Search Results

Chapter 1 identifies the cyber threats to international security and the applicable laws. It starts by identifying the main cases of cyber operations against states of which other states were suspected. It defines what ‘cyber operation’, ‘cyber attack’, and ‘cyber exploitation’ are and classifies them. The applicable rules are then identified and the point is made that existing jus ad bellum and jus in bello rules apply to cyber operations even though they were drafted before the cyber age. Finally, the problems related to identification and attribution in cyber operations are discussed, in particular the application of the secondary rules on state responsibility, as contained in the 2001 Articles on State Responsibility adopted by the International Law Commission.

The interplay between law and rhetoric forms an important backdrop for analyzing international legal norms governing state response to cyber threats. First, the term “cyberwar” or “cyberwarfare” is used to connote a wide range of actual and potential cyber activities or threats across a broad spectrum of activity. This chapter highlights the consequences of “war” rhetoric in the cyber realm, with specific reference to lessons from the past decade of counterterrorism. It then analyzes the consequences of the term “cyber attack,” focusing on both the jus ad bellum concept of “armed attack” and the law of armed conflict definition of “attack,” particularly with regard to blurring the notion of “attack” into one unspecified and extensive term conflating two or more legal concepts. Each of these results has significant ramifications for the application of international law, the preservation of the international system, and the protection of persons during times of conflict.

This chapter overviews how the U.S. government is structured to defend, exploit, and attack in cyberspace and the legal authorities for such activities. It provides insight, guidance, and discussion into the current state of international humanitarian and domestic law and how such legal frameworks impact cyberspace operations, such as regarding coutermeasures. It also provides perspective regarding future legal challenges and how legal advisers to national decision-makers, including military and national security attorneys, can help shape international law in this emerging field. Among the questions this chapter specifically addresses include (1) what are the domestic authorities for the United States military to carry out cyberspace operations, cyber-attacks, or other cyber disruptions in support of its assigned mission?; and (2) are government, finance, and communications websites and command and control facilities appropriate military targets under the law of armed conflict?

One of the biggest problems of cyber conflict research is the lack of consensus on terminology. This chapter is an in-depth review of cyber conflict scholarship. It introduces what others describe as cyber war, conflict, attacks, security, and the like, and discusses the choice of a different path of terminology. What is cyber conflict and how does one know it when one sees it? The chapter discards the popular terms cyber war and cyber attack and replace them with the terms cyber conflict, cyber incidents, and cyber disputes, suggesting that this more grounded terminology should become the standard for research on cyber conflict in the international system.

The introduction sets to explain why it is important to look at the question of attribution: in short, it is central to defense and deterrence strategies. Furthermore, the introduction presents the different nuances of sponsorships to distinguish: from writing code without being aware of its intended malicious use, to states refusing to cooperate in investigations. The chapter goes on with exposing three common misconceptions that have permeated the debate on attribution: that it is a technical problem; that it is unsolvable; and that it is unique. These misconceptions will be debunked in turns throughout the remaining chapters. Finally, the chapter summarizes the argument and key terms such as "attribution" and cyber attacks.

This chapter argues that cyberwar is not sufficiently like normal cases of war or armed conflict to justify the relaxation of the rules and laws concerning intentional killing, and that there are good reasons to think of cyber attacks more like embargoes than like the type of lethal attacks that war has historically involved. While cyber attacks could rise to level of being wars or armed conflicts, there are not likely to be many if any such attacks today. There are also serious consequences for assimilating cyber attacks to the war paradigm that will make the world a less safe place.

Existing works on inter-state cyber operations have focused so far on whether such operations are consistent with primary norms of international law and on the remedies available to the victim state under the jus ad bellum and the law of state responsibility. They have almost entirely neglected a discussion of the evidence the victim state needs to produce to demonstrate that an unlawful cyber operation has been conducted against it and that it is attributable to another state. Taking the International Court of Justice’s case-law into account, the chapter discusses who has the burden of proof in relation to claims seeking remedies for damage caused by cyber operations, the standard of proof required in the cyber context, and, finally, the possible methods of proof, distinguishing between those which are admissible and those which are inadmissible.

This chapter explores Burma’s information control and resistance complexities based on the investigation conducted by the Information Warfare Monitor of the Mizzima News Web site attacks in 2008. The consistency of the attacks with the interest of the country’s government and military in information control and censorship of the Internet is explored. The factors behind the attack were found to be political motivation and availability of a target of opportunity. The chapter presents the Internet content control mechanisms used by Burma including Internet filtering, repressive legal frameworks, and recurring cyber attacks. A case study is presented focusing on the importance of holistic analysis in understanding cyberspace freedom of expression threats.

This chapter focuses on the rise of non-state actors in cyberwarfare and its impact on international law. The first part considers how digital technologies stimulated an increasing role for non-state actors in the international system, accelerating the demise of the state as primary actor of international law. Moreover, through a taxonomical analysis of non-state actors operating in cyberspace, it examines their present and future role in cyberwarfare, their relationship with the states, and their peculiar structures and modi operandi. The second part evaluates the challenges to international law posed by the non-state actors’ involvement in this new paradigm of warfare. It considers how their participation in cyberwar may be covered by the traditional corpus of norms regulating armed conflicts. Furthermore, it addresses issues related to the attribution of the act and the ability of the state to respond to cyber threats deriving from non-state actors under the law of self-defense.

