Law Commons^™

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Enhancing The Battleverse: The People’S Liberation Army’S Digital Twin Strategy, Joshua Baughman

Military Cyber Affairs

No abstract provided.

Enter The Battleverse: China's Metaverse War, Josh Baughman

Military Cyber Affairs

No abstract provided.

It's Time To Reform The U.S. Vulnerabilities Equities Process, Amy Gaudion

Faculty Scholarly Works

No abstract provided.

Recognizing The Role Of Inspectors General In The U.S. Government's Cybersecurity Restructuring Task, Amy Gaudion

Faculty Scholarly Works

Months prior to the 2015 public disclosure of a data breach at the U.S. government’s Office of Personnel and Management (OPM), the Office of the Inspector General for OPM issued a report that identified significant deficiencies and material weaknesses in a number of the agency’s information systems and IT security programs. In response to the 2020 SolarWinds supply chain hack, attributed to Russia, calls are underway for inspectors general to conduct audits and inspections and to review prior inspector general assessments of information systems and vulnerabilities at federal agencies. The use of inspectors general to assess information system vulnerabilities and …

Cyber Insurance Today: Saving It Before It Needs Saving, Angela Nieves

Catholic University Journal of Law and Technology

Cyber insurance, which covers a company’s losses and costs stemming from a cyberattack, represents a nearly $5 billion global market. But have stakeholders shaped a sustainable model? This article analyzes contrasting claims about the viability of cyber insurance. It proposes measures to ensure the survival of the cyber insurance market, which should be immediately addressed given the current state of the world and the fact that even pre-COVID-19, businesses worldwide stood to lose over $5.2 trillion over the next five years due to cybercrimes. Unless action is taken to mitigate the fallout from cyber events, the cyber insurance market will …

Implementing Ethics Into Artificial Intelligence: A Contribution, From A Legal Perspective, To The Development Of An Ai Governance Regime, Axel Walz, Kay Firth-Butterfield

Duke Law & Technology Review

The increasing use of AI and autonomous systems will have revolutionary impacts on society. Despite many benefits, AI and autonomous systems involve considerable risks that need to be managed. Minimizing these risks will emphasize the respective benefits while at the same time protecting the ethical values defined by fundamental rights and basic constitutional principles, thereby preserving a human centric society. This Article advocates for the need to conduct in-depth risk-benefit-assessments with regard to the use of AI and autonomous systems. This Article points out major concerns in relation to AI and autonomous systems such as likely job losses, causation of …

Revisiting Barlow's Misplaced Optimism, Benjamin Edelman

Duke Law & Technology Review

No abstract provided.

Cybersecurity Oversight Liability, Benjamin P. Edwards

Georgia State University Law Review

A changing cybersecurity environment now poses a significant corporate-governance challenge. Although some cybersecurity data breaches may be inevitable, courts now increasingly consider when a corporation’s officers and directors may be held liable on theories that they acted in bad faith and failed to adequately oversee the corporation’s affairs. This short essay reviews recent derivative decisions and encourages corporate boards to recognize that in an environment filled with increasing threats, a reasonable response will require devoting real resources and attention to cybersecurity issues.

Pirate Tales From The Deep [Web]: An Exploration Of Online Copyright Infringement In The Digital Age, Nicholas C. Butland, Justin J. Sullivan

University of Massachusetts Law Review

Technology has seen a boom over the last few decades, making innovative leaps that border on science fiction. With the most recent technological leap came a new frontier of intellectual property and birthed a new class of criminal: the cyber-pirate. This Article discusses cyber-piracy and its interactions and implications for modern United States copyright law. The Article explains how copyright law, unprepared for the boom, struggled to adapt as courts reconciled the widely physical perceptions of copyright with the digital information being transferred between billions of users instantaneously. The Article also explores how cyber-piracy has made, and continues to make, …

Enhancing Cybersecurity In The Private Sector By Means Of Civil Liability Lawsuits - The Connie Francis Effect, Jeffrey F. Addicott

University of Richmond Law Review

The purpose of this article is to explore the threats posed by

cybersecurity breaches, outline the steps taken by the government

to address those threats in the private sector economy, and

call attention to the ultimate solution, which will most certainly

spur private businesses to create a more secure cyber environment

for the American people-a Connie Francis-styled cyber civil

action lawsuit.

