This session will focus on the problem of defending critical infrastructure against extreme cyber attacks. Such attacks lead an adversary deep into the plant from where attacks can be launched directly on one or more plant components. While it is necessary to detect the anomalies resulting from such attacks, it is not sufficient to protect the compromised plant against damage and service disruption. We will describe how fusing AI and plant design can lead to a system highly resilient to extreme cyber-attacks.
Gold Sponsor Session: Fusing AI and Design for Cyber Defence
Virtualized Environment – The Available Complexity
The panel explores how digital twin technology, cyber ranges and cyber-physical systems can be used for research and education. The virtualization of hardware components, modelling and simulating the physical entities or complex systems reduces the investments and allows effective scaling even in Cyber-Physical Exercises.
NATO and EU – Strategic Outlook
The panel will examine the cyber dimension (or the lack thereof?) of the upcoming NATO and EU strategic documents, and the implications and opportunities for NATO-EU cooperation on cyber issues that the NATO Strategic Concept and the Strategic Compass for the EU will bring. Representatives of EU and NATO will share their experiences and perspectives on the possible long-term strategic outcomes of the documents, complemented by the member state insight.
Cybersecurity Threats in Transportation Industry
Transport industry, an important part of critical infrastructure, is taking a leap forward with implementing new communications system technologies. This session explores the security concerns of communication services used in transportation industry, addressing the modern aviation and railway sectors.
Securing Supply Chains and Next Generation Networks
Supply chain security and resilience has gained attention of national security decision-makers. The recent significant compromises and vulnerabilities of software supply chain demonstrate the fragility, complexity and opaqueness of digital supply chains, and challenges in securing them. Similarly, the emerging ecosystem of business verticals enabled by next generation networks brings new cybersecurity and supply chain concerns for national security and technology communities.
How to bridge the gap between political and strategic perspectives of national security policy and decision-makers, and the existing and future prevention and mitigation approaches at the operational and technical levels? A conversation on strategic approaches to 5G and supply chain security, critical information infrastructure and the opportunities and challenges of international cooperation.
Fair and Proportionate Data Processing in the Military Context
The increasing data-dependency of the militaries calls for a clear understanding of the type, quantity and origin of the relevant data, the laws regulating the processing of it and the limits of national security exceptionalism. The military environment and national security interests challenge the rules designed for peacetime civilian context. However, given the continuous merging of the civilian and military spheres and the lack of specific guidelines on data protection during military operations, human rights treaties and data protection laws remain the legal sources that address related problematics in the most specific and detailed manner. This panel will ask how the rules contained therein can be adapted to reflect the needs of the security sector. In search of common features and distinguishing lines, the speakers will discuss the privacy and data protection issues raised by multinational operations, autonomous systems and satellite reconnaissance.
The cyber-attack surface in the maritime environment is constantly growing. More current information and computer technologies are being used on cargo and passenger ships and ports to save on operational costs and increase navigational safety. This panel will discuss the cyber aspects of the sector, sheds light on the potential land-based attacks, and introduces the response from the industry to this challenge.
War in Ukraine – Cyber Dimension of Contemporary Conflicts
The Promise and Perils of Emerging Technologies
The implications of emerging technologies are a highly publicised yet often poorly understood field. The adoption of artificial intelligence capabilities alongside greater autonomy is poised to have profound strategic effects on the way warfare is conducted and will have implications that reach far beyond an immediate technical effect. This session explores the cognitive aspects of emerging and disruptive technologies, exploring themes such as public perceptions of offensive cyber operations, the way humans relate to artificial intelligence-enabled decision-support systems in conflict, and the associated potential risks of lethal autonomous weapons systems. Examining the implications of these technologies allows for discussion and policy recommendations to effectively innovative techniques into military contexts in ways that aim to mitigate operational and strategic challenges.
Tallinn Manual 3.0: Achievements, Shortcomings, Prospects
With the Tallinn Manual 3.0 project now underway, this session will examine the influence of the first two editions on the development, interpretation and application of international law as applied in cyberspace. It will explore the appropriateness, benefits and risks of expert-driven processes like the Tallinn Manual project from the perspectives of the experts themselves, those involved in the international dialogue among States on the identification of cyber norms, and legal advisers of States and international organizations involved in cyber operations. The panelists will offer their prognosis for Tallinn Manual 3.0.
Countering Nation State Threats – Mobilizing the Legal Arsenal
The following division of tasks and responsibilities in the field of security is generally accepted: internal security is civilian authorities’ responsibility, while external security is a responsibility of the Armed Forces. Nowadays, however, the interdependence between internal and external security is constantly growing, particularly in the cyber domain.
In the light of the above, the panel will present the following best practices:
- criminal prosecution of foreign military/intelligence officials accused of cyber-crimes;
- criminal investigation on on-line recruitment of people fighting alongside militia or terrorist group;
- administrative measures banning on information networks carrying war propaganda.
