Like it or not, „cyber“ is here to stay. No matter what word you use, the networks have become a battlefield for various military operations. While you won’t be able to secure physical territory by keyboard (you still need boots on the ground for this), you can gain information, thwart hostile communications, and possibly sabotage devices (given the sorry state of the Internet of Stuff). When you deal with actions in this arena, you might want to know what your options are. It’s worth to think about legal consequences. When it comes to mundane cyber crime, you usually have laws to deal with incidents. What is the response to a military cyber attack? And what counts as one? In his presentation at DeepSec 2015 Oscar Serrano will introduce you to the legal implications and options.
We will introduce briefly the Tallinn Manual on the International Law Applicable to Cyber Warfare and the different legal frameworks that could be used to respond to cyber-attacks, such as Jus ad Bellum, Jus in Bello, the Counter measures doctrine or Criminal International Law. Later we will propose a taxonomy of possible cyber-attacks and for each possible type of attack we will discuss the framework that most likely fits best the caused effect. The conclusion is, that, despite much talk in the media about Cyber War and possible National retaliations against cyber incidents, in reality the legal framework that best fits Cyber incidents is the International Criminal Law. A request for extradition is most likely that the application of the UN chapter 5 for most cases.
Thinking ahead is best done when not dealing with incidents. So attend Oscar’s presentation and learn what you can do when facing a serious attack or being caught in the middle.
Oscar Serrano has worked as Scientist and consultant for major international organizations such as the Austrian Research Centres, Siemens or Eurojust for the last 15 years. In his role as Senior Scientist in Cyber Defence, he currently advices a major international military organization about Cyber Security policy and Risk Management. He is author of several research papers and part of the program committee of the ACM Workshop on Information Sharing and Collaborative Security. His research interests include Threat Information Management, Cyber Law and Detection of Advanced Persistent Threats.