Add to collection(s) Add to saved
  1. Social Science
  2. Law

Computer Network Defense

advertisement 
College of Aerospace
Doctrine, Research,
and Education
Legal Aspects
of IO
IW 230
“The Big Picture”
The law lags evolution of technology
 Find answers in existing principles
 Our actions affect evolution of the law
 Shape legal framework to further national
interest
 Governmental actors must consider spirit
not just letter of the law

AFDD 2-5
INFORMATION SUPERIORITY
INFORMATION OPERATIONS
INFORMATION-in-WARFARE
gain
exploit
INFORMATION WARFARE
attack
defend
COUNTERINFORMATION
Precision
Nav & Position
ISR
Other Info Collection/
Dissemination Activities
Weather
DEFENSIVE
COUNTERINFORMATION
PAO
Information CounterAssurance Intelligence
Successfully executed
Information Operations
achieve information superiority
OFFENSIVE
COUNTERINFORMATION
PSYOP
Physical
Attack
OPSEC
CounterPropaganda
Military
Deception
Electronic
Warfare
Electronic
Protect
CounterDeception
CNA
PAO
CND
PAO
Information Operations

Joint: Actions taken to affect adversary
information and information systems while
defending one’s own information and
information systems
• Offensive and Defensive IO

The Air Force believes that in practice a more
useful working definition is:
those actions taken to gain, exploit, defend, or
attack information and information systems
• Information Warfare and Information-In-Warfare
Information Warfare

“Information operations conducted during time of
crisis or conflict to achieve or promote specific
objectives over a specific adversary or adversaries. …
The Air Force believes that, because the defensive
component of IW is always engaged, a better
definition is: Information operations conducted to
defend one’s own information and information
systems, or to attack and affect an adversary’s
information and information systems.”
AFDD 2-5, Aug 98
USSPACECOM: DoD’s Lead
for CND and CNA

JTF CND
• Chartered in 1998 as an interim
organization to handle coordination of
DoD’s Computer Network Defense

JTF CNO
• CINCSPACE received the mission for
Computer Network Attack in Oct 00
• Decision to expand JTF CND
• 2 Apr 2001, JTF redesignated JTF
Computer Network Opertions
The Future
“It seems to me that, philosophically, rather
than conducting information operations as
ends in themselves, we want to ‘operate in
the information age….’ By that I mean
integrating, and not ‘stovepiping,’ the various
areas of information operations into our
overall military plans and operations….”
--General Ed Eberhart, USCINCSPACE
AF Future Capabilities Game 2001:
An Introduction to Network
Warfare of the Future

Computer Network Operations
• Computer Network Defense
• Computer Network Exploitation
• Computer Network Attack
CNO Taxonomy

Computer Network Defense:
• Those measures, internal to the protected
entity, taken to protect and defend
information, computers and networks from
intrusion, exploitation, disruption, denial,
degradation or destruction.
CNO Taxonomy

Computer Network Defense:
• Actions taken to protect, monitor, analyze, detect,
and respond to unauthorized activity within . . .
information systems and computer networks.
(DoDD O-8530.1)
• Defensive measures to protect and defend
information, computers, and networks from
disruption, denial, degradation, or destruction.
(JP1-02)
CNO Taxonomy

Computer Network Attack:
• Operations using computer hardware or
software, or conducted through computers
or computer networks, with the intended
objective or likely effect of disrupting,
denying, degrading or destroying,
information resident in computers or
computer networks, or the computers and
networks themselves.
CNO Taxonomy

Active CND (Computer Network
Response):
• Those measures, that do not constitute
CNA, taken to protect and defend
information, computers, and networks from
disruption, degradation, denial, destruction,
or exploitation, that involve activity external
to the protected entity. CNR, when
authorized, may include measures to
determine the source of hostile CNA or
CNO Taxonomy

Computer Network Exploitation:
• Intelligence collection operations that obtain
information resident in files of threat
automated information systems (AIS) and
gain information about potential
vulnerabilities, or access critical information
resident within foreign AIS that could be
used to the benefit of friendly operations.
(CJCSI 6510.01C)
Overview


