<p>Harvard Cyber Policy Lunch April 14, 2010 A. Friedman Notes</p><p>Joe: split into 4 pieces War Terror Espionage Crime --> focus on the latter two</p><p>"expel an attache" Other ways to retaliate, without escalation Prevent defectors lock-in</p><p>Challenge: communication and learning between actors</p><p>Ways to turn off a particular system</p><p>Above might work with espionage</p><p>Crime: Russia Challenges to "export only" Response: ISP has been a response to too many attacks BUT: would require a lot more intervention Policy alternatives: bilateral communication or EU cybercrime treaty</p><p>Question: how do they see it? Iterative game? Perceptions of hostility</p><p>Bilateral vs. multilateral Analogy: currency valuation Can't make overt threats Issues with moving it to G20 Might have a quiet dynamic Too multilateral: another copenhagen</p><p>Precedent: Montreal Protocol Started off with the core, expanded</p><p>What's the game? Punishment can be expensive (Not PD) Why PD Opportunity for cooperation Suppose 3 options: Nice, mean, neutral How do you get back to cooperate after you retaliate? Could share 0-days</p><p>How do you prevent escalatory reframing? Don't want an action to be interpreted as hegemony</p><p>Danger of responding in alternate issues Too many special interests, bureaucracies By keeping it in cyber model</p><p>US has many means of signaling displeasure</p><p>Positives - can make a conciliatory gesture: scientific exchange Allow foreigners into national labs</p><p>Options: writing on screen = send a message with content plus demonstrates (reminds) about potential Better than: release something that helps domestic criminal groups Anti-censorship material</p><p>Melissa: crime is the easiest place to get the consensus</p><p>Challenge: why do we assume this is a country-level response Private firms have the ability to attack core infrastructure? Banks may already take the law into their own hands Other countries might attribute it to the US At very least, it might escalate</p><p>Do we have leverage over renegade US company? Yes, it's illegal Regulation: we will not use these types of weapons (?) Any use of weapon: sacrifice the future use of that weapon</p><p>Would we take Goldman to court? Precedents: privateers FSB & russian business network Question: what led to the end of privateering Treaty was written in 1830s US didn't sign it until 1860s</p><p>What about private companies refusing to deal with states?</p><p>Q: What about multinationals? Do it by the singapore base?</p><p>Q: Why would a firm retaliate? A: examples of need: DDOS against closing of quarter Blackmail Phishing</p><p>Q: When to litigate vs. take immediate action? Business proposition vs. rule of law Where to press charges?</p><p>Can we no longer see the state as the core actor? BUT - Bhopal? Should we transcend the state?</p><p>How to trace back attacks? Cyber crime conventions</p><p>Other </p>