When can we consider that an attack is attributed, if attribution is not dependent on court proceedings? Do we need "appropriate" standards for the attribution of cyber attacks? What would such standards look like? This chapter starts by noting that there is a mismatch between how attribution functions, and how the law operates. Attribution is not contingent on legal proceedings, and can occur despite a lack of condemnation by a court. This lack of reliance on strict standards of evidence leads us to consider the following argument: that attribution is easily malleable. On top of the reliance of attribution on judgment, two factors notably underpin this malleability: an apparent lack of scrutiny for the evidence presented in cases of cyber attacks, and the use of non-conclusive criteria that are nevertheless presented as decisive. This malleability can be of great help to officials who seek to convince an audience of their attribution claims.

With the expansion of cyberspace, European armed forces are confronted by new challenges. Cyber threats keep growing more sophisticated, targeted, and powerful. Not only states, but also individuals, political groups, and criminal and terrorist organizations use these rather affordable and widely accessible technologies remotely to conduct operations such as espionage, sabotage, information warfare, or influence. Russian nationalist propaganda has made a powerful comeback on social networks, along with ISIS propaganda. Cyber attacks for neutralization or strategic espionage have increased in worrying proportions. The specificities inherent to cyberspace and the unusual intertwining of political, economic, and military issues represent a real challenge for the elaboration and the implementation of a strategic or tactical response. They also represent a challenge for international cooperation in crisis resolutions and the conduct of military operations.

How important is the time constraint for attribution? How has the time constraint evolved? And what constitutes an appropriate time for attributing cyber attacks? Timing plays a significant role in attribution. The common assumption is that attribution is time-consuming, and warrants efforts to try to reduce the time it takes to identify instigators of cyber attacks. In the context of a national security incident, the rationale continues, this is problematic because fast reaction times are needed to ensure that any response will still be consistent with the fast-changing geopolitical context. Yet, counter-intuitively, focusing on time reduction can be misleading. In the national security context, timing matters, but not in terms of the measurable passage of time as much as in terms of external conjectures that influence the decision to attribute an act. Whether for a violent act of sabotage where the public expects a government reaction or for a less visible act of espionage, the time may not always be such that it is politically appropriate to attribute an attack. In this context, talking about reducing the time for attribution does not make much sense: such a proposal foregoes all the political elements that inform attribution, and over-emphasizes the technical aspect of attribution over the context in which an attack takes place.

What does it mean for a cyber attack to be plausibly deniable? And, more to the point, how can states engineer plausible deniability? This chapter makes two related arguments that run against common assumptions in the literature. Firstly, states engineer plausible deniability by relying not on foreign and distant hacking groups, but usually on domestic proxies. Although this reliance increases the state’s likelihood of being exposed, it also gives the state a greater ability to control the hired group. Secondly, connecting a state to an attack makes the state open to retaliation and largely accounts for why a state can be zealous in plausibly denying its involvement. Strategically, however, it does not make sense for states to seek plausible deniability for all types of attack. Espionage operations almost always prompt a backlash and can warrant special precautionary measures. But sabotage operations aimed at coercing an actor into a change of behavior require clarity. The instigator needs to ensure that the victim is cognizant of the motive behind the attack so that the threat can inform their potential decision to change policy. By revealing its identity while leaving room for ambiguity, a state can simultaneously send this signal and avoid retaliation.

This chapter shows how any network intrusion into a strategically-important network is threatening. Hacking is thus a key part of international relations. This is true regardless of whether or not the intrusion was launched with offensive or defensive intent. The risk of misperception is real, and the threats enabled by a network intrusion are significant. Network intrusions offer the capacity for tailored cyber attacks, for more basic wiper attacks, for general intelligence collection and espionage, and for counterintelligence work. It is very difficult to determine the intentions of an intruder, and they can change very easily—all of which leads to the possibility of danger and animates the cybersecurity dilemma.

This chapter begins with a discussion of the threat of cyber crime. These threats can range from individual phishing emails that trick victims into disclosing personal and financial information, to computer viruses and keystroke loggers that steal victims' passwords, to the theft of valuable intellectual property over the Internet. A cyber attack could have an enormous, possibly devastating, impact on the economy as well as to cripple individual businesses and services. The chapter describes the some of the work that assistant U.S. attorneys in the Southern District of New York have been doing to combat cyber crime. This includes working with law enforcement partners in the United States and abroad, which has translated into a string of successes in the war on cyber crime. The discussion then turns to the importance of collaboration in cyber crime cases, not only among law enforcement agencies, but also between government and industry.

This chapter examines the application of the law of armed conflict to cyberwar. It provides definitions related to cyberwar, analyses the actors in this unique battle space, and evaluates examples of relevant activities. The chapter suggests that though there are certain problems with the application of the law of armed conflict to cyberwar, it appears to cover the effects of a cyber attack, and that this is a testament to the strength and flexibility of the law.

This chapter provides an overview of intrusion operations and applies them to the security dilemma. It works through how offensive cyber operations work and distils important principles. This is based off the well-known cyber kill chain models that explain cyber operations in an accessible fashion. The chapter shows as well how these principles can lead to escalation and provide incentives for states to launch network intrusions in advance of conflict. It is this incentive to launch intrusions early that creates activity that could be misperceived by another nation.