No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Cyber Attacks in International Law: From Atomic War to Computer War
ResearchGate has not been able to resolve any citations for this publication.
This article discusses international law mechanism allowing to prosecute a state for electronic threats generated from its territory, directed against a foreign sovereign. It analyses the possibility to recognize a cyber-attack as an act of international aggression and shows existing difficulties at the present state of international debate. Afterwards, it turns to the traditional notion of state responsibility for the lack of due diligence as a source of state’s responsibility for cyber-attacks. Such due diligence should be guaranteed through sufficient criminal law regulations that are properly executed in order to effectively prevent and persecute electronic attacks. The article submits in this context that an international debate, resulting in international guidelines is required. The results of such a debate would than allow harmonize national criminal law regulations. Although the author points to the need of an international debate on the system of protection against cyber-attacks on state key electronic infrastructure, she also emphasizes already existing international obligations for states to take responsibility for attacks conducted form their territory.
This article highlights legal problems of cyber attacks from a 'jus ad bellum' perspective (international dispositions regarding the justification for entering a war). Since no international instrument whatsoever cover the cyber attacks the analogies with current international solutions are largely employed. We illustrate also the developments with relevant examples taken from main powers' doctrine and practice (US, Russia and China). The starting points are the provisions regarding the use of (armed)force under Article 2(4) and "armed attack" under Article 51 of United Nations Charter. The qualification of a cyber attack as use of "armed force" or "armed attack" is based a multi criteria threshold developed by Schmitt. Other developments focus the capacity of present International law concepts (direct and indirect armed attack, identification of the aggressor state, pertinence of pre-emptive or interceptive self defense vis-à-vis cyber 'armed attack', etc.) to answer cyber warfare's structures and challenges. © 2013 This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works.
This book presents a novel framework to reconceptualize Internet governance and better manage cyber attacks. Specifically, it makes an original contribution by examining the potential of polycentric regulation to increase accountability through bottom-up action. It also provides a synthesis of the current state of cybersecurity research, bringing features of the cloak and dagger world of cyber attacks to light and comparing and contrasting the cyber threat to all relevant stakeholders. Throughout the book, cybersecurity is treated holistically, covering outstanding issues in law, science, economics, and politics. This interdisciplinary approach is an exemplar of how strategies from different disciplines as well as the private and public sectors may cross-pollinate to enhance cybersecurity. Case studies and examples illustrate what is at stake and identify best practices. The book discusses technical issues of Internet governance and cybersecurity while presenting the material in an informal, straightforward manner. The book is designed to inform readers about the interplay of Internet governance and cybersecurity and the potential of polycentric regulation to help foster cyber peace.
The most significant debate regarding the applicability of international humanitarian law to cyber operations involves interpretation of the rules governing cyber “attacks”, as that term is understood in the law. For over a decade, the debate has been a binary one between advocates of the “permissive approach” developed by the author and a “restrictive approach” championed by those who saw the permissive approach as insufficiently protective of the civilian population and other protected persons and objects. In this article, the author analyses that debate, and explains a third approach developed during the Tallinn Manual project. He concludes by suggesting that the Tallinn Manual approach best approximates the contemporary law given the increasing value which societies are attributing to cyber activities.
This article examines the conditions under which a cyber attack can trigger a State's right to self-defence and argues that the current international law standards for attributing attacks to a State can cover the case of cyber attacks. More specifically, the victim State can use force by way of self-defence against another State if the attack has been committed by the latter's organs or agents or has been committed by non-State actors tolerated by that State. When no State is implicated in the cyber attack, the victim State can take direct self-defence action against the non-State actor. It is however noted that future State practice may amplify further the attribution standards or introduce new standards.
When does a cyber-attack (or threat of cyber-attack) give rise to a right of self-defense – including armed self-defense – and when should it? This essay examines these questions through three lenses: (1) a legal perspective, to examine the range of reasonable interpretations of self-defense rights as applied to cyber-attacks, and the relative merits of interpretations within that range; (2) a strategic perspective, to link a purported right of armed self-defense to long-term policy interests including security and stability; and (3) a political perspective, to consider the situational context in which government decision-makers will face these issues and predictive judgments about the reactions to cyber-crises of influential actors in the international system. It aims to show specifically how development of politics, strategy, and law will likely play out interdependently with respect to this particular threat – cyber-attacks – and to draw some conclusions about legal development in this area based on that analysis.
