Chapter 3: Governance Overview: Main Governing and Regulatory Mechanisms | Jack Goldsmith and a Berkman Center Cybersecurity Team | July 26, 2012

H2O

This is the old version of the H2O platform and is now read-only. This means you can view content but cannot create content. You can access the new platform at https://opencasebook.org. Thank you.

Chapter 3: Governance Overview: Main Governing and Regulatory Mechanisms

by Jack Goldsmith and a Berkman Center Cybersecurity Team Show/Hide
Purpose: This chapter is designed to provide an overview of the main governing and regulatory mechanisms, both internationally and domestically, that cover cybersecurity considerations. Readings on select bodies in each domain are also presented. It is divided into three units: in addition to an introduction to Internet Governance Frameworks, the first unit provides an overview of the relevant international cybersecurity bodies, both public and private. The second presents domestic bodies and units. The final unit provides an introduction to some law-enforcement frameworks as they have been applied to the digital domain are presented.
Concepts Covered: Globally-Relevant Bodies and Treaties (ICANN, IETF, ITU, Convention on Cybercrime (Council of Europe), Organization of American States (OAS), Shanghai Cooperation Organization); Relevant Domestic Organizations, Policies, and Strategies (White House (WH), Congress, The Department of Defense (DoD) (CYBERCOM, National Security Agency), the Department of Homeland Security (DHS), FBI, NIST, and the FCC; Law-enforcement frameworks (Jurisdiction and Territoriality in Cyberspace, Anonymity and Attribution, Application of the Laws of War, Issues with digital law enforcement (wiretapping and VoIP, digital search and seizure, private sector cooperation w/ law enforcement)) EDIT PLAYLIST INFORMATION DELETE PLAYLIST

Edit playlist item notes below to have a mix of public & private notes, or:

