Implementation of Active Cyber Defense Measures by Private Entities: The Need for an International Accord to Address Disputes [open pdf - 1MB]
From the thesis abstract: "Cybersecurity is a national security issue. Passive cyber defense measures are no longer sufficient. This thesis uses options analysis to consider different courses of action for the employment of active cyber defense measures. The Active Cyber Defense Certainty Act, with minor changes, will strengthen the collective cybersecurity posture of entities worldwide by increasing the identification of those perpetrating cyberspace acts. Alone, it does not address the legitimate concerns of proponents and opponents alike. It needs to be coupled with the Cyber Diplomacy Act of 2017, which creates an office within the Department of State to negotiate cyber matters globally on behalf of the United States. While these two acts are stronger together, no single entity within the United States fully addresses America's cybersecurity policy. As the attacks on the World Trade Center in 2001 necessitated the creation of a Director of National Intelligence to coordinate the intelligence community, the current state of cybersecurity necessitates the creation of a national director of cybersecurity. The three concepts create a holistic approach to U.S. cybersecurity, but an entity must mitigate disputes between nations. NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) facilitated the writing of the Tallinn Manual 2.0. Coupled with the Budapest Convention on Cybercrime as a framework, the CCDCOE has the ability to serve as the entity to mitigate those disputes."
Naval Postgraduate School, Dudley Knox Library: https://calhoun.nps.edu/