinn.Georgia (2008): Russia attacked the nation of Georgia in adispute over the province of South Ossetia. In addition to themilitary attack, a concerted cyber DoS attack shut down much ofGeorgia’s ability to communicate with the external world.CS361C Slideset 0: 28Cyberwar
What Might an Attack Look Like: StuxnetStuxnet is a Windows computerworm discovered in July 2010that targets Siemens SCADA(Supervisory Control and DataAcquisition) systems.In interviews over the past three months in the United States andEurope, experts who have picked apart the computer wormdescribe it as far more complex and ingenious than anything theyhad imagined when it began circulating around the world,unexplained, in mid-2009. –New York Times, 1/16/11CS361C Slideset 0: 29Cyberwar
Stuxnet CharacteristicsStuxnet is the new face of 21st-century warfare: invisible,anonymous, and devastating. . Stuxnet was the firstliteral cyber-weapon. America’s own criticalinfrastructure is a sitting target for attacks like this.(Vanity Fair, April 2011)Stuxnet was the first (known) malware that subverts specificindustrial systems.Believed to have involved years of effort by skilled hackers todevelop and deploy.Narrowly targeted, quite possibly at Iran’s nuclear centrifuges.Widely believed to have been developed by Israel and the U.S.CS361C Slideset 0: 30Cyberwar
Stuxnet WormKaspersky Lab Provides Its Insights on Stuxnet Worm,Kaspersky.com, 9/24/10“I think that this is the turning point, this isthe time when we got to a really new world,because in the past there were justcyber-criminals, now I am afraid it is the timeof cyber-terrorism, cyber-weapons andcyber-wars.”CS361C Slideset 0: 31Cyberwar
Children of StuxnetThe successors of Stuxnet may be even more sophisticated:DuQu: (Sept. 2011) looks for information that could be useful inattacking industrial control systems.Flame: (May 2012) designed for cyber-espionage,targeted government organizations and educationalinstitutions in Iran and elsewhere.Gauss: (Aug. 2012) complex cyber-espionage toolkit designed tosteal sensitive data.Unlike conventional munitions, could be repurposed and redirectedat the sender.CS361C Slideset 0: 32Cyberwar
Cyber Attacks on the U.S.The U.S. has already been “attacked” in the sense of cyberespionage.Moonlight Maze: coordinated attacks onU.S. computer systems in 1999, traced to acomputer in Moscow. Hackers obtained largestores of data possibly including classifiednaval codes and information on missileguidance systems.Titan Rain: series of coordinated attacks onU.S. computer systems since 2003. ProbablyChinese in origin and probably gatheringintelligence; an estimated 10-20 terabytes ofdata may have been downloaded.There are undoubtedly others that we don’t yet know about.CS361C Slideset 0: 33Cyberwar
Does This Go Beyond Espionage?Some security experts warn that a successful possible widespreadattack on U.S. computing infrastructure could largely shut downthe U.S. economy for up to 6 months.It is estimated that the destruction from a single wave of cyberattacks on U.S. critical infrastructures could exceed 700 billionUSD—the equivalent of 50 major hurricanes hitting U.S. soil atonce. (Source: US Cyber Consequences Unit, July 2007)CS361C Slideset 0: 34Cyberwar
CyberAttacks: An Existential Threat?Cyberattacks an ’Existential Threat’ to U.S., FBI Says,Computerworld, 3/24/10A top FBI official warned today thatmany cyber-adversaries of the U.S. havethe ability to access virtually anycomputer system, posing a risk that’s sogreat it could “challenge our country’svery existence.”According to Steven Chabinsky, deputy assistant director of theFBI’s cyber division: “The cyber threat can be an existentialthreat—meaning it can challenge our country’s very existence, orsignificantly alter our nation’s potential.”CS361C Slideset 0: 35Cyberwar
Not Everyone AgreesHoward Schmidt, the new cybersecurity czarfor the Obama administration, has a shortanswer for the drumbeat of rhetoric claimingthe United States is caught up in a cyberwarthat it is losing. “There is no cyberwar. I thinkthat is a terrible metaphor and I think that is aterrible concept,” Schmidt said. “There are nowinners in that environment.” (Wired,3/4/10)Does Mr. Schmidt think there is no problem? Or just that we’recalling it by the wrong name?CS361C Slideset 0: 36Cyberwar