Pass Parallel Privacy Standards Or Privacy Perishes, Anne T. Mckenna

Anne T. McKenna

No abstract provided.

Silencing The Call To Arms: A Shift Away From Cyber Attacks As Warfare, Ryan Patterson

Loyola of Los Angeles Law Review

Cyberspace has developed into an indispensable aspect of modern society, but not without risk. Cyber attacks have increased in frequency, with many states declaring cyber operations a priority in what has been called the newest domain of warfare. But what rules govern? The Tallinn Manual on the International Law Applicable to Cyber Warfare suggests existent laws of war are sufficient to govern cyber activities; however, the Tallinn Manual ignores fundamental problems and unique differences between cyber attacks and kinetic attacks. This Article argues that several crucial impediments frustrate placing cyber attacks within the current umbra of warfare, chiefly the problems …

Cybersecurity: What About U.S. Policy?, Lawrence J. Trautman

Lawrence J. Trautman Sr.

During December 2014, just hours before the holiday recess, the U.S. Congress passed five major legislative proposals designed to enhance U.S. cybersecurity. Following signature by the President, these became the first cybersecurity laws to be enacted in over a decade, since passage of the Federal Information Security Management Act of 2002. My goal is to explore the unusually complex subject of cybersecurity policy in a highly readable manner. An analogy with the recent deadly and global Ebola epidemic is used to illustrate policy challenges, and hopefully will assist in transforming the technological language of cybersecurity into a more easily understandable …

Managing Cyberthreat, Lawrence J. Trautman

Lawrence J. Trautman Sr.

Cyber security is an important strategic and governance issue. However, because most corporate CEOs and directors have no formal engineering or information technology training, it is understandable that their lack of actual cybersecurity knowledge is problematic. Particularly among smaller companies having limited resources, knowledge regarding what their enterprise should actually be doing about cybersecurity can’t be all that good. My goal in this article is to explore the unusually complex subject of cybersecurity in a highly readable manner. First, an examination of recent threats is provided. Next, governmental policy initiatives are discussed. Third, some basic tools that can be used …

New Hacktivists And The Old Concept Of Levée En Masse, Christopher Waters

Law Publications

English Abstract: The purpose of this article is to contribute to the continuing debate over the relevance of International Humanitarian Law (IHL) to cyberwar. It does so by taking what is often said to be a particularly archaic aspect of IHL, the French Revolutionary notion of levée en masse, and asking whether the concept could have relevance in the cyber context. The article treats levée en masse as a litmus test for the law’s relevance; if this IHL “relic” could have relevance in the cyber context, then the continued relevance of the larger body of rules should also be less …

Pass Parallel Privacy Standards Or Privacy Perishes, Anne T. Mckenna

Journal Articles

No abstract provided.

Book Review: Handbook On Securing Cyber-Physical Critical Infrastructure: Foundations And Challenges (Written By Sajal K. Das, Krishna Kant, Nan Zhang), Katina Michael

Professor Katina Michael

This 800+ page handbook is divided into eight parts and contains thirty chapters, ideal for either an advanced undergraduate or graduate course in security. At the heart of this handbook is how we might go about managing both physical and cyber infrastructures, as they continue to become embedded and enmeshed, through advanced control systems, and new computing and communications paradigms.

Cyber-Extortion: Duties And Liabilities Related To The Elephant In The Server Room, Adam J. Sulkowski

ExpressO

This is a comprehensive analysis of the legal frameworks related to cyber-extortion – the practice of demanding money in exchange for not carrying out threats to commit harm that would involve a victim's information systems. The author hopes it will catalyze an urgently needed discussion of relevant public policy concerns.

Cyber-extortion has, by all accounts, become a common, professionalized and profit-driven criminal pursuit targeting businesses. 17% of businesses in a recent survey indicated having received a cyber-extortion demand. An additional 13% of respondents were not sure if their business had received such a demand.

Awareness of the risks of cybercrime …

Legal Aspects Of The Internet, Etienne Pichat

LLM Theses and Essays

This thesis will explain the legal aspects of the Internet so that users who wish to protect their rights and avoid liability can log on with a better understanding of the rules of the game. This work will be divided into two chapters. The first chapter will focus on existing legal regulation of the Internet to advise users on which law is relevant, and how to solve problems of conflicts of laws in the cyberworld. It will answer the question of whether cyberspace is, or not, a "no laws land", and what kind of regulation would better fit the cyberworld. …