MAKE ALL NOTES PUBLIC (2/3 playlist item notes are public) MAKE ALL NOTES PRIVATE (1/3 playlist item notes are private)
  1. 1 Show/Hide More 3.1 Overview of Relevant International Cybersecurity Bodies and Mechanisms (public and private)
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: To provide the reader an understanding of the theory behind Internet governance and the multi-stakeholder nature of the Internet. It will also outlines a number of globally relevant bodies and treaties, including ICANN, IETF, ITU, SCO, and the COE Convention on Cybercrime.
    1. 1.1 Show/Hide More 3.1.1 Introduction to Internet Governance Frameworks
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Presents an overarching framework for Internet governance and discusses the difficulties that arise with coordinating regulation across the globe in a rapidly changing cyber-environment.
      1. 1.1.1 Show/Hide More Lawrence B. Solum, Models of Internet Governance, Illinois Public Law Research Paper No. 07-25, U Illinois Law & Economics Research Paper No. LE08-027, September 3, 2008
        This article takes a broad view of Internet governance, presenting three central ideas regarding Internet governance and five different models to Internet governance.
      2. 1.1.2 Show/Hide More Robert Knake, Internet Governance in an Age of Cyber Insecurity, Council on Foreign Relations, September 2010
        This article examines the technological decisions enabling the Internet’s success and vulnerabilities, then outlines an agenda that the United States can pursue with allies on the international stage
      3. 1.1.3 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
        This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
      4. 1.1.4 Show/Hide More Jack Goldsmith, Cybersecurity Treaties: A Skeptical View, Future Challenges in National Security and Law, February 2011
        This article explains why international cooperation is considered central to the cybersecurity problem and examines three major hurdles to a global cybersecurity treaty. It then considers the feasibility of narrower and softer forms of cooperation.
      5. 1.1.5 Show/Hide More Abraham D. Sofaer, David Clark, and Whitfield Diffie, Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks, pp. 179-206, 2010
        This piece discusses how the threats to cybersecurity are currently being approached at the private, national, and international level, then demonstrates the potential for increased international cooperation. It also covers how to fashion effective international initiatives and the difficulties in such negotiations.
    2. 1.2 Show/Hide More 3.1.2 Select Globally-Relevant Bodies and Treaties
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Provides an understanding of the major bodies and treaties that impact cybersecurity on a global-level, to include ICANN, ITU, SCO, and various international treaties.
      1. 1.2.1 Show/Hide More Internet Corporation for Assigned Names and Numbers (ICANN)
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        Provides an understanding of the major bodies and treaties that impact cybersecurity on a global-level, to include ICANN, ITU, SCO, and various international treaties.
        1. 1.2.1.1 Show/Hide More International Corporation for Assigned Names and Numbers, Memorandum of Understanding, November 1998
          This MOU between the Department of Commerce (DOC) and ICANN sets out that ICANN will provide expertise and advice regarding DNS, such as the allocation of IP number blocks and coordination of the assignment of other technical parameters to maintain internet connectivity.
        2. 1.2.1.2 Show/Hide More International Corporation for Assigned Names and Numbers, Affirmation of Commitments, September 2009
          This document affirms commitments by the DOC and ICANN, including: (a) the global technical coordination of the DNS is accountable, transparent, and in the public interest; (b) the security, stability and resiliency of the DNS is preserved; © competition, trust, and choice in the DNS marketplace continues; and (d) international participation in DNS coordination is facilitated.
        3. 1.2.1.3 Show/Hide More Jose MA. Emmanuel A. Caral, "Lessons from ICANN: Is self-regulation of the Internet fundamentally flawed?", International Journal of Law and Information Technology, vol. 12, no. 1, pp. 1-31. 2004
          The paper discusses the overall benefits and negatives of self-regulation, using ICANN as the center of the discussion and comparing it to the IETF and W3C.
      2. 1.2.2 Show/Hide More Shanghai Cooperation Organization
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The Shanghai Cooperation Organisation (SCO) is a permanent intergovernmental international organization created on 15 June 2001 in Shanghai (China) by the Republic of Kazakhstan, the People’s Republic of China, the Kyrgyz Republic, the Russian Federation, the Republic of Tajikistan and the Republic of Uzbekistan.
        1. 1.2.2.1 Show/Hide More Yekaterinburg Declaration of June 16, 2009
          The Yekaterinburg Declaration calls for leaders to build a more just world order, to cement international stability and economic development. Regarding cyber security, the SCO member states stress the significance of the issue of ensuring international information security as one of the key elements of the common system of international security.
      3. 1.2.3 Show/Hide More The Internet Engineering Task Force (IETF)
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The Internet Engineering Task Force is a loosely coordinated and self-organized body that contributes to the engineering and evolution of Internet technologies. It is the principal body engaged in the development of new Internet standard specifications.
