The study of international law and regulation of cyber war in the Tallinn Manual 2.0 is questionable with regard to attribution, the use of force, the exercise of the right of self-defense, the application of the prin...The study of international law and regulation of cyber war in the Tallinn Manual 2.0 is questionable with regard to attribution, the use of force, the exercise of the right of self-defense, the application of the principle of distinction, and even the definition of‘cyber war'. The application of contemporary law of war to cyberspace, including the militarization of cyberspace itself, should be reviewed judiciously. The construction of a cyberspace community with a shared future may be a better way out.展开更多
Using security incident history we identify threats to and using the IoT and other ubiquitous devices emerging since 2012, gaining widespread recognition in 2016, and only lightly addressed in either IoT security lite...Using security incident history we identify threats to and using the IoT and other ubiquitous devices emerging since 2012, gaining widespread recognition in 2016, and only lightly addressed in either IoT security literature or the press. We show the IoT has likely already been used in cyber war between major powers. The new threats, most notably “hijack,” are larger than previous threats combined, but only mildly affect suppliers, and only a few clients. Using a successful behavioral-economic model we show that traditional mitigation places responsibility on un-affected parties and likely will not work. For suppliers, there are profit-conflicted motives, as the new threat rides on a profit vehicle. The new threat circumvents conventional security architecture at a behavioral level. We analyze each actor-target pair and evaluate technical strategies. More effective technical strategies are suggested where old ones are overmatched by the budgets, technical prowess or regulatory power of hostile actors, or the technical nature of the threats. Consolidated action may be needed, but regulation is difficult because of conflicts of interest within the national security community.展开更多
文摘The study of international law and regulation of cyber war in the Tallinn Manual 2.0 is questionable with regard to attribution, the use of force, the exercise of the right of self-defense, the application of the principle of distinction, and even the definition of‘cyber war'. The application of contemporary law of war to cyberspace, including the militarization of cyberspace itself, should be reviewed judiciously. The construction of a cyberspace community with a shared future may be a better way out.
文摘Using security incident history we identify threats to and using the IoT and other ubiquitous devices emerging since 2012, gaining widespread recognition in 2016, and only lightly addressed in either IoT security literature or the press. We show the IoT has likely already been used in cyber war between major powers. The new threats, most notably “hijack,” are larger than previous threats combined, but only mildly affect suppliers, and only a few clients. Using a successful behavioral-economic model we show that traditional mitigation places responsibility on un-affected parties and likely will not work. For suppliers, there are profit-conflicted motives, as the new threat rides on a profit vehicle. The new threat circumvents conventional security architecture at a behavioral level. We analyze each actor-target pair and evaluate technical strategies. More effective technical strategies are suggested where old ones are overmatched by the budgets, technical prowess or regulatory power of hostile actors, or the technical nature of the threats. Consolidated action may be needed, but regulation is difficult because of conflicts of interest within the national security community.
