Äîêóìåíò âçÿò èç êýøà ïîèñêîâîé ìàøèíû. Àäðåñ îðèãèíàëüíîãî äîêóìåíòà : http://www.ipib.msu.ru/UserFiles/File/bayern2014/Forum_1.pdf Äàòà èçìåíåíèÿ: Wed Jan 28 17:16:33 2015 Äàòà èíäåêñèðîâàíèÿ: Sat Apr 9 22:50:00 2016 Êîäèðîâêà: Ïîèñêîâûå ñëîâà: storm

2014

Titles.indd d Forum_1.indd Forum_1.in1 d 1

06.10.2014 22.10.2014 13:40 22.10.201419:55:48:08 13:40:08


Eighth International Forum «Partnership of State Authorities, Civil Society and the Business Community in Ensuring International Information Security» Ninth Scientific Conference of the International Information Security Research Consortium

April 21­24, 2014 Garmisch-Partenkirchen, Munich, Germany

Forum_1.indd Forum_1.indd 2 Titles.indd 2

22.10.2014 13:40 22.10.2014 19:55:48:11 06.10.2014 13:40:11

Titles


«

, »





21­24 2014 -,

Forum_1.indd Forum_1.indd 3 Titles.indd 3

22.10.2014 13:40 22.10.2014 19:55:49:12 06.10.2014 13:40:12


327;930.22;007 66.4;73 78

« 78 , » 21­24 2014 . -, . -- .: , 2014. -- 288 . ISBN 978-5-19-011008-1 « , » , , . : , , , , , , , .
327;930.22;007 66.4;73

ISBN 978-5-19-011008-1 © , 2014

© , 2014

Forum_1.indd Forum_1.indd 4

22.10.2014 13:40:12 22.10.2014 13:40:12




... : « , » .............................................................................. 8 V.P.Sherstyuk. Opening Remarks: On Agenda and Challenges of the Forum «State, Civil Society and Business Partnership on International Information Security ................................................ 14 ... , « , » ................... 19 S.M.Buravlev. Welcome Address to organizers, participants and guests of the VIII International Forum «State, Civil Society and Business Partnership on International Information Security» ...................... 22 (Charles Barry). : .... 25 Dr. Charles (Chuck) Barry. Challenges in the Protection of Critical InfrastructureSystems Reliability in the Digital Age ...................... 40 ... ................................................................................ 52 Dr. A.A.Streltsov. Focal Areas in Development of International Law of Armed Conflict in the Context of Cyberspace .......................... 62 (Gao Hui). ...................................................... 71 Gao Hui. Applicability of the Law of Armed Conflict in Cyberspace . 75 .., .., .., ... - «» ............................ 79 I.N.Dylevskiy, V.O.Zapivakhin, S.A.Komov, A.N.Petrunin. Adaptation of international legal concept of "aggression" to the specifics of information space .......................................................................... 91 ... - - : ......................................... 101 5

Forum_1.indd Forum_1.indd 5

22.10.2014 13:40:12 22.10.2014 13:40:12


N.V.Sokolova. On international legal aspects of the use of information and communication technologies: the experience of the UN Group of Governmental Experts on international information security .......................................................................................... 107 (Xu Longdi). , «» .............................................. 113 Xu Longdi. Factors Influencing the Definition of `Cyber Warfare' ..... 118 ... ..................................................... 122 P.L.Pilyugin. Challenges of creating the technical control means for observance of future international law norms for cyberspace ........ 134 (Laurent Gisel). ?................................... 144 Laurent Gisel. How does international humanitarian law constrain cyber warfare and protect civilians?............................................... 156 (Pal Wrange) ........................ 166 PÅl Wrange. Intervention in national and private cyberspace and international law ............................................................................ 173 (Sanjay Goel). ............................................. 179 Sanjay Goel (Sandro Bologna) Adaptation of International Law to Cyber Conflict ............................................................................... 188 (Sandro Bologna) ................................ 195 Dr. Sandro Bologna. Cyber Security and Resilience of Industrial Control Systems ............................................................................ 207 ... ............................... 218 A.N.Kurbatskiy. Personal information security and the rules of conduct in information space ...................................................................... 225 (Keir Giles) - ............................................................................................. 231 Keir Giles. Legitimation of Online Surveillance and Monitoring ........ 240 (Yoko Nitta). ? ............................. 248 Yoko Nitta. Japan's Approaches towards Cybersecurity ...................... 258 (Masayoshi Kuboya). : .... 266 6

