A good deal of cyber law scholars’ studies have been focused on the obligations of nation states in relation to one another regarding “use of force” in cyber space. In reality, most cyber attacks today involve a lower level of cyber operation – a sub-war level of conflict. This level of attack would include such actions as degradation or theft of information, disruption of communications, or possibly even the destruction of certain capabilities. When the U.S. suffers such an attack, a response may be in order. The type of response permitted is based on many factors, including, but not limited to, such things as existing agreements and treaties, the scope of the cyber attack, and the magnitude of its effect.
Decisions regarding the application of law to cyber operations and what an appropriate response would look like affects national security in that both decisions can have a large role in shaping the economic world. Developing law to govern economic competition in the cyber world is central to maintaining order and providing stability. The law which applies in the physical world does not always easily or effectively translate to the cyber realm. So what is and should be allowed in terms of a state response to one of the most common forms of cyber attack – economic espionage?
- Countering State-Sponsored Cyber Economic Espionage Under International Law (Links to an external site.)Links to an external site. by Catherine Lotriante
- Think about Catherine Lotrainte’s suggested method for enforcing the rights of victim states against economic espionage.
- Is the author’s suggested method viable?
- Why or why not?
- Is the author’s suggested method viable?
- Scrutinize her claim (in Part III) that “there is a legally binding norm of non-intervention that reaches the kind of non-forcible economic influence that economic espionage represents” which is poorly understood.
- Given the nature of the cyber domain, does the norm of non-intervention apply?
- What additional rules might be required to supplement existing norms?
Slide 1 of 2
UNFORMATTED ATTACHMENT PREVIEW
Discussion 1: Cyber Espionage Catherine Lotraintes idea of enforcing the rights of victim states against economic espionage is a viable method. This idea provides justification for intervention to a victim state that is facing a case of cyber espionage. While non intervention has been found to be costly, justified intervention under the international law is a major requirement. The lack of non intervention measures could lead to a state having a loss of money as a result of such an act. It is evident that cyber espionage attacks are extremely expensive and costly to maintain for states. The issues of phishing, link jacking and also social spam lead to increased cases of data breaches. Since the existing threats on many states have major problems on the people, there is a need to have protection of the citizens and individuals within state to help prevent any case of cyber attack that has faced a specific country or nation (Lontrionte, 2015). The main problem with economic espionage is that sensitive information about the functioning of an economy is usually disrupted through the attacks on critical infrastructure. For this reason, there is a need to create policies whose aim is to protect critical infrastructure from the form of attacks from the political class sand also military by other states. The end of Soviet Union demonstrates that the establishment of economic functions of a country rest within the domain of national security. The failure to have protection on the economic factors of production usually leads to the end of a nation’s sovereignty. For this reason, a nation’s intellectual property needs to be protected at all times from any external threats. While the international law does not have sufficient protective clauses under cyber espionage, there is always a need to have intervention from a superior state to help protect a victim state from losing its sensitive economic data (Winterfeld & Andress, 2012). Given the nature of cyber domain, it is evident that non intervention can apply. This is because some attacks can be meant to be for recreation purposes such as gaining fame and notoriety. In these attacks, there can be limited resources and known exploits meant to lose confidential information. The attacks that call for intervention are those that deal with organized crimes and state sponsored attacks. The highly sophisticated attacks and advanced persisted threats to the computer systems are the ones that should be avoided. This is because the nature of these attacks demonstrates established syndicates, significant technical resources and vast networks that affect the operations of these attacks. Some of the rules that can apply on the context of cyber espionage include the rule to protect computers from the increased level of vulnerabilities. Measures have been put to ensure that computer systems have not been destroyed through destructive software attacks. The establishment of these new rules would ensure that computers have been protected from any form of attack. This would secure the computer systems and ensure that people have not abused the use of these computers. The protection of the computers and economies through enhanced privacy laws would ensure that economies do not lose sensitive information (Lontrionte, 2015). References Lotrionte, C. (2015). Countering state sponsored cyber economic espionage under international laws. The north Carolina journal of international law. Retrieved from https://www.law.unc.edu/journals/ncilj/issues/volume40/issue-2-winter2015/countering-statesponsored-cyber-economic-espionage-under-internationallaw/ Winterfeld, S., & Andress, J. (2012). The basics of cyber warfare: Understanding the fundamentals of cyber warfare in theory and practice. New Syngress. Response A Catherine Lotrainte’s (2015) method of having states employ legal countermeasures and determine what constitutes “unfair” practices is not viable. Neither is the method of establishing a new international norm of what constitutes “unfair” practices and economic espionage. The main reason why this method is not viable is due to the fact that there is a lack of central oversight. With each state determining what is “unfair” and what is “fair,” disagreements and conflicts over what is cyber economic espionage and what is not. This will make it difficult for any legal authority to apply uniform rules of law. While the countermeasures that each state applies may fall within applicable laws, some states will find self-defined grounds for action and other states will not. This will likely lead to further misunderstandings, confusion amongst governing legal bodies, and could result in serious damage and harm to vulnerable states. Establishing a new international norm will