Presentation is loading. Please wait.

Presentation is loading. Please wait.

J. Michael Daniel Former White House Coordinator of Cybersecurity during President Barak Obama “ Cyber is one of those issues where it doesn't behave according.

Published byHarvey McDaniel Modified over 6 years ago

Similar presentations

Presentation on theme: "J. Michael Daniel Former White House Coordinator of Cybersecurity during President Barak Obama “ Cyber is one of those issues where it doesn't behave according."— Presentation transcript:

1 RETHINKING THE FUNDAMENTALS OF THE LEGAL FRAMEWORK FOR CYBERSECURITY Emmanuel Edet NITDA

2 J. Michael Daniel Former White House Coordinator of Cybersecurity during President Barak Obama Cyber is one of those issues where it doesn't behave according to the same rule set about objects in the physical world. There's kind of this idea that we can do cyberdefense like we do missile defense. Like we can watch for malicious activity coming in and we can stop it before it gets to the United States, and that's just not how cybersecurity is going to work. We also have this mental model that we can treat cybersecurity like a border security issue, and it's not really amenable to that. The way that cyberspace works is not amenable to treating it that way.

3 WHAT ARE WE TALKING ABOUT ?
Legislation Jurisprudence Analysis Challenges Approaches Suggestions

4 CYBERSECURITY ECOSYSTEM
Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. - ITU Cybersecurity Environment Legal Technical Organisational Capacity Building Cooperation Cybercrime Legislation, Cybersecurity Regulations, Cybersecurity Training National CIRT, Government CIRT, Sectoral CIRT, Standards for Org., Certifications for Professionals, approaches, training, actions etc Strategy, responsible Agency, Cybersecurity Matrix Standardisation Bodies, Good practices, R&D programs, public awareness, professional training courses, education programs and curriculum, incentive mechanism and home grown cybersecurity industry Interstate Cooperation, Multi lateral agreements, public private partnership, interagency partnerships

5 Cybersecurity Ecosystem
Legal Aspects Laws Policies Regulations Institutional Aspects Procedures Administration Enforcement Aspects Investigations Evidence Gathering Prosecution

6 Ensure the protection of critical national information infrastructure;
Provide legal, regulatory and institutional framework for cybercrimes in Nigeria; Ensure the protection of critical national information infrastructure; Promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights. CYBERCRIMES (PROHIBITION, PREVENTION ETC) ACT 2015 Procedural Substantive Designation of CII Coordination and Enforcement National Cybersecurity Council National Cybersecurity Fund Power of search, seizure & arrest Unlawful Access to computer System Interference Computer related fraud/forgery Theft of Electronic devices Cyber Terrorism Cyberstalking Identity theft Child pornography Racist and Xenophobic offences

7 INTERESTING PROVISIONS
CYBERCRIMES (PROHIBITION, PREVENTION ETC) ACT 2015 INTERESTING PROVISIONS REQUIREMENTS Registration of Cybercafés Reporting of Cyberthreats Minimum Standards for CII Employees Responsibility Duties of Financial Institutions Record Retention and Protection of Data RESPONSIBILITIES Failure of service provider to perform certain duties INTERNATIONAL COOPERATION Jurisdiction Extradition Mutual Legal Assistance Admissibility of Evidence from Foreign Country Expedited Preservation of Computer Data Form of Application Designation of Contact Point REGULATIONS Attorney –General of the Federation Makes Regulations

8 Institutional and Enforcement Framework
Section 41 (1) The office of the National Security Adviser shall be the coordinating body for all security and enforcement agencies under this Act a. Provide support to all relevant security, intelligence, law enforcement agencies and military services to prevent and combat cybercrimes in Nigeria Capacity Capability

9 Analysis-Global Cybersecurity Index

10 The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. Global spending to combat cybercrime will top $80 billion this year, with organizations increasingly focusing on detection and response because taking preventive approaches have not been successful in blocking malicious attacks. Due to the intensity of compliance and regulations, the costs per breach to organizations in the health care and financial services sectors top all other industry groups, according to the Ponemon study “The State of SMB Cybersecurity” report, a staggering 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months. Of the 1,000 IT leaders polled for Invincea’s “2016 Cyberthreat Defense Report,” three-quarters reported that their networks had been breached in the last year, and 62 percent said they expect to suffer a successful cyberattack at some point this year.

