Possible International Workshops On Critical Cyber Policy Issues

Possible International WorkshopsPossible International WorkshopsOn Critical Cyber Policy IssuesOn Critical Cyber Policy Issues

John C. Mallery (John C. Mallery ([email protected])Computer Science & Artificial Intelligence LaboratoryComputer Science & Artificial Intelligence Laboratory

Massachusetts Institute of TechnologyMassachusetts Institute of Technology

Presentation at the Fourth International Forum “Partnership between State Authorities, Civil Society, and Business Community in Ensuring Information Security and Combating Terrorism” Garmisch-Partenkirchen, Germany, April 12-15, 2010 .

Version: 04/21/23 12:33 PM

John C. Mallery MIT CSAIL2

ContentsContents BackgroundBackground Proposed ApproachProposed Approach PrinciplesPrinciples Workshop TopicsWorkshop Topics

1.1. Cyber DefinitionsCyber Definitions2.2. Cyber CrimeCyber Crime3.3. Cyber TerrorismCyber Terrorism4.4. Escalatory ModelsEscalatory Models5.5. Civilian InfrastructuresCivilian Infrastructures6.6. Industrial EspionageIndustrial Espionage7.7. Technical CooperationTechnical Cooperation8.8. Codes of ConductCodes of Conduct9.9. Cyber LawCyber Law10.10. Protection of the CommonsProtection of the Commons

Building Confidence Through A Sequence Of Cyber WorkshopsBuilding Confidence Through A Sequence Of Cyber Workshops Russian ReactionRussian Reaction Mallery AssessmentMallery Assessment ConclusionsConclusions


BackgroundBackground Discussions during 2009 with Alexey Salnikov Discussions during 2009 with Alexey Salnikov

(LMSU) and Chuck Barry (NDU) about (LMSU) and Chuck Barry (NDU) about possible workshop topics addressing:possible workshop topics addressing: Key aspects of cyber policyKey aspects of cyber policy Building mutual understandingBuilding mutual understanding Reducing risk of accidental conflict escalationReducing risk of accidental conflict escalation Promoting orderly international cyber relationsPromoting orderly international cyber relations

Mallery was asked to generate a set of Mallery was asked to generate a set of possible workshop topics for international possible workshop topics for international dialoguesdialogues

The list builds from an earlier set Russian The list builds from an earlier set Russian topics and adds moretopics and adds more


Proposed ApproachProposed Approach Assumptions:Assumptions:

Ubiquitous low-cost computing and networking is Ubiquitous low-cost computing and networking is increasingly woven into the fabric of social, increasingly woven into the fabric of social, economic and political systemseconomic and political systems

These historic cyber-cognitive transformations pose These historic cyber-cognitive transformations pose significant learning challenges for inter-state significant learning challenges for inter-state systemssystems

Governments are constrained in their ability to Governments are constrained in their ability to openly think through sensitive or difficult issuesopenly think through sensitive or difficult issues

Supplement G2G dialogues with largely non-Supplement G2G dialogues with largely non-governmental workshops that discuss and governmental workshops that discuss and analyze:analyze: Critical cyber issuesCritical cyber issues Cyber challenges to international relationsCyber challenges to international relations


Managing Interstate Competition In Cyberspace Managing Interstate Competition In Cyberspace by Movement Towards Transparent Cooperationby Movement Towards Transparent Cooperation

InformationWarfare

InformationWarfare

Anti-CrimeCoordinationAnti-Crime

Coordination

EspionageEspionage

SecretCoordination

SecretCoordination

Terrorism

Information Control& Filtering

Deterrence

PoliticalActivism

PSYOPSPSYOPS

IndustrialEspionage

IndustrialEspionage

InternetGovernance

InternetGovernance

GlobalizationGlobalization

Compellence

StrategicCommunication

CompetitionCompetition CooperationCooperation

Opacity Extra-legal / Covert

Opacity Extra-legal / Covert

Transparency Legal / Overt Transparency Legal / Overt

Codes ofConductCodes ofConduct

InternationalTreaties, LawInternationalTreaties, Law

TechnicalCooperation

TechnicalCooperation

Protectionof Commons

Protectionof Commons

CulturalInterchange

Arms RacesArms Races

More Stable

Less Stable


Moderate Frequency

High Frequency

Low Frequency Low Frequency

Attacker ResourcesHighLow

High

Low

Espionage

Cyber War with Major Powers

Cyber Terrorism?

