Abstract: ABSTRACT-The conventional wisdom is that this country's privately owned critical infrastructure-banks, telecommunications networks, the power grid, and so on-is vulnerable to catastrophic cyber-attacks. The existing academic literature does not adequately grapple with this problem, however, because it conceives of cyber-security in unduly narrow terms: scholars understand cyber-attacks as a problem of either the criminal law or the law of armed conflict. Cyber-security scholarship need not run in such established channels. This Article argues that, rather than thinking of private companies merely as potential victims of cyber-crimes or as possible targets in cyber-conflicts, we should think of them in administrative law terms. Many firms that operate critical infrastructure tend to underinvest in cyber-defense because of problems associated with negative externalities, positive externalities, free riding, and public goods-the same sorts of challenges the modern administrative state faces in fields like environmental law, antitrust law, products liability law, and public health law. These disciplines do not just yield a richer analytical framework for thinking about cyber-security; they also expand the range of possible responses. Understanding the problem in regulatory terms allows us to adapt various regulatory solutions-such as monitoring and surveillance to detect malicious code, hardening vulnerable targets, and building resilient and recoverable systems-for the cyber-security context. In short, entirely new conceptual approach to cyber-security is needed.INTRODUCTIONThe Red Army had been gone for years, but it still had the power to inspire controversy-and destruction.1 In April 2007, the government of Estonia announced plans to relocate a contentious Soviet-era memorial in its capital city of Tallinn. Known as the Bronze Soldier, the Soviets erected the statue in 1947 to commemorate their sacrifices in the Great Patriotic War and their liberation of their Baltic neighbors. The local population, which suffered under the Bolshevik boot for decades, understandably saw the monument in a rather different light. Not long after the announcement, the tiny nation was hit with a massive cyber-attack. Estonia, sometimes nicknamed E-stonia, is one of the networked countries in the world-its citizens bank, vote, and pay taxes online2-and it ground to a halt for weeks. The country's largest bank was paralyzed. Credit card companies took their systems down to keep them from being attacked. The telephone network went dark. Newspapers and television stations were knocked offline. Who was responsible for launching what has come to be known as Web War I?3 The smart money is on Russia, though no one can say for sure.It happen here. Government officials like Richard Clarke, the former White House cyber-security czar, have been warning of an electronic Pearl Harbor for years.4 Others lament the gaping vulnerabilit[ies]5 in America's cyber-defenses and speculate that the economic effect of a major assault be an order of magnitude greater than the September 11, 2001 terrorist attacks.6 Academic commentators generally agree. Some see the danger as monumental7 and the country's most pervasive and pernicious threat.8 Others predict that America's failure to secure its cyber-assets could take down the nation's entire security and economic infrastructure9 and bring this country to its knees.10 It has even been suggested that [t]he very future of the Republic depends on protect[ing] ourselves from enemies armed with cyber weapons.11 There are some naysayers,12 but the consensus that we stand on the brink of a cyber-calamity is both broad and deep.A large-scale cyber-attack on this country, as in Estonia, likely would target privately held critical infrastructure-banks, telecommunications carriers, power companies, and other firms whose compromise would cause widespread harm. …
Publication Year: 2015
Publication Date: 2015-01-01
Language: en
Type: article
Access and Citation
Cited By Count: 16
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot