Cyber vs Legislation and Ethics

Colonel John DoodyPanel Chair

Cyber vs. Legislation and Ethics1. Introduction Colonel John Doody2. Legislation versus Ethics in National Security - Military

Operations versus Intelligence Collection versus Law Enforcement Air Cdre Bruce Wynn

3. Cyber and the law of war Lt Col Jan Stinissen3. The basic legal principles that are at stake with regards to

the development of the cybersecurity legal regulatory framework. Dr Radim Polcak

5. Cyber; cross boundary pursuit Mr Michael Drury

6. Cyber threats; the presentational problem of a legal response for politicians and the press? Mr Peter Warren

What is cyber security?MARKET SEGMENTATION

© 2011 Ultra Electronics

NetworksData Devices People

Avai

labi

lity

Inte

grity

Confi

denti

ality

© 2011 Ultra Electronics

What is cyber security?KEY MARKETS

NetworksData Devices People

Avai

labi

lity

Inte

grity

Confi

denti

ality

Traffic Encryption&

Key Management

Network Hardening&

Boundary Protection

Data at RestEncryption

& Key Management

TransactionProtection

Multi-factorAuthentication

Legal Intercept&

CloudComputing

ReliabilityDDoS

ProtectionCollaborative

Working

Penetration Testing&

Vulnerability Scanning

Attack Identification&

ResponseTraining

© 2011 Ultra Electronics

A model to analyse the cyber security market

© 2011Ultra Electronics

What is cyber security?Components subject to Legislation and Ethics?

NetworksData Devices People

Avai

labi

lity

Inte

grity

Confi

denti

ality Cryptography

Key ManagementMeta-Data Production

Legal InterceptKeyless Decryption

DisposalObfuscation

StorageAudited ActionsSecure SoftwareAuthentication

Non-RepudiationAttack Vector

Unauthorised DuplicationMalwareTestingAudit

ManipulationRisk Assessment

Remote RetrievalMeta-Data Provision

Flow ControlLegal InterceptLocal retrievalCompression

SpoofingAccess

AccessKey Management

AuthenticationRecovery

TestingData Retention

Link CryptographyNetwork Cryptography

ObfuscationAccess

Key ManagementMulti-level SecurityLogical Separation

Testing

AuthenticationAccess

KnowledgeSpoofingTesting

Usage RestrictionsAudited Actions

Intrusion DetectionIntrusion ResponseSecure Operation

Attack VectorOperational Validation

TestingRisk Assessment

Damage

Usage RestrictionsRouting

Attack VectorAuthentication

MonitoringDirection ControlAudited Actions

SpoofingAccuracy

Risk AssessmentTesting

Risk AssessmentRisk AppetiteProcedures

PracticeBehaviour

Situational AwarenessSocial Networks

Business ContinuityBusiness Recovery

Access

User InterfacePrioritisation

Legal InterceptOperation

Continued OperationSpoofingEfficiency

RestorationSafety

Wired AccessWireless Access

PrioritisationFlow Control

Legal InterceptShaping

Attack ResponseSafety

© 2011 Ultra Electronics

…and drill down to identify the market

niches that comprise the cyber security

market

© 2011Ultra Electronics

Cyber and the law of war

Lt Col Jan Stinissen

Law of War

• use of force is prohibited, unless …. – self defence, – UNSC Resolution, – humanitarian intervention (?)

• law of armed conflict – humanity, – distinction, – military necessity, – proportionality

Developments

Examples in Cyber

neutralitydespite the borderless character of cyber, also in a cyber conflict a State can be neutral

indiscriminate attackscyber attacks that are not directed at a lawful target, and are of a nature to strike lawful targets and civilian objects without distinction are prohibited