Thursday, April 30, 2009
Tweet[IWS] New Report --CYBERATTACK CAPABILITIES: Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of [April 2009]
IWS Documented News Service
_______________________________
Institute for Workplace Studies----------------- Professor Samuel B. Bacharach
School of Industrial & Labor Relations-------- Director, Institute for Workplace Studies
Cornell University
16 East 34th Street, 4th floor---------------------- Stuart Basefsky
New York, NY 10016 -------------------------------Director, IWS News Bureau
________________________________________________________________________
National Academies Press
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities [April 2009]
http://www.nap.edu/catalog.php?record_id=12651
or
http://www.nap.edu/catalog.php?record_id=12651#toc
[to read full-text online]
Description:
The US armed forces, among other intelligence agencies, are increasingly dependent on information and information technology for both civilian and military purposes. Although there is ample literature written on the potential impact of an offensive or defensive cyberattack on societal infrastructure, little has been written about the use of cyberattack as a national policy tool. This book focuses on the potential for the use of such attacks by the United States and its policy implications.
Since the primary resource required for a cyberattack is technical expertise, these attacks can be implemented by terrorists, criminals, individuals and corporate actors. Cyberattacks can be used by U.S. adversaries against particular sectors of the U.S. economy and critical national infrastructure that depend on computer systems and networks. Conversely, they can be used by the U.S. intelligence community with adequate organizational structure and appropriate oversight.
Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores the important characteristics of cyberattacks and why they are relatively ideal for covert action. Experts argue that the United States should establish a national policy for launching cyberattacks, whether for purposes of exploitation, offense or defense for all sectors of government. This book will be of special interest to the Department of Defense, the Department of Homeland Security, law enforcement, and the greater intelligence community.
Press Release 29 April 2009
Greater Transparency Needed in Development of U.S. Policy on Cyberattack
http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=12651
WASHINGTON -- The current policy and legal framework regulating use of cyberattack by the United States is ill-formed, undeveloped, and highly uncertain, says a new report from the National Research Council. The United States should establish clear national policy on the use of cyberattack, while also continuing to develop its technological capabilities in this area. The U.S. policy should be informed by open national debate on the technological, policy, legal, and ethical issues of cyberwarfare, said the committee that wrote the report.
"Cyberattack is too important a subject for the nation to be discussed only behind closed doors," said Adm. William Owens, former vice chairman of the Joint Chiefs of Staff and former vice chairman and CEO of Nortel Corp., and Kenneth Dam, Max Pam Professor Emeritus of American and Foreign Law at the University of Chicago School of Law, who co-chaired the committee.
Cyberattacks -- actions taken against computer systems or networks -- are often complex to plan and execute but relatively inexpensive, and the technology needed is widely available. Defenses against such attacks are discussed, but questions on the potential for, and the ramifications of, the United States' use of cyberattack as a component of its military and intelligence arsenal have not been the subject of much public debate. Although the policy and organizational issues raised by the use of cyberattack are significant, the report says, "neither government nor society at large is organized or prepared to handle issues related to cyberattack, let alone to make broadly informed decisions."
The U.S. could use cyberattack either defensively, in response to a cyberattack from another nation, or offensively to support military missions or covert actions, the report says. Deterring such attacks against the U.S. with the threat of an in-kind response has limited applicability, however; cyberattacks can be conducted anonymously or falsely attributed to another party relatively easily, making it difficult to reliably identify the originator of the attack.
Employing a cyberattack carries with it some implications that are unlike those associated with traditional physical warfare, the report says. The outcome is likely to be more uncertain, and there may be substantial impact on the private sector, which owns and operates much of the infrastructure through which the U.S. would conduct a cyberattack. The scale of such an attack can be enormous and difficult to localize. "Blowback" to the U.S. -- effects on our own network systems -- is possible.
Clear national policy regarding the use of cyberattack should be developed through open debate within the U.S. government and diplomatic discussion with other nations, the report says. The U.S. policy should make it clear why, when, and how a cyberattack would be authorized, and require a periodic accounting of any attacks that are conducted, to be made available to the executive branch and to Congress.
