Security News > 2020 > August > State-backed hacking, cyber deterrence, and the need for international norms
It's a free for all, it seems, as the world has yet to decide on laws and norms regulating cyber attacks and cyber espionage in peacetime, and find a way to make nation-states abide by them.
The US has been publicly attributing cyber espionage campaigns to state-backed APTs and regularly releasing technical information related to those campaigns, its legislators have been introducing legislation that would lead to sanctions for foreign individuals engaging in hacking activity that compromises economic and national security or public health, and its Department of Justice has been steadily pushing out indictments against state-backed cyber attackers and spies.
Dr. Yannakogeorgos says that, while attribution of cyber attacks is definitely not as clear-cut as seeing smoke coming out of a gun in the real world, with the robust law enforcement, public private partnerships, cyber threat intelligence firms, and information sharing via ISACs, the US has come a long way in terms of not only figuring out who conducted criminal activity in cyberspace, but arresting global networks of cyber criminals as well.
More recently, Kristen Eichensehr, a Professor of Law at the University of Virginia School of Law with expertise in cybersecurity issues and cyber law, argued that "States should establish an international law requirement that public attributions must include sufficient evidence to enable crosschecking or corroboration of the accusations" - and not just by allies.
"In the realm of nation-state use of cyber, there have been dialogues within the United Nations for nearly two decades. The most recent manifestation is the UN Group of Governmental Experts that have discussed norms of responsible state behavior and issued non-binding statements to guide nations as they develop cyber capabilities," Dr. Yannakogeorgos pointed out.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FkbfO0S8uPo/