1 / 16

Incident Response Need for Attack Analysis

Incident Response Need for Attack Analysis. Reading List. This class Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993

keaton-knox
Download Presentation

Incident Response Need for Attack Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident ResponseNeed for Attack Analysis

  2. Reading List • This class • Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993 • Homeland Security News Wire, U.S. weighing retaliatory measures against China for hacking campaign, http://www.homelandsecuritynewswire.com/dr20130220-u-s-weighing-retaliatory-measures-against-china-for-hacking-campaign

  3. How to Respond? Civilian organizations National security

  4. How to Response? Civilian • Actions to avoid further loss from intrusion • Terminate intrusion and protect against reoccurrence • Law enforcement – prosecute • Enhance defensive security

  5. R E S P O N S E Jus ad bellum applies Peacetime regime applies Rules Defining the Use of Force Art. 39 Art. 2(4) Art. 51 Threat of force Use of force Armed attack Threat to the peace Hostile intent Hostile act Anticipatory self-defense Self-defense Jus in bello applies Computer Science and Engineering

  6. Use of Force in Cyberspace • Cyber vs. Kinetic Attack • Academic State-of-the-Art: Effects-Based Analysis • Problem: Charter Paradigm Means-Based • The Schmitt Reconciliation • Distinguishing Military from Diplomatic and Economic Coercion • Seven Factors

  7. Schmitt Factors • Severity • Immediacy • Directness • Invasiveness • Measurability • Presumptive Legitimacy • Responsibility

  8. Severity of cyber attacks: cause (or have the possibility of ) physical harm. Severity Armed attacks threaten physical injury or destruction of property to a much greater extent than other forms of coercion. Physical well-being usually occupies the [lowest, most basic level] of the human hierarchy of need. How many people were killed? How large an area was attacked? (Scope) How much damage was done within this area? (Intensity) People Killed; Severe Property Damage People Killed; Severe Property Damage People Injured; Moderate Property Damage People Unaffected; No Discernable Property Damage

  9. Immediacy of cyber attacks: time needed for the consequences to manifest without the ability to mitigate harmful effects or seek peaceful options to resolve the problem. Immediacy The negative consequences of armed coercion, or threat thereof, usually occur with great immediacy, while those of other forms of coercion develop more slowly. Over how long a period did the action take place? (Duration) How soon were its effects felt? How soon until its effects abate? People Killed; Severe Property Damage Seconds to Minutes Hours to Days Weeks to Months

  10. Directness of cyber attacks: connection between the cyber operation and the harmful consequences. Directness The consequences of armed coercion are more directly tied to the actus reus than in other forms of coercion, which often depend on numerous contributory factors to operate. The voluntary and wrongful act or omission that constitutes the physical components of a crime. Because a person cannot be punished for bad thoughts alone, there can be no criminal liability without actus reus. Was the action distinctly identifiable from parallel or competing actions? Was the action the proximate cause of the effects? Action Sole Cause of Result People Killed; Severe Property Damage Action Identifiable as One Cause of Result, and to an Indefinite Degree Action Played No Identifiable Role in Result

  11. Invasiveness of cyber attacks: impairment of territorial integrity or sovereignty of a state. Invasiveness In armed coercion, the act causing the harm usually crosses into the target state, whereas in economic warfare the acts generally occur beyond the target’s borders. As a result, even though armed and economic acts may have roughly similar consequences, the former represents a greater intrusion on the rights of the target state and, therefore, is more likely to disrupt international stability. Did the action involve physically crossing the target country’s borders? Was the locus of the action within the target country? Border Physically Crossed; Action Has Point Locus People Killed; Severe Property Damage Border Electronically Crossed; Action Occurs Over Diffuse Area Border Not Crossed; Action Has No Identifiable Locus in Target Country

  12. Measurability of cyber attacks: identifying consequences and measure of damage. (quantitative models, e.g., economic modeling) Measurability While the consequences of armed coercion are usually easy to ascertain (e.g., a certain level of destruction), the actual negative consequences of other forms of coercion are harder to measure. This fact renders the appropriateness of community condemnation, and the degree of vehemence contained therein, less suspect in the case of armed force. Effects Can Be Quantified Immediately by Traditional Means (BDA, etc.) with High Degree of Certainty Can the effects of the action be quantified? Are the effects of the action distinct from the results of parallel or competing actions? What was the level of certainty? People Killed; Severe Property Damage Effects Can Be Estimated by Rough Order of Magnitude with Moderate Certainty Effects Cannot be Separated from Those of Other Actions; Overall Certainty is Low

  13. Presumptive legitimacy of cyber attacks: similar to non-cyber operations, e.g., espionage, propaganda, etc. Presumptive Legitimacy In most cases, whether under domestic or international law, the application of violence is deemed illegitimate absent some specific exception such as self-defense. The cognitive approach is prohibitory. By contrast, most other forms of coercion—again in the domestic and international sphere—are presumptively lawful, absent a prohibition to the contrary. The cognitive approach is permissive. Has this type of action achieved a customary acceptance within the international community? Is the means qualitatively similar to others presumed legitimate under international law? Action Accomplished by Means of Kinetic Attack People Killed; Severe Property Damage Action Accomplished in Cyberspace but Manifested by a “Smoking Hole” in Physical Space Action Accomplished in Cyberspace and Effects Not Apparent in Physical World

  14. Responsibility for cyber attacks: state acknowledging the action. Responsibility Armed coercion is the exclusive province of states; only they may generally engage in uses of force across borders, and in most cases only they have the ability to do so with any meaningful impact. By contrast, non-governmental entities are often capable of engaging in other forms of coercion (propaganda, boycotts, etc.). Is the action directly or indirectly attributable to the acting state? But for the acting state’s sake, would the action have occurred? Responsibility for Action Acknowledged by Acting State; Degree of Involvement Large People Killed; Severe Property Damage Target State Government Aware of Acting State’s Responsibility; Public Role Unacknowledged; Degree of Involvement Moderate Action Unattributable to Acting State; Degree of Involvement Low

  15. Overall Analysis Use of Force Under Article 2(4) People Killed; Severe Property Damage Arguably Use of Force or Not Not a Use of Force Under Article 2(4)

  16. Next Class Soft Power Analysis

More Related