Add to my Schedule Central Park West - 6th Floor
May 08, 2018 10:45 AM - 11:15 AM (America/New_York) Switch to local time
20180508T1045 20180508T1115 America/New_York Cyber Kinetic Hacks and Computer Law: Practical and Theoretical Considerations of Hackers Killing You with a KeyBoard Since the dawn of the digital age lawmakers have feared cyber kinetic attacks. In the early 1980's a group of teenage hackers who accessed Sloan Kettering Hospital's network garnered national media at... Central Park West - 6th Floor HACK NYC 2018

Since the dawn of the digital age lawmakers have feared cyber kinetic attacks. In the early 1980's a group of teenage hackers who accessed Sloan Kettering Hospital's network garnered national media attention because of the fears that patients could have been killed via computer. Around the same time the movie "Wargames" came out. "Wargames" tells the story of a teenage hacker who hacks the United States’ military's North American Air Defense system and accidentally brings the country to the brink of nuclear annihilation. The fears created by these real and imagined hacks induced our country's first wave of hacker hysteria in the 1980's. The hysteria led to Congress passing the "Computer Fraud and Abuse Act" ("CFAA"), a criminal and civil statute that is the federal government's primary tool in the prosecution of hackers. Most state computer crime statutes are based on the CFAA. The CFAA is very much concerned with cyber kinetic hacks. But the CFAA is a blunt tool that can (and has) swept up the work of security researchers and others that have built useful tools that have been mis-used or engaged in active cyber defense methods.


Additionally, the rise of the Internet of Things ("IoT") and Artificial Intelligence ("AI") –the rise of the machines –raises difficult questions about the civil and criminal liability for putting vulnerable software, systems, or products in the stream of commerce. An ever-wider range of entrepreneurs and companies may be exposed to liability for kinetic / cyber-physical risks, including companies that manufacture or use networked or IoT connected software and products. Indeed, President Obama’s blue-ribbon Commission on Enhancing National Cybersecurity specifically proposed an assessment of “the current state of the law with regard to liability for harm caused by faulty IoT devices,” in part to “provide appropriate incentives for companies to design security into their products.” Unfortunately, much of current law is based on outdated physical world norms based on centuries of our common law traditions that developed without the ubiquitous presence of computers in our society.


Our talk would begin with a discussion of the history of cyber kinetic attacks in relation to the CFAA and other applicable laws, including pending bills on amending the CFAA to allow active cyber defense methods. Following this we would discuss the future of IoT, AI, and the affects that hacking could have in a society where computers are in our homes, cars, and bodies. We will sketch a theoretical framework for evaluating liability risks and solutions for companies that create IoT, AI, and IoT running AI. Drawing on our experience we would highlight pervasive, easily avoidable reoccurring problems in the information and operational security that are easily fixed to reduce kinetic risks and comply with the law. We then would move on to a discussion- again based on our empirical knowledge of actual hacks- of common, easily avoidable mistakes in first response to a hack as well as longer term response to hacks. All of this would be interlaced with a discussion of the law in relation to the concrete and theoretical examples we are giving. Finally, if there is time, we will take questions.



 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.