Disruption of Global Communication

Industrial Espionage

Cyber War

Major Critical Infrastructure Attacks

Cyber Crime

Large-scaleEspionage

Attacker Resources Attacker Resources Required for Cyber ImpactsRequired for Cyber Impacts

DestabilizingDangerous

Narrow Focus?

IncreasingSophistication

HostilityPerceptionCumulative?


Building Confidence and UnderstandingBuilding Confidence and UnderstandingThrough a Sequence of Cyber DialoguesThrough a Sequence of Cyber Dialogues

Mutual understanding is enhanced by knowledge of each others Mutual understanding is enhanced by knowledge of each others perspectives:perspectives: Cyber DefinitionsCyber Definitions

Near-term workshops address immediate concerns of states:Near-term workshops address immediate concerns of states: Cyber CrimeCyber Crime Cyber TerrorismCyber Terrorism

Medium-term workshops lay intellectual foundations for mutually Medium-term workshops lay intellectual foundations for mutually beneficial cooperation and international stability:beneficial cooperation and international stability: Civilian Infrastructures Civilian Infrastructures Escalatory ModelsEscalatory Models Industrial EspionageIndustrial Espionage Technical Cooperation Technical Cooperation

Long-term workshops develop universalizable principles Long-term workshops develop universalizable principles necessary for international law:necessary for international law: Codes of ConductCodes of Conduct Cyber Law Cyber Law Protection of the CommonsProtection of the Commons


PrinciplesPrinciples Originality: Originality: Workshops should make original scientific Workshops should make original scientific

contributions to systematic thinking about cyber policy contributions to systematic thinking about cyber policy and cyber international relationsand cyber international relations

Technical Grounding: Technical Grounding: Approaches must be realistic Approaches must be realistic with respect to current or future technologieswith respect to current or future technologies

Multidisciplinary: Multidisciplinary: Experts should bring to the Experts should bring to the discussions deep knowledge across relevant technical discussions deep knowledge across relevant technical or social science disciplinesor social science disciplines

Impartial Funding: Impartial Funding: Prefer independent or joint Prefer independent or joint sources of funding to reduce any perception of biassources of funding to reduce any perception of bias

Non-governmental: Non-governmental: Participation should emphasize Participation should emphasize non-government expertsnon-government experts

Well-informed: Well-informed: Experts should be familiar with official Experts should be familiar with official positions and interpretations of their governmentspositions and interpretations of their governments

Coherence: Coherence: Workshop participation should be relevant Workshop participation should be relevant to the topic and dialogues focused (20-30 participants)to the topic and dialogues focused (20-30 participants)

Workshop TopicsWorkshop Topics


1. Cyber Definitions1. Cyber Definitions Review national definitions of information Review national definitions of information

security, information warfare and cyber security, information warfare and cyber defense:defense: Definitions of national cyber securityDefinitions of national cyber security Doctrines of information warfareDoctrines of information warfare Legitimate postures for cyber defenseLegitimate postures for cyber defense

Compare national legal frameworks governing Compare national legal frameworks governing cyber crime, information warfare & exploitation, cyber crime, information warfare & exploitation, and cyber cooperationand cyber cooperation

Compare interpretations and measures of Compare interpretations and measures of intensity for cyber actions or interactions by intensity for cyber actions or interactions by states, whether conflictual or cooperativestates, whether conflictual or cooperative


2. Cyber Crime2. Cyber Crime Examine legal and technical coordination Examine legal and technical coordination

against cyber crime:against cyber crime: Enhance cooperation on investigations of cross-Enhance cooperation on investigations of cross-

boarder crime, including preservation of evidence, boarder crime, including preservation of evidence, forensic standardsforensic standards

Share data on cyber crime in support of warning Share data on cyber crime in support of warning about and policing of criminal activityabout and policing of criminal activity

