Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors 17 Chicago Journal of International Law 2016

17 Chi. J. Int'l L. 1 (2016)
Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors

handle is hein.journals/cjil17 and id is 5 raw text is:

Unpacking the International Law on Cybersecurity Due
Diligence: Lessons from the Public and Private Sectors
Scott J. Shackelford, J.D., Scott Russell, J.D., & Andreas Kuehn*

Abstract

Although there has been a relative abundance of scholarship exploring the contours of the
law of yber war, far less attention has been paid to defining a law of gyberpeace applicable below
the armed attack threshold. Among the most important unanswered questions is what exacty
nations' due diligence obligations are to one another and to their respective private sectors. The
International Court of Justice (ICJ) has not yet explidtly considered this topic, though it has
ruled in the Corfu Channel case that one country's territog should not be used for acts that
unlawfuly harm other States. But what steps exacty do nations and companies under their
jurisdiction have to take under international law to secure their networks, and what of the rights
and responsibilities of transit States? This Article reviews the arguments surrounding the creation
of a gbersecurity due diligence norm and argues for aproactive regime that takes into account the
common but differeniated responsibilities ofpublic and private sector actors in gberspace. The
analogy is drawn to gybersecurity due diligence in theprivate sector and the experience of the 2014
National Institute of Standards and Technology (NIST) Framework to help guide and broaden
the discussion.

Scott J. Shackelford is the Assistant Professor of Business Law and Ethics, Indiana
University; Senior Fellow, Center for Applied Cybersecurity Research; W. Glenn
Campbell and Rita Ricardo-Campbell National Fellow, Stanford University Hoover
Institution. Scott Russell is a Post-Graduate Fellow, Center for Applied Cybersecurity
Research, Indiana University. Andreas Kuehn is the Zukerman Cybersecurity Predoctoral
Fellow, Center for International Security and Cooperation, Stanford University; PhD
Candidate School of Information Studies, Syracuse University. An earlier form of this
article was published as Defining Cybersecuriny Due Dihgence Under International Law: Lessons
from the Private Sector, in ETHICS AND POLICIES FOR CYBER WARFARE __ (Maria Rosaria
Taddeo ed., 2016). We would like to thank Springer Nature for allowing the republication
and expansion of this chapter as an article for the present volume.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter