A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October 2013. Author note"

Transcription

1 A Community Position paper on Law of CyberWar Paul Shaw 12 October 2013 Author note This law and cyberwar paper / quasi-treatise was originally written for a course in a CISO certification curriculum, covering cyber law, but was slightly adapted for a more public distribution The references and bibliography should be a good discovery vector for those wanting to purse this topic in more detail. The paper can be feely used / quoted or otherwise incorporated into other cyber security efforts as cited, with the original references / sources cited when appropriate. If you would like to collaborate on this topic, or provide updated sources, or challenge any aspect, etc - Please send me an

2 LAW OF CYBERWAR 2 Executive Summary Understanding the law of cyberwar has the potential to support the development of a cyber response strategy. Using a simple scenario of cyberwar between nation states, the complexities of cyberspace is examined in the context of existing legal and regulatory environments. This evaluation allows for development of a cyber response strategy that considers the full range of military options. The range of military actions include: defensive cyber response; offensive cyber response; and kinetic attacks. Cyberspace complexities are considerations in the design of a cyber response strategy. By understanding the opportunities and challenges of the legal and regulatory environment, a successful course for a cyber response is possible. A cyber response strategy is not a silver bullet that relieves senior leadership of developing the proper legal and regulatory environments. The benefits of developing a cyber response strategy are an improved ability to defend, respond, and avoid escalation. Considering advancing cyber threat capabilities and our dependence upon cyberspace, planning for our cyber response strategy needs to occur now. If a cyber Pearl Harbor happens, it is too late.

3 LAW OF CYBERWAR 3 Law of Cyberwar Cyberspace is critical to the functioning of United States (U.S.) economy and infrastructure. Attacks in cyberspace are common. The cyber threat to our nation is one of the most serious economic and national security challenges we face (Obama, 2013, p. 1). Vulnerabilities to cyber attacks include a high probability of occurrence for loss and potentially grave consequences, to include disrupting the use of cyberspace and causing physical effects. To counter these attacks and protect the availability, integrity, and confidentiality of our networks and data, there is a critical need for a cyber response strategy. Our response strategy needs to include the range of military action but be within the options of our legal and regulatory environment. Considering the extensive military capabilities of the U.S., we need a cyber response strategy within our range of options to include the use of military force. The legal and regulatory environments are shaped by international law, national law, government policy, technology, and the complexity of cyberspace. In this paper, an example of cyberwar between nation states is used to test our cyber response strategy and understand the legal environment. While the law of cyberwar is in development, there are still norms of traditional warfare and humanitarian law that assist with guidance on the development of our cyber response strategy. A critical issue of any cyber response is to prevent a cyber attack from escalating into a cyberwar and/or a full blown war between nation states. Understanding is developed through examining complexities of cyberspace and cyber attack in the context of the existing legal and regulatory environment. We use a simplified scenario of cyberwar between nation states to assist in understanding helpful and contrary aspects of the legal and regulatory environment. The hope is that the U.S. does not require a cyber Pearl Harbor to address issues in the legal and regulatory environment. Further development of the law of cyberwar is essential and critical. Background Threats to the DoD information environment and networks are growing in complexity and capability. Cyber attacks are a frequent occurrence with a range of activities to include malware insertion, monitoring, and hacking. As an example, adversaries are not only attempting more than 250,000 intrusions daily, but have demonstrated proficiency at infiltrating DoD information systems and exploiting sensitive information (Secretary of Defense, 2012, p. 2). These intrusions are not 250,000 daily attempts at starting a cyberwar. Cyber attacks have a

4 LAW OF CYBERWAR 4 range of effects from a probe, an infiltration, a compromise, or a disruption. The vast majority of these attacks are stopped by defensive measures by the victim implementing cybersecurity through a cyber response strategy. Cybersecurity is described as the efforts and capabilities necessary to ensuring that the department can execute its missions in the face of cyber warfare by the most capable adversary (Department of Defense Chief Information officer, 2013, p. 3). A cyber response strategy includes a range of options. The issues for a cyber response strategy include the nature of the cyber threat, geometry of cyberspace, attack duration, attack effects, overlapping jurisdictions across U.S. agencies and nation states, and victim responsibilities. While many of these attributes exist in the physical realm for the use of force between states, the complexity, speed, and nature of the cyber realm add complexities and complications. Even with these complexities and complications, our legal and regulatory environments allow for the creation of a cyber response strategy with a range of options. Primary cyber response options are defensive and offensive cyber responses. In the offensive cyber option, there is the possibility for the U.S. government to conduct a cyber attack on another nation or group. While there is not affirmed an official policy that the United States would use cyberattacks, there has not been much refutation of the proposition that the United States was responsible for the Stuxnet attacks (Libicki, 2013, p. 16) on Iranian nuclear capabilities. Other military options extend from the use of force for self defense to war. Concerning a cyber attack, the ambiguities are fewest when cyber attacks cause physical damage to property and loss of life in ways that are comparable to kinetic attacks and traditional war (Lin, 2010, p. 73). For most cyber attacks, there is an assumption that an attacker can be stopped with a strong defense. This assumption even goes further to assert that the victim has the responsibility to provide and maintain a strong defense. The problem is the increasing capability of advanced, persistent, and adaptable threats to overcome cybersecurity defenses. Concerning cyberspace, complex threats compel development of a range of military responses to prevent a cyber attack from becoming something more. Existing U.S. and international law do not have the same restrictions on defensive cyber response as on offensive cyber response. While there are many possible definitions of cyberwar, the North Atlantic Treaty Organization (NATO) definition of cyberwar is probably a best case to examine the legal and regulatory environment. The NATO definition: cyber warfare is a serious form of disruptive cyber attack by a nation on another nation s cyber space, crossing the line into being considered