        1. 1.2.3.1 Show/Hide More The Internet Engineering Task Force, The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force, 15 October, 2011
          This document describes the inner workings of IETF meetings and Working Groups, discusses organizations related to the IETF, and introduces the standards process. It is not a formal IETF process document but instead an informational overview.
      4. 1.2.4 Show/Hide More International Telecommunication Union (ITU)
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        An agency of the United Nations focused on telecommunication networks and radio frequency allocations. In recent years, a number of UN members have sought to provide the ITU more regulatory power of the Internet, an ongoing, and contentious debate.
        1. 1.2.4.1 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
          This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
        2. 1.2.4.2 Show/Hide More International Telecommunication Union, ITU’s Global Cybersecurity Agenda
          This site provides ITU’s framework for international cooperation aimed to enhance confidence and security in the cyber domain.
        3. 1.2.4.3 Show/Hide More Mcdowell, Robert M., The U.N. Threat to Internet Freedom, The Wall Street Journal, February 21, 2012
          This article provides a critical reaction to the treaty talks focused on potentially giving the United Nations unprecedented powers over the Internet through the International Telecommunication Union.
        4. 1.2.4.4 Show/Hide More Maclean, Don. “Sovereign Right and Dynamics of Power in the ITU: Lessons in the Quest for Inclusive Global Governance” in Drake, William J and Ernest J. Wilson III, eds. Governing Global Electronic Networks. Cambridge: The MIT Press. pp. 84-126, 2008
          This book offers the reader perspectives on the governance of global information and communication networks and uncovers the politics that lie beneath global rules and regulations that may seem at first glance to be mainly technical. It shows how the ITU is beset by new challenges from changing technologies and business models, as well as suggesting reforms.
      5. 1.2.5 Show/Hide More Council of Europe Convention on Cybercrime
        This Convention was the first international treaty on cybercrime, and deals particularly with copyright, computer fraud, child pornography and network security. Its main objective is to pursue a criminal policy aimed to protect society against cybercrime by adopting appropriate legislation and fostering international cooperation.
      6. 1.2.6 Show/Hide More Organization of American States
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The OAS brings together all 35 independent states of the Americas and constitutes a political, juridical, and social governmental forum of the entire Hemisphere. In addition, it has granted permanent observer status to 67 states, as well as to the European Union (EU).
        1. 1.2.6.1 Show/Hide More A Comprehensive Inter-American Cybersecurity Strategy
          The OAS Cybersecurity Strategy recognizes that protecting networks and information systems is dependent upon: giving operators information to help them secure their networks and respond to incidents; fostering public-private partnerships to increase education of the private sector to secure their infrastructures; stimulating the adoption of standards and practices for information security; and fostering the adoption of cyber-crime policies and legislation to protect users and prevent and deter criminal misuse of computer networks, while respecting users’ privacy. On June 10, 2003, the OAS General Assembly passed Resolution: AG/RES. 1939 (XXXIII-O/03), on the Development of an Inter-American Strategy to Combat Threats to Cybersecurity.
  2. 2 Show/Hide More 3.2 Introduction to Domestic Governing and Regulatory Bodies
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: To provide an overview of U.S. regulatory bodies that influence and shape the cyber-domain both domestically and throughout the world.
    1. 2.1 Show/Hide More 3.2.1 Overview
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Provide an understanding of the overall structure of the U.S. response to the cybersecurity issues.
      1. 2.1.1 Show/Hide More Lawrence B. Solum, Models of Internet Governance, Illinois Public Law Research Paper No. 07-25, U Illinois Law & Economics Research Paper No. LE08-027, September 3, 2008
        This article takes a broad view of Internet governance, presenting three central ideas regarding Internet governance and five different models to Internet governance.
      2. 2.1.2 Show/Hide More Jeremy Ferwerda, Nazli Choucri, and Stuart Madnick, Institutional Foundations for Cyber Security: Current Responses and New Challenges, Working Paper CISL# 2011-05, May 2011
        This article examines the institutions responsible for addressing the security of cyberspace and international relations in the cyber-domain. It highlights emerging challenges while evaluating the strengths and weaknesses of the current institutional framework.
      3. 2.1.3 Show/Hide More Paul Rosenzweig, The Organization of the United States Government and Private Sector for Achieving Cyber Deterrence, Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, pp. 245-270, 2010
        This discusses the general taxonomy of deterrence structures and U.S. efforts to develop organizations to provide capabilities amongst the different aspects of deterrence. It also discusses difficulties in cyberspace that give rise to the organizational challenges and provides recommendation for the U.S. government on how to approach these issues in the future.
