Private and public organizations have long relied on intrusion detection systems to alert them of malicious activity in their digital networks. These systems were designed to detect threat... Show morePrivate and public organizations have long relied on intrusion detection systems to alert them of malicious activity in their digital networks. These systems were designed to detect threat signatures in static networks or infer anomalous activity based on their security ‘logs’. They are, however, of limited use to detect threats across heterogeneous, modern-day networks, where computing resources are distributed across cloud or routing services. Recent advancements in machine learning (ML) have led to the development of autonomous threat detection (ATD) applications that monitor, evaluate, and respond to malicious activity with minimal human intervention. The use of ‘intelligent’ and programmable algorithms for ATD will reduce incident response times and enhance the capacity of states to detect threats originating from any layer of their territorial information and communications technologies (ICT) infrastructure. This paper argues that ATD technologies will influence the evolution of a due diligence rule for cyberspace by raising the standard of care owed by states to prevent their networks from being used for malicious, transboundary ICT activities. This paper comprises five sections. Section 1 introduces the paper and its central argument. Section 2 outlines broad trends and operational factors pushing public and private entities towards the adoption of ATD. Section 3 offers an overview of a typical ATD application. Section 4 analyses the impact of ATD on the due diligence obligations of states. Section 5 presents the paper’s conclusions. Show less
Homicide is generally considered the most serious of all crimes and according to this line of reasoning, constitutes the “tip of the iceberg” of underlying crime. As such, homicide is frequently... Show moreHomicide is generally considered the most serious of all crimes and according to this line of reasoning, constitutes the “tip of the iceberg” of underlying crime. As such, homicide is frequently used as an indicator of the level of violence in cross-national and historical studies. The same could be said for drug-related homicide, specifically. Many drug-related violent incidents remain unreported – including torture, physical assault, threats and so on. In the absence of a full picture of the level of drug-related violence, it can be necessary to use other related indicators for which data is more readily available such as drug-related homicide (DRH). From this perspective, DRH would form a lethal tip of the iceberg of underlying drug-related criminal violence, which in turn could be an indicator of underlying drug market activity. If we indeed consider drug-related homicide as a tip of the iceberg of underlying criminal violence, then we would expect such homicides to cluster together in time and space with other types of criminal violence – in particular firearm-related homicides and other, non-lethal firearm incidents.In this working paper we seek to assess to what extent DRH cluster together with firearm- related violence and whether these forms of violence could be used as indicators of underling drug crime. Show less
Kaminska, M.K.; Broeders, D.W.J.; Cristiano, F. 2021
The fact that States resort to automated cyber operations like NotPetya, which spread virally and have indiscriminate effects, raises the question of how the use of these might be regulated. As... Show moreThe fact that States resort to automated cyber operations like NotPetya, which spread virally and have indiscriminate effects, raises the question of how the use of these might be regulated. As automated operations have thus far fallen below the threshold of the use of force, the letter of international humanitarian law (IHL) does not provide such regulation. In IHL, the principles of distinction and discrimination hold that attacks should in their targeting distinguish between the civilian population and combatants, and between civilian objects and military objectives. Attacks must not be indiscriminate, and operations that might foreseeably spread to affect civilian objects are prohibited. This paper draws inspiration from the legal principles of distinction and discrimination to suggest a non-binding norm for responsible State behaviour with regard to automated operations that fall below the threshold of the use of force: the norm proposes that States should design cyber operations so as to prevent them from indiscriminately inflicting damage. The paper finds that in the case of automated cyber operations, a distinction between the nature of the operation and the use of the operation does not make sense because the design (nature) of the malware defines the use. In order to conform with the norm, responsible States should conduct a review of cyber operations prior to their execution. Finally, as the paper illustrates with a comparative analysis of NotPetya and Stuxnet, the post-incident forensic analysis of an operation can allow third parties and victims to determine whether the operation’s designer conformed with the norm. This can help set a normative benchmark by providing a basis upon which States may call out unacceptable behaviour. Show less
Abeysinghe, B.; Veilleux-Lepage, Y.D.; Bloom, M.; Sunderraman, R. 2020