2.1.1 Cyber-Attack v. Cyber-Exploitation

Jack Goldsmith and a Berkman Center Cybersecurity Team

Cyber-Attack v. Cyber-Exploitation. This is a fundamental distinction throughout cybersecurity that has important legal, policy, and jurisdictional implications. A cyber-attack is an act that disrupts, denies, degrades, or destroys information on a computer network or related system. Examples include the manipulation or destruction of data or code on a computer system to control or shut down an electricity grid, or to disrupt military communications, or to render banking data unreliable. A cyber-exploitation is the act of monitoring and related espionage on computer systems, as well as the copying (and thus theft) of data on these systems. In contrast to a cyber-attack, cyber-exploitation does not seek to affect the normal functioning of the computer or network from the perspective of the user. Examples of cyber-exploitation include stolen military secrets, intellectual property, and credit card numbers.

This book, and all H2O books, are Creative Commons licensed for sharing and re-use with the exception of certain excerpts. Any excerpts from the Restatements of the Law, Principles of the Law, and the Model Penal Code are copyright by The American Law Institute. Excerpts are reproduced with permission, not as part of a Creative Commons license.