      4. 2.1.4 Show/Hide More Abraham D. Sofaer, David Clark, and Whitfield Diffie, Cyber Security and International Agreements, Proceedings of a Workshop on Deterring Cyberattacks, pp. 179-206, 2010
        This piece discusses how the threats to cybersecurity are currently being approached at the private, national, and international level, then demonstrates the potential for increased international cooperation. It also covers how to fashion effective international initiatives and the difficulties in such negotiations.
    2. 2.2 Show/Hide More 3.2.2 Relevant Domestic Organizations, Policies, and Strategies
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      Provides an introduction and broad overview of the major organizations, policies, and strategies involved in domestic cybersecurity policy-making and approaches, including: The White House (WH), Congress, The Department of Defense (including CYBERCOM and National Security Agency), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).
      1. 2.2.1 Show/Hide More The White House
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The White House’s interest and involvement in cybersecurity has grown and evolved since President Clinton issued Presidential Decision Directive 63 (PDD-63) in 1998.
        1. 2.2.1.1 Show/Hide More The White House, International Strategy for Cyberspace, May 2011
          This document outlines how the United States will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure to support international trade and commerce, strengthen international security, and foster free expression and innovation.
        2. 2.2.1.2 Show/Hide More Eric Chabrow, The Cybersecurity Czar Who Wasn't, GovInfo Security, 2 June 2012
          This piece provides a retrospective on the tenure of Howard Schmidt (White House's first cybersecurity coordinator). It also provides insight into the cybersecurity coordinator’s role in the administration, as well as challenges inherent to the position.
      2. 2.2.2 Show/Hide More Department of Defense
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The DoD encompasses much of the U.S. government’s technical expertise to both respond to cyber-incidents, as well as conduct and defend against cyberattacks; it includes both the NSA and CYBERCOM.
        1. 2.2.2.1 Show/Hide More Department of Defense, Strategy for Operating in Cyberspace, July 2011
          This is an overview of the DOD’s five strategic initiatives regarding cyberspace: to treat cyberspace as an operational domain; to employ new defense operating concepts; to partner to enable a whole-of-government cybersecurity strategy; to build robust relationships allies and international partners; and to leverage ingenuity through an exceptional cyber workforce.
        2. 2.2.2.2 Show/Hide More Department of Defense Cyberspace Policy Report, November 2011
          This document identifies five distinct, but interrelated strategic initiatives to support DoD’s cyberspace operations and its national security mission: Treating cyberspace as an operational domain; employing new defense operating concepts to protect DoD networks and systems; partnering closely with other U.S. Government departments and agencies and the private sector; building robust relationships with U.S. Allies and international partners to enable information sharing; leveraging the Nation’s ingenuity by recruiting and retaining an exceptional cyber workforce and enabling rapid technological innovation.
        3. 2.2.2.3 Show/Hide More The Secretary of Defense, Establishment of a Subordinate Unified U.S. Cyber Command Under U.S. Strategic Command for Military Cyberspace Operations, 23 June 2009
          This document from the Secretary of Defense directed the Commander of U.S. Strategic Command to establish the subordinate unified command, U.S. Cyber Command.
        4. 2.2.2.4 Show/Hide More Statement of General Keith B. Alexander, Commander, United States Cyber Command, before the House Committee on Armed Services, 23 September 2010
          This testimony describes what is happening at US Cyber Command by providing an overview of the current status of the command and by describing the plan for moving forward in accomplishing the assigned mission.
        5. 2.2.2.5 Show/Hide More William A. Owens, Kenneth W. Dam, and Herbert S. Lin, editors, Committee on Offensive Information Warfare, National Research Council; Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities; Pages 161-187, 2009
          This document discusses cyberattacks in the context of U.S. military doctrine, the DoD’s organization, rules of engagement, operational planning, human capital, and weapons systems acquisition. It also provides both historical perspective (1999 and on) and hypothetical examples to support its arguments.
      3. 2.2.3 Show/Hide More Department of Homeland Security
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The DHS is responsible for responding to domestic cybersecurity incidents and has made cybersecurity one of its five most important mission areas. Most versions of cybersecurity reform envision greatly expanding DHS’s cyber responsibilities.
        1. 2.2.3.1 Show/Hide More National Cyber Incident Response Plan, Interim Version, September 2010
          This document delineates the responsibilities among U.S. agencies in the event of a domestic cyber-incident. It demonstrates the number of agencies involved and the detailed interplay between them.
        2. 2.2.3.2 Show/Hide More Homeland Security Presidential Directive 5 , 28 February 2003
