Possible International WorkshopsPossible International WorkshopsOn Critical Cyber Policy IssuesOn Critical Cyber Policy Issues
John C. Mallery (John C. Mallery ([email protected])Computer Science & Artificial Intelligence LaboratoryComputer Science & Artificial Intelligence Laboratory
Massachusetts Institute of TechnologyMassachusetts Institute of Technology
Presentation at the Fourth International Forum “Partnership between State Authorities, Civil Society, and Business Community in Ensuring Information Security and Combating Terrorism” Garmisch-Partenkirchen, Germany, April 12-15, 2010 .
Version: 04/21/23 12:33 PM
John C. Mallery MIT CSAIL2
ContentsContents BackgroundBackground Proposed ApproachProposed Approach PrinciplesPrinciples Workshop TopicsWorkshop Topics
1.1. Cyber DefinitionsCyber Definitions2.2. Cyber CrimeCyber Crime3.3. Cyber TerrorismCyber Terrorism4.4. Escalatory ModelsEscalatory Models5.5. Civilian InfrastructuresCivilian Infrastructures6.6. Industrial EspionageIndustrial Espionage7.7. Technical CooperationTechnical Cooperation8.8. Codes of ConductCodes of Conduct9.9. Cyber LawCyber Law10.10. Protection of the CommonsProtection of the Commons
Building Confidence Through A Sequence Of Cyber WorkshopsBuilding Confidence Through A Sequence Of Cyber Workshops Russian ReactionRussian Reaction Mallery AssessmentMallery Assessment ConclusionsConclusions
John C. Mallery MIT CSAIL3
BackgroundBackground Discussions during 2009 with Alexey Salnikov Discussions during 2009 with Alexey Salnikov
(LMSU) and Chuck Barry (NDU) about (LMSU) and Chuck Barry (NDU) about possible workshop topics addressing:possible workshop topics addressing: Key aspects of cyber policyKey aspects of cyber policy Building mutual understandingBuilding mutual understanding Reducing risk of accidental conflict escalationReducing risk of accidental conflict escalation Promoting orderly international cyber relationsPromoting orderly international cyber relations
Mallery was asked to generate a set of Mallery was asked to generate a set of possible workshop topics for international possible workshop topics for international dialoguesdialogues
The list builds from an earlier set Russian The list builds from an earlier set Russian topics and adds moretopics and adds more
John C. Mallery MIT CSAIL4
Proposed ApproachProposed Approach Assumptions:Assumptions:
Ubiquitous low-cost computing and networking is Ubiquitous low-cost computing and networking is increasingly woven into the fabric of social, increasingly woven into the fabric of social, economic and political systemseconomic and political systems
These historic cyber-cognitive transformations pose These historic cyber-cognitive transformations pose significant learning challenges for inter-state significant learning challenges for inter-state systemssystems
Governments are constrained in their ability to Governments are constrained in their ability to openly think through sensitive or difficult issuesopenly think through sensitive or difficult issues
Supplement G2G dialogues with largely non-Supplement G2G dialogues with largely non-governmental workshops that discuss and governmental workshops that discuss and analyze:analyze: Critical cyber issuesCritical cyber issues Cyber challenges to international relationsCyber challenges to international relations
John C. Mallery MIT CSAIL5
Managing Interstate Competition In Cyberspace Managing Interstate Competition In Cyberspace by Movement Towards Transparent Cooperationby Movement Towards Transparent Cooperation
InformationWarfare
InformationWarfare
Anti-CrimeCoordinationAnti-Crime
Coordination
EspionageEspionage
SecretCoordination
SecretCoordination
Terrorism
Information Control& Filtering
Deterrence
PoliticalActivism
PSYOPSPSYOPS
IndustrialEspionage
IndustrialEspionage
InternetGovernance
InternetGovernance
GlobalizationGlobalization
Compellence
StrategicCommunication
CompetitionCompetition CooperationCooperation
Opacity Extra-legal / Covert
Opacity Extra-legal / Covert
Transparency Legal / Overt Transparency Legal / Overt
Codes ofConductCodes ofConduct
InternationalTreaties, LawInternationalTreaties, Law
TechnicalCooperation
TechnicalCooperation
Protectionof Commons
Protectionof Commons
CulturalInterchange
Arms RacesArms Races
More Stable
Less Stable
John C. Mallery MIT CSAIL6
Moderate Frequency
High Frequency
Low Frequency Low Frequency
Attacker ResourcesHighLow
High
Low
Espionage
Cyber War with Major Powers
Cyber Terrorism?
