There is a lot of obvious precedent and existing legislation in this area: https://en.wikipedia.org/wiki/Law_of_war
Weapon [wep-uh n] noun 1. any instrument or device for use in attack or defense in combat, fighting, or war, as a sword, rifle, or cannon. 2. anything used against an opponent, adversary, or victim I don’t see why we should want to agree to make a distinction between cyberspace and meatspace, given that one controls the other. The result is the same if you fell a telco/supermarket/<insert your preferred civilian target here> with a bomb (which, for argument's sake, immediately kills no-one) or with a crypto locker (which immediately kills no-one). The intention, target and goal are the same. A weapon is a weapon and both the bomb and crypto locker manifest themselves in the physical world. I do understand why Governments will us to folly in such discussions, however. Matt -----Original Message----- From: uknof [mailto:[email protected]] On Behalf Of Kurt Erik Lindqvist Sent: 16 November 2017 08:05 To: Bill Woodcock <[email protected]> Cc: [email protected]; Nick Hilliard <[email protected]> Subject: Re: [uknof] GCSC critical infrastructure protection questions: your input needed. > On 15 Nov 2017, at 12:22, Bill Woodcock <[email protected]> wrote: > > Uh, none of that is relevant to the discussion. Call it pretty > infrastructure or tasty infrastructure or whatever pleases you. > > The question is what types of private-sector infrastructure you most strongly > feel should not be subject to governmental cyber attacks. I think you are missing Nick’s point. There are already EU and national legislation that identifies these. Getting to the current set of infrastructure and definitions have taken a long and painstaking involvement by all parties. Having an international study or document risks all this work. Rather than an on-line poll that risks being seen as some sort of authoritative input I would suggest the existing work is instead referenced and taken into account. The work that has and is being done around the NIS directive and article 13a definitions on critical infrastructure is a good starting point. This work is not EU specific even though a lot of it was done in an EU context. Best Regards, - kurtis -