Not Everyone AgreesThe cyberwar rhetoric is dangerous. Itspractitioners are artists of exaggeration,who seem to think spinning tall tales isthe only way to make bureaucraciesmove in the right direction. . Not onlydoes it promote unnecessary fear, itfeeds the forces of parochial nationalismand militarism undermining acommunications system that hasarguably done more to connect theworld’s citizens than the last 50 years ofdiplomacy. (Ryan Singel review ofClarke and Knape in Wired, 4/22/10)CS361C Slideset 0: 37Cyberwar
Is a Cyber Attack an Act of War?There are some serious questions that deserve national andinternational dialogue.How serious would a cyber attack have to be considered an“act of war”?What if it were an act by non-state actors?Would it require certainty about who initiated it?What degree of control would the offending nation have toexert over such actors?Must the response be electronic or could it be a “kinetic”?CS361C Slideset 0: 38Cyberwar
An Act of War?According to the McAfee 2009 Virtual Criminology Report:“When determining whether a cyber attack is an act of cyber war,experts evaluate four key attack attributes:Source: Was the attack carried out or supported by anation-state?Consequence: Did the attack cause harm?Motivation: Was the attack politically motivated?Sophistication: Did the attack require customized methodsand/or complex planning?”What do you think of these criteria? Are they precise enough to beuseful?CS361C Slideset 0: 39Cyberwar
Cyber Attacks as Armed AttacksVarious international conventions allow a self-defense or“anticipatory self-defense” response to an armed attack. But theydon’t define “armed attack.”So, when is a cyber attack “equivalent” to an armed attack?At least three different analytic frameworks have been proposed:Instrument-based: the damage is such that it previously could onlyhave been caused by a kinetic attack.Effects-based: what are the overall effects of the attack on thevictim state.Strict liability: attacks against critical infrastructure qualifybecause of the potential serious consequences.Which of these analytic frameworks do you find most reasonable?CS361C Slideset 0: 40Cyberwar
Selecting TargetsIn traditional warfare, the targets tend to be military, or industrialsites with military value. Maybe it’s too obvious, but why is that?CS361C Slideset 0: 41Cyberwar
Selecting TargetsIn traditional warfare, the targets tend to be military, or industrialsites with military value. Maybe it’s too obvious, but why is that?1Military and industrial targets allow the enemy tocounterattack, so have high value.2Military assets are likely to be on the defensive perimeter.3Certain principles (are supposed to) regulate the conduct ofstates during warfare.CS361C Slideset 0: 42Cyberwar
Selecting TargetsStates are supposed to adhere to certain criteria in selectingtargets:Distinction: requires distinguishingcombatants from non-combatants anddirecting actions against military objectivesNecessity: limits force to that “necessary toaccomplish a valid military objective”Humanity: prohibits weapons designed “tocause unnecessary suffering”Proportionality: protects civilians andproperty against excessive uses of forceDo these apply to cyberattacks? To responses to cyberattacks?CS361C Slideset 0: 43Cyberwar
TargetsThere are good reasons to believe that the choice of targets mightbe different in cyber vs. kinetic warfare.Non-state actors may not feel bound by the conventional lawsof war.The actors may be in an asymmetric power relationship.Non-state actors may be looking for “soft” high-value targets.Cyber attacks offer the ability to “skip the battlefield.”Systems that people rely upon, from banks to air defenseradars, are accessible from cyberspace and can be quicklytaken over or knocked out without first defeating acountry’s traditional defenses. –Clarke and Knape, 31CS361C Slideset 0: 44Cyberwar
TargetsIn a cyberattack, targets could be: military, civil or private sector.If a major cyber conflict betweennation-states were to erupt, it is very likelythat the private sector would get caught inthe crossfire. Most experts agree thatcritical infrastructure systems—such as theelectrical grid, banking and finance, and oiland gas sectors—are vulnerable in manycountries. Some nation-states are activelydoing reconnaissance to identify specificvulnerabilities. –McAfee report, 3CS361C Slideset 0: 45Cyberwar
TargetsIf adversaries intended to attacknations in cyber space, theywould select targets which wouldcause the largest impacts andlosses to their opponents withthe least effort. It is therefore avery reasonable assumption thatadversaries would attack criticalinfrastructure systems via theInternet. –McAfee report, 16CS361C Slideset 0: 46Cyberwar
