INTERVIEW: Robert Clarke on legal aspects of cyber espionage
Patrick Gray's picture

Start the discussion 0 Comments
May 17, 2012 --

This is an interview with Robert Clarke, the operational attorney for the US Army Cyber Command. I posted audio of his talk yesterday... he spoke a lot about international law as it applies to cyber war. But I wanted to pick his brains about something he briefly mentioned.

During his presentation he mentioned that espionage is actually legal under international law. I asked him to expand on that and we had a great chat about the legal aspects of online espionage.

The UK Government should consider using 'kitemarks' awarded to defence industry companies that meet high cybersecurity standards as a part of its procurement process, shadow defence secretary Jim Murphy has said.
Related Articles

Speaking to The Guardian this week, Murphy said an insistence of the highest possible security standards was now essential to head off the threat that smaller firms in the supply chain were being targeted by cybercriminals as a weak link.
"Kitemarks for those with high standards of cyber security must become a reality across the private sector," Murphy told the newspaper.

RT @paulsparrows: May 2012 Cyber Attacks Timeline (Part I covering events from 1 to 15 May) #Infosec #Cyberwar #Cyb ...

Where Cartwright starts really making sense on the issue is specific to aperture exposures that will almost certainly be exploited in some way in the future. Again, from AOL Defense:

“We built the F-35 with absolutely no protection for it from a cyber standpoint,” he said. Just as historical aircraft used to have an “EMCON switch” — short for “emissions control” — that could turn off all electronic transmissions from the aircraft when it needed to avoid detection, Cartwright said, today’s aircraft need a switch that shuts off all the electronic apertures through which they can potentially receive transmissions, lest electronically savvy enemies hack into them. “As a guy who spends his life on the offensive side of cyber, every aperture out there is a target,” Cartwright said.

A general definition of malware: Read it. Has decent #cyberwar analogies, too.

RT @seanlawson: #Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwarfare Capabilities and Interstate War ...

In the current threat environment, rapid communication of pertinent threat information is the key to quickly detecting, responding and containing targeted attacks. OpenIOC is designed to fill a void that currently exists for organizations that want to share threat information both internally and externally in a machine-digestible format. OpenIOC is an extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an attacker’s methodology, or other evidence of compromise.

OpenIOC was originally designed to enable MANDIANT’s products to codify intelligence in order to rapidly search for potential security breaches. Now, in response to requests from across the user community, MANDIANT has standardized and open sourced the OpenIOC schema and is releasing tools and utilities to allow communication of threat information at machine speed.

Indeed, civilians have "rushed the field," says David Kilcullen, author of The Accidental Guerrilla, a renowned expert on counterinsurgency and a former special advisor to General David Petraeus during the Iraq War. Their communications can now directly affect a military operation's dynamics. "Information networks," he says, "will define the future of conflicts." That future started unfurling when Libyan networks—and a long list of global activists—began an information war against Qaddafi. Thousands of civilians took part, but one of the most important was a man who, to paraphrase Woodrow Wilson, used not only all the brains he had but all the brains he could borrow.

Cyber War sure sounds scary, but it's really just another example of the "hobgoblins" politicians use to get votes and money, according to CIO.com blogger Constantine von Hoffman.

The number of cyberattacks perpetrated against NATO is on the rise, say experts at alliance operational headquarters, with most of them apparently originating with intelligence services in Russia and China. "Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees," Lieutenant General Kurt Herrmann told SPIEGEL ONLINE on the sidelines of an informational seminar at the Supreme Headquarters Allied Powers Europe (SHAPE) located in Mons, Belgium.

RT @adschina: ANZUS 2.0- Cybersecurity and Australia US relations, << Good read.


Special Report Issue 46 - ANZUS 2.0: cybersecurity and Australia–US relations
Friday, 27 April 2012
At the 15 September 2011 AUSMIN talks in San Francisco, Australian and US officials took advantage of the 60th anniversary of the signing of the ANZUS Treaty to announce the alliance would now extend into cyberspace. It was the first time, outside of NATO, that two allies had formalised their joint cooperation in cyberspace. 
ASPI convened a conference of Australian and American experts on 9 December 2011 in Washington DC to discuss what this means for the future of conflict and defence in cyberspace and how allies perceive and respond to mutual threats.  As a result, papers by Andrew Davies, James Lewis, Jessica Herrera-Flanigan and James Mulvenon have been compiled in this Special Report.