5 LAW OF CYBERWAR 5 a use of force (Hunker, 2010, p. 4). This definition deals with the most severe effects of cyber warfare, limits the context to opposing nation states, and triggers issues allowing use of force in self defense. This definition allows a comparison of cyberwar and traditional warfare. Traditional warfare has constructs for the conduct of a war (law of armed conflict) and humanitarian law, such as the constructs of proportionality and distinction. Even in this best case scenario, there is a lack of legal clarity on cyberwar in international law and the cyber regulatory environment. Cyberwar triggers a complex and multidimensional interaction of politics, strategy, and law. In examining the legal and regulatory environments, our simple scenario in the NATO definition of cyberwar illustrates complexities and lack of clarity. In the legal environment, U.S. domestic legal and regulatory environment has applicability to the development of a cyber response strategy. The Computer Fraud and Abuse Act (CFAA) is law and guides the Department of Justice (DoJ) for prosecuting computer crimes. The CFAA creates limitations on the range of response on the part of defender. The CFAA limits offensive measures and requires a burden on the victim to prevent similar attacks. In particular, a victim of a cyber attack should not take any offensive measures on its own, such as hacking back into the attacker s computer even if such measures could in theory be characterized as defensive (Jarrett et al, 2010, p. 180). Authorization of use of the network and information is a key construct in determining whether a crime has been committed. Even though an attacker did not have authorization for his use, we are not allowed to commit their sin in our defense. In accordance with this construct of creating a better defense, the DoD is trying to operate a defensible information infrastructure harden the information infrastructure acquire systems that are cyber secure and execute mission-useful courses of action in response to attack (Department of Defense Chief Information Officer, 2013, p. 3). In our NATO scenario, another nation state would not be subject to U.S. criminal law under the CFAA. Although, we need to be able recognize that the cyber attacker is a hostile nation state and not a U.S. citizen or an international criminal group. Initially, it can be difficult to distinguish between a cyber attack for financial gain, information acquisition, or cyberspace disruption. Our NATO definition does not address the issue of attribution. It allows an assumption that the attacker is a nation state. Attribution is one of the many complexities in cyberspace.

6 LAW OF CYBERWAR 6 There is the possibility that opening salvos of the next war will likely occur in cyberspace (Card and Rogers, 2012, p. 1). It is possible that a cyber attack will be part of or precede a physical attack. In the context of a cyber response strategy, the U.S. needs to be able to use their extensive military force to deter and respond to cyber attacks. The U.S. has extensive kinetic military capabilities for inclusion in a cyber response strategy. U.S. leadership expressed a willingness to respond with military force to cyber attacks that cause deaths or significant economic harm, such as causing a nuclear plant meltdown, flooding populated areas, or interrupting air traffic control to cause crashes (Waxman, 2013, p. 114). Even with these potential red cyber attack lines, using military force strategy needs to be approached with the intent to avoid escalation. Using military force can create a complex interaction of strategy, politics, and law, but is still a viable response option. The existing construct for national self defense from an attack uses the concept of jus ad bellum or right to war. The United Nations (U.N.) Charter under Article 2(4) prohibits the threat or use of force except in self-defense or when authorized by the UN Security Council (Waxman, 2012, p. 44). This construct of attack is better defined in the kinetic realm than the cyber realm. As discussed above, the U.S. uses an effects-based approach for a cyber attack to trigger the right of self-defense. Constructs of military conduct in such a use of force in selfdefense are guided by the humanitarian law concepts of proportionality and distinction. Proportionality requires a minimization of harm to civilians and civilian property when attacking a military objective. Distinction requires targeting of combatants and not civilians. It took extensive periods of time to develop these two constructs in physical realm. Understanding these concepts in the cyber realm is a newer concept, with minimal precedence and few examples. Analysis The lack of legal clarity and international consensus for a cyberwar does not mean a cyber attack could not escalate into a traditional war between nation states. Our NATO definition of cyberwar is a valid starting point. To prevent a cyberwar, potential red lines exist in cyberspace. Even if those red lines are ill-defined, nation states understand potential backlash from a cyber attack to escalate into a cyberwar or lead to an armed conflict. The lack of clarity creates unease on an accepted threshold of response between an effect from a cyber attack and an appropriate military response. Instead of clarity, there is a complex and multidimensional

