You are previewing Law, Policy, and Technology.
O'Reilly logo
Law, Policy, and Technology

Book Description

In the information society, technology has become ubiquitous, but its intrinsic vulnerabilities and the complexity of managing mission-critical systems create an attractive target for potential attackers. Law, Policy, and Technology: Cyberterorrism, Information Warfare, and Internet Immobilization provides relevant frameworks and best practices as well as current empirical research findings in the area. It is aimed at professionals who want to improve their understanding of the impact of cyber-attacks on critical infrastructures and other information systems essential to the smooth running of society, how such attacks are carried out, what measures should be taken to mitigate their impact and what lessons can be learned from the attacks and simulations of the last few years.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Preface
  5. Acknowledgment
  6. Section 1: Setting the Scene for Cyberterrorism and Other Cyber Attacks
    1. Chapter 1: The Security Practitioners’ Perspective
      1. ABSTRACT
      2. 1. LESSONS FROM HISTORY
      3. 2. ASSUMPTIONS MADE IN PREPARING THIS PART OF THE BOOK
      4. 3. THE ASYMMETRIC BATTLE OF PROTECTING INFORMATION ASSETS
      5. 4. PROBLEM AREAS
      6. 4.3 ICT, LEAST UNDERSTOOD CORPORATE DISCIPLINE AND THE EXECUTIVE DIGITAL DIVIDE
    2. Chapter 2: Economic, Political and Social Threats in the Information Age
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. CONSEQUENCES OF INFORMATION SECURITY INCIDENTS
    3. Chapter 3: Critical Information Infrastructure and Cyber-Terrorism
      1. 1. INTRODUCTION
      2. 2. CRITICAL INFORMATION INFRASTRUCTURE (CII)
      3. 3. CYBER THREATS AND RELATIONSHIP TO CII
      4. 4. IMPACT OF CYBER TERRORISM ON CII
      5. 5. EFFORTS TO ENHANCE PROTECTION OF CII
      6. 6. CONCLUSION: INTERNATIONAL ORGANISATIONS AND INITIATIVES
    4. Chapter 4: Attackers
      1. ABSTRACT
      2. 1. THE INTERNAL THREAT
    5. Chapter 5: Threats, Vulnerability, Uncertainty and Information Risk
      1. ABSTRACT
      2. 1. INTRODUCTION: THREATS AND ATTACKS
      3. 2. TAKING THE MYSTERY OUT OF RISK TERMINOLOGY
      4. 3. THE ISACA RISK IT FRAMEWORK1
      5. 5. ICT SERVICE DELIVERY RISKS
      6. 7 ICT END USER RISKS
    6. Chapter 6: ICT and Security Governance
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. THE CONTEXT AND CASE FOR ICT GOVERNANCE
      4. 3. THE SCOPE OF ICT AND SECURITY GOVERNANCE
      5. 4. SETTING UP AN ICT GOVERNANCE FRAMEWORK
      6. 5. STANDARDS AND BEST PRACTICES THAT STRENGTHEN ICT GOVERNANCE
      7. 6. INFORMATION SECURITY METRICS
      8. 7. SECURITY TESTING TO IDENTIFY AND MITIGATE RISK
      9. 8. RESPONDING TO A SECURITY INCIDENT
      10. 9. CERTIFICATIONS
    7. Chapter 7: Concerns About What Will Happen Next
      1. ABSTRACT
      2. 1. LIKELY FUTURE SECURITY CHALLENGES AND THE POTENTIAL FOR CYBERTERRORISM
      3. 2. GROWTH IN INNOVATION AND USE OF IT, LINKAGES AND DEPENDENCIES
      4. 3. SOFTWARE COMPLEXITY AND QUALITY
      5. 4. FRAGMENTED DATA OWNERSHIP AND QUALITY ASSURANCE
      6. 5. MILITARY STRENGTH MALWARE, TOXIC PAYLOADS, AND COMBINED ATTACKS
      7. 6. OUTSOURCING AND OFFSHORING
      8. 7. LOSS OF MANAGEMENT SKILLS IN IT OPERATIONS AND INFORMATION SECURITY
      9. 8. INFORMATION READILY AVAILABLE TO BAD GUYS
      10. 9. EXECUTIVE DETACHMENT
      11. 10. ORGANISATIONAL POLITICS AND TURF BATTLES
      12. 11. THE SPECIAL CASE OF PUBLIC SECTOR IT
      13. 12. JUSTIFYING INFORMATION SECURITY EXPENDITURES AND THE VALUE OF SECURITY
  7. Section 2: Law and Policy Perspectives
    1. Chapter 8: To Define or Not to Define
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. TERMINOLOGY IS ALL OVER THE PLACE AND THERE IS STILL NO CONSENSUS ON TERMS WITHIN COUNTRY (U.S.) AND GLOBALLY
      4. 3. BACKGROUND TO THE WRITING OF THIS CHAPTER
      5. 4. GRAPPLING WITH DEFINITIONS APPLICABLE TO LAW AND POLICY
      6. 5. A REVIEW OF THE TERMS UNDER DISCUSSION
      7. 6. INTERPRETING SEVERITY OF LEVELS OF ATTACKS
      8. 7. U.S. MILITARY CONCEPTS AND TERMS APPLIED TO HOSTILE ACTS AGAINST INFORMATION SYSTEMS
      9. 8 CYBER CONFLICT AS AN INTERIM STAGE BEFORE WARFARE ENSUES?
