Russian intelligence agencies have hacked dozens of civilian organizations in the U.S. and other Ukraine-allied nations since February. While this activity has garnered a great deal of attention due to the conflict in Ukraine, the reality is that such nation-state attacks have been common for years. Consequently, many believe it is time for a ‘Digital Geneva Convention’ to defend civilian cyber infrastructure with a digital red cross and thereby protect it against attack. As appealing as this idea may be, International and Domestic Law obstacles abound. What can be done to protect the private sector against powerful nation-state sponsored cyberattacks?
3 Areas of Discussion:
1. Whether a ‘Digital Geneva Convention’ is currently possible under International Law or its subset the Law of Armed Conflict (LOAC).
2. Domestic Law – specifically the Posse Comitatus Act and Computer Fraud and Abuse Act – have grave consequences, positive and negative, in the cyberspace domain. Do they prevent the USG and US companies from taking certain actions to impose a cost on malicious actors looking to harm US civilian cyber infrastructure? The difficult history of the Posse Comitatus Act, which ended Radical Reconstruction, must be acknowledged to reach a good understanding of Cyber Law.
3. Current state for US organizations trying to protect themselves against sophisticated nation-state Advanced Persistent Threats (APTs). The growing arguments the US should use military might (e.g., Cybercommand offensive capabilities) to go after nation-state actors and their dissimulated proxies?
James Dever, M.A., J.D.
Principal at Lockhaven Solutions, LLC. He was a Professor of Cyber Warfare, US Air Force.
Dr. Jack Dever, J.D., LL.M., S.J.D.
Principal at Lockhaven Solutions, LLC. He holds a doctorate in Cyber Law.
Co-Hosted by Craig Ball & Mary Mack, CISSP CEO, EDRM