Talk:Scenario 10: Legal review of cyber weapons
This is a sample comment. Kubomacak (talk) 18:35, 17 October 2018 (UTC)
Comments of reviewer[edit source]
Executive summary - clear, concise
Keyword - reflect the scenario content
Factual narrative - I am not sure I understand the factual narrative completely. I am not aware of any "automated maintenance of military equipment" that would work the way that author of this scenario imagines (but I may be wrong, there is no doubt about that). What is quite frequent is that maintenance is based either on set assumption (there is need of maintenance after every say 500 hours of running, because wear and tear increases the rtisk of failure in fighting conditions; this requires usage monitoring mecahnisms) or on condition. Condition-based maintenance then require implementation of condition monitoring systems, which may manual, semi-automatic and automatic means. Re-writing scenario in this regard might be more realistic. Physical damage in this case would be caused by postponing the maintenance (forcing the diagnostic systems to ignore worse condition of specific parts). I am not sure if this is outside of scope of what author of this scenario intended, but it makes more sense in terms of realism.
Legal Review of Cyber Weapons - I find this part extremely well written
Legal Analysis - again, this part is very well-written. I have two remarks. (1) Re kill-switch: I think it would be great to have some mechanisms of kill-switch described in the scenario, because some of these hamper the operational capacity of such malware. Eg. some malware (ransomware specifically) is known to try to connect to specific internet page to get error 404 - this method is used to discover whether it is being run on virtual machine (where it cannot get 404, as its request is an automatic "yes") or real machine (404 then leads to activation). These mechanisms can be used for kill switches rather efficiently, but it requires internet connection and (more importantly) inciting some sort of communication that is not standard for machine and can be discovered and blocked. Kill switches in this regard leads to significantly lowered operational capacities. This is a remark towards technical realities. (2) Re checklist: review of cyber weapons is game with incomplete information. I believe the issues of uncertainty has a significant part in analysis and should be included in checklist. Scenario presumes gaming with complete information (specific PLC is not present outside of automated maintenance systems), while uncertainty is normal in this regards. And this causes (at least in my experience from various exercises) problem for great deal of lawyers. Questions such as "how probable is that this PLC will be detected in some other systems of non-military use?" or "how accurate are information about probability in this regards?" greatly effect not only the outcome of legal review, but also the degree of confidence and expertise with which it is conducted. I believe the scenario should contain those two details (and I admit these are details) to be more realistic and when used, more akin to real working conditions - questions such as "kill switch? OK, how?" are probably going to appear throughout adviser's career.
- Comments reviewed and incorporated in the final text of the scenario. Kubomacak (talk) 11:58, 11 March 2019 (UTC)
Workshop Session Comments: - PLC is in the glossary, but not define. This term is extremely important for this scenario. Reviewer793 (talk) 12:10, 8 February 2019 (UTC)