Protecting Critical InfrastructureThe government takes protection of infrastructure very seriously.Presidential Decision Directive (PDD-63) of 1998 states:Civilian systems are “essential to the minimum operations ofthe economy and government”Examples: telecommunications, energy, banking,transportation and emergency servicesSurely such systems are not vulnerable to cyberattack. Nobodywould be dumb enough to make such critical functionalityaccessible remotely. Would they?CS361C Slideset 0: 47Cyberwar
How Vulnerable is Our Infrastructure?Surely our critical infrastructure is not vulnerable to cyberattack.Nobody would be dumb enough to make such critical functionalityaccessible remotely. Would they?“I have yet to meet anyone whothinks SCADA systems should beconnected to the Internet. Butthe reality is that SCADAsystems need regular updatesfrom a central control, and it ischeaper to do this through anexisting Internet connection thanto manually move data or build aseparate network.” –Greg Day,Principal Security Analyst atMcAfeeCS361C Slideset 0: 48Cyberwar
Non-State ActorsShould a nation-state act against another nation-state in responseto actions by a non-state actor?Did the Afghan government (Taliban) attack the World TradeCenter and Pentagon on September 11, 2001?Did Russia actively organize, encourage and facilitate privatehackers participating in the cyber attacks on Georgia and Estonia?Herb Lin, Senior Scientist of the National Academy of Sciences,said that cyberattacks against the U.S. go up during exam periodsin China. What do you think that’s about?CS361C Slideset 0: 49Cyberwar
Active vs. Passive DefensesDefenses against cyber attack can be:Passive: taking steps to prevent an attack or to mitigate thedamage should an attack occur (access control,secure system design, security administration).Active: electronic measures designed to strike attackingcomputer systems and shut down an attackmidstream (destructive viruses, packet flooding)Most effective approach is probably a layered defense or “defensein depth” incorporating both approaches.But victim states often worry that active defenses may violate thelaws of war.CS361C Slideset 0: 50Cyberwar
The Attribution ProblemOften it is extremely difficult todetermine the source of a cyber attack.“States find themselves in a ‘response crisis’ during a cyber attack,forced to decide between effective but arguably illegal, activedefenses, and the less effective, but legal, passive defenses andcriminal laws.” –Carr, Inside Cyber Warfare, 47CS361C Slideset 0: 51Cyberwar
The Law of WarHow do the laws of war apply to cyber attacks?Laws of war arose in a conventional context inwhich:it is easy to assess the damage followingan attack, andit is typically easy to identify the attacker.“Current international law is not adequate for addressing cyberwar. Analogies to environmental law, law of the sea and kineticwar all break down at some point. Answering the question of whento use force in response to a cyber attack needs its ownframework.” –Eneken Tikk, legal advisor for the Cooperative CyberDefence Centre of Excellence in EstoniaCS361C Slideset 0: 52Cyberwar
The Prevailing ViewAccording to Lt. Cmd Matt Sklerov (quoted in Carr, 47):“The prevailing view of states and legal scholars is that statesmust treat cyber attacks as a criminal matter1out of uncertainty over whether a cyberattack can evenqualify as an armed attack, and2because the law of war requires states to attribute an armedattack to a foreign government or its agents before respondingwith force.”CS361C Slideset 0: 53Cyberwar
The Crime-Based ApproachIf you treat cyber attacks as a criminal matter, with deterrencefrom criminal laws and penalties, how do you force states tocomply with international criminal laws?“Several major states, such as China and Russia, allow theirattackers to operate with impunity when their attacks targetrival states.” (Carr, 47)“International legal acts regulating relations arising in theprocess of combating cyber crimes and cyber terrorism mustnot contain norms violating such immutable principles ofinternational law as non-interference in the internal affairs ofother states, and the sovereignty of the latter.” (MoscowMilitary Thought, 3/31/97)CS361C Slideset 0: 54Cyberwar
U.N. CharterThe U.N. Charter preserves the right ofstates to engage in “individual orcollective self-defense” in response to an“armed attack.” (Article 51).However, that begs the question of when a cyber attack should beconsidered an “armed attack.”CS361C Slideset 0: 55Cyberwar