From a legal perspective, cyberattack should be judged by its effects rather than the method of attack; cyberwarfare should not be judged less harshly than physical warfare simply by virtue of the weapons employed. The Law of Armed Conflict (LOAC), an international law regulating conduct during war, should apply to cyberattack. However, there are aspects of cyberwarfare that will not fit neatly within this structure. LOAC was designed to regulate conflict between nations, but cyberweapons can easily be used by non-state groups, making issues such as determining appropriate targets for military retaliation difficult to address. Additional legal constructs will be needed to govern cyberattacks, and the framework of LOAC and the U.N. Charter on the use of armed force would be an appropriate starting point, the report says.
This study was sponsored by the MacArthur Foundation, Microsoft Corp., and the National Research Council. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, nonprofit institutions that provide science, technology, and health policy advice under a congressional charter. The Research Council is the principal operating agency of the National Academy of Sciences and the National Academy of Engineering. A committee roster follows.
______________________________
This information is provided to subscribers, friends, faculty, students and alumni of the School of Industrial & Labor Relations (ILR). It is a service of the Institute for Workplace Studies (IWS) in New York City. Stuart Basefsky is responsible for the selection of the contents which is intended to keep researchers, companies, workers, and governments aware of the latest information related to ILR disciplines as it becomes available for the purposes of research, understanding and debate. The content does not reflect the opinions or positions of Cornell University, the School of Industrial & Labor Relations, or that of Mr. Basefsky and should not be construed as such. The service is unique in that it provides the original source documentation, via links, behind the news and research of the day. Use of the information provided is unrestricted. However, it is requested that users acknowledge that the information was found via the IWS Documented News Service.
****************************************
Stuart Basefsky
Director, IWS News Bureau
Institute for Workplace Studies
Cornell/ILR School
16 E. 34th Street, 4th Floor
New York, NY 10016
Telephone: (607) 255-2703
Fax: (607) 255-9641
E-mail: smb6@cornell.edu
****************************************
_______________________________
Institute for Workplace Studies----------------- Professor Samuel B. Bacharach
School of Industrial & Labor Relations-------- Director, Institute for Workplace Studies
Cornell University
16 East 34th Street, 4th floor---------------------- Stuart Basefsky
New York, NY 10016 -------------------------------Director, IWS News Bureau
________________________________________________________________________
National Academies Press
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities [April 2009]
http://www.nap.edu/catalog.php?record_id=12651
or
http://www.nap.edu/catalog.php?record_id=12651#toc
[to read full-text online]
Description:
The US armed forces, among other intelligence agencies, are increasingly dependent on information and information technology for both civilian and military purposes. Although there is ample literature written on the potential impact of an offensive or defensive cyberattack on societal infrastructure, little has been written about the use of cyberattack as a national policy tool. This book focuses on the potential for the use of such attacks by the United States and its policy implications.
Since the primary resource required for a cyberattack is technical expertise, these attacks can be implemented by terrorists, criminals, individuals and corporate actors. Cyberattacks can be used by U.S. adversaries against particular sectors of the U.S. economy and critical national infrastructure that depend on computer systems and networks. Conversely, they can be used by the U.S. intelligence community with adequate organizational structure and appropriate oversight.
Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores the important characteristics of cyberattacks and why they are relatively ideal for covert action. Experts argue that the United States should establish a national policy for launching cyberattacks, whether for purposes of exploitation, offense or defense for all sectors of government. This book will be of special interest to the Department of Defense, the Department of Homeland Security, law enforcement, and the greater intelligence community.
Press Release 29 April 2009
Greater Transparency Needed in Development of U.S. Policy on Cyberattack
http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=12651
WASHINGTON -- The current policy and legal framework regulating use of cyberattack by the United States is ill-formed, undeveloped, and highly uncertain, says a new report from the National Research Council. The United States should establish clear national policy on the use of cyberattack, while also continuing to develop its technological capabilities in this area. The U.S. policy should be informed by open national debate on the technological, policy, legal, and ethical issues of cyberwarfare, said the committee that wrote the report.
