Internet Attacks: A Policy Framework for Rules of Engagement
暂无分享,去创建一个
Information technology is redefining national security and the use of force by state and nonstate actors. The use of force over the Internet warrants analysis given recent terrorist attacks. At the same time that information technology empowers states and their commercial enterprises, information technology makes infrastructures supported by computer systems increasingly accessible, interdependent, and more vulnerable to malicious attack. The Computer Security Institute and the FBI jointly estimate that financial losses attributed to malicious attack amounted to $378 million in 2000. International Law clearly permits a state to respond in self-defense when attacked by another state through the Internet, however, such attacks may not always rise to the scope, duration, and intensity threshold of an armed attack that may justify a use of force in self-defense.
This paper presents a policy framework to analyze the rules of engagement for Internet attacks. We describe the state of Internet security, incentives for asymmetric warfare, and the development of international law for conflict management and armed conflict. We focus on options for future rules of engagement specific to Information Warfare.
We conclude with four policy recommendations for Internet attack rules of engagement: (1) the U.S. should pursue international definitions of "force" and "armed attack" in the Information Warfare context; (2) the U.S. should pursue international cooperation for the joint investigation and prosecution of Internet attacks; (3) the U.S. must balance offensive opportunities against defensive vulnerabilities; and (4) the U.S. should prepare strategic plans now rather than making policy decisions in real-time during an Internet attack.
[1] Steven M. Bellovin,et al. Building Trustworthy Systems: Lessons from the PTN and Internet , 1999, IEEE Internet Comput..
[2] Walter G. Sharp,et al. Cyberspace and the Use of Force , 1999 .
[3] Nancy R. Mead,et al. Survivability: Protecting Your Critical Systems , 1999, IEEE Internet Comput..
[4] H. V. Jagadish,et al. Information warfare and security , 1998, SGMD.