The Law of WarStates have a long-standing duty to prevent non-state actors fromusing their territory to commit cross-border attacks, including therequirement for states to act against groups generally known tocarry out illegal attacks.Sklerov suggests that duty “should be interpreted to require statesto enact and enforce criminal laws to deter cross-border cyberattacks.”A state which fails to do so could be labeled a sanctuary state andsanctioned by the international community.CS361C Slideset 0: 56Cyberwar
The Laws of WarIn the cases relating to war crimes inthe former Yugoslavia, it was allowed:to impute host-stateresponsibility for the actions ofgroups of non-state actorswhen a state exercised“overall control” of the group,even though the state may nothave directed the particularact in question. (Prosecutorvs. Tadic)CS361C Slideset 0: 57Cyberwar
International AgreementsMost directly relevant is theEuropean Convention onCybercrime, which recognizes theneed of states to criminalizecyber attacks and the duty ofstates to prevent non-state actorson their territory from launchingthem.requires states to establish domestic criminal offenses for mosttypes of cyber attacksrecognizes the importance of prosecuting attackersrequires extending jurisdiction to cover a state’s territory andactions of citizens regardless of their location.The Convention has been signed by 26 countries including the U.S.CS361C Slideset 0: 58Cyberwar
ConclusionsCyber attacks are a serious threat tothe U.S. and other states.Cyber warfare may not be a helpfulmetaphor.The nature of the Internet makescyber attacks powerful, difficult tocounter, and difficult to attribute.No technical solutions are on thehorizon.Treaties and legal frameworks have not kept pace with thethreat.Promising theories and approaches are developing to help theinternational community cope.CS361C Slideset 0: 59Cyberwar
Jan 26, 2015 · security experts, Al Jazeera America, 1/7/14 Cyberwarfare is the greatest threat facing the United States — outstripping even terrorism — according to defense, military, and national security leaders in a Defense News poll, a sign that hawkish warning about an imminent ’cyber Pearl Harbor’ have been absorbed in defense circles.
Feb 02, 2015 · CS361C: Information Assurance and Security Introduction to IA Bill Young Department of Computer Science University of Texas at Austin Last updated: February 2, 2015 at 06:38
Mar 10, 2015 · Introduction to Cryptography Crypto is a key ingredient in any successful information assurance program. But it’s impo
Auditing and Assurance Services Week 2 1. ASSURANCE What is assurance and what are the different types and levels of assurance? Five elements: Three-parties relationships, subject matter, suitable criteria, sufficient appropriate evidence, written assurance report T
critical issues the University has established a Quality Assurance Directorate, which is mandated to develop a Quality Assurance Framework and a Quality Assurance Policy. The Quality Assurance Framework would clearly spell out the Principles, Guidelines and Procedures for implementing institutional quality assurance processes.
Information Assurance Program. Management Services. Information Assurance Program. Develop a cross functional (technical, physical, personnel and environmental) matrix team consisting of empowered management and staff who are tasked to develop and manage long-term strategic direction for the organization Information Assurance Program incorporating:
Federal Information Security Management Act DODD 8570.01 Information Assurance Training, Certification, and Workforce Management DOD 8570.01- M Information Assurance Workforce Improvement Program SECNAVINST M-5239.3B DON Information Assurance Program SECNAVMAN 5239.2 IAWF Management Manual to Support IA WIP
Quality Assurance and Improvement Framework Guidance 2 Contents Section 1: Quality Assurance and Improvement Framework 1.1 Overview 1.1.1 Quality Assurance (QA) 1.1.2 Quality Improvement (QI) 1.1.3 Access 1.2 Funding Section 2: Quality Assurance 2.1 General information on indicators 2.1.1 Disease registers 2.1.2 Verification
Anatomi tulang pada tangan, terdiri atas tulang lengan atas (humerus), pergelangan tangan (carpal), telapak tangan (metacarpal), dan jari-jari. Setiap lengan melekat pada tulang belikat (scapula), yaitu tulang segitiga besar di sudut tulang bagian atas setiap sisi tulang rusuk. Kerangka tubuh terdiri atas berbagai jenis tulang yang memiliki fungsi dan bentuk yang berbeda untuk menjalankan .
