Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAE Cyber Security Forum University of Louisville

Published byMarilyn Walton Modified over 5 years ago

Similar presentations

Presentation on theme: "CAE Cyber Security Forum University of Louisville"— Presentation transcript:

1 CAE Cyber Security Forum University of Louisville
The Legal Space of the Internet of Things, Law Enforcement And Public Safety CAE Cyber Security Forum March U.S.A. Michael Losavio Jarrod Hinton Adrian Lauf Jana Godwin Adel Elmaghraby University of Louisville

2 Introduction/Abstract
Each IoT opportunity for social benefit is also an opportunity for criminal attack and exploitation. The interplay between the technical facts of the Internet of Things and the laws that regulate and protect people create challenges for privacy and security.  It is essential that technical systems of protection be integrated into the meta-system of the administration of justice as a way to best secure people in response to the Internet of Things. And, yes, this is not meant to be legal advice in any way, form or manner!!!!! AND we do need your thoughts on this as we build a framework of safety and protection with the Internet of Things

3 How do we build a framework for analysis, defense and remediation?
What is the problem? Or is it better to look at-what are the problems? Can we then map to technical, legal and social responses? Thanks, again, to the NSA CWE cohort for their thoughts, the NSA for its project support, Ross Anderson at Cambridge for his teaching materials, and the program committee of the Internet of Safe Things Workshop 2019 for their guidance on these issues

4 Ubiquitous computing in the Internet of Things, its cyber security and local law enforcement
The Internet of Things and pervasive computing puts interconnected devices everywhere. public safety and cybersecurity are an integrated endeavor Consider cyber security within the traditional public safety framework. Coull, et al Jian Police Executive Research Forum (PERF) the National Consortium for Advanced Policing the Center for Cyber and Homeland Security of George Washington University

5 We map IoT concerns Generally to Structures for legal regulations
We Discusscybersecurity training from this traditional LE perspective. Our findings suggest great potential within this group for expanding effective cyber security protections for communities. They further suggest a commensurate need for training and support to realize this potential.

6 Cyber security Digital forensics Context Back in the day
Computer Information Systems and Engineering

7 Today Phones, computers, routers, ..
Tomorrow IOT, Smart City, Ubiquitous networking, Big Data… Public Safety Digital forensics Cyber security Public Safety Digital forensics Cyber security

8 Bringing Public Safety Personnel into Cybersecurity Careers
Increase the pool of cyber security professionals in multiple domains by identifying, recruiting and training practitioners and students in law enforcement and public safety disciplines. Integrate criminal justice systems and practices into cyber security Local law enforcement is at ground zero for cyber criminality and its victims Can respond Can advise Can arrest

9 Who matters in the computing world of The Internet of Things
Who matters in the computing world of The Internet of Things? It is a matter of public safety You Me Our families Our friends and colleagues Our faith community Our Department Our political community Government Everyone? READ

10 What matters? - Core systems of computing world and the Internet of Things knowing the targets of attack 1.Sources and Types 2.Collections and Connections 3.Analytics and Use

11 places of activity – who/Where?
Targets: People Workplace Transportation Homes Commerce & Social

12 Sources in social and civic life: activities
Sources in social and civic life: activities? Who/what/where/why an attack?   People Work Home Transportation Social Life

13 Case Data-IoT in Federal Cases (US)
Issues relating to the Internet of things are beginning to impact the legal system. cases with IOT issues increased by 60% from 2017 to 2018 in federal litigation in the United States. Though still small, with five cases in 2017 and eight cases in 2018, this is a leap from only one such reference prior to 2016. And these case now show IOT as the focus of the litigation instead of a collateral issue.

14 A Framework for Discussion?
Problems Case law and regulatory structures Technical needs and imperatives

15 Problems With devices of the Internet of Things, what might go wrong?
Your list: 1 2 3 4 5 6 7

16 Cases in point- US v Jones, Boston Bombing
It may “alter the relationship between citizen and government in a way that is inimical to democratic society.” The good and the bad of this altered relationship may be seen in investigation of the 2013 Boston Marathon terrorist bombing. In sum, the benefits do and will far outweigh the risks when the rights and liberties in a democratic society are observed and protected. The Smart City and the Internet of Things offer us much. But we must not let it take that which makes us who we are. The central role of law enforcement and public safety in our lives extends to the cyber world, as well. We ignore it at great risk.

