Law Commons^™

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

The Security And Cyber Defence Realities And Difficulties In Algeria, Kada Aicha

Journal of Police and Legal Sciences

This research paper aims to shed light on the digital challenge faced by Algeria as it enters the world of the knowledge society, which qualifies it to achieve cybersecurity and cyber defense against various forms and types of security threats, including cyber threats. The researcher used an analytical approach to understand the phenomenon under study and trace its causes, in addition to a case study method to study all aspects of the studied phenomenon and identify the characteristics of the case study - Algeria was chosen as the analysis unit. The study concluded several important results, including:

The deficiency of …

Ransomware Groups On Notice: U.S. Cyber Operation Against Revil Is Permissible Under International Law, Justin Singh

American University International Law Review

The continued increase in the use of ransomware by cyber criminals has had a costly impact on businesses and organizations around the world. Ransomware groups continue to initiate attacks on businesses and organizations, and states have become increasingly concerned over the potential impact it may have on their critical infrastructure and economies. The United States’ recent acknowledgement of cyber operations against ransomware groups highlights the seriousness of the issue and exposes areas of international law that are complicated when applied to cyber operations against these groups. This Comment explores the relevant international law as it applies to the United States …

Strengthening Our Intuitions About Hacking, Jeffrey L. Vagle

Indiana Law Journal

The computer trespass analogy has served us reasonably well as a basis for cybersecurity policies and related anti-hacking laws, but computers, and our uses of them, have changed significantly in ways that stretch the computer trespass metaphor beyond usefulness. This Essay proposes an approach to expanding and strengthening our intuitions about computer security that accounts for new computing paradigms, giving courts and lawmakers additional tools for interpreting and drafting effective anti-hacking laws.

This Essay argues that many new and existing computer use scenarios leave courts unsure how existing anti-hacking laws might apply, increasing the possibility of under- or over-inclusive policies …