7 LAW OF CYBERWAR 7 interaction of politics, strategy, and law for such a response. Political considerations of a military response include national and world opinion. The public and international community may not understand the connection between a cyber attack and its physical effect. Even a cyber attack with physical effects, there might be a high degree of harm to allow a military action. Our NATO example has an interaction of strategy, politics, and law, especially for advanced and capable military capabilities. Complexity does not invalidate using military force in response to a cyber attack; instead it forces senior leadership to operate in a highly contested and uncertain international legal environment (Waxman, 2013, p. 121). The expectation is that a victim will adequately protect themselves from a cyber attack. This protection is mostly through defensive actions and not a kinetic military response or offensive cyber operations. This expectation exists in public and international opinion even with legitimate military responses. This construct of adequate defense has a comparable concept in the Department of Justice (DoJ) guidance for the CFAA. DoJ advises victims after an intrusion and its associated investigation are complete is to take steps to prevent similar attacks from happening again (Jarrett et al, 2010, p. 184). Even after the 2007 cyber attacks on Estonia, NATO developed more formal guidance for supporting Allied nations if they need to counter cyber attacks (Hunker, 2010, p. 9). This assistance was mostly in the form of technical assistance to overcome and mitigate the attack. We explore the legal and regulatory environment as either helpful or contrary aspects. Underlying and recurring concerns for our cyber response strategy is to avoid escalation of a military response into a war and a possible inability to contain an offensive cyber attack to the intended military target. Helpful Aspects of the Legal and Regulatory Environment Cyber defense is the preferred option in our current legal and regulatory environment. A defender has many abilities to isolate and block cyber attacks. These defensive capabilities are increasing with the development of many commercial applications for monitoring technology. New applications and technologies are emerging to provide enhanced situational awareness, threat detection, and behavior monitoring. Many of these applications can operate in an automated mode, with the owner selecting from levels of automation. The emergence of these

8 LAW OF CYBERWAR 8 commercial cybersecurity capabilities is less a function of government investment and instead from commercial demand. The regulatory environment for cybersecurity has numerous mandates for a government wide comprehensive cybersecurity strategy and improved cybersecurity capabilities. An example is the Comprehensive National Cybersecurity Initiative (CNCI). Under CNCI, cybersecurity is not an additional activity or a military response and instead a capability implemented as part of a cyber response strategy. The DoD is improving cybersecurity with a reduction of our attack surface and improved cyber situational awareness in the Joint Information Environment (JIE). JIE is developing a sensor grid that extends from individual workstations and applications to the DoD infrastructure. JIE will provide DoD cyber forces with the decision support capabilities to observe, diagnose, act, maneuver, and dependable mission execution in the face of cyber warfare by a capable cyber adversary (Takai, 2013, p. 3). Along with JIE efforts, individual Services are implementing additional cybersecurity efforts. The U.S. Navy is developing a cyber situational awareness (SA) capability for insight into the health of cyberspace, the capabilities at their disposal, and adversary actions (Card and Rogers, 2012, p. 7). These are helpful regulatory actions and contribute to improved cybersecurity. These efforts for a stronger cyber defense extend beyond the government. Presidential Policy Directive 21 (PPD 21) requires implementation of improved cybersecurity for U.S. critical national infrastructure. Most of our critical infrastructure is commercial, for which the government should not expect the private sector to protect and defend itself, at least not against foreign government intelligence services like those of Russia, China, Iran or North Korea (Cilluffo, 2012, p. 44). A critical legal and regulatory issue will be extension of DoD cyber defense capabilities to non-dod entities. Unfortunately, the rules for sharing of technology and information between government and commercial service providers are still in development. Participation tends to be voluntary. Using our NATO cyberwar example, restrictions on sharing of DoD technology and information should be relaxed after a major incident. The hope is that a proactive stance on changing the legal and regulatory environment occurs before a major cyber Pearl Harbor event. Various elements for CNCI implementation are making progress. The CNCI Information Sharing Architecture on threat and incident data includes commercial entities on a voluntary basis. There are efforts for greater inclusion of commercial critical infrastructure