Disruption of Global Communication
Industrial Espionage
Cyber War
Major Critical Infrastructure Attacks
Cyber Crime
Large-scaleEspionage
Attacker Resources Attacker Resources Required for Cyber ImpactsRequired for Cyber Impacts
DestabilizingDangerous
Narrow Focus?
IncreasingSophistication
HostilityPerceptionCumulative?
John C. Mallery MIT CSAIL7
Building Confidence and UnderstandingBuilding Confidence and UnderstandingThrough a Sequence of Cyber DialoguesThrough a Sequence of Cyber Dialogues
Mutual understanding is enhanced by knowledge of each others Mutual understanding is enhanced by knowledge of each others perspectives:perspectives: Cyber DefinitionsCyber Definitions
Near-term workshops address immediate concerns of states:Near-term workshops address immediate concerns of states: Cyber CrimeCyber Crime Cyber TerrorismCyber Terrorism
Medium-term workshops lay intellectual foundations for mutually Medium-term workshops lay intellectual foundations for mutually beneficial cooperation and international stability:beneficial cooperation and international stability: Civilian Infrastructures Civilian Infrastructures Escalatory ModelsEscalatory Models Industrial EspionageIndustrial Espionage Technical Cooperation Technical Cooperation
Long-term workshops develop universalizable principles Long-term workshops develop universalizable principles necessary for international law:necessary for international law: Codes of ConductCodes of Conduct Cyber Law Cyber Law Protection of the CommonsProtection of the Commons
John C. Mallery MIT CSAIL8
PrinciplesPrinciples Originality: Originality: Workshops should make original scientific Workshops should make original scientific
contributions to systematic thinking about cyber policy contributions to systematic thinking about cyber policy and cyber international relationsand cyber international relations
Technical Grounding: Technical Grounding: Approaches must be realistic Approaches must be realistic with respect to current or future technologieswith respect to current or future technologies
Multidisciplinary: Multidisciplinary: Experts should bring to the Experts should bring to the discussions deep knowledge across relevant technical discussions deep knowledge across relevant technical or social science disciplinesor social science disciplines
Impartial Funding: Impartial Funding: Prefer independent or joint Prefer independent or joint sources of funding to reduce any perception of biassources of funding to reduce any perception of bias
Non-governmental: Non-governmental: Participation should emphasize Participation should emphasize non-government expertsnon-government experts
Well-informed: Well-informed: Experts should be familiar with official Experts should be familiar with official positions and interpretations of their governmentspositions and interpretations of their governments
Coherence: Coherence: Workshop participation should be relevant Workshop participation should be relevant to the topic and dialogues focused (20-30 participants)to the topic and dialogues focused (20-30 participants)
Workshop TopicsWorkshop Topics
John C. Mallery MIT CSAIL10
1. Cyber Definitions1. Cyber Definitions Review national definitions of information Review national definitions of information
security, information warfare and cyber security, information warfare and cyber defense:defense: Definitions of national cyber securityDefinitions of national cyber security Doctrines of information warfareDoctrines of information warfare Legitimate postures for cyber defenseLegitimate postures for cyber defense
Compare national legal frameworks governing Compare national legal frameworks governing cyber crime, information warfare & exploitation, cyber crime, information warfare & exploitation, and cyber cooperationand cyber cooperation
Compare interpretations and measures of Compare interpretations and measures of intensity for cyber actions or interactions by intensity for cyber actions or interactions by states, whether conflictual or cooperativestates, whether conflictual or cooperative
John C. Mallery MIT CSAIL11
2. Cyber Crime2. Cyber Crime Examine legal and technical coordination Examine legal and technical coordination
against cyber crime:against cyber crime: Enhance cooperation on investigations of cross-Enhance cooperation on investigations of cross-
boarder crime, including preservation of evidence, boarder crime, including preservation of evidence, forensic standardsforensic standards
Share data on cyber crime in support of warning Share data on cyber crime in support of warning about and policing of criminal activityabout and policing of criminal activity
Coordinate medium-term policy to raise barriers to Coordinate medium-term policy to raise barriers to entry for criminals into cyber crime and terrorists entry for criminals into cyber crime and terrorists into cyber terrorisminto cyber terrorismSuppression of international black markets for cyber crime Suppression of international black markets for cyber crime