Coordinate medium-term policy to raise barriers to Coordinate medium-term policy to raise barriers to entry for criminals into cyber crime and terrorists entry for criminals into cyber crime and terrorists into cyber terrorisminto cyber terrorismSuppression of international black markets for cyber crime Suppression of international black markets for cyber crime

(e.g., tools, data, expertise, platforms).(e.g., tools, data, expertise, platforms). Develop technical solutions for prevention, early Develop technical solutions for prevention, early

detection, attribution and prosecution of criminal detection, attribution and prosecution of criminal actsacts


3. Cyber Terrorism3. Cyber Terrorism Consider international agreements to counter Consider international agreements to counter

non-state actors seeking to launch cyber non-state actors seeking to launch cyber attacks on states or provoke conflicts among attacks on states or provoke conflicts among countries using cyber means:countries using cyber means: Deny access to “cyber weapons” or black market Deny access to “cyber weapons” or black market

resourcesresources Prevent proliferation of state-level cyber capabilities Prevent proliferation of state-level cyber capabilities

by renouncing use of proxies and managing former by renouncing use of proxies and managing former personnel trained in cyber offensepersonnel trained in cyber offense

Share intelligence on cyber terrorism, including: Share intelligence on cyber terrorism, including: recruiting, coordination and financingrecruiting, coordination and financing

Work jointly to prevent terrorist groups from Work jointly to prevent terrorist groups from acquiring or deploying technical means for major acquiring or deploying technical means for major cyber attacks on countriescyber attacks on countries


4. Escalatory Models4. Escalatory Models Develop shared models of escalation and de-Develop shared models of escalation and de-

escalation in cyber conflict, including definitions of escalation in cyber conflict, including definitions of hostility levels:hostility levels: Identification of red lines for warIdentification of red lines for war Frameworks for addressing the military instability arising from Frameworks for addressing the military instability arising from

cyber attacks on Ccyber attacks on C55ISR systems, including nuclear systems, ISR systems, including nuclear systems, naval forcesnaval forces

Status of military satellitesStatus of military satellites Dynamics in cyber space that may amplify relatively low level Dynamics in cyber space that may amplify relatively low level

attacks to produce highly negative unintended consequences attacks to produce highly negative unintended consequences or escalationsor escalations

Responsibility of national command authorities for monitoring Responsibility of national command authorities for monitoring and controlling activities by cyber offense or exploitation and controlling activities by cyber offense or exploitation divisions, especially in times of crisisdivisions, especially in times of crisis

Framework for designating actions in cyber space as criminal, Framework for designating actions in cyber space as criminal, hostile or belligerent, and assigning corresponding hostile or belligerent, and assigning corresponding interpretations of intent by state actorsinterpretations of intent by state actors


5. Civilian Infrastructures 5. Civilian Infrastructures Consider the international legal status of Consider the international legal status of

civilian cyber infrastructures in the context of civilian cyber infrastructures in the context of peace or war:peace or war: Identification of civilian infrastructures for protection Identification of civilian infrastructures for protection

under international law under international law Responsibility by states for private offensive actions Responsibility by states for private offensive actions

(botnets, criminal organizations) emanating from (botnets, criminal organizations) emanating from within their borderswithin their borders

Status of national and international civilian Internet Status of national and international civilian Internet infrastructuresinfrastructures

Status of kinetic or electro-magnetic pulse weapons Status of kinetic or electro-magnetic pulse weapons in attacks against civilian cyber infrastructuresin attacks against civilian cyber infrastructures


6. Industrial Espionage 6. Industrial Espionage Explore international legal frameworks for Explore international legal frameworks for

industrial espionage: industrial espionage: Classes of industrial espionage:Classes of industrial espionage:

Sponsored directly by statesSponsored directly by statesSupported indirectly by states when they purchase stolen Supported indirectly by states when they purchase stolen

information from proxies or criminal black marketsinformation from proxies or criminal black marketsNon-state actors pursuing their own goalsNon-state actors pursuing their own goals

Develop WTO rules for redress of grievances Develop WTO rules for redress of grievances against statesagainst states

Differentiate isolated cases from large-scale Differentiate isolated cases from large-scale campaigns sustained over yearscampaigns sustained over years

