Optimizing Lawful Responses to Cyber Intrusions

Abstract : Cyber intrusions are rarely met with the most effective possible response, less for technical than legal reasons. Different rogue actors (terrorists, criminals, spies, etc.) are governed by overlapping but separate domestic and international legal regimes. Each of these regimes has unique limitations, but also offers unique opportunities for evidence collection, intelligence gathering, and use of force. We propose a framework which automates the mechanistic aspects of the decision-making process, with human intervention for only those legal judgments that necessitate human judgment and official responsibility. The basis of our framework is a pair of decision trees, one executable solely by the threatened system, the other by the attorneys responsible for the lawful pursuit of the intruders. These parallel decision trees are interconnected, and contain pre-distilled legal resources for making an objective, principled determination at each decision point. We offer an open-source development strategy for realizing and maintaining the framework.

[1]  James Bret Michael,et al.  Measured responses to cyber attacks using Schmitt analysis: a case study of attack scenarios for a software-intensive system , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[2]  S. Cherry TIA Is Dead - Long Live TIA , 2003, IEEE Spectrum.

[3]  James Bret Michael,et al.  Lawful Cyber Decoy Policy , 2003, SEC.

[4]  James Bret Michael,et al.  On the response policy of software decoys: Conducting software-based deception in the cyber battlespace , 2002, Proceedings 26th Annual International Computer Software and Applications.

[5]  William Yurcik,et al.  Internet hack back: counter attacks as self-defense or vigilantism? , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[6]  James Bret Michael,et al.  Software Decoys: Intrusion Detection and Countermeasures , 2002 .

[7]  Ted G. Lewis,et al.  The Open Source Acid Test , 1999, Computer.

[8]  P. Samarati,et al.  Security and Privacy in the Age of Uncertainty , 2003, IFIP — The International Federation for Information Processing.

[9]  Michael N. Schmitt,et al.  Bellum Americanum: the U.S. View of Twenty-First Century War and Its Possible Implications for the Law of Armed Conflict , 1998 .

[10]  Paul K. Davis,et al.  Experiments In Multiresolution Modeling (MRM) , 1998 .

[11]  J. Boyd,et al.  A Discourse on Winning and Losing , 1987 .