Forum_1.indd Forum_1.indd 6

22.10.2014 13:40:12 22.10.2014 13:40:12


Dr. Masayoshi Kuboya. Cyberspace Credibility in Japan:Information Literacy and Regulation ................................................................ 272 .., .., ... ............................................................ 277 N.P.Varnovskiy, O.A.Logachev, V.V.Yashchenko. Mathematics and Information Security ..................................................................... 282

7

Forum_1.indd Forum_1.indd 7

22.10.2014 13:40:13 22.10.2014 13:40:13


..
, , ..

:

« , »
! ! , -- .-, (). .- , . - . . IX- , . , . :
8

Forum_1.indd Forum_1.indd 8

22.10.2014 13:40:13 22.10.2014 13:40:13


- . .. (); . . (). , . - 2013 ., . () « -- », , . . () - () . . -- 2013 . () « : , ». « » . , « » ( , . , ), IV (, ), « » (. , ), « -- 2050» (. , ), « » (. , ). , .
9

Forum_1.indd Forum_1.indd 9

22.10.2014 13:40:13 22.10.2014 13:40:13


-, . « » : · «» ; · , ; · ; · «» « » ; · « » «» ; · . , , , . , , , .. . « ». , «», .. , , , , , .. , , , , ­ . , .
10

Forum_1.indd 10 Forum_1.indd 10

22.10.2014 13:40:13 22.10.2014 13:40:13


. « ». : · ; · - ; · , , ; · . . -- . , . , . , 1 12 1949 , , , . , , . , , , , . , « » , . , , 11

Forum_1.indd 11 Forum_1.indd 11

22.10.2014 13:40:13 22.10.2014 13:40:13


. « » : · ; · ; · ; · ; · ; · . , . , , . , , . , , , , . : · , ; · - : ; · . , « » , , . (2014­ 2015 .), . 12

Forum_1.indd 12 Forum_1.indd 12

22.10.2014 13:40:13 22.10.2014 13:40:13


, . , 100 21 (, , , , , , , , , , , , , , , , , , , , ), 3 ( , ICANN ( ), ). -- , . . · « «» ; · ; · - ICAAN . .

13

Forum_1.indd 13 Forum_1.indd 13

22.10.2014 13:40:13 22.10.2014 13:40:13


V.P.Sherstyuk
Co-Chairman of the Forum, Adviser of the Secretary of the Security Council of the Russian Federation, Director of Lomonosov Moscow State University Institute of Information Security Issues

Opening Remarks

On Agenda and Challenges of the Forum «State, Civil Society and Business Partnership on International Information Security
Dear participants of the conference! Ladies and gentlemen! First of all, I would like to express my sincere gratitude to the leadership of the local administration, of this amazing place in Bavaria -- Garmish-Partenkirchen. By virtue of their hospitality, information security experts from many countries are able to get together in this place for eighth consecutive year and discuss the most current issues of international peace and security in the context of threats of information and communication technologies misuse. The fruitfulness of these discussions significantly increased after International Research Consortium has been formed here in Garmish-Partenkirchen. It enabled the conditions to combine the efforts of stakeholders in finding complex solutions to the issues of international information security. In the course of the previous Conference, which took place in Baku in October last year, the Consortium has identified a priority research venue. Taking into consideration the need to counter malicious use of ICTs for military-political purposes, the research is focused on elaboration of international law improvement issues. Today there will be a workshop-round table on this topic. The IX International Conference of the Consortium will take place tomorrow. In its course we will summarize the interim results of this research and decide on plans of the Consortium for the near future. In addition, new members will be admitted to the Consortium. They are: · Institute of Information Security and Cryptology (IIS&C) at the Gumilyov Eurasian National University (Kazakhstan); · Institute of Electronics and Telecommunications under Kyrgyz State Technical University (Kyrgyzstan).
14

