What are the legal requirements for a cyber action to meet the definition of an act of war?

timer Asked: Oct 23rd, 2018
account_balance_wallet $9.99

Question Description

What are the legal requirements for a cyber action to meet the definition of an act of war? Should the definition be explicit or should it be left ambiguous? What do you feel are the requirements for an act of cyber-terrorism? Why?

This is not a paper. it is a posting. being personal is recomended.

Instructions: Fully utilize the materials that have been provided to you in order to support your response. Your initial post should be at least 500 words.

Forum posts are graded on relevance, knowledge of the weekly readings, and the quality of original ideas. Sources utilized to support answers are to be cited in accordance with the Turabian writing style by providing a general parenthetical citation (reference the author, year and page number) within your post, as well as an adjoining reference list.

Unformatted Attachment Preview

The Customary International Law of Cyberspace Gary Brown, Colonel, USAF Keira Poellet, Major, USAF The first thing to know about international law is that it bears only a passing resemblance to the kind of law with which most people are familiar. Domestic laws in most countries are passed by some sort of sovereign body (like Congress) after due consideration. Statutes are carefully crafted so the law has a precise effect. International law is nothing like that. Con­ trary to popular belief, treaties are not the primary means of establishing international law. The body of international law is a jumble of historic practice and tradition as well as signed agreements between nations. Within this patchwork of guidance, customary international law oc­ cupies a position of preeminence in developing areas of the law—ahead of treaties and conventions.1 Customary international law develops from the general and consistent practice of states if the practice is followed out of a sense of legal obligation.2 When this occurs, customary law is con­ sidered legally binding on nation-states. In situations not addressed by es­ tablished consensus on what constitutes lawful behavior, nations may take actions they deem appropriate.3 This is the heart of the well-established Lotus principle, so named for the International Court of Justice decision in which it was established.4 Only a handful of actions are considered peremptory norms of inter­ national law; that is, things that are universally held to be wrong and impermissible.5 These are exceptional areas, including piracy, human traf­ ficking, and hijacking. One reason there are so few universally accepted norms is the very nature of the international legal regime. It is established Col Gary Brown has been the staff judge advocate (SJA) at US Cyber Command, Fort Meade, Maryland, since its establishment in 2010. Previously, he was the SJA at Joint Functional Component Command—Network Warfare. He is a graduate of the University of Nebraska College of Law. Maj Keira Poellet is an operations law attorney at US Cyber Command. Her previous assignment was deputy SJA at Lajes Field, Azores, Portugal. She received her LLM in space and telecommunications law from the University of Nebraska College of Law and her JD from Whittier Law School. [ 126 ] Strategic Studies Quar terly ♦ Fall 2012 The Customary International Law of Cyberspace by what nations do and believe they are bound to do, making consensus difficult to reach. Without consensus, there is no law, even in what seem to be straightforward cases, such as torture. “Torture or cruel, inhuman, or degrading treatment or punishment” is recognized by most states as violating human rights principles that have attained the status of customary international law. Yet, actions amounting to torture continue, and states sponsoring those actions are not often condemned, so it cannot be said there is complete international agreement on the issue.6 Although the few prohibitions accepted as peremptory norms do not deal with war, that is not to say armed conflict is completely ungoverned. There is a body of customary law reflecting the extensive and virtually uniform conduct of nation-states during traditional warfare that is widely accepted and well understood—the law of war. Unfortunately, the appli­ cation of the law of war to cyberspace is problematic because the actions and effects available to nations and nonstate actors in cyberspace do not necessarily match up neatly with the principles governing armed conflict. Cyberspace gives nation-states new options, enabling them to take nonkinetic actions that may not have been available previously. Actions that may have required the use of military force in previous conflicts now can be done with cyber techniques without the use of force. States can also take actions in cyberspace that would be consistent with the use of armed force but more easily avoid taking responsibility for the actions—they can take cyber action “without attribution.” In the absence of a specific legal regime for cyberspace, the logical approach is to take what guidance exists to govern more conventional warfare and determine whether it can be applied to cyberspace activities. The subsequent brief discussion is a general examination of how national practices become customs binding on the body of nations as customary international law. Following the general discussion is a more detailed dis­ cussion of how customary international law might apply to nation-state cyber actions. The Development of Customary International Law It is common for states to disagree about what constitutes a general practice accepted as law. The easiest form of proof is found in state actions, published government materials, official government statements, domestic Strategic Studies Quar terly ♦ Fall 2012 [ 127 ] Gary Brown and Keira Poellet laws, and court decisions that detail actual practice.7 Over time, specific instances of state practice may develop into a general custom.8 The second part of the equation is more difficult. For a custom to be binding, states not only need to act in a certain way; they have to act that way because they think they are legally obligated to do so.9 Acceptance of general practice as an obligation, that it is “accepted by law,” is referred to as opinio juris.10 Evidence of opinio juris is primarily shown through statements of belief, as opposed to statements about state practice, such as treaties or declarations.11 There is no mathematical formula governing how many states must accept a practice or