11 Applying Law to Cybersecurity
Governance and enforcement of laws in cyberspace is different  Cyberspace's reach across geo‐political boundaries defies traditional governance. Who has authority to make the law?  What is the applicable law?  Who has the power to enforce it? Public and private sectors: gov’t duty, but mostly private assets Different sets of rules to protect systems and datatypes Critical Infrastructure Proprietary Information Personal Data Anonymity and Attribution Dual Criminality principles Jurisdiction Definition Reactionary approach

12 Applying Law to Cybersecurity
The definitive certainty required by law is being challenged by fluid concepts promoted by technology THREATS ACTORS An important consideration is the type of offence that has been committed in order to determine the rule that should apply in a law and the necessary punishment as well as the object of the attack Again it is important to determine who is responsible for the threat or breach. Is it an individual, an organisation, eg terrorist or perhaps even a state sponsored illegal activity

13 Budapest Convention on Cybercrime (2001)
Some Legal Approaches Budapest Convention on Cybercrime (2001)  Council of Europe’s effort to harmonize disparate national cybercrime laws.  Signatories promise to: Adopt domestic legislation to establish procedures outlined in treaty  Cooperate through mutual legal assistance (MLA) even if no more specific  agreement  (e.g., extradition, accessing computer data, interception). Prosecute cyber crimes committed on its territory

14 Some Legal Approaches CANADA Criminal Code Prohibits “fraudulently and without color of right” obtaining “any computer service;”  or  wilful “mischief” to interfere with computer use or tamper with data. Prohibits interception, access to electronic communications, but exceptions for  consent  (“express or implied”) or to protect the network. Personal Information Protection & Electronic Documents Act (PIPEDA)(2005) Reasonable administrative, technical, physical measures to protect personal data. Enforcement Entities: Office of the Privacy Commissioner of Canada enforces PIPEDA High degree of privacy enforcement, deemed “adequate” country by EU

15 Some Legal Approaches GERMANY Federal Data Protection Act (BDSG)
IT Security Act (ITSG) (2015) ‐‐critical infrastructure operators must: Establish and Implement a minimum set of security measures; Verify implementation by conducting security audits; Report incidents to Federal Office for Information Security (BSI). Telecommunications Act (2014) contains sector‐specific data security provisions. For example, section 109requires the use of technical safeguards to prevent  unauthorized access. Enforcement: Improper Data Processing Agreement (Bavarian DPA, 2015) Imposed big fine on data controller for failure to adequately specify security controls  to  protect personal data in agreement with data processor. 

16 Some Legal Approaches CHINA
Cybersecurity Law consolidates existing powers, including monitoring, and  introduces concept of Critical Information  Infrastructure  Antiterrorism Law  Requires telecom operators and Internet companies to provide “technical interfaces, decryption  and  other technical support and assistance” to China’s government  investigating terrorist  activities, broadly defined.  National Security Law Government to ensure that key technologies and infrastructure, as well as information systems and  data in important areas, are “safe and controllable”, so as to “protect national sovereignty, security  and development interests in the cyberspace.” Computer Information Network and Internet Security, Protection, and  Management Regulations Internet service providers must secure processing of data, educate Internet users on security. 

17 Suggestions Develop Rethink Recognize Accept
Success in ensuring cybersecurity can only be achieved through collaboration, domestic and international In developing Legal frameworks we must recognize that enforcement in cyberspace is not physical space and tailor our efforts in that direction Training Research and innovation Our approach to applying existing laws online

18 Lord Alfred Denning What is the argument on the other side? Only this, that no case has been found in which it has been done before. That argument does not appeal to me in the least. If we never do anything which has not been done before, we shall never get anywhere. The law will stand still whilst the rest of the world goes on; and that will be bad for both. Packer v. Packer [1954] P. 15 at 22.

19 edmanix

Download ppt "J. Michael Daniel Former White House Coordinator of Cybersecurity during President Barak Obama “ Cyber is one of those issues where it doesn't behave according."

Similar presentations

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
UNODC & the Global Response to Cybercrime

UNODC & the Global Response to Cybercrime
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer S. Granick m.

Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer S. Granick m.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.
AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
International Standards Simon Goddard 31 August 2012 MOLI Serbia.

International Standards Simon Goddard 31 August 2012 MOLI Serbia.
Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson

Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson
1 How to Improve Law Enforcement - Service Providers Cooperation in India A presentation by: Lalit Mathur ISPAI.

1 How to Improve Law Enforcement - Service Providers Cooperation in India A presentation by: Lalit Mathur ISPAI.

Similar presentations

Ads by Google