Seminar by Zaid Hamzah CEO, Asia Law Exchange www ......Seminar by Zaid Hamzah CEO, Asia Law...
Transcript of Seminar by Zaid Hamzah CEO, Asia Law Exchange www ......Seminar by Zaid Hamzah CEO, Asia Law...
Seminar by Zaid HamzahCEO, Asia Law Exchange www.asialaw.exchange
Associate Director, Cyber Defence Academy www.cyberdefence.academy
Email: [email protected]: +65-93705982 (whatsapp preferred)
24 June 20191
Outline1 Overview
Hacking demo (by www.antihack.me)2 Changing Strategic Context3 Nature of Autonomous Shipping
▪ Automation▪ Big data analytics & AI
4 Cybersecurity Challenges5 International law on cyber conflicts6 Q&A
2
Video by Massterly
https://www.youtube.com/watch?v=EF_wc1OmooE
3
Issues: National Security (risk-based) Perspectives
1. What is the role of international law when nation states carry out cyber attacks in maritime conflicts?
2. Are existing norms adequate to deal with potential cyber military conflicts at sea involving nation states?
3. What kind of regulatory framework needs to evolve at the national jurisdiction pecific levels to help create a trusted and resilient international regime that can prevent maritime cyber conflicts?
4. How should international maritime law evolve to deal with increasing geo-strategic cyber risks?
5. How can regional organisations, such as ASEAN, and international bodies, like IMO, ITU prepare for the future of autonomous shipping?
4
Other Legal Issues (not for today…..)
•UNCLOS & other International Maritime Law
Note
Seaworthiness and Cyberthreats• Issue: Is a vessel ridden with viruses seaworthy?• Legal liability for spoofing or jamming•Downstream liability
5
Source: https://www.rolls-royce.com/6
IMO: 4 degrees of autonomy:Degree one: Ship with automated processes and decision support:
Seafarers are on board to operate and control shipboard systems and
functions. Some operations may be automated and at times be
unsupervised but with seafarers on board ready to take control.
Degree two: Remotely controlled ship with seafarers on board:
The ship is controlled and operated from another location. Seafarers are
available on board to take control and to operate the shipboard systems
and functions.
Degree three: Remotely controlled ship without seafarers on board:
The ship is controlled and operated from another location. There are no
seafarers on board.
Degree four: Fully autonomous ship: The operating system of the ship is
able to make decisions and determine actions by itself. 7
8
9
Rolls-Royce teams up with Google on AI-driven ship awareness
10
Big Data & Predictive AnalyticsArtificial Intelligence• Machine Learning• Deep Learning
12
https://www.oneseaecosystem.net/one-sea-autonomous-maritime-ecosystem-introduced-roadmaps-autonomous-shipping/
Photo credit: Rolls Royce
Cybersecurity13
Cybercrime, Cyberterrorism
& CyberwarInternational law
National Law
International Relations & Diplomacy
14
Perpetrators
1. Criminal organizations
2. Pirates
3. Terrorists
4. Rival commercial entities
5. Nation states & other political actors
6. Insiders (corrupt employees, rogue employees)
7. Hacktivists
15
Systems at risk1. Systems on board vessel (communication, navigation,
loading)
2. Navigation data in the cloud
3. Systems at ports
4. Computer systems of maritime entities (on shore)
5. Laptops (work & personal)
6. Smart phones
7. USB keys
16
Motivations
1. Political motivations
2. Financial crime gains
3. Hacktivism to push an agenda
4. Employee grouses
17
Cyber Attacks in Maritime Scenario
1. E-Navigation• GPS, AIS, ECDIS
2. Spoofing • False information sent
3. Jamming• Block GPS signals
18
19
Cyber war &
International Law
20
Cyber Defence & Cyber Offensive Postures
Types of International Law
2 basic types of international law:
a) “Treaty Law”: formal agreements among states to be legally bound
b) “Customary International Law”: general & consistent practice followed out of a sense of obligation
Cyber Attacks and Cyber Warfare
1. Well-established body of international law regulating armed
response to physical/kinetic military attacks against states
2. Also a well established body of law regulating kinetic military
attacks once conflict is underway
3. To what extent, if any, do those rules apply to cyber attacks?
– May a state respond to cyber-attacks with military force?
– Must cyber-attacks comply with rules of distinction,
proportionality, etc.?
23
Challenges
1. Attribution
2. Burden of proof
3. Digital evidence 1. Fragile
4. Legal basis under international law
24
Cyber Readiness
1. Understand cyber threats
2. Assess risks of cyber threats
3. Reduce/Mitigate the risks1. Cybersecurity Audit
2. Penetration Testing
3. Physical Security Assessments
4. Develop contingency plans to respond to cybersecurity incidents
KEY REQUIREMENT
1. Establish Governance, Risk & Compliance Framework• Be secure, vigilant & resilient
• Balance people, process & technology
2. Readiness Program esp stress testing
25
Q & A
26