Forum_1.indd 14 Forum_1.indd 14

22.10.2014 13:40:13 22.10.2014 13:40:13


As a follow-up to the decisions of the Consortium, since our last meeting in Garmisch-Partenkirchen in 2013 a lot of work has been done. We participated in the plenary session of the European Forum Alpbach (Austria) concerning "Cyberwar -- Perceptions and Approaches of Major Actors". There we supported the idea to intensify efforts to improve international law governing international relations in the field of countering military use of ICT. In April a similar topic was discussed during a meeting on international information security (seminar), held in the Russian Embassy in Stockholm (Sweden) by Russian and Swedish experts. The meeting also addressed the issues of implementation of human rights and freedoms on the Internet. In late October -- early November 2013 in New York (USA) there was a thematic meeting of scientists in the format of the international seminar «Internet governance and management of cyber conflicts: models, regulation and confidence-building measures.» The American side put forward the initiative to make such «synchronization» meetings of scientists and experts an annual event. MSU experts also participated in the Conference "International cooperation in cyberspace" (Georgetown University, Washington, USA), IV World Summit on Cybersecurity (Stanford, USA), in the Conference "National security and the development of science and technology" (Changsha, China), the first international scientific Conference "Information Security Strategy in the light of strategy Kazakhstan­2050" (Astana, Kazakhstan), and in the Conference "Public-private partnership in the Internet era" (London, UK). The agenda of our Conference covers important and complex issues of the formation of international information security system, capable of reducing the threat of ICT use for breach of international peace and security. Firstly, the issues of adaptation of international law to conflicts in information space. The discussion at the round table is expected to touch upon the following questions: · the concept of «Attack» in the information space; · principles of distinction, proportionality and precautionary measures and their operation in conflicts with the use of ICTs; · law of neutrality in conflicts with the use of ICTs; · the concept of «Force» and «Threat of force or Use of force» for information space; · the concept of «Armed attack» and «Aggression» in information space;
15

Forum_1.indd 15 Forum_1.indd 15

22.10.2014 13:40:13 22.10.2014 13:40:13


·

use of force by means of malicious use of ICT and problems of attribution. There is a considerable amount of research papers published on almost all of the mentioned issues, but we believe that the desired solution has not yet been found. This can be partly explained with that the issue at hand is not as much related to gaps or contradictions in the current legislation, but to uncertainty of existing international law interpretations from the standpoint of their applicability to cyberspace, i.e. to the need of adaptation of legal rules to new conditions. It has been proposed to put the concept of «implicit weapons» at the foundation of the solution of this problem. The substance of this concept lies in the fact that in certain cases the misuse of ICTs gives non-military targets, such as civilian aircraft, nuclear power plants, etc. the properties of «weapons», i.e. tools and mechanisms designed to destroy manpower and equipment. This concept makes it possible to identify sufficiently accurate evidence of the use of ICTs as weapons. And accordingly the conditions when the misuse of ICTs can be recognized as an armed attack, consequently making it possible for victim-state to exercise the inherent right to individual or collective self-defense. It also becomes possible to more accurately determine which norms of international humanitarian law and international law governing the use of force require adaptation to the environment of ICTs misuse. The second important direction of countering threats to international peace and security in cyberspace is the information security of critical infrastructures. This issue will also be discussed in the course of a separate «round table». It is planned to consider the following issues: · comparative analysis of national approaches to identification of information infrastructure segments as Critical Infrastructure; · Public-Private Partnership in Critical Infrastructure information security: Best practices, frameworks and recommendations; · marking and identification of information systems and networks that are protected by international law in cyberspace; · International System of Monitoring and Objectification of International law violations in relation to Information systems and Networks: Challenges of development. Some of the mentioned issues have long been a subject of research. Others are just beginning to draw attention. In this context I would like to touch upon the issue of identification of objects in cyberspace that are protected under international humanitarian
16