(e.g., tools, data, expertise, platforms).(e.g., tools, data, expertise, platforms). Develop technical solutions for prevention, early Develop technical solutions for prevention, early
detection, attribution and prosecution of criminal detection, attribution and prosecution of criminal actsacts
John C. Mallery MIT CSAIL12
3. Cyber Terrorism3. Cyber Terrorism Consider international agreements to counter Consider international agreements to counter
non-state actors seeking to launch cyber non-state actors seeking to launch cyber attacks on states or provoke conflicts among attacks on states or provoke conflicts among countries using cyber means:countries using cyber means: Deny access to “cyber weapons” or black market Deny access to “cyber weapons” or black market
resourcesresources Prevent proliferation of state-level cyber capabilities Prevent proliferation of state-level cyber capabilities
by renouncing use of proxies and managing former by renouncing use of proxies and managing former personnel trained in cyber offensepersonnel trained in cyber offense
Share intelligence on cyber terrorism, including: Share intelligence on cyber terrorism, including: recruiting, coordination and financingrecruiting, coordination and financing
Work jointly to prevent terrorist groups from Work jointly to prevent terrorist groups from acquiring or deploying technical means for major acquiring or deploying technical means for major cyber attacks on countriescyber attacks on countries
John C. Mallery MIT CSAIL13
4. Escalatory Models4. Escalatory Models Develop shared models of escalation and de-Develop shared models of escalation and de-
escalation in cyber conflict, including definitions of escalation in cyber conflict, including definitions of hostility levels:hostility levels: Identification of red lines for warIdentification of red lines for war Frameworks for addressing the military instability arising from Frameworks for addressing the military instability arising from
cyber attacks on Ccyber attacks on C55ISR systems, including nuclear systems, ISR systems, including nuclear systems, naval forcesnaval forces
Status of military satellitesStatus of military satellites Dynamics in cyber space that may amplify relatively low level Dynamics in cyber space that may amplify relatively low level
attacks to produce highly negative unintended consequences attacks to produce highly negative unintended consequences or escalationsor escalations
Responsibility of national command authorities for monitoring Responsibility of national command authorities for monitoring and controlling activities by cyber offense or exploitation and controlling activities by cyber offense or exploitation divisions, especially in times of crisisdivisions, especially in times of crisis
Framework for designating actions in cyber space as criminal, Framework for designating actions in cyber space as criminal, hostile or belligerent, and assigning corresponding hostile or belligerent, and assigning corresponding interpretations of intent by state actorsinterpretations of intent by state actors
John C. Mallery MIT CSAIL14
5. Civilian Infrastructures 5. Civilian Infrastructures Consider the international legal status of Consider the international legal status of
civilian cyber infrastructures in the context of civilian cyber infrastructures in the context of peace or war:peace or war: Identification of civilian infrastructures for protection Identification of civilian infrastructures for protection
under international law under international law Responsibility by states for private offensive actions Responsibility by states for private offensive actions
(botnets, criminal organizations) emanating from (botnets, criminal organizations) emanating from within their borderswithin their borders
Status of national and international civilian Internet Status of national and international civilian Internet infrastructuresinfrastructures
Status of kinetic or electro-magnetic pulse weapons Status of kinetic or electro-magnetic pulse weapons in attacks against civilian cyber infrastructuresin attacks against civilian cyber infrastructures
John C. Mallery MIT CSAIL15
6. Industrial Espionage 6. Industrial Espionage Explore international legal frameworks for Explore international legal frameworks for
industrial espionage: industrial espionage: Classes of industrial espionage:Classes of industrial espionage:
Sponsored directly by statesSponsored directly by statesSupported indirectly by states when they purchase stolen Supported indirectly by states when they purchase stolen
information from proxies or criminal black marketsinformation from proxies or criminal black marketsNon-state actors pursuing their own goalsNon-state actors pursuing their own goals
Develop WTO rules for redress of grievances Develop WTO rules for redress of grievances against statesagainst states
Differentiate isolated cases from large-scale Differentiate isolated cases from large-scale campaigns sustained over yearscampaigns sustained over years
Assign implied hostile intent levels to “extraordinary” Assign implied hostile intent levels to “extraordinary” espionage activitiesespionage activities
