Application of principles of international law tocomputer network operations managementAdriana Dvoršak1st international ac...
1. Security of IP (concern of the IETF).2. Security of networks (focus on CERT).3. Security of business.4. The individuals...
and law of armed conflict:1. military necessity,2. distinction,3. proportionality,4. perfidy,5. neutrality, and6. unnecess...
(Kanuck, 2007)
CNO in operation Allied forceCNE - NATO, SerbiaCNA – NATOCND – US (?)Propaganda - SerbiaMilitary deception - SerbiaLearnin...
Offensive doctrineMilitary foreign policy options are expandedSmall states with offensive foreign policyCan Slovenia advoc...
CNA CNDTARGETIW AREASTACTICSTACTICSWEAPONS ATTRIBUTESCONSEQUENCESREACTIONSperceptions,actionsRECOVERYDECISIONCONTEXTCONSID...
The self-defence rule:Everyone has the right to self-defence.The cooperation rule:The fact that a CNA has been conducted v...
The territoriality rule:Information infrastructure located within a state’s territory issubject to that state’s territoria...
Member States required to have:• national network and information security (NIS)strategy;• NIS cooperation plan;• NIS comp...
Obligatory breach notification to the competent authority,it determines which notification is in the public interest(secur...
Difference Proposal for a Directive on network and infosecurity vs Cyber Security StrategyCyberdefence policy and capabili...
High Representative, MS, EDA will assess capabilitydevelopment:doctrine, leadership, organisation, personnel, training, te...
National cyber security and cyber defense strategy.Analysis of external environmentPressure - normative dimension (EU Dire...
Centre vs. PeripheryGlobal North - Global South relationsBalkanization of CNE1981 UNGA Declaration on Non-intervention: “t...
National assesementSynergies between national needs and internationalrequirementsEU DirectiveNATO requirementsNew institut...
AppendixConstitution of International Telecommunications Union (1992).Doria, A. (2007). What do the Words »Internet Securi...
Application of principles of international law to computer networks operations management
Upcoming SlideShare
Loading in …5
×

Application of principles of international law to computer networks operations management

529 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
529
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Application of principles of international law to computer networks operations management