NATO and Regional Partnerships Beyond Europe
The year 2021 saw the birth of an important security oriented regional alliance outside Europe, yet involving NATO member states, AUKUS, covering Australia, the United Kingdom and the United States (US). There is also the Quad (Japan, the US, India and Australia) which has a longer history and had its first foreign minister’s meeting in 2019. Both frameworks have substantive cyber and information technology related components. Their ambition spans from sharing expertise to drive domestic and international best practices to bolster critical infrastructure resilience, to information and technology sharing, to cooperation on cyber capabilities, artificial intelligence and quantum computing. What does the rise of the Indo-Pacific as a geo-political concept mean for Europe in cyberspace? What does this vector of security policy mean for NATO? Shall we fear diluting or on the contrary, welcome strengthening of the Alliance?
AI – State of the Myth
This panel will delve into the forefront of applications of AI in intrusion detection systems, as well as explore the current limitations of known methods in the fields of artificial intelligence and machine learning.
Are Offensive Operations the Best Defence?
Threats to national security and the well-being of a state’s citizens are rife in the cyber domain. These threats can take the of non-conventional means such as ransomware operations in which the intent is financial gain, or operations designed to intentionally limit functionality of crucial systems. These threats manifest in operations carried out by States or State affiliated actors, or indeed criminal actors that may be protected by the State. Penalizing States for their own actions or for breaking with the fundamental concept of state, however, is fraught with challenges and complications, and risk of collateral damage and escalation of tensions.
How can states deter malicious cyber activities, and what role can offensive cyber operations or the threat of such operations play in that? This Panel will examine these challenges and potential means of mitigating them, and perhaps even suggest novel approaches. Is the established concept of deterrence due for an overhaul? How should NATO address interoperability of cyber operations? Can they be mitigated through policy or the use of force?
Automation in Malware Analysis
As attackers deploy automation on attack side, the number of detected threats grow in combinatorial explosion and exhaust any capacity of human analyst resources. This panel will explore the topic of malware analysis with special focus to automation.
The concept of ‘cyber resilience’ has become a central one in cyber defence strategies and cyber regulation. But what does cyber resilience really entail and how can it be achieved? And are strategy, policy, and technology experts chasing the right goal? Once these complicated questions are answered, we are still left with the challenge of how to practice and build the necessary tolerance.
In this session our three authors explore two ways to build resilience, exercises and public-private partnerships, and also take a critical look at what the concept means and if there is really a difference between cyber resilience and cyber security.
New Technology and State Responsibility
Emerging technologies bring new phenomena where the existing legal framework is difficult to be applied and so it has yet to be figured out how to invoke responsibility in these situations. Opportunities and risks deriving from such emerging technologies, such as enhanced cyber capabilities and unintended consequences of State cyber activities, should be both considered in order to find a fair balance of all relevant interests involved, so that international law may prevent conflicts between different States. Thus, this panel will explore the different facets of responsibility for operations conducted by emerging technologies with a view to shaping who – and how – a State can be considered as responsible.
Cyber-Space: Doubling the Legal Complexities?
Cyber operations directed to space infrastructures have brought new legal challenges. Cyber operations conducted on earth, to enable satellites to function or malfunction in outer space, are deemed to be outer space activities and thus International law in this field applies to these operations. In the event of cyber attacks on its space assets, a victim state will face a conundrum of how to legally assess the attacks and to respond to an offender, in the light of relevant space law treaty provisions and other rules of general international law. However, it is far from easy to interpret and apply them given that state jurisdiction is exercised in outer space in a different manner than other domains. This session explores topics such as how to sort out responsibility and liability arising from cyber attacks on space assets among all countries concerned and how NATO allies can proceed with legal evaluation problem.
Book Launch: The Rights to Privacy and Data Protection in Times of Armed Conflict*
Recent armed conflicts in Iraq, Afghanistan, Palestine, and Ukraine have demonstrated the profound risks posed to the rights to privacy and data protection in contemporary warfare. Technological advances in the fields of electronic surveillance, predictive algorithms, big data analytics, user-generated evidence, artificial intelligence, cloud storage, facial recognition, and cryptography are redefining the scope, nature, and contours of military operations. Against this backdrop, international humanitarian law offers very few, if any, lex specialis rules for the lawful processing, analysis, dissemination, and retention of personal information.
CCDCOE is proud to publish “The Rights to Privacy and Data Protection in Times of Armed Conflict,” a 15-chapter anthology produced by leading academics and practitioners and co-edited by Russell Buchan (University of Sheffield) and Asaf Lubin (Indiana University) with support from the Ostrom Workshop. The book offers a first-of-its-kind account of the current and potential future application of digital rights in conflict situations. This book launch will feature a panel discussion by the book’s editors with senior commentators about topics and themes covered in the new book.