Part I: Computer Network Defense (CND)
• Computer Monitoring
• Computer Crime
• Active Defense / Computer Network
Response
Part II: Computer Network Attack (CNE/CNA)
• Development of International Law
• The Use of Force in Peacetime
• US/Foreign Domestic Laws
• The Law of War
Part I: Computer Monitoring
(Part of CND)
IO Law Outline, p. 1-15
 System
Administrators
• Monitoring, Encryption,
Intelligence Oversight
 Law
Enforcement / FISA
 Intelligence Community
Information Infrastructure
DEFENSE
BANKING
TELECOMMUNICATION
TRANSPORTATION
ENERGY
Information Security-Monitoring


One of the first lines of defense in protecting
AF information systems
Monitoring performed for different reasons;
by different actors
• systems protection / network
professionals
• operational security / TMAP assets
• evidentiary interception / law enforcement
investigators
Analytical Blueprint

Analysis starts with the three “Ws”
• Who?
• What?
• Why?

Different ROEs based on answers
• Law Enforcement interceptions
• Intel-counterintel surveillance
• Systems protection monitoring
Monitoring: Legal Constraints
 4th
Amendment Right to
Privacy
 Electronic Communications
Privacy Act
Legal Principles-Constitutional Law

Fourth Amendment prohibition against
Unreasonable Search & Seizure
• Protects people; not places
• Is there a reasonable expectation of privacy?
• If so, is the search reasonable?
 Governed by totality of circumstances
 Degree of protection proportional to
expectation of privacy

Summary of Case Law, p. 1-37
U.S. v. Monroe
(AFCCA Feb 5, 1999)



Court found Monroe had no expectation of
privacy in an e-mail account on a
government server as to his supervisors and
the system administrator (Banner)
E-mail accounts were given for official
business, although users were authorized to
send and receive limited textual and morale
messages to and from friends and family
Monroe did not have a government
computer, but had a personal computer in
his dorm room
Monroe...


Court used the analogy of an unsecured
file cabinet in the member’s superiors’
work area in which an unsecured drawer
was designated for his/her use in
performing his/her official duties with the
understanding that his superiors had free
access to the cabinet, including the
drawer
Affirmed by CAAF, 13 March 2000
Electronic Communications
Privacy Act (ECPA)




Statutorily conferred an expectation of privacy in
electronic and wire communications
Interception of electronic communications
Access into stored communications
Generally prohibits interception of electronic
communications, or access into stored
communications, without court order
• aimed at law enforcement
• numerous “exceptions”
 systems provider exception
 consent
 court order
ECPA: Rights and Limitations
May monitor and disclose traffic data
 May access electronic communications
stored on his or her system
 May disclose the contents of those
communications to others unless he or
she is providing electronic
communications services to the public

Real Time Monitoring-- The
provider exception



May monitor in real-time (and thereafter
disclose) wire and electronic
communications,
so long as such monitoring and
disclosure is conducted “in the normal
course of his employment
while engaged in any activity which is a
necessary incident to the rendition of his
service or to the protection of the rights or
property of the provider of that service.”
Disclosure to Law Enforcement
May disclose real-time
communications he or she has
monitored (or stored
communications he or she has
accessed) with the consent of an
appropriate party, normally an
individual who is a party to the
communication, or when
 Evidence of crime is apparent and
inadvertantly obtained

PATRIOT Act of 2001
IO Law Outline, p. 1-17


Section 212 of the amends subsection
2702(b)(6) (ECPA) to permit, but not
require, a service provider to disclose to
law enforcement either content or noncontent customer records in emergencies
involving an immediate risk of death or
serious physical injury to any person.
This section also allows providers to
disclose information to protect their rights
and property.
PATRIOT Act of 2001
IO Law Outline, p. 1-18

Although the wiretap statute allows
computer owners to monitor the
activity on their machines to protect
their rights and property, until
Section 217 of the Patriot Act was
enacted it was unclear whether
computer owners could obtain the
assistance of law enforcement in
conducting such monitoring
Consent: Banners are our
friend
 Promotes
awareness for
users (ECPA exceptions not
necessarily obvious)
 2nd exception under ECPA
Limits on Consent
 Defined
by what banner says
 Limited to provider’s own
network
 Duration must be short term,
then get Wiretap Order (DoJ)
OPSEC/COMSEC Surveillance
IO Law Outline, p. 1-19

