cyber policy and legal discussion - afcea 6510.01a, citing, dod directive 8530.1 monitoring,...
TRANSCRIPT
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Cyber Policy and Legal Discussion Session: 4
Track: Army Cyber Command
COL John Kent
Army Cyber Command / 2nd Army
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Defense Information Assurance Program, 10 U.S.C. § 2224
10 U.S.C. § 3013
(U) Unified Command Plan
(U) General Order, No. 2010-26, 1 Oct 10 Establishment of Army Cyber Command, 1 October 2010
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Protecting Army information is vital to our national security. IA capabilities and actions protect and defend networks, data integrity, and allow us to implement effective computer network defense (CND).
AR 25-2, Information Assurance, implements DODD 8500.1 , DODI 8500.2 and DODI 5200.40 , and CJCSM 6510.01 to align Army IA goals and requirements with the DOD Information Management Strategic Plan.
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Actions taken to protect, monitor, analyze, detect, and
respond to unauthorized activity within DoD information
systems and computer networks
CJCSM 6510.01A, citing, DOD Directive 8530.1
Monitoring, analysis, detection activities, including trend
and pattern analysis, are performed by multiple
disciplines within the DOD, e.g., network operations,
CND Services, intelligence, counterintelligence and law
enforcement.
DOD Directive 8530.1
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Multiple Disciplines
Network Ops – CERTs/NOSCs
Intelligence
Counterintelligence
Law Enforcement
POTUS
Incidents/Intrusions/Attacks
User abuse
Espionage
Foreign Agent
Crime
Hostile Act/Intent
Lead Government Entity & Primary Purpose
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
FBI
NIPC
DCIOs
Other Fed/
State Orgs
DIA
NSA
CIA
FBI
Service CI
CERTs
Intelligence/CI Foreign
sources are involved
Technical analysis of
intrusion characteristics
Law Enforcement Activity involves US citizens
Pen register, trap and
trace; Title III wiretap;
FISA
ID, log analysis, forensics
ECPA “Service Provider”
exception
FISA; EO 12333; DODD
5240.1-R Attribution !
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
To protect against the threat, the Army has established
the Army Computer Emergency Response Team
(ACERT). The ACERT provides the Army with the
capability to prevent, monitor, detect, and respond to
AIS security incidents. The ACERT leverages and
integrates intelligence support and network/system
management capabilities to a unified C2 Protect effort. As
part of its mission, the ACERT has initiated the Computer
Defense Assistance Program (CDAP).
Army Regulation 380–53, Security Information Systems
Security Monitoring, 29 April 1998
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
The CG, NETCOM/9th SC (A) will operate, manage, monitor, administer, and defend the Army portion of the global information grid. (GNOSC & TNOSCs)
AR 25-2
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Exercise command and control of the ACERT and all
of its components (including RCERTs). Establish tactics, techniques, and procedures (TTPs)
for the ACERT, RCERTs, as required. Serve as focal point for security incidents and
violations. In coordination with law enforcement (LE) and
counterintelligence (CI) agencies, develop and publish response guidelines, checklists, and procedures.
AR 25-2 (Originally Cdr, 1st IOC, assumed by
ARCYBER)
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Army Cyber Command is the lead for Army missions, action and function related to cyberspace, including the responsibility for planning, coordinating, integrating, synchronizing, directing and conducting Army network operations and the defense of all Army networks. (U) General Order, No. 2010-26, Establishment
of the U.S. Army Cyber Command, 1 October 2010
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Monitoring networks. Network monitoring . . . number of actions . . . to ensure
proper performance and management. When any of these monitoring activities involve intercepting
(capturing in real time) the contents of wire or electronic communications, they must fall within the limits of an exception to Federal statute.
E.g., the service provider exception of Wiretap statute allows SA/NA to intercept, use, and disclose intercepted communications as long as the actions are conducted in the normal course of employment and the SA/NA is engaged in an activity that is necessary to keep the service operational or to protect the rights or property of the provider.
Therefore, IA personnel must consult with counsel to ensure that activities involving systems management and protection are properly authorized. AR 25-2
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Wiretap Statute
Pen Register / Trap & Trace Statute
Stored Communications Act
Banner and User Agreement
DAA Authority
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Federal Wiretap Statute: 18 U.S.C. §§ 2510-2520. •BLUF: Even if the interception of communications is
permissible under the Fourth Amendment, the Wiretap Statute may prohibit it
•Beyond Fourth Amendment requirements Prohibits a third party (like the government), who is not a party to
the communication, from intercepting private communications using an electronic, mechanical, or other device unless a statutory exception applies (18 USC § 2511(1))
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
“provider of . . . electronic communication service” may intercept or disclose communications on its own machines “in the normal course of employment while engaged in any activity which is a necessary incident to . . . the protection of the rights or property of the provider of that service.”