9 LAW OF CYBERWAR 9 providers in other technology and information sharing efforts with the government, which may include tax breaks and other financial incentives for their participation. Contrary Aspects of the Legal and Regulatory Environment Within the cyber battlefield, many complexities exist to include the nature of the attacker, complex battlefield geometry, and conflicting regulatory responsibilities. Cyber attackers are individuals, criminals, social groups, and nation states. Attack attribution can be difficult with attackers intentionally masking their origin, location, and identity. Attack geometry includes the ability for an attack to be initiated in 300 milliseconds (or less) from anywhere in the world and use multiple hops to mask the point of origin. Cyber attacks durations vary from milliseconds to multiple years. Advanced threats can lay dormant and undetected for extended periods of time. Effects of a cyber attack can include information compromise, financial loss, equipment damage, service disruption, or death. There is a difference of authority and interest between the Department of Defense, Department of State, Department of Justice, and National Intelligence for a cyber attack (Breuer, 2013, pp.3-9). Attackers can exploit cyber geometry for attacks to cross jurisdictions and authorities. Depending on the geometry of the attack, these different authorities may be required for a cyber response. Cyber attacks require classification, description, and behavioral analysis, which can be consuming of time and personnel. The nature of cyber battlefield allows the attacker to have an advantage. Our NATO scenario of cyberwar between nation states allows for simplification of attacker complexities, battlefield geometry, and conflicting regulatory responsibilities, but not elimination. In the NATO definition, the attacker and points of origin should be known. If a system is compromised, an operational commander should know whether the system is still usable in full or degraded mode, identify alternatives to aid the commander in completing the mission, and finally, provide the ability to restore the system to a known, trusted state (Department of Defense, 2013, p. 34). The default mode of operation is to isolate a compromised asset, but intelligence needs may override this isolation. Overlapping authorities still exist in the NATO scenario, as intelligence can use a known compromised system to provide false or misleading information to an opponent. The existence of competing interests between operations and intelligence is an example of the lingering complications for even a known compromised system with an identified enemy.

10 LAW OF CYBERWAR 10 There are numerous legal and regulatory restrictions on offensive cyber operations. Offensive cyber weapons can operate across the phases of military operations to include probing an enemy before conflict to disabling specific enemy capabilities in time of war. Legal regulations start with the construct of authorization (as with the CFAA) to be in another s system or network. Regulatory restrictions include the authority of operational and tactical commanders to conduct offensive cyber operations. Even using the NATO definition of cyberwar, current doctrine has offensive cyber attacks approved at the Combatant Commander (COCOM) level. Authority for offensive actions is highly centralized within the U.S. government and that decisions involve the president himself (Leed, 2013, p. 4). Another issue for offensive cyber operations is that the nature of the enemy system impacts the ability to conduct cyber operations. The ability to carry out offensive cyber operations is a direct function of the weakness of the target system (Libicki, 2012, p. 323). A dilemma of offensive cyber capabilities is acknowledging a capability can result in its loss. Making what is vulnerable clear may be unnecessary, perhaps unwise. Every hack leads to fixes that make the next exploitation much harder (Libicki, 2013, p. viii). Additionally, there are concerns of limiting the effect of a cyber weapon to the intended target and not affecting a wider public network, which follow the humanitarian law constructs of proportionality and distinction. Even in a cyberwar with a known nation state, there is a concern that a cyber weapons will network beyond their intended target. Our NATO definition of cyberwar does not ensure that the humanitarian constructs of proportionality and distinction are maintained by an offensive cyber response. It is possible for unintended effects with the use of an offensive cyber weapon. Existing DoD cyber environment and policy contain problems for response to cyber attacks, especially automated offensive cyber responses. There is a need to automate analysis across almost all aspects of evaluating to a cyber attack. Cyber attacks have a range of response times, with some attacks requiring a near-real time response, but not all responses to cyber attacks should be automated. Most DoD legacy infrastructure and applications are not secure or resilient to advanced cyber threats. As our infrastructure and applications are redesigned and upgraded with advanced cybersecurity technologies, our ability to automate cyber responses increase. Our policies need to consider adjust limitations on the use of a technology due to concerns of unintended consequences. Just because a technology can perform a task, does not mean that the technology should be used for that task. Similar to restrictions exist in the kinetic

