Please enable JavaScript.
Coggle requires JavaScript to display documents.
190219 Cyber Storm Policy Workshop (Final Session (MAJGEN Thompson…
190219 Cyber Storm Policy Workshop
Legal Authorities (Bryan Cunningham)
setting
some actors don't disguise attacks (eg Russia)
Dunkirk parallel: will be a private/public partnership
US law
hierarchy analysis
can the unit have the authority to do as ordered
supporting law, however, much is invested in the executive so a tension b/n POTUS and the Congress
Intel act - authorises and limited
anything in the law that prohibits POTUS
does POTUS (Chief Executive / CinC) have the authority?
federal nature
federal will have primacy
but states can give more rights but not less
property law
if damage in war no federal liability
if military takes for purpose of war then maybe compensation is required
for computers: can do anything beyond your firewall
Mircosoft will get a court order to direct to Mircrosoft servers to launch and offensive cyber attack
Australia
domestic legal power for ADF to conduct offensive cyber (OCO)
this is inserting your own code on another computer | this doesn't do anything until the computer does something
in US this is trespass (but silent on the Govt)
for AS means C'wealth is liable for trespass so Defence needs legal power
through legislation
but Constitution allows taking of property on just terms
so compensation is required
or implied through common law
opportunities for the C'wealth
Royal War perogative
have the right to take possession of property in the face of the enemy to fight the law (15C origins)
so possible in times of war
what is war :question:
criminal code
prevents some acts to computers except with authorisation
so, in times of war, the ADF as the authorisation/entitlement to perform
in terms of Defence don't believe this is a difference b/n domestic and foreign
possible for expressed immunises for ADF in the criminal code
ASIO has different perogatives
NATO CCDCOE (Widmann)
attribution is seen as key
not all members agree: sovereignty issues
exercises to solve
will be per event consideration but a matrix
estb cyber ops centre
issues with definitions
C2
will traditional lines work
speed
execises
most important focus for like minded nations
focus on international coop
cyber injects to Trident series
Locked Shields
fictional nation Berylia in mid north Atlantic
comes under attack
fm more powerful nation
technical exerices
play from home countries
leads to decision making exercise
work with industry
esp setting up the exercise
participants
anonymous
as determined by country
Strat Track
considers policy, regulation, ROE, strat comms
decision making ex
authority, time, transparency, information sharing, classification
cyber has no geography
but proximity to aggressor matters (esp decision making)
key insights
know who does what and who has the authority
AS defence and Advanced Tech
history
iron clad ships / steam inc rail / comms
disruptions
geopolitics
great power competition
manipulation of democratic peoples by authoritarian states
technology more equally shared between belligerents
inc carbon based intel
esp AI
many functions may move beyond our comprehension
changing work conditions
mechanism of labour
demography
global ageing trend
like to drive more automation
urbanisation
so fighting in urban areas
continuity
surprise
war for political ends
war a facet of human resistance
standing militaroes
Cyber talent & disaster response of not talent
what limit info sharing
private to public
what enables
how scalable?
who would see first
need an agreed framework
built around trust
so highly regulated
common ground
reputation
industry (competitive advantage)
govt (market integrity)
competitive advantage (private) v security of information (govt)
reciprosity?
continuity?
need to secure and audit machines
war time: urgency will break down peace time issues with trust/cooperation
thresholds may change with a gradual adjustments
how to deal with multiple cultures of 'digital' natives
what parts of society get noticed through digital medium? are ignored?
trust in data
how do people know that information is true
especially with increased speed
govt can't control the narrative
only AS existential threat is cyber attack :question:
AS changes? from declaring cyber to declaring offensive cyber
CH 2015 Military Strat: ultimate highest ground is cyber & outer space
cyber storm: govt to change people's minds (sound bite)
geo political?
Advanced Situational Cyber Awareness
what are the elements of a system?
need situational awareness of capabilities
beyond just assets
Final Session
Legal authorities summary
foreign ownership of CI and impact of govt responsiblities
threshold for serious respons
prob not for political interference
but actual voting systems may be different
either loss of human life / threat of human life
need for detailed cyber emerg response plan
greater definition of legal authorities
degree of which to such down more information
damage to private property for cyber ops
govt & industry
all levels of govt
how to develop
a national simulation / exercise capability
and critical analysis
necessary for an awareness system
how to promulgate own information
need for work in advance
exercising
lessons learned
bench marking
2nd order effects
AI: machine to machine exchange
a language to engage senior leadership
public
common frameworks
interagency training
types of warfare
algorithmic warfare?
need to raise community understanding
schools to the elderly
invite media in
know what our I&W are
should not make cyber an existential threat
how not to disturb defence/offence balance
challenges are common
MAJGEN Thompson (Chatham House)
can't staff/policy our way out of it
high end cyber capabilities are in intel agencies so makes discourse on common challenges
responses are not constrained to cyber space
approach of resilience
security is binary (either secure or not)
resists development of bespoke language for cyber
national coord centre?
what is peace?
environment is not benign
peace war divide is not helpful
personal based capability
need to normalise
attacker has the initative