Into the Gray Zone
2f1BbTW
2f1BbTW
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
62 | Notes<br />
88. See infra Appendix II: Legal Analysis at 44.<br />
89. Paul Ferrillo, “Grading Global Boards of Directors on Cybersecurity,” Harvard Law School Forum on Corporate Governance and<br />
Financial Regulation, May 1, 2016, https://corpgov.law.harvard.edu/2016/05/01/grading-global-boards-of-directors-oncybersecurity.<br />
90. “Barracuda, Reversinglabs, Telefonica and Zscaler Join Cyber Threat Alliance as Contributing Members,” PaloAltoNetworks.com,<br />
Feb. 13, 2015, http://investors.paloaltonetworks.com/phoenix.zhtml?c=251350&p=irol-newsArticle_Print&ID=2016614.<br />
91. “Lucrative Ransomware Attacks: Analysis of <strong>the</strong> CryptoWall Version 3 Threat,” Cyber Threat Alliance (2015), http://www.<br />
cyberthreatalliance.org/cryptowall-executive-summary.pdf.<br />
92. For a discussion on <strong>the</strong> distinction between defense and deterrence-by-denial, see Franklin Kramer & Melanie Teplinsky,<br />
“Cybersecurity and Tailored Deterrence,” Atlantic Council Issue Brief (2013), http://www.atlanticcouncil.org/images/<br />
publications/Cybersecurity_and_Tailored_Deterrence.pdf.<br />
93. Michael Riley & Jordan Roberson, “FBI Probes If Banks Hacked Back as Firms Mull Offensives,” Bloomberg, December 30,<br />
2014, http://www.bloomberg.com/news/articles/2014-12-30/fbi-probes-if-banks-hacked-back-as-firms-mull-offensives.<br />
94. Ibid.<br />
95. DJ Summers, “As cyber attacks swell, a move toward improved industry collaboration,” Fortune, January 7, 2015, http://<br />
fortune.com/2015/01/07/cybersecurity-collaboration.<br />
96. Tova Cohen, “U.S. and Israeli Startups Lead <strong>the</strong> Way in New Cyber Security Tricks,” Haaretz, January 27, 2016, http://www.<br />
haaretz.com/israel-news/business/1.699916.<br />
97. Alan Charles Raul, “Cyberdefense Is a Government Responsibility,” Wall Street Journal, January 5, 2015, http://www.wsj.<br />
com/articles/alan-charles-raul-cyberdefense-is-a-government-responsibility-1420502942.<br />
98. Larry Karisnky, “Cybersecurity: A Millisecond Defense,” GovTech: Digital Communities, November 12, 2015, http://www.<br />
govtech.com/dc/articles/Cybersecurity-A-Millisecond-Defense.html.<br />
99. Lisa Monaco, “Expanding Our Ability to Combat Cyber Threats,” The White House (Blog), April 1, 2015, https://www.<br />
whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats. See also Presidential Policy Directive-41,<br />
2016, and <strong>the</strong> related Cyber Incident Severity Schema, available at https://www.whitehouse.gov/sites/whitehouse.gov/<br />
files/documents/Cyber+Incident+Severity+Schema.pdf<br />
100. Eyragon Eidam, “Report: What is <strong>the</strong> U.S. Government’s Role in Cybersecurity?,” GovTech, August 31, 2015, http://www.<br />
govtech.com/federal/Report-What-is-<strong>the</strong>-US-Governments-Role-in-Cybersecurity.html.<br />
101. Dan Klinedinst, “Coordinating Vulnerabilities in IoT Devices,” CERT/CC (Blog), Software Engineering Institute Carnegie Mellon<br />
University, January 27, 2016, https://insights.sei.cmu.edu/cert/2016/01/coordinating-vulnerabilities-in-iot-devices.html.<br />
102. Computer Fraud and Abuse Act, U.S. Code 18 (2012), §1030(f).<br />
103. Leslie R. Caldwell, “Assistant Attorney General Leslie R. Caldwell Delivers Remarks at <strong>the</strong> Georgetown Cybersecurity Law<br />
Institute,” Cybersecurity Law Institute, May 20, 2015, https://www.justice.gov/opa/speech/assistant-attorney-general-leslier-caldwell-delivers-remarks-georgetown-cybersecurity.<br />
104. Ibid.<br />
105. Josh Johnson “Implementing Active Defense Systems on Private Networks,” InfoSec Reading Rom SANS Institute (2013), https://<br />
www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312<br />
(discussing <strong>the</strong> implementation of active defense measures along <strong>the</strong> lines of <strong>the</strong> “cyber kill chain”).<br />
106. Irving Lachow, “Active Cyber Defense, A Framework for Policymakers,” Policy Brief, Center for a New American Security<br />
(2013), https://s3.amazonaws.com/files.cnas.org/documents/CNAS_ActiveCyberDefense_Lachow_0.pdf.<br />
107. Ibid.<br />
108. Paul Rosenzweig, International Law and Private Actor Active Cyber Defensive Measures, Stanford J. Int’l L. 47 (2013).<br />
109. Ibid, 4. (“…[such] a typology <strong>the</strong>n helps us identify <strong>the</strong> appropriate legal régimes that would apply in various domains. We<br />
can ask a sensible question like ‘what should be <strong>the</strong> legal limits of a private sector actors [sic] off-network attribution efforts<br />
that have no appreciable effect?’ and mean something that actually says ‘is this beaconing technique legal?’”) (emphasis original).