Making decisions about legal responses to cyber attacks

Abstract

Cyber intrusions may be characterized in one or more of three legal regimes: law enforcement, intelligence collection and military operations. Furthermore, most intrusions occur across a number of jurisdictional boundaries, building complex conflict-of-laws questions into such attacks. Applying a one-size-fits-all response, such as always terminating all interaction with the intruder or always responding in kind, can be an ineffective or even worse, illegal, response. In order to assist investigators and legal experts addressing the legal aspects of cyber incidents, we have developed a decision support tool that takes them through a series of questions that are akin to those posed by an attorney to a client seeking legal guidance. Our tool may be used by builders and users. Builders use the tool to construct trees of legal arguments applied to the incidents at hand with the documentation useful for building legal briefs. Users interact with the tool by answering a series of questions to obtain viable legal arguments with supporting documents. © 2006 International Federation for Information Processing.