  1. 1. Application of principles of international law tocomputer network operations managementAdriana Dvoršak1st international academic conferenceon intelligence and securityContemporary Intelligence Support Systems. 
  2. 2. 1. Security of IP (concern of the IETF).2. Security of networks (focus on CERT).3. Security of business.4. The individuals human rights (privacy)5. National security (state sovereignty, nationalinterests, cyber warfare).(Doria, 2007)Providing security to individuals, business, state.Concepts of cyber security
  3. 3. and law of armed conflict:1. military necessity,2. distinction,3. proportionality,4. perfidy,5. neutrality, and6. unnecessary suffering.Principles of international law
  4. 4. (Kanuck, 2007)
  5. 5. CNO in operation Allied forceCNE - NATO, SerbiaCNA – NATOCND – US (?)Propaganda - SerbiaMilitary deception - SerbiaLearning points for NATOVulnerabilitiesNational decision making processesState practice from the region
  6. 6. Offensive doctrineMilitary foreign policy options are expandedSmall states with offensive foreign policyCan Slovenia advocate cyber offensive?Article 124 of Constitution: In the provision of security the stateproceeds principally from a policy of peace, and an ethic ofpeace and non-aggression.Legal conditions for CNARight for self-defensePart of general and information warfareRequest from UNSCCoalitions of the willing supported by UN ResolutionCyber offensive
  7. 7. CNA CNDTARGETIW AREASTACTICSTACTICSWEAPONS ATTRIBUTESCONSEQUENCESREACTIONSperceptions,actionsRECOVERYDECISIONCONTEXTCONSIDERATIONS FORIW PLANNING1 Legal,political,social2 Skil levels, technical3 FinancialreevaluationCNO lifecycle modelAdapted from van Niekerk, 2011
  8. 8. The self-defence rule:Everyone has the right to self-defence.The cooperation rule:The fact that a CNA has been conducted via information systems located ina state’s territory creates a duty to cooperate with the victim state.The access to information rule:The public has a right to be informed about threats to their life, securityand well-being.The mandate rule:An organisation’s capacity to act (and regulate) derives from its mandate.The data protection rule:Information relating to an identified or identifiable natural person isregarded as personal data.(Tikk, 2011)NATO 10 rules
  9. 9. The territoriality rule:Information infrastructure located within a state’s territory issubject to that state’s territorial sovereignty.The responsibility rule:Fact that CNA was launched from inf.system located in a state’sterritory is evidence that the act is attributable to that state.The duty of care rule:Everyone has the responsibility to implement a reasonable levelof security in their information infrastructure.The early warning rule:There is an obligation to notify potential victims about known,upcoming cyber attacks.The criminality rule:Every nation has the responsibility to include the most commoncyber offences in its substantive criminal law.NATO 10 rules
  10. 10. Member States required to have:• national network and information security (NIS)strategy;• NIS cooperation plan;• NIS competent national authority:– technical expertise,– international liasion,– security breach reporting,– CERT functions.• Computer Emergency Response Team (CERT).EU Directive on common level of NIS
  11. 11. Obligatory breach notification to the competent authority,it determines which notification is in the public interest(security intelligence?).Competent authority requires market operators and publicadministrations to:– provide information needed to assess the security of their NIS;– undergo a security audit and make the results available to thecompetent authority;– issues binding instructions to market operators and publicadministrations.(Articles 14 and 15)EU Directive – competent authority
  12. 12. Difference Proposal for a Directive on network and infosecurity vs Cyber Security StrategyCyberdefence policy and capabilities related to CommonSecurity and Defence Policy (CSDP)Aims:– To concentrate on cyberdefence capability on detection,response and recovery from sophisticated cyber threats;– synergies between civilian and military approaches.Cyber Security Strategy and CSDP
  13. 13. High Representative, MS, EDA will assess capabilitydevelopment:doctrine, leadership, organisation, personnel, training, technology,infrastructure, logistics and interoperability.Develop EU cyberdefence policy:missions and operations, dynamic risk management, improvedthreat analysis, information sharing, training and exercise formilitaries in the EU and multinational context.Promote dialogue and coordination– civilian and military actors in the EU,– international partners, NATO, international organisations.High Representative activities
  14. 14. National cyber security and cyber defense strategy.Analysis of external environmentPressure - normative dimension (EU Directive obligations, NATOminimum requirements);Threats.Internal environmentChanges to legal framework (information society, criminal code,privacy).Stakeholders (military, police, academia, civil society,business).Synergies between national cyber incident capabilities, CERT,and competent authority (EU Directive on network and infosecurity)Way ahead for Slovenia
  15. 15. Centre vs. PeripheryGlobal North - Global South relationsBalkanization of CNE1981 UNGA Declaration on Non-intervention: “the right of statesand peoples to have free access to information and to developfully, without interference, their system of information andmass media, and to use their information media in order topromote their political, social, economic, and culturalinterests and aspirations.”Certain CNE amount to an unlawful intervention, e.g. cyberpropaganda activities aimed at fomenting civil upraising in atarget state, interference with elections.Non-intervention
  16. 16. National assesementSynergies between national needs and internationalrequirementsEU DirectiveNATO requirementsNew institutionsConclusions
  17. 17. AppendixConstitution of International Telecommunications Union (1992).Doria, A. (2007). What do the Words »Internet Security« Mean? In Kleinwoechter (Ed.), The Power ofIdeas: Internet Governance in a Global Multi-Stakeholder Environment. BerlinKanuck, S. (2009). Sovereign Discourse on Cyber Conflict under International Law. Texas Law Review,88.van Niekerk, B., & Maharaj, M. S. (2011). The Information Warfare Life Cycle Model. SA Journal ofInformation Management, Vol 13, No1European Commission. (2013a). Cyber Security Strategy of the European Union: An Open, Safe andSecure Cyberspace. Retrieved from http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security.European Commission. (2013b). Proposal for a Directive of the European Parliament and of the Councilconcerning measures to ensure a high common level of network and information security across theUnion. (COM(2013) 48). Retrieved from http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security.Tikk, E. (2011). Ten Rules for Cyber Security. Survival: Global Politics and Strategy, 53(3).

×