John C. Mallery MIT CSAIL16
7. Technical Cooperation 7. Technical Cooperation Develop concepts for international mutual assistance Develop concepts for international mutual assistance
across public and private spheres to:across public and private spheres to: Respond to significant cyber failures or attacksRespond to significant cyber failures or attacks Enhance protection of critical infrastructuresEnhance protection of critical infrastructures Improve cyber situational awarenessImprove cyber situational awareness
Specifically:Specifically: Review or extension of mutual assistance treaties or Review or extension of mutual assistance treaties or
agreements to provide rapid support to countries under cyber agreements to provide rapid support to countries under cyber attack or suffering cyber outages attack or suffering cyber outages
Develop international standards for cyber forensics and Develop international standards for cyber forensics and accountable chains of custodyaccountable chains of custody
Propose data sharing to improve situational awareness on Propose data sharing to improve situational awareness on cyber crime and cyber terrorismcyber crime and cyber terrorism
International long-term cooperation to increase assurance International long-term cooperation to increase assurance levels to raise the resource requirements to undertake cyber levels to raise the resource requirements to undertake cyber attacks or engage in cyber crimeattacks or engage in cyber crime
John C. Mallery MIT CSAIL17
8. Cyber Law8. Cyber Law Envision international legal frameworks to Envision international legal frameworks to
increase stability of state-state relations and increase stability of state-state relations and promote orderly international economic promote orderly international economic processesprocesses
Consider cyber-specific interpretations of the Consider cyber-specific interpretations of the United Nations Charter to help clarify:United Nations Charter to help clarify: Jus ad bello Jus ad bello
When cyber disruptions rise to the level of an “armed When cyber disruptions rise to the level of an “armed attack”attack”
Proportionate responses to cyber attacksProportionate responses to cyber attacksProscribed activities related to cyber attack from a state’s Proscribed activities related to cyber attack from a state’s
territory by non-state actors (or states) against other statesterritory by non-state actors (or states) against other states Jus in belloJus in bello
Application of the principle of distinction to limit attacks to Application of the principle of distinction to limit attacks to military targets and protect civiliansmilitary targets and protect civilians
Prohibition on indiscriminate attacks with impacts beyond Prohibition on indiscriminate attacks with impacts beyond parties to the conflictparties to the conflict
John C. Mallery MIT CSAIL18
9. Codes of Conduct9. Codes of Conduct Develop shared international norms for behavior Develop shared international norms for behavior
in cyber space for individuals, countries and in cyber space for individuals, countries and non-state actorsnon-state actors
States should:States should: Assure cybersecurity Assure cybersecurity
Modernize national laws to prosecute cyber crime and Modernize national laws to prosecute cyber crime and facilitate timely transnational investigationsfacilitate timely transnational investigations
Participate in international organizations combating cyber Participate in international organizations combating cyber crimecrime
Develop a culture of cyber securityDevelop a culture of cyber security Renounce use of proxies Renounce use of proxies Combat terrorism Combat terrorism Pursue cooperative measuresPursue cooperative measures
Improve transparencyImprove transparencyReduce riskReduce riskEnhance stabilityEnhance stabilityRender assistance to states suffering outage or attackRender assistance to states suffering outage or attackShare data and coordinate cyber threat reductionShare data and coordinate cyber threat reductionSupport capacity building for less developed countriesSupport capacity building for less developed countries
John C. Mallery MIT CSAIL19
10. Protection of the Commons10. Protection of the Commons
Devise frameworks to insulate the Devise frameworks to insulate the technical architectures and the operation technical architectures and the operation of cyberspace from political competition:of cyberspace from political competition: Provide separate mechanisms for resolving Provide separate mechanisms for resolving
differences or marshalling international differences or marshalling international cooperationcooperationTechnical planeTechnical planeEconomic planeEconomic planePolitical planePolitical plane
EpilogueEpilogue
John C. Mallery MIT CSAIL21
Russian Reaction to Workshop Topics: 1Russian Reaction to Workshop Topics: 1
Based on evaluation by their leading experts, Based on evaluation by their leading experts, Russians “completely support” the topic set Russians “completely support” the topic set (24/12/2009)(24/12/2009)