not necessarily deter cyber economic espionage as there is currently an international norm of non-intervention, which does not seem to be currently understood or applied uniformly between all states (Lotrainte, 2015). The norm also creates serious loopholes where states are able to commit acts of cyber economic espionage without a course for retribution. The norm of non-intervention covered under international law states that nations will not interfere with other nations’ sovereignty (Yoo, 2015). This includes the use of coercion to interfere in another state’s economic systems (Yoo, 2015). Coercion is defined as the use of direct military force or subversive or terrorism-related acts (Yoo, 2015). As Lotrainte (2015) implies, the international norm of non-intervention applies to cyber economic espionage since it is a subversive act of force meant to disrupt another state’s economic system. The norm of non-intervention can apply to the cyber domain since states own IP addresses, websites, domains, and the resources necessary to connect to the cyber domain. There is also an implicit understanding that the cyber domain is used for both domestic and international trade. However, the norm of nonintervention does not necessarily apply to all cyber-related activities (Yoo, 2015). Some forms of cyber espionage that lack the element of coercion do not apply to the norm of non-intervention (Yoo, 2015). Additional rules stating what constitutes harmful and punishable cyber espionage are needed. The World Trade Organization (WTO) needs to establish rules indicating what types of cyber activities are acceptable and which are unlawful in terms of surveillance, intrusion into systems, and theft of proprietary information. References Lotrionte, C. (2015). Countering state-sponsored cyber economic espionage under international law. NCJ Int’l L. & Com. Reg., 40, 443. Yoo, C. (2015). Cyber Espionage or Cyberwar?: International Law, Domestic Law, and Self-Protective Measures. University of Pennsylvania Law School, Paper 1540. Response B hink about Catherine Lotrainte’s suggested method for enforcing the rights of victim states against economic espionage. Here basic thoughts were that international law still provides those states whose rights have been violated other venues, such as countermeasures, to enforce those rights (Lotrainte, 2015). Recognizing the gravity of the threat from economic espionage, the U.S. Congress adopted the Economic Espionage Act (EEA) in 1996, making the theft of trade secrets from U.S. companies a federal crime, and providing law enforcement with a new enforcement tool (Lotrainte, 2015). The EEA provides for criminal prosecution of an individual who takes, possesses, duplicates, transfers, or sells trade secrets for purposes of using the trade secrets to benefit a foreign nation or any agent thereof. The author anticipated that the EEA (Economic Espionage Act) of 1996 would assist in playing down and enforcing the rights of victims and help to solve some of the economic espionage problem (Lotrainte, 2015). The TRIPS (Trade-Related Aspects of Intellectual Property Rights) agreement protects trade secrets, not as individual intellectual property, but as a prohibition against unfair competition. Furthermore, it provides an enhanced enforcement mechanism through the WTO’s (World Trade Organization) DSB (Dispute Settlement Body) as well as other remedies (Lotrainte, 2015). Is the author’s suggested method viable? I totally think so, most of her recommendations are possible. Mainly because all her proposals for dealing with state victims and economic espionage are entirely practical. Consider, traditional espionage can serve to increase the security of states, helping to decrease the chances of surprise attacks and minimizing conflict, thereby preserving global security. There is no equivalent benefit accruing from economic espionage because states that conduct economic cyber espionage do so in order to acquire technology and innovation they themselves have failed to develop (Lotrainte, 2015). Why? Her proposals very practical. Here is one way she suggested to enforce victims’ rights and reducing economic espionage. The development of countermeasures under international law, examining how and when a state may employ countermeasures in response to cyber economic espionage. The viability of establishing an institutional mechanism for enforcing the economic rights of a victim state through the use of the WTO dispute settlement regime (Lotrainte, 2015). Given the nature of the cyber domain, does the norm of non-intervention apply? Due to the size of the cyber-domain, over time, the reaction of states to cyber operations that fall below the use of force threshold as well as how states characterize their own cyber operations will inform the process of interpretation of the norm of non–intervention. These advantages would exist despite the size of the cyber-domain (Lotrainte, 2015). Allowing the state to conduct collection remotely, not requiring proximity for access, and eliminating the need to recruit a human asset to acquire access, thereby lowering the costs, increasing the volume of information taken, and minimizing the chances of being detected and the political and diplomatic ramifications that would follow (Lotrainte, 2015). Whatever happens, as economic espionage persists, states will be forced by circumstances to take a position on whether a particular cyber operation has breached the non-intervention norm (Lotrainte, 2015). What additional rules might be required to supplement existing norms? Additional rules are, (1) both generally uniform and consistent state practice and opinion juris, the belief by the state that the behavior is required or permitted under international law. (2) The Convention requires signatory nations to extend to foreign nationals the same intellectual property protections that are provided to their own citizens, and sets forth uniform rules by which member states must abide with respect to industrial property rights (Lotrainte, 2015). (3) The law of countermeasures requires that the state taking the countermeasures provide the wrongdoing state with notice of the intent to carry out countermeasures (Lotrainte, 2015). Scrutinize her claim (in Part III) that “there is a legally binding norm of non-intervention that reaches the kind of non-forcible economic influence that economic espionage represents which is poorly understood. The non-forcible economic influence merits more scholarly attention, considers the norm of non-intervention in relation to nonforcible economic interference in other states through cyber means (Lotrainte, 2015). References Lotrainte, C. (2015). Countering Cyber Economic Espionage. Countering StateSponsored Cyber Economic, 470, 491.
Purchase answer to see full attachment
Tags: law cyber