109

urn:lsid:arphahub.com:pub:3dc5f44e-8666-58db-bc76-a455210e8891

JUCS - Journal of Universal Computer Science

jucs

0948-695X 0948-6968

Journal of Universal Computer Science

10.3217/jucs-024-05-0646

23227

Research Article

K.4.1 - Public Policy Issues K.5.2 - Governmental Issues K.5 - LEGAL ASPECTS OF COMPUTING K.6.5 - Security and Protection

Obligation to Defend the Critical Infrastructure? Offensive Cybersecurity Measures

Mihelič

Anže

mihelic.anze@gmail.com 1 Vrhovec

Simon

University of Ljubljana, Ljubljana, Slovenia

University of Ljubljana

Ljubljana

Slovenia 2

University of Maribor, Ljubljana, Slovenia

University of Maribor

Ljubljana

Slovenia

Corresponding author: Anže Mihelič (mihelic.anze@gmail.com).

Academic editor:

2018

28 05 2018

24 5 646 661 4DDF9E44-C6D8-5404-B059-B75959D3648E 5505175 23 01 2018 28 04 2018

Anže Mihelič, Simon Vrhovec

This article is freely available under the J.UCS Open Content License.

Abstract

Critical infrastructure is vital for the functioning of the state and the society. Even though the legal foundations for critical infrastructure protection in material world are well-established, there is almost no legal basis for providing critical infrastructure security in the cyberspace. In this paper, we study the applicability of different types of cybersecurity measures including the most offensive ones in different domains by drawing parallels to providing security in the material world. By further focusing on the offensive cybersecurity measures (i.e., hack back), we lay out the circumstances in which such invasive measures could be employed for providing security for the critical infrastructure.