      10. 9. TYPES OF CYBER ATTACKS
      11. 10. TYPES OF WARFARE: MILITARY DEFINITIONS
      12. 11. MORE DEFINITIONS: INFORMATION WAR, INFORMATION WARFARE, AND COMPARISONS
      13. 12. CYBERWARFARE
      14. 13. CYBERWAR
      15. 14. TOOLS USED FOR CYBER ATTACKS AND INFORMATION SECURITY RELATED TO CYBER ATTACKS
      16. 15. MALWARE: ADDITIONAL DEFINITIONS
      17. 17. DEFENSIVE AND OFFENSIVE MEASURES
      18. 17 ADDITIONAL U.S. MILITARY TERMS
      19. 18. COMPARING CYBER SECURITY AND CYBER DEFENSE
      20. 19. CYBERCRIME: COMMINGLING CONCEPTS AND FUNCTIONS
      21. 20. SEVERAL TYPOLOGIES COMPARING TERMS SEEN IN THE PRESS, IN LEGISLATURES, AND IN SCHOLARLY/LEGAL PUBLICATIONS
      22. 21. CONCLUSION
    2. Chapter 9: Anonymity, Actual Incidents, Cyber Attacks and Digital Immobilization
      1. 1. UNITED KINGDOM
      2. 2. UNITED STATES
      3. 3. U.S. MILITARY AND WHITE HOUSE PERSPECTIVES1
      4. 4. UNITED NATIONS ROLE?
      5. 5. USE OF CYBERCRIME LAW
      6. 6. ACTUAL INCIDENTS
      7. 7. REALITIES OF THE ATTRIBUTION PROBLEM
      8. 8. WHEN DO SUCH ACTS RISE TO THE LEVEL OF AN ACT OF WAR?
      9. 9. RECENT U.S. POLICY DEVELOPMENTS
      10. 10. CONCLUSION
      11. APPENDIX: ATTRIBUTION FROM A TECHNICAL POINT OF VIEW
    3. Chapter 10: Culture Clashes
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. PRE-INTERNET AND CURRENT LEGISLATION AND CALLS FOR JUDICIAL REVIEW AND AMENDMENT
      4. 3.0 TECHNOLOGICAL MEANS OF GOVERNMENT MONITORING OF ELECTRONIC COMMUNICATIONS AND DATA: CHRONOLOGY OF SELECTED U.S. SYSTEMS
      5. 4.0 OTHER FORMS OF INFORMATION RETRIEVAL FOR LAW ENFORCEMENT AND NATIONAL SECURITY PURPOSES
      6. 5.0 LATEST EFFORTS IN THE U.S. CONGRESS TO PASS CYBERSECURITY LEGISLATION AND REACTIONS FROM PRIVACY AND CIVIL LIBERTIES ORGANIZATIONS
      7. 6.0 FREEDOM, PRIVACY, AND CIVIL LIBERTIES IN A DEMOCRACY
      8. 7.0. PRIVACY VS. SECURITY: LEGAL AND POLICY ISSUES IN A NUMBER OF DEMOCRACIES
      9. 8.0 WHERE HAVE WE BEEN? WHERE ARE WE GOING?
