Strategic planning of cyber defense: Towards more adequate legal framework and new concept of risk, challenge and threat assessment

Abstract

The assessment of security risks, challenges and threats is the first step in developing strategic documents in the field of security and defense. The Republic of Serbia does not still have a defined cyber defense strategy and the adequate legal framework for its planning and implementation. When developing strategic and normative documents, it is important to take into account the specifics of cyber space and cyber weapons. The principles and legality that are applied in the physical world are generally different from those in the cyber world. This second, virtual world, is characterized by insecurity and coincidence as the important features. This results in difficulties related to the inability to reach an adequate level of certainty necessary for making strategic decisions in terms of behavior predictability and functioning of the entities in cyberspace including cyber weapons. The paper describes eight principles of cyber warfare, which were established in 2001 by Parks and Duggan. In addition, taking into account the results of research conducted by relevant authors on the importance of the exponential law for the analysis, approximation and prediction of events in the virtual world, we felt it was justified to promote this law in a separate, ninth cyber warfare principle. The guidelines for the development of strategic documents are also important when defining the adequate legal framework, which should take into account the specifics of cyber world and cyber weapons in order to enable efficient and economical implementation of strategic objectives in this area. This paper presents a proposal for the redefinition of certain legal solutions and points to the ambiguity, incompleteness, inaccuracy and contradiction of certain provisions of positive legislation, indicating the possibilities of de lege ferenda.

Procena bezbednosnih rizika, izazova i pretnji je prvi korak u izradi strategijskih dokumenata na polju bezbednosti i odbrane. Republika Srbija još uvek nema definisanu strategiju sajber odbrane niti adekvatan pravni okvir za njeno planiranje i implementaciju. Prilikom izrade strateških i normativnih dokumenta važno je uzeti u obzir specifičnosti sajber prostora i sajber oružja. Principi i zakonitosti koji važe u fizičkom svetu se uglavnom razlikuju od onih koji važe u sajber svetu. Ovaj drugi, virtuelni svet, kao bitna obeležja karakterišu nesigurnost i slučajnost. Ovo za posledicu ima teškoće koje se odnose na nemogućnost dostizanja adekvatnog stepena izvesnosti neophodnog za donošenje strategijskih odluka, u smislu predvidljivosti ponašanja i delovanja entiteta u sajber prostoru, uključujući i sajber oružje. U radu smo opisali osam principa sajber ratovanja, koje su još 2001. utvrdili Parks i Dagen. Osim toga, uvažavajući rezultate istraživanja relevantnih autora o značaju eksponencijalnog zakona za analizu, aproksimaciju i predikciju događaja u virtuelnom svetu, smatrali smo opravdanom ideju da se ovaj zakon promoviše u zasebni, deveti, princip sajber ratovanja. Smernice za izradu strateških dokumenata važne su i prilikom definisanja adekvatnog pravnog okvira, koji bi trebalo da uvaži specifičnosti sajber sveta i sajber oružja kako bi omogućio efikasnu i ekonomičnu implementaciju strateških ciljeva u ovoj oblasti. Autori daju predloge za redefinisanje određenih zakonskih rešenja i ukazuju na nejasnost, nepotpunost, nepreciznost i protivrečnost pojedinih odredaba pozitivno pravnih propisa, ukazujući i na mogućnosti de lege ferenda. .