It is a sign of the times. The Eurosatory defense exhibition opened in the cyber war for a day of conferences.
This first edition of Cyberdef-Cybersec forum brought together experts (Nicolas Arpagian, scientific director of Cyber Security to INHES , Ardavan Amir-Aslani, a lawyer specializing in issues of public international law, Professor Thomas Rid, Department of Studies War of Kings College London), soldiers (including Lt. Gen. Hernandez, head of U.S. Army Cyber Command and Rear Admiral Coustillière, General Officer in charge of cyber defense at the Ministry of Defence) and industry (EADS Cassidian and Thales Communication & Security).
The program of the day addressed the doctrines of use of cyber weapons, legal considerations, and threats against-measures, or the cost of cyber attacks, both for states that private firms.
On this last point, Sebastien Heon (EADS Cassidian) aptly summarized the situation: protection against cyber risks is still too often seen by the Directorates-General as the case of single RSSI, then it is a governance issue that is beyond the scope of the ISS to reach to that enterprise risk. " It's a question of risk, which is not work but that the RSSI of those responsible in the company to quantify the risk and wear the proper hierarchical level ", he says. Thus, according to Sebastian Heon, if DGs do not give the cyber risk due importance is primarily due to poor positioning of the latter. What do you think?
Small arrangements between States
Finally, the palm of the subject returns to the most original Master Ardavan Amir-Aslani, who asked the question of legal recourse against a cyber-aggression between states. An exercise that is not as obvious as it seems and that demonstrates how the fight cyber still operates in a legal limbo.
The heart of the matter lies in the precise definition of what constitutes an armed attack. Because of this distinction will depend on the ability of victims to obtain compensation or justify any act of self-defense. The physical destruction of an industrial complex, even if it involves any conventional weapon, he is an armed attack? (Bet that Iran follows this thinking very carefully!)
For the United Nations, a cyber attack is currently an assault course, but not armed. The use of self-defense would not be possible under these conditions.
But international opinion seems to change about it: most recently in Estonia participants in the fourth International Conference on Cyber Conflict (Cycon, organized by a branch of NATO) all seemed to agree to consider aggression as a cyber attack army. And this is what the United States for some years already profess reserving the right to respond to a cyber attack by a conventional military strike. It is likely that in future the rest of the world lines up behind the U.S. position.
From a strictly legal standpoint, Mr. Amir-Aslani is a reflection of two steps: first define aggression in a cyber: unauthorized access to a computer system, with amendment thereto, and all with intent harm.Next, define the look "armed" of the thing. And then he's looking at the impact tool. Thus, if the purpose is the destruction or neutralization of an industrial site, this would be much of an armed attack.Following this reasoning it would be possible to distinguish between a Stuxnet destructive purpose, and a Flame, which regardless of how advanced it is the intelligence operation (which, once discovered, is generally the rule a friendly and discreet service between the countries concerned)
If the armed attack is proven, yet he remains to find a remedy. To do this two ways are proposed: the International Court of Justice if both parties consent to the jurisdiction thereof, or possibly the Security Council of the United Nations (which seems to have initiated discussions on the issue cyber)
No comments:
Post a Comment