11 LAW OF CYBERWAR 11 world for automation of response to physical attacks. The existence of complex threats and the need for rapid response compel development of a strategy with a range of automated cyber responses. Even using the NATO definition of cyberwar between nation states, desires to maintain control and have a man in the loop impose severe restrictions on automated offensive cyber response. Conclusion Understanding the law of cyberwar is critical for the development of a cyber response strategy. Cyberspace is complex domain with many complexities and complications. Cyber attacks are a real threat with severe potential consequences. The range of response actions requires an understanding of our current and evolving legal and regulatory environment. In any cyber response there is an interaction of politics, strategy, and law. Cyber defense is the preferred option for most cyber threats, but may not be adequate for all threats. There is a need for a range of military options to include offensive cyber capabilities and kinetic military response. A military response might be allowed under the construct of self defense, if a cyber attack produces effects in the real world. A kinetic effect from a cyber attack does not mean that a nation will necessarily reply with a kinetic response. Leaders must consider that the public and international community may not understand the connection between a cyber attack and an acknowledged effect, due to technical complexity, attribution, and/or secrecy. These considerations are just part of the complexity in the design of a cyber response strategy. By understanding the opportunities and challenges of the legal and regulatory environment, a successful course for cyber response is possible. A cyber response strategy is not a silver bullet that relieves senior leadership of developing the proper legal and regulatory environments. Developing a cyber response strategy, along with developing our legal and regulatory environments, improves our ability to defend, respond, and avoid escalation in cyberspace. Considering advancing cyber threat capabilities and our dependence upon cyberspace, there is an urgent need for developing our cyber response. If a cyber Pearl Harbor happens, it could be too late to develop the law of cyberwar to prevent undue pain and suffering.

12 LAW OF CYBERWAR 12 References Breuer, P. (2013, September 13). How to split the hair: Challenges to DoD Computer Incident Response. Cyberlaw Class Presentation. National Defense University. Washington, D.C. Card, K. and Rogers, M. (2012, November). Navy Cyberpower United States Navy. Washington, DC. Retrieved on 5 September at Cilluffo, F. (2012, August). The U.S. Response to Cybersecurity Threats. Defense Dossier. Issue 4. American Foreign Policy Council. Retrieved on 20 September 2013 at Department of Defense. (2013, January). Resilient Military Systems and the Advanced Cyber Threat. Defense Science Board Task Force Report. Washington, D.C. Retrieved on 1 September 2013 at Department of Defense Chief Information Officer. (2013, May 25). DoD CIO Capability Planning Guidance for Fiscal Years 15 to 19. Washington, D.C. Executive Office of the President of the United States. (2010, March). The Comprehensive National Cybersecurity Initiative. The White House. Retrieved on 20 September 2013 at Hunker, J. (2010, November). Cyber war and cyber power Issues for NATO Doctrine. Research Paper No. 62. Research Division - NATO Defense College, Rome. Retrieved on 24 September 2013 at Jarrett, H., Bailie, M., Hagen, E., and Etringham, E. (2010, October). Prosecuting Computer Crimes. OLE Litigation Series. Computer Crime and Intellectual Property Section Criminal Division. Department of Justice. Retrieved on 24 September 2013 at Leed, M., Lewis, J, and McCreary, J. (2013, September). Offensive Cyber Capabilities at the Operational Level. Center for International and Strategic Studies. Retrieved on 25 September 2013 at Libicki, M. (2013). Brandishing Cyberattack Capabilities. Rand Corporation. Retrieved on 5 September 2013 at Libicki, M. (2012, Fall). Cyberspace Is Not a Warfighting Domain. I/S: A Journal of Law and Policy for the Information Society. Retrieved on 5 September 2013 at

13 LAW OF CYBERWAR 13 Lin, H. (2010, August 13). Offensive Cyber Operations and the Use of Force. Journal of National Security law and Policy. Retrieved on 24 September 2013 at Obama, B. (2013, July 19). Taking the Cyberattack Threat Seriously. Wall Street Journal Online. Retrieved on 4 September 2013 at Obama, B. (2013, February 12). Critical Infrastructure Security and Resilience. Presidential Policy Directive (PPD) 21. Office of the Press Secretary. The White House. Retrieved on 1 September 2013 at Secretary of Defense. (2102, May 1). Transitional Framework for Cyberspace Operations Command and Control. Memorandum for Commanders of the Combatant Commands. Washington, D.C. Takai, T. (2013, September 26). Joint Information Environment Implementation Guidance. Department of Defense Chief Information Officer. Washington, D.C. Waxman, M. (2013, June). Self-defensive Force against Cyber Attacks: Legal, Strategic and Political Dimensions. International Law Studies. Volume 89. U.S. Naval War College. Retrieved on 1 September 2013 at Waxman, M. (2011). Cyber Attacks as Force Under UN Charter 2(4). International Law Studies. Volume 87. Retrieved on 19 September 2013 at Attacks-as--Force%E2%80%9D-under-UN-Charter-Article-.aspx

