Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Layers of the Cyberstack: Lessons for Cybersecurity”

Published byCatherine Dennis Modified over 7 years ago

Similar presentations

Presentation on theme: "“Layers of the Cyberstack: Lessons for Cybersecurity”"— Presentation transcript:

1 “Layers of the Cyberstack: Lessons for Cybersecurity”
Peter Swire Huang Professor of Law & Ethics Panel on “Cyber Threats to Business” Academy of Legal Studies of Business August 10, 2017

2 The Challenge I have taught law and policy of cybersecurity for 15 years A challenge for law, policy, and business classes about cybersecurity: “Real” cybersecurity is about writing code and doing technical work The “soft” issues are seen as not central to the task of cybersecurity Vague approval of “inter-disciplinary” studies for cybersecurity But, with a lower priority than “real” cybersecurity My remarks today: A new conceptual framework Organizes numerous, important, & non-technical cyber-issues Presents the curriculum and issues in ways that make sense to both technical and non-technical audiences in cybersecurity

3 Seven Layers of the OSI “Stack”
In my experience, these seven layers are well known to knowledgeable computer people who work on cybersecurity. Intuitively, they also know that cyber-attacks can happen at any of these 7 levels.

4 What is Missing from the 7 Layer OSI Model?

5 Layers 8, 9, and 10: Natural Language
International Natural language Diplomacy Layer 9 Governmental Law Layer 8 Organizational Contracts Layers 1-7 OSI stack Computer Code Various protocols

6 Layer 8: Private-Sector Organizations: Role of Contracts
Within the Organization Relations with Other Actors Limits on Private Sector Actors Examples of cyber law and policy Incident response plans & other internal policies Training Cyber hygiene Role of CISO Vendor contracts & management Cyber-insurance Private-sector information sharing PCI-DSS and other industry standards Technical standards such as IETF

7 Layer 9: Public Sector, Governmental Layer: The Law
Within the Organization Relations with Other Actors Limits on Government Actors Examples of cyber law and policy HIPAA, GLBA, and other cyber rules Other state-created defensive measures (FTC Sec. 5, etc.) Rules limiting strong encryption Computer Fraud & Abuse Act and other limits on offense Public-private partnerships and information sharing Constitutional limits on state action, such as 4th Amendment Statutory limits on state action, such as ECPA and FISA

8 Layer 10: International Layer: Diplomacy
Within the Nation Relations with Other Nations Limits on Nation States Examples of cyber law and policy Unilateral cyber actions, on spectrum from war to “cyber-peace” Deterrence against aggressive cyberattacks Formal treaties, including MLATs & Budapest Convention Less formal agreements, such as US/Russia and US/China cyber agreements Possible supra-national governance, such as by UN or ITU Role of international law, including laws of war

9 Contributions of the 10-layer stack
Parsimonious structure to organize the numerous issues now crowding into cyber law, policy, and business courses I have covered every issue in 3 charts in my cyber course For students and teachers, a way to keep the many issues straight Attacks can happen at layers 8, 9, and 10, if the company has bad policies, the nation has bad laws, or the international community does not prevent attacks Vulnerabilities at layers 8, 9, and 10 thus fundamentally similar to vulnerabilities at layers 1 to 7 Next steps: Complete the text and diagrams for the 10 layers of the cyber-stack – I welcome your comments and suggestions Apply the 10 layers to privacy and other cyber-issues

Download ppt "“Layers of the Cyberstack: Lessons for Cybersecurity”"

Similar presentations

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.

Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.

Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.
The IS Security Problem GP Dhillon, Ph. D. Associate Professor of IS, VCU

The IS Security Problem GP Dhillon, Ph. D. Associate Professor of IS, VCU
Resources to Support Training Programs for CSIRTs.

Resources to Support Training Programs for CSIRTs.
Information Warfare Playgrounds to Battlegrounds.

Information Warfare Playgrounds to Battlegrounds.
Humanities 375, September 8, 1998. Why are we reading this book? u 1. To raise your sensitivity to circumstances involving information technology that.

Humanities 375, September 8, Why are we reading this book? u 1. To raise your sensitivity to circumstances involving information technology that.
IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.

IAPP KnowledgeNet Los Angeles “Thinking Outside the Cookie Jar” The Second Wave of Global Privacy Protection: Why This Year Is Different Peter Swire, Senior.
CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.

CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Of XX Cybersecurity in Government Contracting, Acquisition and Procurement Nicholas R. Schacht ©2015 PubKLearning. All rights reserved.1 KnowCyber improves.

Of XX Cybersecurity in Government Contracting, Acquisition and Procurement Nicholas R. Schacht ©2015 PubKLearning. All rights reserved.1 KnowCyber improves.
Information Warfare Playgrounds to Battlegrounds.

Information Warfare Playgrounds to Battlegrounds.
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
GSC9_011 Bill McCrum Executive Secretary TSACC Since GSC 8.

GSC9_011 Bill McCrum Executive Secretary TSACC Since GSC 8.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Chapter 4: Laws, Regulations, and Compliance

Chapter 4: Laws, Regulations, and Compliance
FACULTY OF LAW, UNIVERSITY OF OSLO The principle of integration and its dilemmas Hans Chr. Bugge Professor of Environmental Law University of Oslo.

FACULTY OF LAW, UNIVERSITY OF OSLO The principle of integration and its dilemmas Hans Chr. Bugge Professor of Environmental Law University of Oslo.

Similar presentations

Ads by Google