AFI 33-219
• authority given only to HQ AIA
TMAP elements
• consent monitoring / banners
• certification process
SJA must review detailed summary of
consent notification actions
 determines if actions legally
sufficient to constitute consent

ROEs--Search (con’t)

Is the search/seizure reasonable?
• consent
• search authorization or warrant

AFOSI vs Security Forces
ROEs--Interceptions

AFI 71-101, Vol 1 Requires Approval
for Interceptions
• AFOSI/CC
• SAF/GC
• DOJ (nonconsensual)
Tips on Handling Computer Abuse
Cases

SYSAD usually identifies govt. I.P.
addresses where abuse taking place
• Does Not Need to Monitor Real-Time


Appropriate commander/senior leader
should be briefed, then assemble all users
to notify them of impropriety, warn
If it continues, SYSAD, commander, and
SF can mount a “sting” to catch perp in
the act
Computer Crime
IO Law Outline, p. 1-23

Federal Computer Crime Statutes
• 18 USC 1029, 1030
• 18 USC 1028 (Identity Theft)
• 18 USC 2251, 2252, 2252A (Sexual
Exploitation of Children)
• 18 USC 2511, 2701… (Wiretap Statute and
ECPA)

UCMJ Articles
• General Article (134)
• Failure to Obey Order or Regulation (92)
USA PATRIOT ACT of 2001
Uniting and Strengthening America by
Providing Appropriate Tools Required
to Intercept and Obstruct Terrorism Act
Nationwide Search Warrants for
E-mail: Sec 220


Old: Search warrant
needed to compel
disclosure of
unopened e-mail less
than six months old in
Electronic Computing
Service or Remote
Computing Service
(i.e. ISP)
Had to be issued by
court within district
where e-mail was
stored



New: nationwide
search warrants for email
Allows court with
jurisdiction over the
offense to issue single
search warrant
Subject to sunset
Intercepting Voice Comms in
Hacking Cases: Sec 202


Old: Could not get
wiretap order to
intercept wire
communications
(involving human
voice) for violations of
the Computer Fraud
and Abuse Act (18
U.S.C. § 1030)
Hackers have stolen
teleconferencing
services to plan and
execute hacks


New: Adds felony
violations of
Computer Fraud and
Abuse Act to list of
offenses that support
a voice wiretap order
Sunsets December
2005
Obtaining Voice-mail and Stored
Voice Comms: Sec 209

Old: LE could use
search warrant for
voice recording on
answering machine
inside criminal’s home
(easier), but needed
wiretap order for
voice comms with a
third party provider


New: Stored voice
(“wire”) comms
acquired under 18
USC § 2703 (including
search warrant)
Sunsets December
2005
Subpoenas for Electronic
Evidence: Sec 210


Old: Subpoena
limited to
customer’s name,
address, length of
service, and
means of payment
In many cases,
users register with
ISPs under false
names



New: Update and
expand records
available by subpoena
Old list, plus means and
source of payment,
credit card or bank
account number,
records of session
times and durations,
and any temporarily
assigned network
address
Not subject to sunset
Intelligence Oversight




Improved Intelligence
Inclusion of international terrorist
activities within scope of foreign
intelligence under the National Security
Act of 1947.
Law enforcement to notify the intelligence
community when a criminal investigation
reveals information of intelligence value.
Reconfigures the Foreign Terrorist Asset
Tracking Center.
FISA Elec Surveillance
Sec. 218


Old: required
certification that
obtaining foreign
intelligence was ‘the’
purpose of search
FISA Court interpreted
to mean primary
purpose of
investigation was
obtaining foreign
intelligence and not
criminal prosecution



New: obtaining
foreign intel is “a
significant purpose”of
the search
Allows intelligence
agents to better
coordinate with
criminal investigators
Subject to sunset
What is “Active Defense”?

Approved joint term in DoD Dictionary
• Active Defense: The employment of limited
offensive action and counterattacks to deny a
contested area or position to the enemy.
• Passive Defense: Measures taken to reduce the
probability of and to minimize the effects of
damage caused by hostile action without the
intention of taking the initiative.

