Legal aspects of a cyber immune system

The malicious and criminal attacks against individuals, businesses, and nations on the Internet and in cyberspace must be mitigated in order to protect citizens and nations. One cyber security vision is the cyber immune system. Such a system would include automatic defense mechanisms based on incomplete attribution, continuous monitoring, pattern recognition, and the application of a set of rules designed to isolate or destroy the abnormal actor, or attacker. The cyber immune system would operate at a distributed level, at the speed necessary to thwart constant and ever changing threats. From a legal perspective, it matters if a state or private entity applies the system. For example, if a state actor is involved, then due process, and the protection of fundamental rights such as privacy and speech, are relevant to the action taken, while if a private entity applies the cyber defense then relevant legal issues include property, contract, and regulatory limits. While the automated nature of a cyber defense may present legal challenges to both state and non-state actors, it may mitigate the legal ramifications of human decision making if the system of rules is carefully crafted.