Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
RESPONDING TO CYBER THREATS IN THE TRANSPORTATION SECTOR: INSIGHTS FROM GLOBAL AND COMPARATIVE CYBERSECURITY REGULATION DEBORAH HOUSEN-COURIEL, ADV. THE TRANSPORT OF TWO TYPES OF CYBERVULNERABLE DATA CIVIL AVIATION MASS LAND TRANSPORT (BUSES, TRUCKS) NAVAL TRANSPORT, PORTS AND HARBORS PRIVATE VEHICLE TRAFFIC SYSTEMS MEANS OF TRANSPORT = CRITICAL INFRASTRUCTURE CIVILIAN DRONES (?) TRAINS THE BEST SOLUTION AT PRESENT FOR PROTECTING TRANSPORT VULNERABILITIES… counter-terrorism laws TRANSPORT VULNERABILITIES laws protecting critical infrastructure ART. 2, 2008 EU DIRECTIVE ON CI …ASSET, SYSTEM OR PART THEREOF LOCATED IN MEMBER STATES WHICH IS ESSENTIAL FOR THE MAINTENANCE OF VITAL SOCIETAL FUNCTIONS, HEALTH, SAFETY, SECURITY, ECONOMIC OR SOCIAL WELL-BEING OF PEOPLE, AND THE DISRUPTION OR DESTRUCTION OF WHICH WOULD HAVE A SIGNIFICANT IMPACT IN A MEMBER STATE... US PATRIOT ACT – “DEBILITATING IMPACT” LOOKING AT CYBER – ENABLED ATTACKS ON TRANSPORT AS ATTACKS ON CRITICAL INFRASTRUCTURE WHAT’S NOT WORKING? LEGAL AND REGULATORY GAPS: THE END GAME FOR CI PROTECTION NO OVERARCHING POLICY RE TRANSPORT INFRASTRUCTURE THAT CAN DRIVE LEGAL SOLUTIONS NEED FOR SECTOR-SPECIFIC TOOLS FOR CYBER SECURITY ANALYSIS DOMINO EFFECTS OF CYBER ATTACKS BETTER THREAT AND RISK ASSESSMENT MODELS CORPORATE GOVERNANCE WITHIN INDUSTRY ORGANIZATIONS PERIPHERAL SYSTEMS THAT AREN’T YET DEFINED AS CRITICAL INFRASTRUCTURES… IN PARTICULAR – SATELLITE COMMUNICATION VULNERABILITIES (SHIP-TO-LAND) (GPS) (1) CRITICAL INFRASTRUCTURE PROTECTION POLICIES (NOT LAW) (2) INTERNATIONAL TREATIES AND ENFORCEMENT (3) NATIONAL COUNTERTERRORISM LAWS (1) CRITICAL INFRASTRUCTURE PROTECTION POLICIES – NOT BINDING LAW 2004 2006 2008 • COMMUNICATION ON CRITICAL INFRASTRUCTURE PROTECTION IN THE FIGHT AGAINST TERRORISM • EUROPEAN PROGRAMME FOR CI PROTECTION • DIRECTIVE ON EU CRITICAL INFRASTRUCTURES- DESIGNATION AND PROTECTION REQUIREMENTS 2013 COMMISSION STAFF WORKING DOCUMENT ON A NEW APPROACH INTERDEPENDENCIES AMONG CRITICAL INFRASTRUCTURES ACROSS SECTORS + NATIONAL BORDERS EUROCONTROL PILOT PROJECT ON AVIATION “SINGLE EUROPEAN SKY” Presidential Policy Directive -- Critical Infrastructure Security and Resilience, 2013 INFORMATION SHARING AND ANALYSIS CENTERS (ISACS) (2) INTERNATIONAL NORMS AND ENFORCEMENT THE AIM: HARMONIZATION OF NATIONAL CYBERCRIME LEGISLATION ART. 5 – SYSTEM INTERFERENCE EACH PARTY SHALL ADOPT SUCH LEGISLATIVE AND OTHER MEASURES AS MAY BE NECESSARY TO ESTABLISH AS CRIMINAL OFFENCES UNDER ITS DOMESTIC LAW… THE SERIOUS HINDERING WITHOUT RIGHT OF THE FUNCTIONING OF A COMPUTER SYSTEM BY INPUTTING, TRANSMITTING, DAMAGING, DELETING, DETERIORATING, ALTERING OR SUPPRESSING COMPUTER DATA -CRUCIAL IN THE CI CONTEXT BUDAPEST CONVENTION >> CYBER POLICING HAS GONE GLOBAL 24/7 PoC REQUIRED INTERPOL EUROPOL FBI SECTORAL (BANKS, FINANCE) (3) NATIONAL COUNTER-TERRORISM LAWS ISRAEL’S LAW ON THE FIGHT AGAINST TERRORISM, 2016 - “ACT OF TERRORISM” Motivation is political, religious, nationalistic, or ideological Carried out with the goal of causing public fear or alarm, or to cause the government or another public body (in Israel or abroad, including IOs) to either act or refrain from acting One of the following was either threatened or had a real danger of occurring: 1) Severe injury to a person’s body or freedom; 2) Severe injury to public safety or health 3) Severe damage to property 4) Severe damage to religious objects, places of worship or other sites 5) Severe damage to infrastructure, systems or basic services, or severe interference with them, or severe damage to the national economy or ecosystem. AUSTRALIAN CRIMINAL CODE, 1995 A terrorist act […] causes one or more of the following: …serious interference with, disruption to, or destruction of critical infrastructure such as a telecommunications or electricity network. GERMANY’S LEGISLATIVE APPROACH, 2015 OUTLIER SUMMING UP THE BEST SOLUTION AT PRESENT FOR PROTECTING TRANSPORT VULNERABILITIES… counter-terrorism laws TRANSPORT VULNERABILITIES laws protecting critical infrastructure 4 CRITICAL CHALLENGES ADAPT THE INFRASTRUCTURE PROTECTION REGIME TO INCLUDE PERIPHERAL SYSTEMS …AND THEIR ACCOMPANYING DATA CONSIDER GERMANY’S LEGISLATIVE APPROACH (AUGMENTED CI + ANTITERRORISM) IMPROVING THE PREVENTION OF ATTACKS ON TRANSPORT BY INTEGRATING EXISTING LEGAL TOOLS THANK YOU. [email protected] THE BEST SOLUTION AT PRESENT FOR PROTECTING TRANSPORT VULNERABILITIES… counter-terrorism laws CRITICAL INFRASTRUCTURE PROTECTION, INCL. COUNTERTERRORISM laws protecting critical infrastructure EXTRA SLIDES …SYSTEMS AND ASSETS, WHETHER PHYSICAL OR VIRTUAL, SO VITAL TO THE UNITED STATES THAT THE INCAPACITY OR DESTRUCTION OF SUCH SYSTEMS AND ASSETS WOULD HAVE A DEBILITATING IMPACT ON SECURITY, NATIONAL ECONOMIC SECURITY, NATIONAL PUBLIC HEALTH OR SAFETY, OR ANY COMBINATION OF THOSE MATTERS. (PATRIOT ACT, 2001) IMPACTS: • PHYSICAL (LOSS OF LIFE AND PROPERTY) • ECONOMIC • SOCIAL MAY 2015 2013 STANDARDS 2015