Advancing technology will dramatically affect the weapons and tactics of future armed conflict, including the “places” where conflicts are fought, the “actors” by whom they are fought, and the “means and methods” by which they are fought. These changes -- including continuing cyber conflict, increased use of autonomous weapon systems, the development of nanotechnology, and evolving virology capabilities -- will stress even the fundamental principles of the law of armed conflict, or LOAC. While it is likely that the contemporary LOAC will be sufficient to regulate the majority of future conflicts, the international community must be willing to evolve the LOAC in an effort to ensure these future weapons and tactics remain under control of the law.Though many of these advancing technologies are still in the early stages of development and design, the time to act is now. In anticipation of these developments, the international community needs to recognize the gaps in the current LOAC and seek solutions in advance of the situation. As the LOAC evolves to face anticipated future threats, it will help ensure that advancing technologies comply with the foundational principles of the LOAC and future armed conflicts remain constrained by law.
Malicious cyber activities are becoming more and more commonplace, including between nations. This has caused great speculation as to the rules that govern military cyber operations, particularly during armed conflict. The upcoming publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare is indicative of the importance of this discussion. This article analyzes the application of the law of armed conflict principles of proportionality and precautions to cyber operations, including reference to the Tallinn Manual. In most cases, the existing law provides a clear paradigm to govern cyber activities. However, this article identifies several areas where governments and military operators might question how to apply these principles to a specific cyber operation. In these areas, greater precision is needed to provide clear guidance to those who plan, order, and conduct cyber operations.
Cyber-attacks — efforts to alter, disrupt, or destroy computer systems, networks, or the information or programs on them — pose difficult interpretive issues with respect to the U.N. Charter, including when, if ever, such activities constitute prohibited “force” or an “armed attack” justifying military force in self-defense. In exploring these issues, and by drawing on lessons from Cold War legal debates about the U.N. Charter, this Article makes two overarching arguments. First, strategy is a major driver of legal evolution. Whereas most scholarship and commentary on cyber-attacks has focused on how international law might be interpreted or amended to take account of new technologies and threats, this Article focuses on the dynamic interplay of law and strategy — strategy generates reappraisal and revision of law, while law itself shapes strategy — and the moves and countermoves among actors with varying interests, capabilities, and vulnerabilities. Second, this Article argues that it will be difficult to achieve international agreement on legal interpretation and to enforce it with respect to cyber-attacks. The current trajectory of U.S. interpretation — which emphasizes the effects of cyber-attacks in analyzing whether they cross the U.N. Charter’s legal thresholds — is a reasonable effort to overcome translation problems of a Charter built for a different era of conflict. However, certain features of cyber-activities make international legal regulation very difficult, and major actors have divergent strategic interests that will pull their preferred doctrinal interpretations and aspirations in different directions, impeding formation of a stable international consensus. The prescription is not to abandon interpretive or multilateral legal efforts to regulate cyber-attacks, but to recognize the likely limits of these efforts and to consider the implications of legal proposals or negotiations in the context of broader security strategy.
On April 27, 2007, Estonia suffered a crippling cyber attack launched from outside its borders. It is still unclear what legal rights a state has as a victim of a cyber attack. For example, even if Estonia could conclusively prove that Russia was behind the March 2007 attack there is no clear consensus on how Estonia could legally respond, whether with armed force, its own cyber attack, or some other measure. The scholarly literature dealing with these questions, as well as the ethical, humanitarian, and human rights implications of information warfare (IW) on national and international security is scarce. Treatments of IW outside the orthodox international humanitarian law (IHL) framework are nearly non-existent. This underscores the tension between classifying cyber attacks as merely criminal, or as a matter of state survival calling for the same responses as conventional threats to national security. International law has been slow to adapt. The facts on the ground, and the widespread, amorphous use and rapid evolution of the internet in many ways challenge state sovereignty. I will advocate that the best way to ensure a comprehensive regime for cyber attacks is through a new international accord dealing exclusively with cyber security and its status in international law. Yet, the international community lacks the political will to tackle this issue directly. Until such an accord becomes politically viable, it is critical to examine how existing treaty systems may extend to cover the novel facts presented by cybe attacks. Together, existing treaties form a dual track approach to cyber attacks - one that is available for cyber attacks that do not rise to the level of an armed attack, and another that is activated once an armed attack occurs. To that end this paper will examine the most apt analogues in international law to form an appropriate legal regime for the various types of cyber attacks - whether it is humanitarian law (laws of war), human rights law (regulation of nation states behavior), or some novel combination of these and other treaty systems. In framing this regime, it will be argued that cyber attacks represent a threat to international peace and security as daunting and horrific as nuclear war. Yet the nuclear non-proliferation model is not a useful analogy since the technology necessary to conduct IW is already widespread in the international community. Instead, other analogies will rely on communications and cyber law, space law, and the law of the sea. The main failings of existing international treaties that touch on cyber law though are that most do not carry enforcement provisions. Nor do they specify how the frameworks change or fall away entirely during an armed attack. Nevertheless, regardless of whether or not cyber attacks fall below the threshold of an armed attack these bodies of law have a role to play in forming an appropriate regime. The cyber attack on Estonia in April, 2007, presents an example of the dire need for clarity in the international law of non-conventional warfare using modern technology.