      10. 9.0 LIBERTY VS. SECURITY, BALANCING COMPETING INTERESTS
      11. APPENDIX 1
      12. APPENDIX 2
    4. Chapter 11: What is Cyberterrorism and How Real is the Threat?
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. THE ORIGINS OF THE CONCEPT
      4. 3. AN OVERVIEW OF THE ACADEMIC LITERATURE
      5. 4. FROM “REAL WORLD” TERRORISM TO CYBERTERRORISM: DEFINITIONAL DEBATES
      6. 5. DIFFERENTIATING CYBERCRIME FROM CYBERTERRORISM
      7. 6. CONCLUSION
      8. APPENDIX
    5. Chapter 12: Cyber-Search and Cyber-Seizure
      1. ABSTRACT
      2. INTRODUCTION
      3. 1. NATURE OF THREATS IN CYBERSPACE
      4. 2. A NATIONAL SECURITY APPROACH TO PREVENTING CYBER ATTACKS
      5. 3. A CONSTITUTIONAL FRAMEWORK FOR PRESIDENTIAL ACTIONS
      6. 4. FOURTH AMENDMENT AND INTERNET MONITORING
      7. 5. EXCEPTIONS UNDER THE FOURTH AMENDMENT AND REASONABLENESS
      8. 6. THE “SPECIAL NEEDS” DOCTRINE: PROTECTING AGAINST CYBER ATTACKS
      9. 7. OVERSIGHT OF THE PROGRAM
      10. CONCLUSION
    6. Chapter 13: Terrorism and the Internet
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. CONCEPTUALIZING USE OF THE INTERNET FOR TERRORIST PURPOSES
      4. 3. HAS THE INTERNET LED TO MORE TERRORISM?
      5. 4. HAS THE INTERNET LED TO WORSE TERRORISM?
      6. 5. WHAT ABOUT CYBERATTACKS?
      7. 6. SUMMARY
      8. 7. CONCLUSION
  8. Section 3: Case Studies
    1. Chapter 14: Case Study
      1. ABSTRACT
      2. 1. PUTTING THE MUMBAI ATTACKS OF NOVEMBER 26, 2008 (“26/11”) INTO CONTEXT: INDIAN TERRORISM 2008
      3. 2. LASHKAR-E-TAYYIBA
      4. 3. NEWS REPORTS AND CHARGE SHEET SUMMARIES OF TERRORIST USE OF TECHNOLOGY IN THE 26/11 MUMBAI ATTACKS
      5. 4. DEBATE OVER GOOGLE EARTH AND LAWSUIT
      6. 5. PRE- AND POST-26/11 INDIAN LAW VIS A VIS TERRORISM AND CYBERTERRORISM
      7. 6. PAKISTAN GOVERNMENT AND LEGAL RESPONSES POST- 26/11
      8. 7. FBI AND U.S. GOVERNMENT AGENCY ASSISTANCE TO INDIAN AGENCIES IN THE INVESTIGATION OF THE MUMBAI ATTACKS
      9. 8. STATUS OF COURT CASES: TERRORIST PROSECUTIONS IN INDIA, PAKISTAN, UNITED STATES
      10. 10 INDIAN POLICE VS. TERRORISTS WITH TECHNOLOGY
      11. 11 INDIA: PUBLIC INTEREST LITIGATION
      12. 12 INDIA: SECURITY MEASURES TAKEN SINCE 11/26 ATTACKS VIS A VIS USE OF TECHNOLOGY
      13. 13 NEIGHBORING COUNTRIES: POLICIES TO PREVENT CRIMINAL/TERRORIST USE OF TECHNOLOGY
      14. 14 PREDICTIONS OF FURTHER TERRORISM IN INDIA AND SOUTH ASIA
      15. 15 SECURITY, PRIVACY, AND LIBERTY IN A DEMOCRACY
      16. CONCLUSION
    2. Chapter 15: China’s Cyber Tool
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. US ACCUSATIONS AGAINST CHINA’S CYBER MILITIA
      4. 3. WHO AND WHY: MAKING SENSE OF A CHINESE HACKER’S CYBER PENETRATION
      5. 4. CONCLUSION
      6. NOTE
    3. Chapter 16: The United Kingdom’s Centre for the Protection of National Infrastructure
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. BACKGROUND
      4. 3. CONTEST AND PROTECT
      5. 4. LORD WEST’S REVIEW OF CNI
      6. 5. CPNI AND THE CYBER SECURITY STRATEGY
      7. 6. DEFINING CNI
      8. 7. CPNI’S PARTNERS
      9. 8. ELECTRONIC ATTACKS
      10. 9. TERRORISM AND THE CRITICAL INFRASTRUCTURE
      11. 10. ANALYSIS
      12. 11. SOLUTIONS AND RECOMMENDATIONS
      13. 12. FUTURE RESEARCH DIRECTIONS
      14. 13. CONCLUSION
  9. Compilation of References
  10. About the Contributors
  11. Section 2 Introduction
    1. G-8 INITIATIVES
    2. RECENT DEVELOPMENTS
    3. CALLS FOR A UNITED NATIONS TREATY
    4. APPENDIX: PUTTING CYBERTERRORISM INTO CONTEXT
    5. DEFINITION
    6. WHAT CYBERTERRORISM IS NOT
    7. WHAT IS THE THREAT OF CYBERTERRORISM?
    8. WHAT IS THE THREAT OF OTHER FORMS OF POLITICALLY-MOTIVATED CYBER ATTACKS?
    9. WHAT IS THE THREAT OF COMMON FORMS OF CYBER ATTACK?
    10. CONCLUSION
    11. ENDNOTES