Technology Policy Law And Ethics Regarding U S Acquisition And Use Of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. Cyberattacks-actions intended to damage adversary computer systems or networks-can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues. Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.

This book offers a critical analysis of cybersecurity from a legal-international point of view. Assessing the need to regulate cyberspace has triggered the re-emergence of new primary norms. This book evaluates the ability of existing international law to address the threat and use of force in cyberspace, redefining cyberwar and cyberpeace for the era of the Internet of Things. Covering critical issues such as the growing scourge of economic cyberespionage, international co-operation to fight cybercrime, the use of foreign policy instruments in cyber diplomacy, it also looks at state backed malicious cyberoperations, and the protection of human rights against State security activities. Offering a holistic examination of the ability of public international law, the book addresses the most pressing issues in global cybersecurity. Reflecting on the reforms necessary from international institutions, like the United Nations, the European Union, the Council of Europe, and NATO, in order to provide new answers to the critical issues in global cybersecurity and international law, this book will be of interest to academics, students and practitioners.

Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The American military, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recent Stuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers-presumably sponsored by the Chinese government-is another. Together, they point to a new era in the evolution of human conflict. In Cybersecurity and Cyerbwar: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it can be exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity and Cyerbwar is the definitive account on the subject for the educated general reader who wants to know more about the nature of war, conflict, and security in the twenty-first century.

The essays in this volume illustrate the difficult real world ethical questions and issues arising from accelerating technological change in the military and security domains, and place those challenges in the context of rapidly shifting geopolitical and strategic frameworks. Specific technologies such as autonomous robotic systems, unmanned aerial vehicles, cybersecurity and cyberconflict, and biotechnology are highlighted, but the essays are chosen so that the broader implications of fundamental systemic change are identified and addressed. Additionally, an important consideration with many of these technologies is that even if they are initially designed and intended for military or security applications, they inevitably spread to civil society, where their application may raise very different ethical questions around such core values as privacy, security from criminal behaviour, and state police power. Accordingly, this volume is of interest to students of military or security domains, as well as to those interested in technology and society, and the philosophy of technology.

This book explores the extraordinary difficulties a nation-state’s law enforcement and military face in attempting to prevent cyber-attacks. In the wake of recent assaults including the denial of service attack on Estonia in 2007 and the widespread use of the Zeus Trojan Horse software, Susan W. Brenner explores how traditional categories and procedures inherent in law enforcement and military agencies can obstruct efforts to respond to cyberthreats. Brenner argues that the use of a territorially-based system of sovereignty to combat cyberthreats is ineffective, as cyberspace erodes the import of territory. This problem is compounded by the nature of cybercrime as a continually evolving phenomenon driven by rapid and complex technological change. Following an evaluation of the efficacy of the nation-state, the book goes on to explore how individuals and corporations could be integrated into a more decentralized, distributed system of cyberthreat control. Looking at initiatives in Estonia and Sweden which have attempted to incorporate civilians into their cyber-response efforts, Brenner suggests that civilian involvement may mediate the rigid hierarchies that exist among formal agencies and increase the flexibility of any response. This book will be of great interest to students and researchers of information technological law and security studies.