for how long it needs to be practiced for it to be­ come binding custom.12 For the most part, the more states that practice a custom, the more likely it is to evolve into law, but not even that simple rule holds completely true. The practice of politically powerful and active states carries more weight than that of smaller nations, especially ones not actively engaged in the area under consideration. For example, actions of the United States or Great Britain will have more bearing on the development of international law governing naval operations than those of Switzerland. As noted, the length of time to develop customary international law can vary greatly. The law of war is a good example. The customary law of war has developed over thousands of years, but the practice of limiting conflict (e.g., to protect noncombatants) evolved primarily in the last 150 years. For example, the Greeks began developing the concept of jus ad bellum, or just war, in the fourth century BC.13 By contrast, while the principles governing the way in which combatants engage in warfare (jus in bello) also have historical ties to that era, they did not begin to assume their current form until the 1860s during the Franco-Prussian War and the American Civil War. Documented atrocities during those wars led to rapid development of the modern law of war regime, beginning with the first Hague Convention in 1899. An example of customary law that developed quickly is space law.14 In 1958, just one year after the launch of Sputnik, the UN General Assembly created a committee to settle on the peaceful uses of outer space. By 1963, the United Nations had put forth the Declaration of Legal Principles Govern­ ing the Activities of States in the Exploration and Use of Outer Space, formally recognizing what had become customary law applicable to space activities. Since then, most space law has been generated through international agree­ ments, beginning with the first outer space treaty signed in 1967. [ 128 ] Strategic Studies Quar terly ♦ Fall 2012 The Customary International Law of Cyberspace Sometimes even state inaction can establish practice. For example, when one state engages in conduct harmful to another, the official silence of the “victim” state can be evidence that the conduct in question does not constitute a violation of international law. This passiveness and inaction can produce a binding effect under what is called the doctrine of acquies­ cence.15 The more times a state permits an action to occur without mean­ ingful protest, the more likely it is the action will be accepted as lawful state practice. Development of Cyber Law through Custom The increasing use of computers and computer networks through the 1970s and 1980s was followed swiftly by the rise of the “network of net­ works” known as the Internet in the mid-1990s.16 Ultimately, the Inter­ net spawned an entirely new domain of operations referred to as cyberspace. It is in and through this virtual space that cyber activities occur. So, not only are the activities in cyber new, where cyber actions take place is a unique location.17 Because it has existed for such a short time, there is not a robust body of law governing state conduct in cyberspace.18 There are documented instances of state cyber practice, however, and these have begun to lay a pattern for establishing customary cyber law. As noted above, custom­ ary law does not instantly appear but is developed through state practice and rationale. The cyber practices of states and the thought behind those actions over the past 30 years must be examined to determine if there is customary law in cyberspace. If no principles have developed, as earlier discussed, cyberspace remains unconstrained under the default customary international regime. Although opinio juris is a critical element, it is easiest to analyze the development of custom beginning with an examination of state action, which is more visible and easily documented than motivation. Compli­ cating the analysis is the secrecy surrounding most cyber operations. The US Department of Defense (DoD), for example, claims it suffers millions of scans and thousands of probes into its networks each day.19 With rare exceptions, no states or individuals come forward to take credit for these actions, so assessing the motivation of these unknown cyber actors is dif­ ficult. Albeit complicated and difficult, a few examples of state practice in cyber are available for examination. Strategic Studies Quar terly ♦ Fall 2012 [ 129 ] Gary Brown and Keira Poellet Arguably, the first cyber attack occurred in the Soviet Union. In 1982, a trans-Siberian pipeline exploded. The explosion was recorded by US satel­ lites, and it was referred to by one US official as “the most monumental nonnuclear explosion and fire ever seen from space.”20 It has been reported the explosion was caused by computer malware the Central Intelligence Agency implanted in Canadian software, apparently knowing the software would be illegally acquired by Soviet agents. Because the explosion hap­ pened in remote Siberia, it resulted in no casualties. It also embarrassed the Russian Committee for State Security (the KGB), who thought they had stolen the most recent software technology from the United States. As a result, the facts behind the explosion were concealed, and the USSR never publicly accused the United States of causing the incident.21 Multiple “soft” computer attacks occurred against US systems as the Internet grew exponentially over the next 25 years. Many of these involved at­ tempts to copy sensitive information or relatively simple but potentially devastating denial of service attacks.22 Some of the more infamous include Moonlight Maze (1998–2001), which probed government and academic computer systems in the United States; Code Red (2001), which launched a worm intended to conduct a denial of service attack against White House computers; and Mountain View (2001), a number of intrusions into US municipal computer systems to collect information on utilities, govern­ ment offices, and emergency systems.23 Although there was speculation about the origins, none of these incidents could be definitively attributed to a state actor. In contrast to the, until recently, little-known Siberian incident, it was a very public series of cyber events considered by many to have heralded the advent of cyber warfare. In April 2007, following the removal of a Rus­ sian statue in Estonia’s capital of Tallinn, a widespread denial of service attack affected its websites. As a result Estonia, one of the