Even before the terrorist attacks of September 11th, news organizations and legal scholars began debating if the traditional “rules of war” should be applied to the new threat of terrorism. What became clear quickly was that terrorism is a murky area in terms of both warfare and international law. A new threat, some might say an offshoot of terrorism, has now emerged: cyberwarfare.
Scholars have now begun debating whether or not current law is applicable to cyber attacks. One think tank in Europe,the Cooperative Cyber Defense Center of Excellence (CCDCOE), based in Estonia, has compiled a manual entitled “Tallinn Manual on the International Law Applicable to Cyber Warfare”, for use by legal advisors to government agencies. The manual looks at existing international law and sets out guidelines for when countries may legally use force against one another and the current rules of armed conflict. The CCDCOE works with NATO on many issues relating to cyber security and the Tallin manual was developed by a group of NATO experts from various countries including the United States and the United Kingdom. While not official doctrine, it does state NATO’s views on the laws they believe applicable to cyber warfare.
The manual may be a helpful way to lay out what exactly international law concerning warfare entails today, but it does not answer the question, which is stated in the introduction to the manual, “Does existing law apply to cyberwarfare?”. This might be the more important, and most difficult, question in this area.
One of the main problems is the difficulty in determining what constitutes a “cyber attack”. Is a hacked entry into a government organization in an attempt to steal information an example? Perhaps an attack into a financial institution to take credit card numbers and use them? Difficultly also comes with attributing the attack to a particular group since many have no affiliation to a country of origin. Some may even be a collection of different citizens from different states protesting a cause. One example is the group Anonymous UK who shut down the MI5 and MI6 websites in the wake of the arrest and treatment of Wikileaks founder Julian Assange.
Cyberwarfare is an emerging issue that is taking on greater importance, as new incidents of cyber attacks are dominating our news cycle. Unfortunately, we are still left with a lot of unanswered questions. This new manual does not seem to answer, or attempt to answer, any of the more difficult questions. It seems that governments must come together , as they have before with other emerging international issues, to create a treaty on the action allowed against cyber warfare.
Some questions to consider:
What exactly constitutes cyberwarfare?
Can existing rules of warfare, as set out in the “Tallinn Manual on the International Law Applicable to Cyber Warfare”, be used in this area?
What laws need to be developed to deal with this problem?