No consensus in computer network context

“Active defense”
 Current U.S. Policy….
“The fact is that right now my authority [for active
defense measures] is very limited. I believe in this area
the wisest course of action is to pursue the policy and
procedural issues at or ahead of the pace of
technological capabilities, because whether or not to use
an attack as an active defense measure or as a weapon
system is a decision that needs to be operationally
defined at the national policy levels first and foremost.”
Maj Gen James Bryan, JTF-CND/CC,
Federal Computer Week, 4 Dec 2000
DoD Deploys Cyber-Defense
Defense News, November 12-18, 2001, Pg.


Faced with a near doubling of attacks on
military computers in the past year, the
guardian of the U.S. military’s information
systems has asked Pentagon leaders for
permission to strike back.
"We are no longer going to be passive. If
they hit us, we’ll be hitting them back real
soon," U.S. Army Maj. Gen. Dave Bryan,
commander, Joint Task Force-Computer
Network Operations (JTF-CNO),
Part II: Computer Network
Attack (CNA)
IO Law Outline, p. 1-42
•
•
•
•
•
•
Development of International Law
The Law of War
The Use of Force in Peacetime
Space Law
Telecommunications Law
US/Foreign Domestic Laws
Development of International
Law
Consists of Binding Legal
Obligations among Sovereign States
 Sovereign States are Legally Equal
and Independent Actors
 They Assume Legal Obligations only
by Affirmatively Agreeing To Do So
 General Rule: Unless Prohibited by
Law a Course of Action is Allowed

Internat’l Development Of
Territoriality in Air & Space

Air Law: Post WW II
• Sovereign Control Over National Airspace

Space Law: Post Sputnik I & Explorer
I
• No Objections to Overflight of Spacecraft
• Reconnaissance Satellites OK
• Outer Space Treaty Enshrines Principle

Information Operations??
United Nations Charter
The first use of armed force by a
state…shall constitute prima facie
evidence of an act of aggression
 What kinds of information attacks are
likely to be considered by the world
community to be armed attacks and
uses of force?
 Peacetime Rules of Engagement

United Nations Charter--1945

Article 2(4)
• Refrain From the Threat or Use of Force
Against the Territorial Integrity of Any
State, or in Any Manner Inconsistent With
the Purposes of the UN

Article 51
• Inherent Right of Self-Defense Recognized
When an “Armed Attack” Occurs
– Space Control -- Information Operations?
Use of Force Authorized?
Authorized by UN Security Council
 Self-defense
 Humanitarian intervention
 Treaty-sanctioned interventions
 Enforcement of international judgments

What is Force?

The traditional view is that force
means armed force, rather than other
potentially coercive vehicles of state
policy
• Negotiating history of UN Charter
• UNGA Resolution on Aggression
• Nicaragua v. United States
China’s Unrestricted Warfare

This kind of war means that all means will
be in readiness, that information will be
omnipresent, and the battlefield will be
everywhere. It means that all weapons
and technology can be superimposed at
will … that all the boundaries lying
between the two worlds of war and
nonwar, of military and nonmilitary, will be
totally destroyed … the rules of war may
need to be rewritten.
Does CNA = Force?
Focus on Consequences of CNA
• Consider Severity/Nature
• No Bright Lines
 Some Tools/Targets May Constitute
Force

International Law
Triggers for self-defense right?
 Intruder defeats security and gains
entry into computer systems
 Significant damage to attacked system
or data
 System is critical to national security
 Intruder’s conduct or context clearly
manifests malicious intent

Computer Responses
Launching responsive CNA to
disable intruder’s equipment
 May not defeat state-sponsored ops
 May serve as shot across the bow
 Useful for shaping conflict
 Reciprocal

Kinetic Responses
Response to CNA need not be CNA
 Lack of target, access etc. may limit
options
 Traditional LOAC analysis:
• Military necessity
• Proportionality

Attribution
Huge technical challenge
 Intelligence data/analysis critical
 Links to other events
 State sponsored or not?
 Identity and intent

Remedies
If not state-sponsored, law enforcement
authorities are primary response
 If nation unable or unwilling to prevent
recurrence, use self-defense
 Providing safe refuge can be complicity
 Complicity can be state action

Legal/Policy
Considerations
Continuing threat to national
security
 Demonstration of resolve
 World opinion
 Reciprocity