Assign implied hostile intent levels to “extraordinary” Assign implied hostile intent levels to “extraordinary” espionage activitiesespionage activities


7. Technical Cooperation 7. Technical Cooperation Develop concepts for international mutual assistance Develop concepts for international mutual assistance

across public and private spheres to:across public and private spheres to: Respond to significant cyber failures or attacksRespond to significant cyber failures or attacks Enhance protection of critical infrastructuresEnhance protection of critical infrastructures Improve cyber situational awarenessImprove cyber situational awareness

Specifically:Specifically: Review or extension of mutual assistance treaties or Review or extension of mutual assistance treaties or

agreements to provide rapid support to countries under cyber agreements to provide rapid support to countries under cyber attack or suffering cyber outages attack or suffering cyber outages

Develop international standards for cyber forensics and Develop international standards for cyber forensics and accountable chains of custodyaccountable chains of custody

Propose data sharing to improve situational awareness on Propose data sharing to improve situational awareness on cyber crime and cyber terrorismcyber crime and cyber terrorism

International long-term cooperation to increase assurance International long-term cooperation to increase assurance levels to raise the resource requirements to undertake cyber levels to raise the resource requirements to undertake cyber attacks or engage in cyber crimeattacks or engage in cyber crime


8. Cyber Law8. Cyber Law Envision international legal frameworks to Envision international legal frameworks to

increase stability of state-state relations and increase stability of state-state relations and promote orderly international economic promote orderly international economic processesprocesses

Consider cyber-specific interpretations of the Consider cyber-specific interpretations of the United Nations Charter to help clarify:United Nations Charter to help clarify: Jus ad bello Jus ad bello

When cyber disruptions rise to the level of an “armed When cyber disruptions rise to the level of an “armed attack”attack”

Proportionate responses to cyber attacksProportionate responses to cyber attacksProscribed activities related to cyber attack from a state’s Proscribed activities related to cyber attack from a state’s

territory by non-state actors (or states) against other statesterritory by non-state actors (or states) against other states Jus in belloJus in bello

Application of the principle of distinction to limit attacks to Application of the principle of distinction to limit attacks to military targets and protect civiliansmilitary targets and protect civilians

Prohibition on indiscriminate attacks with impacts beyond Prohibition on indiscriminate attacks with impacts beyond parties to the conflictparties to the conflict


9. Codes of Conduct9. Codes of Conduct Develop shared international norms for behavior Develop shared international norms for behavior

in cyber space for individuals, countries and in cyber space for individuals, countries and non-state actorsnon-state actors

States should:States should: Assure cybersecurity Assure cybersecurity

Modernize national laws to prosecute cyber crime and Modernize national laws to prosecute cyber crime and facilitate timely transnational investigationsfacilitate timely transnational investigations

Participate in international organizations combating cyber Participate in international organizations combating cyber crimecrime

Develop a culture of cyber securityDevelop a culture of cyber security Renounce use of proxies Renounce use of proxies Combat terrorism Combat terrorism Pursue cooperative measuresPursue cooperative measures

Improve transparencyImprove transparencyReduce riskReduce riskEnhance stabilityEnhance stabilityRender assistance to states suffering outage or attackRender assistance to states suffering outage or attackShare data and coordinate cyber threat reductionShare data and coordinate cyber threat reductionSupport capacity building for less developed countriesSupport capacity building for less developed countries


10. Protection of the Commons10. Protection of the Commons

Devise frameworks to insulate the Devise frameworks to insulate the technical architectures and the operation technical architectures and the operation of cyberspace from political competition:of cyberspace from political competition: Provide separate mechanisms for resolving Provide separate mechanisms for resolving

differences or marshalling international differences or marshalling international cooperationcooperationTechnical planeTechnical planeEconomic planeEconomic planePolitical planePolitical plane

EpilogueEpilogue


Russian Reaction to Workshop Topics: 1Russian Reaction to Workshop Topics: 1

Based on evaluation by their leading experts, Based on evaluation by their leading experts, Russians “completely support” the topic set Russians “completely support” the topic set (24/12/2009)(24/12/2009)