Forum_1.indd 16 Forum_1.indd 16

22.10.2014 13:40:14 22.10.2014 13:40:14


law. It is obvious that without a solution to this problem we can hardly expect a real success in application of the relevant norms of international humanitarian law. For example, Annex 1 of the Additional Protocol to the Geneva Conventions of 12 August 1949, on Protection of Victims of International Armed Conflicts, is entirely about the rules of identification. Apparently the application of the Protocol to cyberspace also requires a separate Annex, concerning rules of protected objects identification. It seems that preparation of objective documentation about facts of international law violations in cyberspace, is still a challenging problem that has no acceptable solution. As we hope, some ideas that could bring together all stakeholders in this field will be expressed in the course of a «round table». The third important issue to be discussed at the Conference is a comparative analysis of national approaches and priorities in forming of international information security system. The following topics will be discussed in the course of a relevant «round table»: · legitimization of monitoring and control on networks; · implementation of national information strategies; · national cybercrime prevention experience; · technical surveillance in communication networks in the context of human rights protection; · international and national approaches to countering the use of the Internet for terrorist and extremist purposes; · ensuring credibility in cyberspace. As we see it, each of these issues can become a subject of an independent research in the future. Therefore let's presume that this event will identify their key, most complex aspects, worthy to be put on the agenda of the following conferences. We will significantly exceed our plans, if we will not only identify the key aspects, but also offer mutually acceptable solutions of the relevant issues. Finally, the fourth issue to be discussed at the Conference is technological aspects of international information security, from the standpoint of advanced developments. With regard to this issue it is proposed to discuss the following issues: · aggregation, integration and security of Big Data in life sciences and health care; · implications and impact of emerging biotechnology and nanotechnology on information security; · application of mathematical sciences to solution of information security issues.
17

Forum_1.indd 17 Forum_1.indd 17

22.10.2014 13:40:14 22.10.2014 13:40:14


Essentially this «round table» will analyze the factors that determine both present and future perspectives of international information security issues. Our conference is held as we approach the start of the new UN Group of Governmental Experts on international information security (2014-2015) with the mandate of the UN General Assembly to continue research in this area. It seems that to a certain extent our discussion will be a preparation stage for this event. In conclusion I would like to mention that over 100 scientists and experts from 21 countries of the world (U.S., Russia, China, Britain, France, Germany, Japan, Australia, Austria, Azerbaijan, Bahrain, Belarus, Bulgaria, Israel, Italy, Kazakhstan, Cambodia, Canada, Kyrgyzstan, UAE, Switzerland), as well as representatives of three international organizations (International Committee of the Red Cross, ICANN (the International Corporation for Assigned Names and Numbers), the European Defence Research and Technology) are participating in our Conference. Preparation and conduct of such a representative Conference would have been impossible without the help of our sponsors, their representatives are now in the conference hall. I would like to mention them. General Director of FSUE "STC" Atlas ", Alexander Gridin; Scientific Director of Russian Railways Informatics & Automatics Research & Design Institute, Vladimir G. Matyuhin; ICAAN Vice president, Veni Markovski. Deep gratitude to all of them.

18

Forum_1.indd 18 Forum_1.indd 18

22.10.2014 13:40:14 22.10.2014 13:40:14


..
,

, « , »
! , « , ». - -- , . . , . - , , . . , , . , . , .

19

Forum_1.indd 19 Forum_1.indd 19

22.10.2014 13:40:14 22.10.2014 13:40:14


. , , 2020 . 24 2013 . -- , . , -. - , , . , , . . - . . - . -, , . , , · ;
20

Forum_1.indd 20 Forum_1.indd 20

22.10.2014 13:40:14 22.10.2014 13:40:14


·

; · , - . , , « » - . , , , . . , . . , . , , . , !

