In lieu of an abstract, here is a brief excerpt of the content:

215 The comparison of cyberspace to the high seas, civil aviation, and viral diseases has generated a debate on the applicability of their regulation to the cyber domain. A group of nations led by Russia and China is calling for a new regulatory approach to the cyber domain.1 This debate has advanced efforts to explicate the definition, management, and regulation of information-driven society and the corresponding threats. However, before deciding on new regulatory steps, it is useful to look to existing legal concepts that have been designed with the cyber domain in mind or reflect upon accepted principles that can be applied to cyberspace. Considering the international legal and policy framework applicable to cyber security, many concepts useful in remedying cyber security exist but are scattered in various fields of law and often in need of interpretation in the context of current threats. Several of those concepts have proven useful in managing international cyber incidents by creating innovative legal practices. Those practices, if skillfully combined, could reduce the gray area that allows perpetrators of cyber crimes to get away with disruptive and other hostile acts that threaten international security. CYBER SECURITY LAW It is difficult to reach a consensus on an exact definition of cyber security. As one analyst opined, the mandate of computer security has grown in complexity and seriousness as information technology has saturated social life and sophisticated threats have multiplied. In order to understand laws applicable to cyber conflict, cyber security must be understood in conceptual terms.2 Cyber security originated with computer security, which is based on the scienti fic and technical field of the same name. In recent decades cyber security has CHAP TER 13 Establishing Rules for Cyber Security ENEKEN TIKK Establishing Rules for Cyber Security 216 become complex and sophisticated and grown into network security, information systems security, and information assurance, which all describe measures for protecting computers, networks, and information from failures and breaches. Today the term cyber security links computer security to national security and engages the leaders of government, corporations, and nongovernmental organizations at varying levels of interest and involvement as Larry Clinton notes in chapter 11 to this volume. From an international legal perspective, cyber security has become more sophisticated as cyber crimes and other malicious acts in cyberspace become more organized and dangerous. Such acts threaten national security, can reach the threshold of an armed attack and require remediation from the perspective of computer security and information society. The term cyber security appears frequently in US legislation whereas the North Atlantic Treaty Organization (NATO) has adopted cyber defense. In its polyglot style, the European Union in its numerous instruments refers to information and communication technology security, network and information security , information technology security, information security, network security, and cyber security. For the purpose of the following discussion, cyber security ranges from organization-centric computer and network security to global outNot patching the software Breach of internal policy or regulations Illegal interception Crime Cyber equivalent of an armed attack Cyber warfare Internet service providers not reporting illegal activity Breach of a legal obligation Threat to national security Purpose to influence the government or interfere with social structure of the state Figure 13.1 Spectrum of Cyber Conflict Source: Eneken Tikk, “Frameworks for International Cyber Security” (NATO Cooperative Cyber Defence Centre of Excellence). [18.117.142.128] Project MUSE (2024-04-25 17:39 GMT) eneken tikk 217 reach to prevent or mitigate cyber warfare. Cyber conflict together with cyber security comprises different phases and invokes different legal remedies and responses (see figure 13.1). Accordingly, cyber security begins with designing secure and resilient information systems in peacetime and ends with choosing and applying appropriate means of cyber warfare. Although the operational skills for cyber security are technologically similar throughout the spectrum, legal regimes and solutions can vary significantly. Thus it is crucial to understand and apply concepts from different legal fields to cyber security in a systematic manner, which is easier said than done (see figure 13.2). It is difficult to find experts skilled in every relevant legal field, while many groups are interested in the effect of cyber security on users , businesses, and the information society. With cyber security reaching across various fields of law, it has recently been seen as an interdisciplinary problem. Such approaches are not exceptional, but they rarely cover distinct fields of law with equal intensity. Telecoms...

Share