Computer Network Defense Computer Network Attack Law - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Computer Network Defense Computer Network Attack Law

Description:

Argument Utilize CIP approach. Assumptions CNS/CNA more than traditional defense ... Are all attacks on natural gas SCADA systems defense issues? ... – PowerPoint PPT presentation

Number of Views:196
Avg rating:3.0/5.0
Slides: 11
Provided by: lega5
Category:

less

Transcript and Presenter's Notes

Title: Computer Network Defense Computer Network Attack Law


1
Computer Network Defense/Computer Network
AttackLaw Policy
  • LegalNet Works Incorporated
  • ISAG CND/CNA Panel
  • December 21, 2000

2
Overview
  • Argument Utilize CIP approach
  • Assumptions CNS/CNA more than traditional
    defense
  • Describe CIP Legal Approach
  • Three Examples
  • Power Grid Attack
  • National Air Space Restoration
  • Internet Defense and Repair
  • No-Action Consequences
  • Conclusions

3
Argument
  • There is no comprehensive and overarching legal
    framework for CND CNA policy
  • Future framework must incorporate a wide range of
    law and policy covering more than traditional
    defense categories (law enforcement, intel,
    defense)
  • Critical infrastructure protection offers a risk
    management legal construct to support and
    facilitate CND/CNA demands.

4
Assumptions
  • CND/CNA legal framework involves range of needs
    from prevention, to detection, and restoration
  • Defense resources highly dependent on privately
    owned and operated infrastructures, networks,
    systems
  • Information on network/system attacks/outages is
    useful
  • Traditional defense authorities not sufficient
    ill-suited to mandate private sector activity
  • CIP laws and policies provide robust legal
    framework for CND/CNA activity

5
Year 2000 General Counsel Discussions
  • Y2K revealed legal CND/NCA legal limitations
  • Each presents national/economic security legal
    issues
  • What authority facilitated post-attack
    restoration of FEDWIRE and bank payment systems?
  • Who is responsible for defending equity markets?
  • Could Federal government assist in re-engineer of
    Calif. Dbase?
  • Are all attacks on natural gas SCADA systems
    defense issues?
  • What laws allowed for protection of foreign
    government critical infrastructures?
  • Lesson learned Cross-functional, interagency
    legal challenge

6
Example Power Grid Cyber Attack
  • Issue Attack on portion of power grid need to
    restore service by requiring sale of
    electricity
  • CIP legal framework looks to
  • Gain access to infrastructure community
  • Restore service (versus manage consequences)
  • Require/mandate industry activity
  • Federal Power Act non-Defense authority
  • You fix or well do it for you - Energy
    Department authority
  • Recent usage California blackouts Must sell
    electricity

7
Example Repair Internet Damage
  • Issue Cyber attack on portion of Internet
  • Unregulated community How to restore service,
    require cooperation, gain data on attacks?
  • CIP legal framework looks to
  • Further security cooperation without regulation
    liability exemption
  • Use legal/regulatory levers short of
    war/emergency
  • Restore service (versus manage consequences)
  • Prioritize defense needs within legal framework
  • No legal solution We are unprotected short of
    war
  • Basket approach Combine - Commutations Act,
    Defense Production Act, liability exemption
    (state issue)

8
Defense of theNational Airspace System
  • Issue Cyber attack on portion of National
    Airspace Systems
  • How to restore service? Gather data on source of
    attack?
  • CIP legal framework looks to -
  • Prioritize goods/services in advance DPA of
    1950
  • Restore service (versus manage consequences)
  • Y2K Lesson learned
  • Defense Production Act for national defense
    only
  • National defense lever does not clearly cover
    cyber
  • Congress has never overhauled Cold War
    legislation
  • Need to encourage Congressional action

9
Recommendations
  • Critical infrastructure protection provides legal
    flexibility
  • Engage industry not just on vulnerabilities
  • CINCSPACE review legal needs in networked
    environment
  • Clarify legal triggers, levers
  • national defense, nationals security, war, etc.
  • Focus on risk management as well as consequence
    management

10
Contact Information
  • Lee Zeichner, Esq.
  • LegalNet Works Incorporated
  • 3204 Juniper Lane
  • Falls Church, Virginia 22044
  • 703/536-8767
  • admin_at_leglnet.com
Write a Comment
User Comments (0)
About PowerShow.com