Tag Archive for: Laws

the laws of war must apply in cyberspace


There are rules in war. International humanitarian law regulates what combatants can and can’t do, with the goal of protecting civilians and limiting suffering.

Most of these laws were developed during the 19th and 20th centuries. But in our own century a new kind of battlefield has emerged: the domain of cyberattacks, digital campaigns and online information operations. All these have played a heightened role in Russia’s war in Ukraine and, increasingly, in the current Israel–Hamas conflict.

There is a persistent myth that cyberspace is a lawless wild west. This could not be further from the truth. There is a clear international consensus that existing laws of war apply online.

In the past month, we have seen three significant developments in this area. Rules for “civilian hackers” have begun to gain traction. A new international humanitarian report has recommended ways forward for governments, tech companies and others. And the International Criminal Court has for the first time signalled that it considers cyber warfare to fall within its jurisdiction.

Rules for hacktivists

On October 4 2023, two advisers to the International Committee of the Red Cross proposed a set of rules for “civilian hackers” during war. The proposals include things like “do not conduct any cyber operation against medical and humanitarian facilities” and “when planning a cyber attack against a military objective, do everything feasible to avoid or minimize the effects your operation may have on civilians”.

The authors were motivated by evidence of online attacks disrupting banks, companies, pharmacies, hospitals, railway networks and civilian government services.

Cyber, digital and information operations – used alongside “real-world” military operations – have risen into the mainstream during Russia’s war in Ukraine. Many operations are carried out by civilian groups not formally connected to the military.




Read more:
Russia is using an onslaught of cyber attacks to undermine Ukraine’s defence capabilities


These manoeuvres are not spectacular. However, as Jeremy Fleming (former head of GCHQ, United Kingdom’s electronic spy…

Source…

Grooming cases at record high amid online safety laws delay


Rani Govender, senior policy officer at the NSPCC, said: “We don’t think there’s a trade-off between safety and privacy, we think it’s about investing in those technical solutions which we know are out there, that can deliver for the privacy and safety of all users on these services.”

Source…

What are Beckstrom’s Laws of Cyber Security?


The Internet of Things (IoT) has many defining characteristics, such as tiny, cheap and low power sensors, embedded computers, and connectivity. But one characteristic will rule them all, namely, security. In the very near future, the IoT will probably not exist if it isn’t secure.

Beckstrom’s Laws of Cyber Security sums it up nicely:

  1. Everything that is connected to the Internet can be hacked
  2. Everything is being connected to the Internet
  3. Everything else follows from the first two laws.

Perhaps this should be called a corollary to Beckstrom’s law, as it provides a short proof to the existing law. Originally, Beckstrom’s law (or theorem) was formulated to determine the real valuable or a given network. Postulated by Rod Beckstrom, former director of the National Cybersecurity Center, the law states that, the value of a network, “equals the net value added to each user’s transactions conducted through that network, summed over all the users.”

Image Source: Beckstrom.com

According to Beckstrom, his law can be used to value any network be it social networks, computer networks, and even the Internet as a whole. In his model, the values of the network are determined by looking at all of the transactions conducted and the value added by each transaction.

To determine the value of a network, Becktrom used an economic point-of-view which considers what the additional transactions cost or loss would be if the existing network was turned off. For example, if a goods delivery service is shut down, then customers will go without those goods or obtain them in a different manner (i.e. driving to the store).

This focus on transactions is what distinguishes Beckstrom’s Law from its more famous cousin, Metcalfe’s Law. For Metcalfe, the value of a network was based purely on the size of the network, specifically the number of nodes. Conversely, Beckstrom’s Law focused on transactions, which makes it more applicable to current experiences on the Internet. This means that Metcalfe’s Law doesn’t account for a decreasing value of the network from an increase number of users or hackers who steal value.

Focusing on transactions makes Beckstrom’s Law of immediate value to the…

Source…

IDCARE warns new privacy laws could exacerbate ransomware attacks – Strategy – Security


National identity support service IDCARE is critical of the federal government’s increased penalties for privacy breaches, saying they could encourage companies to pay ransoms in an attempt to keep a breach secret.

It made the comments in a submission [pdf] to the federal government’s review of the Privacy Act.

Breach frameworks seem “less about informing and supporting a person to take-action who has been placed in a potentially vulnerable position, but more about a need for ‘tick a box’ reporting to regulators and to protect other interests”, IDCARE said in its submission.

That leaves Australian businesses vulnerable to ongoing ransom attacks, the organisation said.

“In terms of ransomware attacks, Australia is open for business … there is little disincentive for these criminals to keep targeting Australian businesses and government agencies,” the submission said.

Fear of the recently-introduced penalties – up to $50 million for a serious privacy breach, one-third of the turnover for an affected company, or three times any financial benefit obtained through data misuse – makes things worse, IDCARE’s submission said.

“This is further exacerbated by the conflicting nature of compliance and notification environment,” it said.

“Pay a million dollars or face a breach that may cost $50 million. Don’t pay and have your customer data exploited in the most abhorrent and public way in an attempt to send a clear signal to future organisations that this will be the consequence if their demands are not met.”

While making the payment of ransoms a specific offence could discourage companies from paying, IDCARE said “there are many complexities to this”, including unnamed insurance companies that encourage the payment of a ransom, if that is the cheapest way for a victim company to recover their data.

IDCARE also warns that the government’s proposed amendments to the Privacy Act will have the “perverse outcome” of making privacy compliance “much more litigious”.

Source…