18 U.S.C. § 2511(2)(a)(i)
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Broad authority with focused purpose Applies to “provider*s+ of electronic communication
services” (i.e., Army)
Authorized to intercept, disclose, or use network communications to protect rights & property of the provider or to ensure the system continues to provide service
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Allows for real-time monitoring – “intercepting” •No court order or warrant required
SysAds can track hackers within their networks to prevent further damage
Doesn’t allow unlimited monitoring
Need “substantial nexus” between threat and property •“Reasonable and tailored”
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
The Service Provider Exception is a limited exception. Not a criminal investigator’s privilege.
18 U.S.C. § 2511(2)(a)(i)
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
DoD Notice and Consent Banner
• Invalidates DoD employee’s reasonable expectation of privacy in their Gov’t computer
•Banner puts users on notice Computer cannot be used for illegal activity
Third-party monitoring
Security measures in place for supporting Gov’t info systems, not for personal privacy reasons
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Investigation of a crime Constitution, 4th Amendment Domestic Statutes (see Matrix) Mutual Legal Assistance Treaties, Agreements
USA PATRIOT Act Nation-wide Search Warrants Computer Trespasser Provisions
Computer Trespasser Exception; 18 U.S.C. 2511(2)(i) Allows law enforcement to intercept communications to or
from “computer trespassers” 18 U.S.C. 2510(21) Even if trespasser is using system as a pass-through to other
down-stream victims A “computer trespasser”
Is a person who accesses network “without authorization” and “thus has no reasonable expectation of privacy…”
Excludes a person known by the provider to have an existing contractual relationship with the provider for use of the system
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Intelligence Organizations Under the DCI, Title 50, National Foreign Intelligence
Program
Under Secretary of Defense, Tactical
DoD Counterintelligence Components
E.O. 12333
DoDD 5240.1, DoDD 5240.1-R
Foreign Intelligence Surveillance Act 50 USC 1801
USA PATRIOT Act
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
EO 12333 / DoD 5240.1-R
SIGINT Cyber
POTUS
SECDEF
DIRNSA
CG, INSCOM
DoDI 0-3115.07
USSID 1000
POTUS
SECDEF
SECARMY CG, CYBERCOM
CG, ARCYBER
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
EO 12333 Exercise responsibility for SIGINT;
Operate an effective and unified
organization for SIGINT;
Control collection and processing
of SIGINT activities;
Assign resources to an appropriate
agent for such periods and tasks
as required for the direct support of
military commanders.
No other Department or Agency is
authorized to engage in any
SIGINT activities without an
express delegation from
SECDEF
DoDI 0-3115.07 Supervise, fund, maintain, and operate NSA and
the US SIGINT System (USSS)as a jointly-staffed,
unified SIGINT organization;
Exercise control of all SIGINT collection,
processing, analysis, production, and
dissemination activities of the US.;
Exercise SIGINT OPCON over SIGINT activities of
the USSS to respond most effectively to military
and other SIGINT requirements by:
• Delegating standing SIGINT SOTA to the Mil Depts
with organic SIGINT units permanently assigned
under their command;
• Delegating temp. SOTA to commanders on a case-by-
case, mission specific basis to permit those
commanders to directly task designated SIGINT units
and assets assigned to their command to achieve
their mission objectives;
• Approving SIGINT missions for SIGINT units or assets
assigned to and under the OPCON of a commander;
• Retaining SIGINT OPCON of all SIGINT resources
fulfilling national SIGINT requirements
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Constitution
UCP
USSTRATCOM Mission
USCC
Title 10 U.S.C. 162, 163, 164
EXORD, OPORD
International Law
Standing Rules of Engagement
LOAC
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
Combine CNO Disciplines
Interacting Authorities CND – Title 10 implementing 18 USC 2511(2)(a)(i)
Intelligence – Title 50
LEA
Dual Authorities Granted by DIRNSA
Intelligence Oversight Plan
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command
LANDWARNET 2011 TRANSFORMING CYBER WHILE AT WAR UNCLASSIFIED
UNCLASSIFIED
703-706-1190 [email protected] [email protected] [email protected]
2011-08-24// Cyber Policy and Legal Discussion Session: 4, Track: Army Cyber Command