A Progress Report on Combating Cyber Attacks

Hackers have been online since a Cornell graduate student infected MIT’s burgeoning network with the first Internet worm on November 2, 1988. But recently cyber attacks on states have proliferated both in numbers and severity. The best-known recent example of such a cyber attack was on April 27, 2007. In a matter of hours, the websites of Estonia’s leading banks and newspapers crashed. Government communications were compromised. An enemy had invaded and was assaulting dozens of targets across the country. But this was not the result of a nuclear, chemical, or biological weapon of mass destruction. Nor was it a classical terrorist attack. A computer network was responsible, with attacks coming from thousands of zombie private computers around the world. And this was just the beginning. Flash forward to August 7, 2008 when immediately prior to the Russian army invading Georgia en masse a cyber attack reportedly crippled the IT systems of the Georgian military including air defense. Georgian command and control was forced to resort to U.S. government and Google accounts while Estonian advisors helped to deflect the ongoing cyber onslaught.

For my full article on how cyber security has progressed since the 2007 cyber attacks on Estonia, please visit: http://ssrn.com/abstract=1499849

State Responsibility for Cyber Attacks

The domestic and global implications of human society’s increasingly critical dependence on the Internet makes necessary the ability to deter, detect, and minimize the effects of cyber attacks. Today, NATO and the United States alike are at the point of determining how the governance of cyberspace should develop, including influencing the vector of the jus ad bellum from the very inception of the legal framework for cyberwarfare. The strategies and practices that are assumed in the short-term thus will greatly impact how this fast evolving body of law is shaped. There are currently two vying regimes for State responsibility under international law: the effective and overall control standards. Due to the technical difficulties with proving attribution for cyber attacks, along with the unreasonably high standards of proof imposed by the effective control standard, the overall control standard should be adopted. This has the benefit of holding accountable State sponsors of cyber attacks where there exists sufficient proof beyond a reasonable doubt, as opposed to beyond any doubt. Adopting the overall control standard for cyber attacks is thus both within the best interests of NATO and the international community.

Op Ed in San Francisco Chronicle

I have published an op-ed in the San Francisco Chronicle about the recent cyber attacks on Google. Follow the link here: first op ed!: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/01/24/INJB1BJVGU.DTL. Let me know what you think!