17 Legal and regulatory structures: Generally, the Law Responds to Conduct That Injures Others
Areas of Injury, Generally Life and Person Loss of life, physical/mental injury to person Liberty and personal autonomy Privacy rights and control of personal information Reputation and public image Freedom of action and person Property Rights and interests Destruction, damage, dispossession, interference with use Informational Costs of remediation and recovery Consider such injuries as aspects of Information Security categories to protect against such injury Security Attacks Security Mechanisms Security Services

18 Compare “property” to crimes
Information Trade Secret Copyright Patent Trademark “Private & Confidential” – perhaps Systems Computers Networks Theft of property, liberty and life Trespass to rights in property, liberty and life Destruction of property, liberty and life

19 Supreme Court (US) Case Law- New and Applicable
Jones Riley Carpenter

20 Statute (US)- Sui Generis Computing and Traditional Law
Unauthorized access Unauthorized interception of data streams Unauthorized access to stored communications Criminal copyright infringement Criminal trade secret appropriation Assault Invasion of privacy Murder/manslaughter/reckless homicide

21 Technical Issues and Needs
System impact System access System compromise System modification System security These begin to represent the fundamentals information security which are then mapped to the harm downstream, not just locally to the system itself

22 Consider Mining Data Life in IoT
Table 1 - Data Life in the Mine and Mine Environs Consider Mining Data Life in IoT Sensor Data impact On-person miner IOT devices data alert, environment monitoring, service, navigation, tracking, Direct-Location, mine environmental conditions, miner health Inferential-associations, actions Capital equipment IOT devices speed, acceleration, braking, safety device usage, vehicle status, operational status Direct-Location, use activity, potential criticalities Inferential-Association, actions Telephony / messaging Telephony activity Direct-associations, content, activity Inferential-associative networks Internal Security Cameras Identification, time, location, mine activity Direct-Location, identification, actions, associations Public Security Cameras Identification, time, location data , external products

23 Consider Automotive Data Life in IOT
Table 2 - Automotive Data Life Consider Automotive Data Life in IOT Sensor Data impact Vehicle support data alert service, navigation, tracking, Stolen Vehicle Slowdown, Remote Ignition Block Direct-Location Inferential-associations, actions OBD/EDR speed, acceleration, braking, seatbelt usage, vehicle status, airbag deployment Direct-Location, driving practices Inferential-Association, actions Telephony/ messaging Telephone and contact numbers, messages, texts Direct-associations, content Inferential-associative networks GPS trip data, home site, backtrack data Inferential-actions, associations Public Security Cameras Identification, time, location data Direct-Location, identification, actions, associations Traffic Cameras Toll/fee devices

24 Problems Redux, Remediaton Nos
How do might our perspective on problems change and how might we remediate them? Your list: 1 2 3 4 5 6 7

25 Local Law Enforcement & Cyber Security- the Opportunity for Safety

26 Thoughts?

Download ppt "CAE Cyber Security Forum University of Louisville"

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Haygrove School – E Safety Induction E Safety Update #protecting your professional identity.

Haygrove School – E Safety Induction E Safety Update #protecting your professional identity.
Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.

Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.
JCSD-aw Citizenship in an e-World Johnston Community School District.

JCSD-aw Citizenship in an e-World Johnston Community School District.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security
 Summary: The government protects the ownership of resources, such as land, personal possessions, physical assets, and intellectual property Examples:

 Summary: The government protects the ownership of resources, such as land, personal possessions, physical assets, and intellectual property Examples:
4.1 © 2007 by Prentice Hall 4 Chapter Ethical and Social Issues in Information Systems.

4.1 © 2007 by Prentice Hall 4 Chapter Ethical and Social Issues in Information Systems.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Security Services Constitutional Issues in Private Security.

Security Services Constitutional Issues in Private Security.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.

12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.

12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215) 496-7241

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.

Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
Social and Professional Issues in IT Roshan Chitrakar.

Social and Professional Issues in IT Roshan Chitrakar.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Mission: NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting.

Mission: NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting.
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.

UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Similar presentations

Ads by Google