Download Tech Vision 2035 - Cyber law and regulatory strategies

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Computer security wikipedia , lookup

Transcript 
RESPONDING TO CYBER THREATS IN THE
TRANSPORTATION SECTOR:
INSIGHTS FROM GLOBAL AND COMPARATIVE
CYBERSECURITY REGULATION
DEBORAH HOUSEN-COURIEL, ADV.
THE TRANSPORT OF TWO TYPES OF CYBERVULNERABLE DATA
CIVIL
AVIATION
MASS LAND
TRANSPORT
(BUSES,
TRUCKS)
NAVAL
TRANSPORT,
PORTS AND
HARBORS
PRIVATE
VEHICLE
TRAFFIC
SYSTEMS
MEANS OF
TRANSPORT
=
CRITICAL
INFRASTRUCTURE
CIVILIAN
DRONES (?)
TRAINS
THE BEST SOLUTION
AT PRESENT FOR
PROTECTING
TRANSPORT
VULNERABILITIES…
counter-terrorism
laws
TRANSPORT
VULNERABILITIES
laws
protecting
critical
infrastructure
ART. 2, 2008 EU DIRECTIVE ON CI
…ASSET, SYSTEM OR PART THEREOF
LOCATED IN MEMBER STATES WHICH IS
ESSENTIAL FOR THE MAINTENANCE OF
VITAL SOCIETAL FUNCTIONS, HEALTH,
SAFETY, SECURITY, ECONOMIC OR SOCIAL
WELL-BEING OF PEOPLE, AND THE
DISRUPTION OR DESTRUCTION OF WHICH
WOULD HAVE A SIGNIFICANT IMPACT IN A
MEMBER STATE...
US PATRIOT ACT – “DEBILITATING IMPACT”
LOOKING AT CYBER –
ENABLED ATTACKS ON
TRANSPORT AS ATTACKS
ON CRITICAL
INFRASTRUCTURE
WHAT’S NOT WORKING?
LEGAL AND REGULATORY GAPS:
THE END GAME FOR CI PROTECTION

NO OVERARCHING POLICY RE TRANSPORT INFRASTRUCTURE
THAT CAN DRIVE LEGAL SOLUTIONS

NEED FOR SECTOR-SPECIFIC TOOLS FOR CYBER SECURITY
ANALYSIS
 DOMINO EFFECTS OF CYBER ATTACKS
 BETTER THREAT AND RISK ASSESSMENT MODELS

CORPORATE GOVERNANCE WITHIN INDUSTRY
ORGANIZATIONS
PERIPHERAL SYSTEMS THAT AREN’T YET DEFINED AS
CRITICAL INFRASTRUCTURES…
IN PARTICULAR –
SATELLITE COMMUNICATION
VULNERABILITIES
(SHIP-TO-LAND)
(GPS)
(1) CRITICAL
INFRASTRUCTURE
PROTECTION
POLICIES (NOT
LAW)
(2)
INTERNATIONAL
TREATIES AND
ENFORCEMENT
(3) NATIONAL
COUNTERTERRORISM
LAWS
(1) CRITICAL INFRASTRUCTURE PROTECTION
POLICIES – NOT BINDING LAW
2004
2006
2008
• COMMUNICATION ON CRITICAL
INFRASTRUCTURE PROTECTION IN
THE FIGHT AGAINST TERRORISM
• EUROPEAN PROGRAMME FOR CI
PROTECTION
• DIRECTIVE ON EU CRITICAL
INFRASTRUCTURES- DESIGNATION
AND PROTECTION REQUIREMENTS
2013 COMMISSION STAFF WORKING
DOCUMENT ON A NEW APPROACH
INTERDEPENDENCIES AMONG CRITICAL INFRASTRUCTURES
ACROSS SECTORS + NATIONAL BORDERS
EUROCONTROL PILOT PROJECT
ON AVIATION
“SINGLE EUROPEAN SKY”
Presidential
Policy Directive
-- Critical
Infrastructure
Security and
Resilience, 2013
INFORMATION SHARING AND ANALYSIS
CENTERS (ISACS)
(2) INTERNATIONAL NORMS AND
ENFORCEMENT
THE AIM: HARMONIZATION OF NATIONAL
CYBERCRIME LEGISLATION