In the past few decades, cyber attacks have evolved from boastful hacking to sophisticated cyber assaults that are integrated into the modern military machine. As the tools of cyber attacks become more accessible and dangerous, it’s necessary for state and non-state cyber attackers to understand what limitations they face under international law. This paper confronts the major law-of-war issues faced by scholars and policymakers in the realm of cyber attacks, and explores how the key concepts of international law ought to apply. This paper makes a number of original contributions to the literature on cyber war and on the broader subject of the laws of war. I show that many of the conceptual problems in applying international humanitarian law to cyber attacks are parallel to the problems in applying international humanitarian law to conventional uses of force. The differences are in degree, not of kind. Moreover, I explore the types of cyber attacks that states can undertake to abide by international law, and which ones fall short.
In the not-so-distant future, a concerted ‘Cyber Attack’, effectuated via the Internet, could cause massive destruction to any society dependent on computer networks, especially in key target fields of transport, energy supply and communication infrastructures, leading to human casualties and serious destruction of property – reproducing the same, if not more, damage that would be caused by conventional armed attacks. Despite last decade’s abundant legal literature on the subject, not only is a clear and unambiguous international consensus regarding the legal status of Cyber Warfare Operations hitherto nonexistent, but also the views of international law scholars present a peculiarly high level of heterogeneity. Are Cyber Attacks prohibited under the non-use of force doctrine or permitted within the concept of self-defence? Are they even subject to the Law of War? In order to find answers to questions such as the aforementioned, various aspects of International Law will be applied, underlining the need for a reform of notions such as armed conflict, use of force and attack. This paper will attempt to ‘navigate’ through the ‘sea’ of multitudinous and farraginous papers written by lawyers from military, humanitarian and academic backgrounds, by dividing its corpus into the following distinct sections. In the first part, a delineation of the terms Cyberspace and Cyber Warfare Operations will be attempted, coupled with an examination of the various hacking techniques and the typology of potential attacks. Secondly, the jus ad bellum will be applied in Cyber Attacks with the goal of classifying them under the existing ‘costumes’ of ‘use of force’ and/or ‘aggression’. Their relationship with the concept of self-defence will be examined in a two-fold way. Is a Cyber Attack tantamount to an ‘armed attack’, in order to trigger the lawful right of self-defence, according to UN Charter article 51? And vice-versa, is it possible for self-defence to be waged in the form of a Cyber Attack? State responsibility will be subsequently addressed, using as a ‘compass’ the 2001 Draft Articles on State Responsibility and the relative jurisprudence by international tribunals. Thirdly, certain bedrock rules of the jus in bello will be applied in Cyber Attacks, concluding that the cardinal principles of distinction, humanity and proportionality are outdated albeit essential. Lastly, this paper will address the existing international treaty systems in the quest of determining a satisfactory framework under which Cyber Attacks can be regulated. Separate emphasis is to be laid upon on the need for the creation of a jus novum, specifically tailored to modulate this novel and multifaceted method of warfare.
Information warfare: how to survive cyber-attack
- Michael Erbschloe
Erbschloe, Michael. Information warfare: how to survive cyber-attack.
Tallinn Manual on the International Law applicable to Cyber Warfare
- Michael N Schmitt
Michael N. Schmitt. Tallinn Manual on the International Law applicable to Cyber Warfare.
Sovereignty and cyber-attacks: technology's challenge to the law of state responsibility
- P Margulies
Margulies, P. (2014). Sovereignty and cyber-attacks: technology's challenge to the law of state
responsibility. Melbourne Journal of International Law, 14(2), 181-205.
Armed Attacks in Cyberspace: The Unseen Threat to Peace and Security That Redefines the Law and State Responsibility
- N Jupillat
Jupillat, N. (2015). Armed Attacks in Cyberspace: The Unseen Threat to Peace and Security That
Redefines the Law and State Responsibility. U. Det. Mercy L. Rev., 92, 115.