Russian prioritization of topics for discussionRussian prioritization of topics for discussion1.1. Escalation ModelsEscalation Models2.2. Civil infrastructuresCivil infrastructures3.3. Cyber DefinitionsCyber Definitions4.4. Cyber LawCyber Law5.5. Codes of ConductCodes of Conduct6.6. Cyber TerrorismCyber Terrorism7.7. Cyber CrimeCyber Crime8.8. Technical CooperationTechnical Cooperation9.9. Protection of the Commons (termed “Protection of Protection of the Commons (termed “Protection of

World Community” by Russians)World Community” by Russians)10.10. Industrial EspionageIndustrial Espionage

Russian reaction based on draft (2/12/2009)Russian reaction based on draft (2/12/2009)


Russian Reaction to Workshop Topics: 2Russian Reaction to Workshop Topics: 2

Russians believe the cyber definition topic is particularly important Russians believe the cyber definition topic is particularly important and merits a joint research project entitled:and merits a joint research project entitled: ““Comparative Analysis of Conceptual National Documents Comparative Analysis of Conceptual National Documents

(Strategies, Doctrines, etc.) and National Approaches to the (Strategies, Doctrines, etc.) and National Approaches to the Definitions of Information Warfare and Cyber Security.”Definitions of Information Warfare and Cyber Security.”

Russians point out that the topic list is “a comprehensive 2-3 year Russians point out that the topic list is “a comprehensive 2-3 year program for scientific research”program for scientific research”

They consider this research program worthy of funding as a large They consider this research program worthy of funding as a large common research project under the NATO Scientific Committee’s common research project under the NATO Scientific Committee’s “Science for Peace and Security”“Science for Peace and Security”

Russians propose establishment of an “International Cyber Space Russians propose establishment of an “International Cyber Space Security Consortium” and suggest a potential list of co-founding Security Consortium” and suggest a potential list of co-founding institutions:institutions: Lomonosov Moscow State UniversityLomonosov Moscow State University Harvard University -- MIT – NDUHarvard University -- MIT – NDU Chinese Defense Technology UniversityChinese Defense Technology University Karlsruhe University (Germany)Karlsruhe University (Germany) ICANNICANN


Mallery Assessment Mallery Assessment (speaking for only myself)(speaking for only myself)

Step by step is probably the best approachStep by step is probably the best approach Demonstrate value and build towards more difficult topicsDemonstrate value and build towards more difficult topics

Identify the first topic and hold the workshopIdentify the first topic and hold the workshop Obtain institutional buy-inObtain institutional buy-in

Follow on with other workshops every 6-12 monthsFollow on with other workshops every 6-12 months Maintain momentumMaintain momentum

Consider specific research to follow up on topics in greater detail:Consider specific research to follow up on topics in greater detail: Build on the research cases developed by the workshopsBuild on the research cases developed by the workshops Identify relevant participants based on expertiseIdentify relevant participants based on expertise Work out a plausible plan for coordination of research and integration Work out a plausible plan for coordination of research and integration

of resultsof results Caveats:Caveats:

No formal institutional commitment at this time from MIT or HarvardNo formal institutional commitment at this time from MIT or Harvard Any formal activities must be proposed by researchers and approved Any formal activities must be proposed by researchers and approved

by the institutionsby the institutions Expectations:Expectations:

Some MIT or Harvard researchers may choose to participate as Some MIT or Harvard researchers may choose to participate as individuals in intellectually exciting workshops that are aligned with individuals in intellectually exciting workshops that are aligned with their intereststheir interests

More extensive commitments, for example to joint research projects More extensive commitments, for example to joint research projects or a research consortium might be possible in the future if scientific or a research consortium might be possible in the future if scientific benefits are clearbenefits are clear


ConclusionsConclusions Dialogue between the major cyber Dialogue between the major cyber

powers is important to:powers is important to: Reduce risk of international conflictReduce risk of international conflict Assure orderly international economic Assure orderly international economic

processesprocesses Dialogues among thought leaders Dialogues among thought leaders

from different countries can:from different countries can: Build common understandingsBuild common understandings Explore practical means to reduce Explore practical means to reduce

cyber riskscyber risks

Date post:	16-Jan-2016
Category:	Documents
Upload:	bernie
View:	36 times
Download:	0 times