Domestic Law-No Military Exclusion
18 USC 1367: Felony to intentionally
or maliciously interfere with a
communications or weather satellite,
or to obstruct or hinder any satellite
transmission.
 10 USC 1030: Misdemeanor to
intentionally access a computer
without authorization or exceed
access

Domestic Law (cont)

18 USC 2511: prohibits intercept and
disclosure of wire, oral, electronic
communications.
• FISA exception

DOJ/GC opinion: domestic criminal
law does not apply to actions of US
military members executing
instructions of the NCA
LOAC: Customary Legal
Principles and IW






Military Necessity
Distinction
Proportionality (possible problem)
Humanity (unlawful weapons)
Chivalry (Perfidy)
[Law of Neutrality]
Military Necessity
 Military
Infrastructures: Lawful
Target
 Purely Civilian Infrastructure:
Unlawful, Maybe...
• Stock Exchanges
• Banks
• Universities
Distinction
 Combatants
 Computer
vs. Noncombatants
Network Attack
• Our “cyber-warriors” are required
to be part of military
• Attack from .mil??
Proportionality

During Desert Storm one of the earliest
targets was the electrical power system
• Lawful target: military use

Iraqi response: Coalition’s attack
constituted attempted genocide
• City’s sewage system backed up, threat of
epidemic disease
Humanity: Unlawful Weapons
 Illegal Per Se (by Treaty)
• Poisons
• Glass projectiles
• DumDum Bullets
 Illegal by treaty because of
indiscriminate effects
• Biological/Bacteriological weapons
• Chemical weapons
Indiscriminate Weapons?
Lasers (earth/space based)
 Malicious Logic
 Worms/Viruses
 EMP Devices

Chivalry

The waging of war in accordance with wellrecognized formalities and courtesies
• Permits lawful “ruses and stratagems” intended to
lawfully mislead the enemy
• Prohibits perfidy -- treacherous acts intended to
take unlawful advantage of the enemy’s “good faith”

What about taking over your enemy’s
computer network:
• to send supplies to the wrong place?
• to declare an end to the war?
Perfidy
Improper use of
Flags of Truce
Protected Status
Distinctive Emblems
Uniforms of Neutrals
Law of Neutrals
- Neutrality by a State means refraining from
all hostile participation in the armed
conflict
- It is the duty of belligerents to respect the
territory and rights of neutral States
Switzerland
Austria
Jordan
Hague V, Art. 1
 Prohibits any unauthorized entry into
the territory of a neutral State, its
territorial waters, or the airspace
over such areas by troops or
instrumentalities of war
 If one belligerent enters neutral
territory, the other belligerent, or
neutral State may attack them there
Law of Neutrals
Neutrality under UN Charter?
 1907 Hague Convention--Facilities are
provided impartially to both sides
 Systems that generate information v.
merely relay communications

Summary
Interplay of different International Law
Regimes
 If it is not prohibited, it is permitted
 What we do will have tremendous effect
on how this area of the law develops

Relevant Directives
(To name a few!)












PDD 62, Combating Terrorism
PDD 63, Critical Infrastructure Protection
JP3-13, Joint Doctrine for Information Operations
DoDD S 3600.1, Information Operations
DOD Memorandum on Web Site Administration, 7 Dec 98
DOD Memorandum on Communications Security and
Information Systems Monitoring, 27 Jul 97
AFDD 2-5, Information Operations
AFI 33-129, Transmission of Information via the Internet
AFI 33-119, Electronic Mail Management and Use
AFI 33-219, Telecommunications Monitoring and Assessment
Program
AFI 14-104, Intelligence Oversight
TJAG Policy Letter 31, Legal Information Services
Related documents
Shirley_s_Powerpoint..
Shirley_s_Powerpoint..
Two Kinds of Intelligence There are two kinds of intelligence: One is
Two Kinds of Intelligence There are two kinds of intelligence: One is
The influence of emotional intelligence and knowledge sharing
The influence of emotional intelligence and knowledge sharing
United Hospice Committed to Caring
United Hospice Committed to Caring
Certified Nursing Assistant (CNA) Programs
Certified Nursing Assistant (CNA) Programs
CAREER ADVANCEMENT ACADEMY
CAREER ADVANCEMENT ACADEMY
Download
advertisement