Network Infrastructure Operator Responses to Cyber Attack: Legal and Technical Requirements and Constraints

The proposed research is to study cyber-attacks against critical infrastructures affecting society and national functions in peacetime, specifically telecommunications network infrastructure. Where such attacks occur, infrastructure operators must detect, mitigate, and counter these to maintain adequate function of the infrastructure. The objective of this research is hence to study the requirements and constraints imposed on operators both from a technical and also legal as well as ethical perspective. To this end, a number of scenarios are to be developed in co-operation with domain experts, and the current state of the art in terms of capabilities for detection and mitigation including factors such as timeliness, confidence in attribution, and accuracy is to be examined. Possible responses and countermeasures are to be investigated from first principles within these technical constraints, but particularly in the context of applicable national laws as well as international law. Responses are also to be examined for ethical challenges posed by the outcomes and side effects of counter- and mitigation measures. Based on existing operational and legal guidance, scenarios for attacks affecting Network Infrastructure Operators (NIO) are then to be assessed theoretically and experimentally within the framework of the National Cyber Range. Scenarios will include aspects such as attacks and responses transcending boundaries of NIO domains and national jurisdictions, as well as the effect of automation for both attack and response mechanisms. An expected outcome of the research will be a legal and operational framework for NIOs along with public entities managing and regulating critical national infrastructure for the handling of escalating cyber-attacks, based on an assessment of the efficacy of current approaches.

The proposed research is to study cyber-attacks against critical infrastructures affecting society and national functions in peacetime, specifically telecommunications network infrastructure. Where such attacks occur, infrastructure operators must detect, mitigate, and counter these to maintain the adequate function of the infrastructure. The objective of this research is hence to study the requirements and constraints imposed on operators both from a technical and also legal as well as ethical perspective. To this end, several scenarios are to be developed in cooperation with domain experts, and the current state of the art in terms of capabilities for detection and mitigation, including factors such as timeliness, confidence in attribution, and accuracy, is to be examined. Possible responses and countermeasures are to be investigated from first principles within these technical constraints, but particularly in the context of applicable national and international laws. Responses will be examined for ethical challenges posed by the outcomes and side effects of counter- and mitigation measures. Based on existing operational and legal guidance, scenarios for attacks affecting Network Infrastructure Operators (NIO) are then to be assessed theoretically and experimentally within the framework of the National Cyber Range. Scenarios will include aspects such as attacks and responses transcending boundaries of NIO domains and national jurisdictions, as well as the effect of automation for both attack and response mechanisms. An expected outcome of the research will be a legal and operational framework for NIOs along with public entities managing and regulating critical national infrastructure for the handling of escalating cyber-attacks, based on an assessment of the efficacy of current approaches.