Russian prioritization of topics for discussionRussian prioritization of topics for discussion1.1. Escalation ModelsEscalation Models2.2. Civil infrastructuresCivil infrastructures3.3. Cyber DefinitionsCyber Definitions4.4. Cyber LawCyber Law5.5. Codes of ConductCodes of Conduct6.6. Cyber TerrorismCyber Terrorism7.7. Cyber CrimeCyber Crime8.8. Technical CooperationTechnical Cooperation9.9. Protection of the Commons (termed “Protection of Protection of the Commons (termed “Protection of
World Community” by Russians)World Community” by Russians)10.10. Industrial EspionageIndustrial Espionage
Russian reaction based on draft (2/12/2009)Russian reaction based on draft (2/12/2009)
John C. Mallery MIT CSAIL22
Russian Reaction to Workshop Topics: 2Russian Reaction to Workshop Topics: 2
Russians believe the cyber definition topic is particularly important Russians believe the cyber definition topic is particularly important and merits a joint research project entitled:and merits a joint research project entitled: ““Comparative Analysis of Conceptual National Documents Comparative Analysis of Conceptual National Documents
(Strategies, Doctrines, etc.) and National Approaches to the (Strategies, Doctrines, etc.) and National Approaches to the Definitions of Information Warfare and Cyber Security.”Definitions of Information Warfare and Cyber Security.”
Russians point out that the topic list is “a comprehensive 2-3 year Russians point out that the topic list is “a comprehensive 2-3 year program for scientific research”program for scientific research”
They consider this research program worthy of funding as a large They consider this research program worthy of funding as a large common research project under the NATO Scientific Committee’s common research project under the NATO Scientific Committee’s “Science for Peace and Security”“Science for Peace and Security”
Russians propose establishment of an “International Cyber Space Russians propose establishment of an “International Cyber Space Security Consortium” and suggest a potential list of co-founding Security Consortium” and suggest a potential list of co-founding institutions:institutions: Lomonosov Moscow State UniversityLomonosov Moscow State University Harvard University -- MIT – NDUHarvard University -- MIT – NDU Chinese Defense Technology UniversityChinese Defense Technology University Karlsruhe University (Germany)Karlsruhe University (Germany) ICANNICANN
John C. Mallery MIT CSAIL23
Mallery Assessment Mallery Assessment (speaking for only myself)(speaking for only myself)
Step by step is probably the best approachStep by step is probably the best approach Demonstrate value and build towards more difficult topicsDemonstrate value and build towards more difficult topics
Identify the first topic and hold the workshopIdentify the first topic and hold the workshop Obtain institutional buy-inObtain institutional buy-in
Follow on with other workshops every 6-12 monthsFollow on with other workshops every 6-12 months Maintain momentumMaintain momentum
Consider specific research to follow up on topics in greater detail:Consider specific research to follow up on topics in greater detail: Build on the research cases developed by the workshopsBuild on the research cases developed by the workshops Identify relevant participants based on expertiseIdentify relevant participants based on expertise Work out a plausible plan for coordination of research and integration Work out a plausible plan for coordination of research and integration
of resultsof results Caveats:Caveats:
No formal institutional commitment at this time from MIT or HarvardNo formal institutional commitment at this time from MIT or Harvard Any formal activities must be proposed by researchers and approved Any formal activities must be proposed by researchers and approved
by the institutionsby the institutions Expectations:Expectations:
Some MIT or Harvard researchers may choose to participate as Some MIT or Harvard researchers may choose to participate as individuals in intellectually exciting workshops that are aligned with individuals in intellectually exciting workshops that are aligned with their intereststheir interests
More extensive commitments, for example to joint research projects More extensive commitments, for example to joint research projects or a research consortium might be possible in the future if scientific or a research consortium might be possible in the future if scientific benefits are clearbenefits are clear
John C. Mallery MIT CSAIL24
ConclusionsConclusions Dialogue between the major cyber Dialogue between the major cyber
powers is important to:powers is important to: Reduce risk of international conflictReduce risk of international conflict Assure orderly international economic Assure orderly international economic
processesprocesses Dialogues among thought leaders Dialogues among thought leaders
from different countries can:from different countries can: Build common understandingsBuild common understandings Explore practical means to reduce Explore practical means to reduce
cyber riskscyber risks