"Cyberattack is too important a subject for the nation to be discussed only behind closed doors," said Adm. William Owens, former vice chairman of the Joint Chiefs of Staff and former vice chairman and CEO of Nortel Corp., and Kenneth Dam, Max Pam Professor Emeritus of American and Foreign Law at the University of Chicago School of Law, who co-chaired the committee.
Cyberattacks -- actions taken against computer systems or networks -- are often complex to plan and execute but relatively inexpensive, and the technology needed is widely available. Defenses against such attacks are discussed, but questions on the potential for, and the ramifications of, the United States' use of cyberattack as a component of its military and intelligence arsenal have not been the subject of much public debate. Although the policy and organizational issues raised by the use of cyberattack are significant, the report says, "neither government nor society at large is organized or prepared to handle issues related to cyberattack, let alone to make broadly informed decisions."
The U.S. could use cyberattack either defensively, in response to a cyberattack from another nation, or offensively to support military missions or covert actions, the report says. Deterring such attacks against the U.S. with the threat of an in-kind response has limited applicability, however; cyberattacks can be conducted anonymously or falsely attributed to another party relatively easily, making it difficult to reliably identify the originator of the attack.
Employing a cyberattack carries with it some implications that are unlike those associated with traditional physical warfare, the report says. The outcome is likely to be more uncertain, and there may be substantial impact on the private sector, which owns and operates much of the infrastructure through which the U.S. would conduct a cyberattack. The scale of such an attack can be enormous and difficult to localize. "Blowback" to the U.S. -- effects on our own network systems -- is possible.
Clear national policy regarding the use of cyberattack should be developed through open debate within the U.S. government and diplomatic discussion with other nations, the report says. The U.S. policy should make it clear why, when, and how a cyberattack would be authorized, and require a periodic accounting of any attacks that are conducted, to be made available to the executive branch and to Congress.
From a legal perspective, cyberattack should be judged by its effects rather than the method of attack; cyberwarfare should not be judged less harshly than physical warfare simply by virtue of the weapons employed. The Law of Armed Conflict (LOAC), an international law regulating conduct during war, should apply to cyberattack. However, there are aspects of cyberwarfare that will not fit neatly within this structure. LOAC was designed to regulate conflict between nations, but cyberweapons can easily be used by non-state groups, making issues such as determining appropriate targets for military retaliation difficult to address. Additional legal constructs will be needed to govern cyberattacks, and the framework of LOAC and the U.N. Charter on the use of armed force would be an appropriate starting point, the report says.
This study was sponsored by the MacArthur Foundation, Microsoft Corp., and the National Research Council. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, nonprofit institutions that provide science, technology, and health policy advice under a congressional charter. The Research Council is the principal operating agency of the National Academy of Sciences and the National Academy of Engineering. A committee roster follows.
______________________________
This information is provided to subscribers, friends, faculty, students and alumni of the School of Industrial & Labor Relations (ILR). It is a service of the Institute for Workplace Studies (IWS) in New York City. Stuart Basefsky is responsible for the selection of the contents which is intended to keep researchers, companies, workers, and governments aware of the latest information related to ILR disciplines as it becomes available for the purposes of research, understanding and debate. The content does not reflect the opinions or positions of Cornell University, the School of Industrial & Labor Relations, or that of Mr. Basefsky and should not be construed as such. The service is unique in that it provides the original source documentation, via links, behind the news and research of the day. Use of the information provided is unrestricted. However, it is requested that users acknowledge that the information was found via the IWS Documented News Service.
Stuart Basefsky
Director, IWS News Bureau
Institute for Workplace Studies
Cornell/ILR School
16 E. 34th Street, 4th Floor
New York, NY 10016
Telephone: (607) 255-2703
Fax: (607) 255-9641
E-mail: smb6@cornell.edu
****************************************