Tuesday, June 16, 2020
Mieke Eoyang and Chimène Keitner (ThirdWay and University of California Hastings College of the Law) have posted Cybercrime vs. Cyberwar: Paradigms for Addressing Malicious Cyber Activity (Journal of National Security Law and Policy, Forthcoming) on SSRN. Here is the abstract:
This contribution seeks to identify and assess the frameworks used to describe and deter malicious cyber activity (MCA), and to highlight legal and operational challenges in tackling problems that arise where these frameworks overlap or intersect. To that end, we examine two different models, an “armed conflict model” and a “law enforcement model,” that have been used to address the threat posed by such activity. The terms cyber-war and cyber-crime, respectively, encapsulate each of these models — yet the line separating these categories is not well defined, and both terms have been used by laypersons and experts alike to describe conduct ranging from network intrusions to data ex-filtration to denials-of-service. Our analysis of these ambiguities and their implications proceeds in four parts. Part I describes. Part II explores the assumptions underlying the predominant armed conflict model. Part III discusses the implications of characterizing MCA as cyber-war as opposed to cyber-crime. Part IV concludes by suggesting that these characterizations should be viewed along a continuum, and that the law enforcement model should not be given short shrift by policy-makers or — perhaps most importantly — appropriators.