          This directive establishes the DHS as the lead agency to respond to domestic incidents, including acts of terrorism and disasters.
        3. 2.2.3.3 Show/Hide More Blueprint for a Secure Cyber Future, DHS, “How We Will Protect Critical Information Infrastructure” and “How We Will Strengthen the Cyber Ecosystem”2, December 2011
          This document provides a path to create a safer, more resilient cyber environment, and describes two areas for action: protecting critical information infrastructure and building a stronger cyber ecosystem. The goals for protecting critical information infrastructure are reducing exposure to cyber risk, ensuring priority response and recovery, maintaining shared situational awareness, and increasing cyber-resilience. The goals for strengthening the cyber ecosystem are empowering users to operate securely, implementing trustworthy protocols, building collaborative communities, and establishing transparent processes.
        4. 2.2.3.4 Show/Hide More Memorandum of Understanding Between the Department of Homeland Security and the National Security Administration Regarding Cyberspace, October 2010
          This MoU sets forth terms for the sharing of resources between DHS and NSA to support the U.S. Cybersecurity effort, including the co-locating of both NSA and CYBERCOM units within DHS’s National Cybersecurity and Communications Integration Center.
      4. 2.2.4 Show/Hide More Federal Bureau of Investigation
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The FBI maintains cyber squads at its field offices and leads the National Cyber Investigative Joint Task Force (NCIJTF), an interagency focal point for such cyber threat investigations and analysis.
        1. 2.2.4.1 Show/Hide More The Federal Bureau of Investigation's Ability to Address the National Security Cyber Intrusion Threat, U.S. Department of Justice, Office of the Inspector General, Audit Division., April 2011
          This report provides an review of the FBI’s cyber capabilities, to include the National Cyber Investigative Joint Task Force (NCIJTF), field office cyber squads, and cyber training policies.
      5. 2.2.5 Show/Hide More National Institute of Standards and Technology
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        NIST is a non-regulatory federal agency within the Department of Commerce and promotes innovation and industrial competitiveness by advancing measurement science, standards, and technology. The NIST Laboratories conduct research in collaboration with industry to advances the nation's technology infrastructure.
        1. 2.2.5.1 Show/Hide More NIST Computer Security Division
          One of six divisions in the NIST Information Technology Lab, CSD’s mission is to provide standards and technology to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology (IT) systems.
        2. 2.2.5.2 Show/Hide More NIST Establishes National Cybersecurity Center of Excellence, 21 February 2012
          On 21 February 2012, NIST announced a new partnership to establish the National Cybersecurity Center of Excellence, a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies.
      6. 2.2.6 Show/Hide More Federal Communications Commission
        Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
        The FCC regulates interstate and international communications by radio, television, wire, satellite and cable in all 50 states, the District of Columbia and U.S. territories.
        1. 2.2.6.1 Show/Hide More Communications Security, Reliability and Interoperability Council (CSRIC) III
          The CSRIC’s mission is to provide recommendations to the FCC to ensure, among other things, optimal security and reliability of communications systems, including telecommunications, media, and public safety.
  3. 3 Show/Hide More 3.3 Introduction to Law-Enforcement Frameworks as Applied to the Digital Domain
    Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
    Purpose: To orient the reader to the law-enforcement frameworks that apply in the digital domain, and the inherent difficulties with enforcing rules in cyberspace.
    1. 3.1 Show/Hide More Application of the Laws of War
      Original Creator: Jack Goldsmith and a Berkman Center Cybersecurity Team
      With the revolutionary nature of the cyber-domain for international conflict, the current laws of war must be carefully considered to determine if they are sufficient to dictate proper conduct during cyberwars.
      1. 3.1.1 Show/Hide More Oona A. Hathaway, et al., The Law Of Cyber-Attack, forthcoming in the California Law Review, 2012
        This article examines how existing law may be applied, adapted, and amended to meet the challenges posed by cyber-attacks. It demonstrates how cyber-attacks relate to existing bodies of law and explains how existing law is deficient but can be improved.
      2. 3.1.2 Show/Hide More Maj. Gen. Charles C. Dunlap, Jr., Perspectives for Cyber Strategists on Law for Cyberwar, Strategic Studies Quarterly, Spring 2011.
        Against the argument that existing law in inadequate or lacking entirely within the cybersecurity context, this piece argues that the application of the basic tenets of the existing Law of Armed Conflict (LoAC) to cyber issues are sufficient to address important issues of cyberwar.
Close

Playlist Information

May 21, 2013

cybersecurity

Author Stats

Jack Goldsmith and a Berkman Center Cybersecurity Team

Other Playlists by Jack Goldsmith and a Berkman Center Cybersecurity Team

Find Items

Search below to find items, then drag and drop items onto playlists you own. To add items to nested playlists, you must first expand those playlists.

SEARCH
Leitura Garamond Futura Verdana Proxima Nova Dagny Web
small medium large extra-large