Defense

Industrial Base

Cybersecurity

更多

Strategy

2024

收起

Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations

Author(s): Michael N. Schmitt

Publisher: Cambridge University Press, Year: 2017

更多

ISBN: 1107177227,9781107177222

Tallinn Manual 2.0 expands on the highly influential first edition by extending its coverage of the international law governing cyber operations to peacetime legal regimes. The product of a three-year follow-on project by a new group of twenty renowned international law experts, it addresses such topics as sovereignty, state responsibility, human rights, and the law of air, space, and the sea. Tallinn Manual 2.0 identifies 154 'black letter' rules governing cyber operations and provides extensive commentary on each rule. Although Tallinn Manual 2.0 represents the views of the experts in their personal capacity, the project benefitted from the unofficial input of many states and over fifty peer reviewers.

收起

Tallinn Manual on the International Law Applicable to Cyber Warfare

Author(s): Michael N. Schmitt

Publisher: Cambridge University Press, Year: 2013

更多

ISBN: 1107024439,9781107024434

The product of a three-year project by twenty renowned international law scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules' governing such conflicts. It addresses topics including sovereignty, State responsibility, the jus ad bellum, international humanitarian law, and the law of neutrality. An extensive commentary accompanies each rule, which sets forth the rule's basis in treaty and customary law, explains how the group of experts interpreted applicable norms in the cyber context, and outlines any disagreements within the group as to each rule's application.

收起

National Cybersecurity Strategy Implementation Plan

President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:

更多

Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk

Increasing incentives to favor long-term investments into cybersecurity

收起

Biden-⁠Harris Administration Announces National Cybersecurity Strategy

MARCH 02, 2023

Space systems, ranging from satellites to mission control centers, are frequently the target of cyberattacks. Despite

the space industry's technical sophistication, their cybersecurity efforts have lagged behind that of other

high-technology sectors. Evidenced by the prevalence of vulnerabilities and attack vectors that go unchecked, space

更多

systems ranging from CubeSats to sophisticated rovers have considerable cybersecurity challenges. Although some of

these issues are no different than other industries, space systems are met with a unique confluence of cybersecurity

risks that complicates the sector's remediation capabilities. This paper explores factors that led to the space sector's

poor cybersecurity posture, various cyberattacks against space systems, and existing mitigation techniques employed

by the sector. Analyzing the current state of the industry along with security practices across similar sectors, several

security principles for satellites and space assets are proposed to help reorient the sector toward designing,

developing, building, and managing cyber secure systems. These security principles address both technical and policy

issues in order to address all space system stakeholders.

收起

Satellite ground systems represent an often neglected aspect of cyber security when dis-cussing Air Force and Department of Defense cyber vulnerabilities. An increasing amount of cyber security research and attacks focus on space ground systems in the form of satellite con-trol, satellite communications terminal hacking, and GPS spoofing. Public evidence exists demonstrating nation-state adversary willingness and intent for attacking these systems. Ground systems find themselves in a gray area of compliance between the two cyber security risk man-agement regulations DoDI 8510 and Committee on National Security Systems Instruction 1253. Both require compliance to security controls, but neither build in the evaluation or mandatory controls necessary for the mitigation of risk. A further examination of private industry standards and theory shows better methods of mitigating cyber security risk via simplifying the security controls necessary, using time-based methods for analyzing controls, and conducting preventa-tive cyber security engineering on new systems for the provision of information assurance.

While physical threats to the U.S. power grid and pipelines have long worried policymakers, cyber threats to the computer systems that operate this critical infrastructure are an increasing concern. Cybersecurity risks against the power and pipeline sectors are similar, as both use similar control systems, and there appears to be a broad consensus that cyber threats to this infrastructure are on the rise. Furthermore, with ever-greater physical interdependency between electricity generators and the natural gas pipelines that supply their fuel, many in Congress recognize that grid and pipeline cybersecurity are intertwined. In 2015, the Fixing America’s Surface Transportation Act (the FAST Act) provided the Secretary of Energy with new authority to protect or restore the power grid during a grid security emergency, including a cyber incident. Congress is considering additional legislation to fund and expand the Department of Energy’s cybersecurity programs.