283
Developing Collaborative
and Cohesive Cybersecurity
Legal Principles
Abstract: Legal discussions about combatting global cyber threats often focus
on international cybercrime arrangements or the application of the law of war to
cyberspace. While these discussions are vital, policy-makers and scholars have not
devoted adequate attention to creating a global legal framework to bolster the defenses
of public and private infrastructure. Due to the interconnected nature of cyberspace
and the cross-border impacts of attacks, inadequate security in one country could
harm another.
To build cyber strategies that rely in part on defense and deterrence by denial,
governments should also focus both on the security of their systems and those of
the private sector. Industry has been the target of some of the most destructive
cyberattacks worldwide. Guiding international principles for a cyber security legal
framework would help nations to build effective laws that reduce the likelihood of
successful attacks, and increase resilience after attacks occur. Moreover, international
collaboration on cybersecurity laws provides multinational companies with a more
coherent legal framework. A patchwork of hundreds of different international security
requirements is not only burdensome for companies, but it increases the potential for
vulnerabilities, particularly if the company operates in countries with less stringent
cybersecurity requirements.
This paper sets out the need for nations to discuss common legal principles for
promoting and regulating cybersecurity, similar to the privacy principles articulated
Jeff Kosseff
1
Assistant Professor of Cybersecurity Law
United States Naval Academy
Annapolis, MD, United States
2018 10th International Conference on Cyber Conict
CyCon X: Maximising Eects
T. Minárik, R. Jakschis, L. Lindström (Eds.)
2018 © NATO CCD COE Publications, Tallinn
Permission to make digital or hard copies of this publication for internal
use within NATO and for personal or educational use when for non-prot or
non-commercial purposes is granted providing that copies bear this notice
and a full citation on the rst page. Any other reproduction or transmission
requires prior written permission by NATO CCD COE.
1
Assistant Professor of Cybersecurity Law, United States Naval Academy, Annapolis, MD. J.D.,
Georgetown University Law Center. M.P.P., B.A., University of Michigan. Thanks to LCDR Joseph
Hateld and Professor Martin Libicki for helpful feedback. The views expressed in this paper are only
those of the author, and do not represent the U.S. Naval Academy, Department of the Navy, Department of
Defense, or any other party.
