Academic journal article Harvard Journal of Law & Technology

Getting It Right: Protecting American Critical Infrastructure in Cyberspace

Academic journal article Harvard Journal of Law & Technology

Getting It Right: Protecting American Critical Infrastructure in Cyberspace

Article excerpt

TABLE OF CONTENTS

I. INTRODUCTION
II. DEFENSE AND SECURITY: A BLURRED DISTINCTION
III. THE CYBERSPACE THREAT AND INTERNATIONAL LAW
   A. Use of Force in Cyber Self-Defense
   B. Conditions for the Use of Force in Cyber Self-Defense
IV. CYBER WARFARE AND CIVIL LIBERTIES
   A. Reversing the Presumption
   B. Impact of the Posse Comitatus Act
V. CONCLUSION

THE DOGMAS OF THE QUIET PAST ARE INADEQUATE TO THE STORMY PRESENT. THE OCCASION IS PILED HIGH WITH DIFFICULTY, AND WE MUST RISE TO THE OCCASION. AS OUR CASE IS NEW, SO WE MUST THINK ANEW AND ACT ANEW. (1)

WHERE ONCE OUR OPPONENTS RELIED EXCLUSIVELY ON BOMBS AND BULLETS, HOSTILE POWERS AND TERRORISTS CAN NOW TURN A LAPTOP COMPUTER INTO A POTENT WEAPON CAPABLE OF DOING ENORMOUS DAMAGE. IF WE ARE TO CONTINUE TO ENJOY THE BENEFITS OF THE INFORMATION AGE, PRESERVE OUR SECURITY, AND SAFEGUARD OUR ECONOMIC WELL-BEING, WE MUST PROTECT OUR CRITICAL COMPUTER-CONTROLLED SYSTEMS FROM ATTACK. (2)

I. INTRODUCTION

The attacks of September 11, 2001 highlight the deadly intent of our adversaries and the nation's vulnerability to "different, unorthodox, and unimaginable" threats. (3) Due to the low cost and wide availability of computers, cyber attacks (4) are an attractive method of warfare. (5) Unlike traditional military weapons, an adversary can use a personal computer, which can be purchased almost anywhere for a few hundred dollars, to accomplish a military objective. (6) In 2003, the Computer Emergency Response Team Coordination Center received reports of 137,529 "incidents." (7) Attacks against network systems have become so common that, in 2004, the Computer Emergency Response Team stopped maintaining statistics showing the number of "incidents." (8) In 2004, the Congressional Research Service estimated that the economic impact of cyber attacks in the United States was $226 billion. (9)

Cyber attacks can originate from a number of sources. Michael Vatis, former head of the Institute for Security Technology Studies at Dartmouth College, has identified four categories of threats: terrorists, nation-states, terrorist sympathizers, and thrill seekers. (10) Of these threats, nation-states likely have the greatest capabilities and resources. For example, in the years ahead, the United States will probably face an evolving cyber threat from China. In particular, China is integrating "information warfare units" into its military operations that have the capabilities for "first strikes against enemy networks." (11) In August 1999, China launched several cyber attacks against Taiwan, initiating a "public hacking war" with the disputed island. (12) China may have attacked United States federal government computer systems in the past. (13) Nation-states, however, probably will not attempt major cyber attacks, unless it is a precursor to military action, because of the potential severity of the response. Nation-states have territory, property, and citizens to protect, all of which would be jeopardized if it were to conduct a major cyber attack.

Thrill seekers are a minor threat because they are generally driven by a desire to show off their skills, rather than a desire to destroy. (14) While they are certainly capable of causing some serious problems, both the media and self-promoters from this group have overstated their actual menace. (15)

Cyber terrorists may not have a robust ability to conduct large cyber attacks on critical infrastructure, but they are probably far more likely to try than other actors. (16) Cyber terrorists do not face the repercussions that nation-states would and probably have more destruction-oriented agendas than thrill seekers. Despite this concern, there have been no known attempts to stage such an attack by any major terrorist group. (17) According to Dorothy Denning, a professor of computer science at the Naval Postgraduate School, "[t]errorists have not yet integrated information technology into their strategy and tactics, and significant barriers between hackers and terrorists may prevent their integration into one group. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.