ART. 5 – SYSTEM INTERFERENCE
EACH PARTY SHALL ADOPT SUCH LEGISLATIVE AND OTHER
MEASURES AS MAY BE NECESSARY TO ESTABLISH AS
CRIMINAL OFFENCES UNDER ITS DOMESTIC LAW… THE
SERIOUS HINDERING WITHOUT RIGHT OF THE FUNCTIONING
OF A COMPUTER SYSTEM BY INPUTTING, TRANSMITTING,
DAMAGING, DELETING, DETERIORATING, ALTERING OR
SUPPRESSING COMPUTER DATA
-CRUCIAL IN THE CI CONTEXT
BUDAPEST CONVENTION >> CYBER
POLICING HAS GONE GLOBAL
24/7 PoC
REQUIRED
 INTERPOL
 EUROPOL
 FBI
 SECTORAL
(BANKS, FINANCE)
(3) NATIONAL COUNTER-TERRORISM LAWS
ISRAEL’S LAW ON THE FIGHT AGAINST
TERRORISM, 2016 - “ACT OF TERRORISM”

Motivation is political, religious, nationalistic,
or ideological

Carried out with the goal of causing public
fear or alarm, or to cause the government or
another public body (in Israel or abroad,
including IOs) to either act or refrain from
acting

One of the following was either threatened or
had a real danger of occurring:
1)
Severe injury to a person’s body or
freedom;
2)
Severe injury to public safety or health
3)
Severe damage to property
4)
Severe damage to religious objects, places
of worship or other sites
5)
Severe damage to infrastructure, systems or
basic services, or severe interference with
them, or severe damage to the national
economy or ecosystem.
AUSTRALIAN CRIMINAL CODE, 1995
A terrorist act […] causes one or
more of the following:
…serious interference with,
disruption to, or destruction of
critical infrastructure such as a
telecommunications or
electricity network.
GERMANY’S LEGISLATIVE APPROACH, 2015
OUTLIER
SUMMING UP
THE BEST SOLUTION
AT PRESENT FOR
PROTECTING
TRANSPORT
VULNERABILITIES…
counter-terrorism
laws
TRANSPORT
VULNERABILITIES
laws
protecting
critical
infrastructure
4 CRITICAL CHALLENGES
 ADAPT THE INFRASTRUCTURE PROTECTION
REGIME TO INCLUDE PERIPHERAL SYSTEMS
 …AND THEIR ACCOMPANYING DATA
 CONSIDER GERMANY’S LEGISLATIVE
APPROACH (AUGMENTED CI + ANTITERRORISM)
 IMPROVING THE PREVENTION OF ATTACKS ON
TRANSPORT BY INTEGRATING EXISTING LEGAL
TOOLS
THANK YOU.
[email protected]
THE BEST SOLUTION
AT PRESENT FOR
PROTECTING
TRANSPORT
VULNERABILITIES…
counter-terrorism
laws
CRITICAL
INFRASTRUCTURE
PROTECTION,
INCL.
COUNTERTERRORISM
laws
protecting
critical
infrastructure
EXTRA SLIDES
…SYSTEMS AND ASSETS, WHETHER
PHYSICAL OR VIRTUAL, SO VITAL TO THE
UNITED STATES THAT THE INCAPACITY OR
DESTRUCTION OF SUCH SYSTEMS AND
ASSETS WOULD HAVE A DEBILITATING
IMPACT ON SECURITY, NATIONAL
ECONOMIC SECURITY, NATIONAL PUBLIC
HEALTH OR SAFETY, OR ANY
COMBINATION OF THOSE MATTERS.
(PATRIOT ACT, 2001)
IMPACTS:
• PHYSICAL (LOSS
OF LIFE AND
PROPERTY)
• ECONOMIC
• SOCIAL
MAY 2015
2013
STANDARDS
2015
Related documents
Zero day timebomb infographic3
Zero day timebomb infographic3
the cost of cybercrime to australia $276323
the cost of cybercrime to australia $276323
new zealand`s cyber security strategy
new zealand`s cyber security strategy
Systems Security
Systems Security
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
TODAY’S TECHNOLOGY CAN CHANGE IN THE BLINK OF AN EYE.
Liability Regimes
Liability Regimes
3 Key Economic Questions
3 Key Economic Questions
Siemplify, a fast-growing cyber security start
Siemplify, a fast-growing cyber security start
Artificial Intelligence Engineer
Artificial Intelligence Engineer
Maritime Cyber Vulnerabilities in the Energy Domain
Maritime Cyber Vulnerabilities in the Energy Domain