21

Forum_1.indd 21 Forum_1.indd 21

22.10.2014 13:40:14 22.10.2014 13:40:14


S.M.Buravlev
Co-Chairman of the Forum, Deputy Secretary of the Security Council of the Russian Federation

Welcome Address to organizers, participants and guests of the VIII International Forum «State, Civil Society and Business Partnership on International Information Security»

Dear Colleagues, Allow me to welcome the organizers, participants and guests of the International Forum «State, Civil Society and Business Partnership on International Information Security». For the eighth time a welcoming Garmisch-Partenkirchen becomes a meeting place for information security experts -- representatives of governments, scientists and experts from scientific and educational centers of the world's leading nations. This gathering is dedicated to discussion of the most pressing issues of information security. In the present context topics of the plenary session and questions for seminar discussions are more than relevant. The rapid development of information and communication technologies (ICTs) and their active implementation in various areas of state, societal and individual life makes the issue of ensuring international information security a priority. The transboundary nature of new threats and challenges in the information sphere increases the vulnerability of national information infrastructures. And above all, it affects facilities critical to national security. Gradually increases the risk of destructive information influences threatening the sovereignty and territorial integrity of any state. At that, individuals and society as a whole are also exposed to negative information influences. Environment of information space globalization requires a choice of further directions for international information security development. The choice of Russia, as a member of international community, is enshrined in the Principles of State Policy of the Russian Federation in the field of international information security for the period until 2020. Purposeful document of strategic planning in this area was approved by the President of the Russian Federation on July 24, 2013.
22

Forum_1.indd 22 Forum_1.indd 22

22.10.2014 13:40:14 22.10.2014 13:40:14


The Principles publicly state the main objective -- to promote an international legal regime aimed at creating the conditions for the formation of an international information security system. Support and active participation of scientific, expert and business community should contribute to achievement of this objective. Forum in Garmisch-Partenkirchen is a unique platform that allows a consolidated discussion of international information security problems and together develop scientifically verified paths to solutions to these problems. It is important to understand that countering security threats in the information sphere both nationally and globally should be legitimate. It is necessary to update the norms of international law to regulate the activities of nation-states in information space. Hence the inevitable and urgent need to research the use of ICTs in international conflicts. The issue of general applicability of international law to the use of these technologies should also be investigated. Therefore, the agenda of the Forum gives priority to international legal issues. It indicates the maturity of this discussion platform in Garmisch-Partenkirchen. It is an example of clear understanding of the need to solve the urgent legal issues of international information security, and aspiration to see the development prospects of the global information space relations regulation. I believe the discussions in the course of the Forum will bring us closer to understanding that the existing rules of international law cannot be directly applied to the sphere of ICTs use; these rules should be improved and adapted to this sphere; new rules of international law concerning the sphere of ICTs use can and should be developed, including procedural and institutional form of their implementation. However, only applied nature of the discussion of, so to speak, entire «legal field» of ICTs use will yield the required result. Needless to say, the solution of international information security issues and formation of the corresponding global system requires not only legal foundation, but also a hereon based systematic approach to solving the most pressing problems. A surge of national security threats in the information sphere necessitates the search of effective ways to counter destructive effects on critical infrastructure. Both nationally and globally it is important to identify priorities of international information security system formation. And systematic approach requires looking at the problem in the light of perspective technological developments in this area.
23

Forum_1.indd 23 Forum_1.indd 23

22.10.2014 13:40:14 22.10.2014 13:40:14


I hope that the Forum discussions will fully unlock the extensive international scientific potential and expertise represented here. This will confirm that high appreciation of the role and place of the Forum is just and fair, and will further enhance its authority, among other things through open publication of the proceedings. I wish the organizers, participants and guests successful and fruitful work!

24

Forum_1.indd 24 Forum_1.indd 24

22.10.2014 13:40:14 22.10.2014 13:40:14


1
,

:

1. , - , . , , . . , , , , . -, -- , , , , . , -- , . , , , , . , , . .
1 : , , .