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

1 Cyberspace and Security

1 Cyberspace and Security 1 Cyberspace and Security 1 Paper by Deputy Secretary of Defense William J. Lynn, Defending a New Domain: The Pentagon s Cyber Strategy, Foreign Affairs (Sep Oct 2010). In addition, an annual report by

More information

The main object of my research is :

The main object of my research is : The main object of my research is : «War» I try to analyse the mutual impacts between «new wars» and the evolution of the international system More especially my research is about what we call»cyber-war«or»cyber-conflicts«is

More information

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,

More information

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28), Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28), General appreciation of the issues of information security Information

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009 National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities GAO United States Government Accountability Office Report to Congressional Requesters May 2011 DEFENSE DEPARTMENT CYBER EFFORTS More Detailed Guidance Needed to Ensure Military Services Develop Appropriate

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

working group on foreign policy and grand strategy

working group on foreign policy and grand strategy A GRAND STRATEGY ESSAY Managing the Cyber Security Threat by Abraham Sofaer Working Group on Foreign Policy and Grand Strategy www.hoover.org/taskforces/foreign-policy Cyber insecurity is now well established

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

Public Private Partnerships and National Input to International Cyber Security

Public Private Partnerships and National Input to International Cyber Security Public Private Partnerships and National Input to International Cyber Security 10 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington,

More information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS

More information

Confrontation or Collaboration?

Confrontation or Collaboration? Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The

More information

Trends Concerning Cyberspace

Trends Concerning Cyberspace Section 2 Trends Concerning Cyberspace 1 Cyberspace and Security Owing to the information technology (IT) revolution in recent years, information and communication networks such as the Internet are becoming

More information

Harmful Interference into Satellite Telecommunications by Cyber Attack

Harmful Interference into Satellite Telecommunications by Cyber Attack Kobe and QM Symposium on International Law "Diversity of Transnational Criminal Justice" Harmful Interference into Satellite Telecommunications by Cyber Attack 10 April 2015 Yuri Takaya Research Fellow/Lecturer,

More information

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns Benjamin GITTINS Ronald KELSON What is cyberspace and why is it so important? US Government Cyberspace

More information

CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015

CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 On March 10, 2015 the Center for Strategic and International Studies, in conjunction with the Cybersecurity Unit of the U.S. Department of

More information

Department of Defense Cyberspace Policy Report

Department of Defense Cyberspace Policy Report Department of Defense Cyberspace Policy Report A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2011, Section 934 November 2011 Contents INTRODUCTION... 1 SECTION

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 6: RDT&E Management Support COST

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 3000.09 November 21, 2012 USD(P) SUBJECT: Autonomy in Weapon Systems References: See Enclosure 1 1. PURPOSE. This Directive: a. Establishes DoD policy and assigns

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the Testimony Statement for the Record Martin Casado, Senior Vice President Networking and Security Business Unit VMware, Inc. Before the U.S. House of Representatives Committee on Science, Space, and Technology

More information

CYBERSECURITY: DIVISION OF RESPONSIBILITY IN THE U.S. GOVERNMENT

CYBERSECURITY: DIVISION OF RESPONSIBILITY IN THE U.S. GOVERNMENT CYBERSECURITY: DIVISION OF RESPONSIBILITY IN THE U.S. GOVERNMENT Joeli R. Field INTL604 Interagency Operations American Military University September 18, 2010 2 INTRODUCTION The cyber threat is one of

More information

U. S. Attorney Office Northern District of Texas March 2013

U. S. Attorney Office Northern District of Texas March 2013 U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

More information

Software Reprogramming Policy for Electronic Warfare and Target Sensing Systems

Software Reprogramming Policy for Electronic Warfare and Target Sensing Systems Army Regulation 525 15 Military Operations Software Reprogramming Policy for Electronic Warfare and Target Sensing Systems Headquarters Department of the Army Washington, DC 23 July 2010 UNCLASSIFIED SUMMARY

More information

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN 2015 2020 UNITED IN SERVICE TO OUR NATION DIRECTOR S STATEMENT We are at an operational crossroads. We continue to operate in a contested battlespace,

More information

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Cyber War or Electronic Espionage - Active Defense or Hack Back David Willson Attorney at Law, CISSP Assess & Protect Corporate Information "Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information Iran Georgia France Estonia Attacks on Nations UK Belgium South

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009 Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009 Two recent studies National Academies Study: Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack

More information

Cybersecurity. Canisius College

Cybersecurity. Canisius College Cybersecurity Introduction In the year 2013, cybersecurity is a relevant issue on both the most personal level and the global level. Never has humanity had access to such a vast array of information. Never

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Information Assurance. and Critical Infrastructure Protection

Information Assurance. and Critical Infrastructure Protection Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

STATEMENT OF GENERAL KEITH B. ALEXANDER, USA COMMANDER, UNITED STATES CYBER COMMAND DIRECTOR, NATIONAL SECURITY AGENCY CHIEF, CENTRAL SECURITY SERVICE

STATEMENT OF GENERAL KEITH B. ALEXANDER, USA COMMANDER, UNITED STATES CYBER COMMAND DIRECTOR, NATIONAL SECURITY AGENCY CHIEF, CENTRAL SECURITY SERVICE STATEMENT OF GENERAL KEITH B. ALEXANDER, USA COMMANDER, UNITED STATES CYBER COMMAND DIRECTOR, NATIONAL SECURITY AGENCY CHIEF, CENTRAL SECURITY SERVICE BEFORE THE SENATE COMMITTEE ON APPROPRIATIONS CYBERSECURITY:

More information

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Moderator: Panelists: Honorable Preet Bharara, United States Attorney, Southern

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Cyber Security and Infrastructure: Problems of Today, Challenges for Tomorrow

Cyber Security and Infrastructure: Problems of Today, Challenges for Tomorrow Cyber Security and Infrastructure: Problems of Today, Challenges for Tomorrow Herb Lin Computer Science and Telecommunications Board NAE Convocation of Engineering Professional Societies Washington DC

More information

Securing the Supply Chain for Electronic Equipment: A Strategy and Framework by Scott Borg

Securing the Supply Chain for Electronic Equipment: A Strategy and Framework by Scott Borg The Internet Security Alliance Securing the Supply Chain for Electronic Equipment: A Strategy and Framework by Scott Borg Background on This Project This short paper is based on sixteen months of meetings,

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

Hybrid Warfare & Cyber Defence

Hybrid Warfare & Cyber Defence Hybrid Warfare & Cyber Defence Maj Gen Thomas FRANZ, DEU AF SHAPE DCOS CIS & CD Characteristics of Hybrid Warfare Alternate means to achieve goals Lines blurred between: state-onstate wars, counterinsurgency

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

HOLISTIC APPROACHES TO CYBERSECURITY TO ENABLE NETWORK CENTRIC OPERATIONS

HOLISTIC APPROACHES TO CYBERSECURITY TO ENABLE NETWORK CENTRIC OPERATIONS Statement before the House Armed Services Committee, Subcommittee on Terrorism, Unconventional Threats and Capabilities HOLISTIC APPROACHES TO CYBERSECURITY TO ENABLE NETWORK CENTRIC OPERATIONS A Statement

More information

The term cyberwar is common in

The term cyberwar is common in U.S. Army (Austin Berner) Unpacking Cyberwar The Sufficiency of the Law of Armed Conflict in the Cyber Domain By Kyle Genaro Phillips The term cyberwar is common in today s discussions of the national

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

Research Note Engaging in Cyber Warfare

Research Note Engaging in Cyber Warfare Research Note Engaging in Cyber Warfare By: Devin Luco Copyright 2013, ASA Institute for Risk & Innovation Keywords: Cyber War, Cyber Warfare, Cyber Attacks, Cyber Threats Abstract This research note defines

More information

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations TeleContinuity The Survivable Cyber Solution Presentation For Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations 2007 TeleContinuity, Inc.. All Rights

More information

James R. Clapper. Director of National Intelligence

James R. Clapper. Director of National Intelligence Statement for the Record Worldwide Cyber Threats House Permanent Select Committee on Intelligence James R. Clapper Director of National Intelligence September 10, 2015 STATEMENT FOR THE RECORD Worldwide

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

ARI 26/2013 (Translated from Spanish) 17 September 2013. Cyber cells: a tool for national cyber security and cyber defence

ARI 26/2013 (Translated from Spanish) 17 September 2013. Cyber cells: a tool for national cyber security and cyber defence ARI ARI 26/2013 (Translated from Spanish) 17 September 2013 Cyber cells: a tool for national cyber security and cyber defence Thiber Theme 1 Cyber cells are effective tools that enable countries to operate,

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

C DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP

C DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP C DIG CSCSS / DEFENCE INTELLIGENCE GROUP COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE C DIG CSCSS / DEFENCE INTELLIGENCE GROUP

More information

How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives

How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives DON IT Conference // AFCEA West 2015 Presented by: RDML John Ailes Chief Engineer SPAWAR

More information

Counterintelligence Awareness Glossary

Counterintelligence Awareness Glossary Counterintelligence Awareness Glossary Access: The ability and opportunity to obtain knowledge of classified information. Anomaly: Activity r knowledge, outside the norm, that suggests a foreign entity