25

Forum_1.indd 25 Forum_1.indd 25

22.10.2014 13:40:14 22.10.2014 13:40:14


2. , ? , . -- : · « , , , , ». · . « -- , , , , ; - ». , 16 , : ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; . , , , , . , , , -- , , « », «» . , , , , . ,
26

Forum_1.indd 26 Forum_1.indd 26

22.10.2014 13:40:14 22.10.2014 13:40:14


. , , . , . , «» , «». , . , , . , , . , , «» . . , -- , . , , , . , , , , , , , . , , - , , . , ? ? 3. , , , , « ». , . 2012 ,
27

Forum_1.indd 27 Forum_1.indd 27

22.10.2014 13:40:15 22.10.2014 13:40:15


, , -- , . 10 , , , . (, ) . 48 5000 . - - . - . 285 . $ 10 . . , , , , ? McAfee, 2013 , , , , $ 100 . 1/10 McAfee $ 1 . , Wall Street Journal, , , . McAfee , - , . : , . , , .
28

Forum_1.indd 28 Forum_1.indd 28

22.10.2014 13:40:15 22.10.2014 13:40:15


2012 (DDoS) . 2013 « -- 2», 50 , , , . , , -. DDOS-, : , ; «», ; , , . , Shamoon, 2012 ( ) -- Saudi Arramco ( ) Ras Gas (). , - . Stuxnet () . , , . (Advanced Persistent Threat). , , , , , , . , , , , . , , 29

Forum_1.indd 29 Forum_1.indd 29

22.10.2014 13:40:15 22.10.2014 13:40:15


, - 2007 . , , , , «», «». . , , , , - 2008 . , . - . , , , . , , . , , . , : , . , . 4. . . . , , - , .
30

Forum_1.indd 30 Forum_1.indd 30

22.10.2014 13:40:15 22.10.2014 13:40:15


, - . , 85% , , , , , . . , , . 2014 , . . . . , . , , , . - . , . , . , « , , , ».
31

Forum_1.indd 31 Forum_1.indd 31

22.10.2014 13:40:15 22.10.2014 13:40:15


- , , . , , , . 5.


C 2004 (), . 2010 2012 , -- . , ( 2010 ), , , , . - , , . , 2010 , , . , , , , . , .


2007 , , : - ; ; ; ; . .
32

Forum_1.indd 32 Forum_1.indd 32

22.10.2014 13:40:15 22.10.2014 13:40:15


, : , , . : ; , ; .


, , , , . 2004 -- 10-. 2004 , 2009 - . , 2013 , : , . : ; Galileo; . -- , , - . 2013 . 33

Forum_1.indd 33 Forum_1.indd 33

22.10.2014 13:40:15 22.10.2014 13:40:15


, , , . , , / .
()

2001 . 2003 , , , . 2006 , , - , . 2011 - , . , 2014 , . , 5-8 , , . . .
34

Forum_1.indd 34 Forum_1.indd 34

22.10.2014 13:40:15 22.10.2014 13:40:15


()

, , 2010 , 2011 . 2013 « ». , , ... , .


, , - . 2008 , 19 57 . 2-5 , . , . . - . , - , .


2012 .
35

Forum_1.indd 35 Forum_1.indd 35

22.10.2014 13:40:15 22.10.2014 13:40:15


. . 2014 , - . 2014 .
()

2004 , . -, , . , 2011 . , . , , .
- ()

2003 - 2005 . 2010 . 2011 2015 . 2012 , , , . 2013 2005 .
36

Forum_1.indd 36 Forum_1.indd 36

22.10.2014 13:40:15 22.10.2014 13:40:15


- ()

2002 , , 2005 , , , , .
()

2013 , . , , , , , . , , . , . , ? , , . , , , , . , , , . 6. , , , . , , , . , , , , ,
37

Forum_1.indd 37 Forum_1.indd 37

22.10.2014 13:40:16 22.10.2014 13:40:16


. - , . , , . . , -, , . , -- , , , .. , , - . , ,