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5505.13E March 1, 2010 ASD(NII)/DoD CIO SUBJECT: DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3) References: See Enclosure 1 1. PURPOSE. This Directive:

More information

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

Enhancing Cyber Security for the Warfighter

Enhancing Cyber Security for the Warfighter INTRODUCTION 115 Chapter 8 Enhancing Cyber Security for the Warfighter Sean R. Finnegan A key element of current and future U.S. warfighter capabilities is and will be the information systems being integrated

More information

NATO & Cyber Conflict: Background & Challenges

NATO & Cyber Conflict: Background & Challenges NATO & Cyber Conflict: Background & Challenges Dr. Sean Lawson Department of Communication University of Utah [Full citation: Lawson, Sean. (2012) NATO & Cyber Conflict: Background & Challenges. Presented

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

THE drop cap white spread is the chartacter style to use for the drop cap. Use this masater

THE drop cap white spread is the chartacter style to use for the drop cap. Use this masater Headline White, Etc. Etc. Etc. Cybersecurity: Subhead Main White Byline White Program Managers Have Questions. Got Answers? THE drop cap white spread is the chartacter style to use for the drop cap. Use

More information

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey. Cybersecurity & International Relations Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey. Cybersecurity & IR This part of the IWOSI aims to link the Information

More information

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior

More information

Legal Issues / Estonia Cyber Incident

Legal Issues / Estonia Cyber Incident Control System Cyber Security Conference 22 October 2009 Legal Issues / Estonia Cyber Incident Maeve Dion Center for Infrastructure Protection George Mason University School of Law Legal Issues / Estonia

More information

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION Performance Goal 2.4.1 By September 30, 2017, achieve key milestones to promote arms control and nonproliferation by implementing the President s Prague Agenda of steps toward a world without nuclear weapons;

More information

National Cyber Threat Information Sharing. System Strengthening Study

National Cyber Threat Information Sharing. System Strengthening Study Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Countering Cyber Attacks with Big Data and Analytics

Countering Cyber Attacks with Big Data and Analytics June 2015 Countering Cyber Attacks with Big Data and Analytics Frost & Sullivan Analysis by Sandy Borthick Big Data & Analytics (BDA) Volume 3, Number 6 Countering Cyber Attacks with Big Data and Analytics

More information

Getting real about cyber threats: where are you headed?

Getting real about cyber threats: where are you headed? Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a

More information

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement

More information

Obama s Cybersecurity Plan

Obama s Cybersecurity Plan SECURITY TECHNOLOGY POLICY PAPERS SERIES 1 Spring 10 Obama s Cybersecurity Plan Marianne STONE Geest-MSH - Paris Sciences Po Paris Columbia University, School of International and Public Affairs New York

More information

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation Virginia Joint Commission on Technology and Science Cybersecurity Legislation Pending Legislation Widespread agreement of need for legislation Three approaches CISPA Cybersecurity Act of 2012 SECURE IT

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

NATIONAL DEFENSE AND SECURITY ECONOMICS

NATIONAL DEFENSE AND SECURITY ECONOMICS NATIONAL DEFENSE AND SECURITY ECONOMICS FUTURE DEVELOPMENT OF ECONOMICS OF DEFENSE AND SECURITY ECONOMIC DIMENSION OF CYBERSPACE AS NEW SECURITY THREAT Content of Topic Introduction Basic Concepts Cyberspace

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking Appendix A: Gap Analysis Spreadsheet Competency and Skill List Competency Critical Thinking Data Collection & Examination Communication & Collaboration Technical Exploitation Information Security Computing

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

A Detailed Strategy for Managing Corporation Cyber War Security

A Detailed Strategy for Managing Corporation Cyber War Security A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations

More information

Cybersecurity and United States Policy Issues

Cybersecurity and United States Policy Issues Global Security Studies, Summer 2014, Volume 5, Issue 3 Cybersecurity and United States Policy Issues Cristina Berriz Peace, War and Defense Program University of North Carolina at Chapel Hill Chapel Hill,

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

Five Principles for Shaping Cybersecurity Norms

Five Principles for Shaping Cybersecurity Norms TRANSPARENCY PROPORTIONALITY HARMONIZATION RISK REDUCTION COLLABORATION Five Principles for Shaping Cybersecurity Norms Contents Introduction 3 Cybersecurity Norms 5 The Role of the Public Sector 6 Cybersecurity

More information

U.S.-Japan Cooperation in Cybersecurity

U.S.-Japan Cooperation in Cybersecurity NOVEMBER 2015 1616 Rhode Island Avenue NW Washington, DC 20036 202-887-0200 www.csis.org Cover photo: www.shutterstock.com U.S.-Japan Cooperation in Cybersecurity A Report of the CSIS Strategic Technologies

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information