world’s most wired countries, was forced to cut off international Internet access. Russia denied involvement in the incident, but experts speculate the Russian Federal Security Service (FSB) was behind the distributed denial of service event.24 The following year, Russian troops invaded the Republic of Georgia during a dispute over territory in South Ossetia. In August 2008, prior to Russian forces crossing the border, Georgian government websites were subjected to denial of service attacks and defacement. While there is wide­ spread belief the incident was “coordinated and instructed” by elements [ 130 ] Strategic Studies Quar terly ♦ Fall 2012 The Customary International Law of Cyberspace of the Russian government, no one has been able to attribute these actions definitively to Russia.25 The wakeup call for the US military occurred in 2008, although the details did not become public until two years later. Operation Buckshot Yankee was the DoD’s response to a computer worm known as “agent.btz” infiltrating the US military’s classified computer networks.26 The worm was placed on a flash drive by a foreign intelligence agency, from where it ultimately made its way to a classified network. The purpose of the mal­ ware was to transfer sensitive US defense information to foreign computer servers.27 In what qualifies as bureaucratic lightning speed, US Cyber Com­ mand was established less than two years later, with a mission to, among other things, direct the operations and defense of DoD computer net­ works.28 In addition to unmasking the extent of network vulnerabilities, the event highlighted the lack of clarity in international law as it relates to cyber events. Two recent incidents merit attention before discussing the law in depth. In 2010, Google reported Chinese hackers had infiltrated its systems and stolen intellectual property. Through its investigation, Google learned the exfiltration of its information was not the only nefarious activity; at least 20 other companies had been targeted by Chinese hackers as well. These companies covered a wide range of Google users, including the computer, finance, media, and chemical sectors. The Chinese had also attempted to hack into G-mail accounts of human rights activists and were successful in accessing some accounts through malware and phishing scams. Google released a statement explaining what it discovered through its investiga­ tion and what steps it was taking in response to China’s action, including limiting its business in and with China.29 Also in 2010, a computer worm named Stuxnet was detected on com­ puter systems worldwide. Stuxnet resided on and replicated from computers using Microsoft’s Windows operating system but targeted a supervisory control and data acquisition (SCADA) system manufactured by Siemens. Cyber experts determined the worm was designed to affect the automated processes of industrial control systems and speculated that either Iran’s Bushehr nuclear power plant or its uranium enrichment facility at Natanz was the intended target.30 After Stuxnet became public, Iran issued a state­ ment that the delay in the Bushehr plant becoming operational was based on “technical reasons” but did not indicate it was because of Stuxnet.31 The deputy director of the Atomic Energy Organization of Iran stated, Strategic Studies Quar terly ♦ Fall 2012 [ 131 ] Gary Brown and Keira Poellet “Most of the claims made by [foreign] media outlets about Stuxnet are ef­ forts meant to cause concern among Iranians and people of the region and delay the launch of the Bushehr nuclear power plant.”32 Iranian president Ahmadinejad stated at a news conference that malicious software code damaged the centrifuge facilities, although he did not specifically state it was Stuxnet or the Natanz facility.33 Even disregarding the Siberian pipeline incident and considering Moon­ light Maze the first major state-on-state cyber incident, there have been about 12 years of general practice to consider when determining what constitutes customary law in cyberspace. Incidents that have occurred during this period have set precedent for what states consider acceptable cyber behavior. What is remarkable is the lack of protest from nations whose systems have been degraded in some way by obnoxious cyber activity. Iran seemed reluctant even to admit its nuclear plant’s computers had been affected and still does not claim to have been cyber attacked.34 If the damage caused by the Stuxnet malware had instead been caused by a traditional kinetic attack, such as a cruise missile, it is likely Iran would have vigorously responded. For one thing, in more-traditional at­ tacks it is easier to determine the origin of attack. There are a variety of reasons Iran may have refrained from public complaint over the Stuxnet event; one possibility is that it believes the action was not prohibited under international law. Whatever the reason for Iran’s silence, it remains true that no state has declared another to have violated international law by a cyber use of force or an armed attack through cyberspace. Aside from the Stuxnet event, those in Estonia and Georgia came closest. The situation in Georgia can be distinguished because the cyber action was taken in concert with Russian troops crossing the Georgian border—a clear use of force. Cyber activity against Georgian websites did not start until after Georgia made its surprise attack on the separatist movement in South Ossetia on 7 August 2008. The cyber activity commenced later that same day, on the eve of Russia launching airplanes to bomb inside Georgian territory. It appears as though it was a military tactic to sever Georgia’s ability to communicate during the attack. It was not until 9 August 2008 that Georgia declared a “state of war” for the armed attack occurring inside its territory. It did not declare the cyber activity itself an attack or use of force.35 A case has also been made that the 2007 massive distributed denial of service activity in Estonia was a cyber attack. However, after deliberation, [ 132 ] Strategic Studies Quar terly ♦ Fall 2012 The Customary International Law of Cyberspace even the Estonian government concluded it was a criminal act as opposed to a use of force by another state. That may be because they were not able to attribute it with certainty to the Russian government (or any other govern­ ment), but the precedent remains. Attribution problems will continue to plague this area of law. It is more difficult for custom to develop if the source of the action is unknown. The actions of criminal gangs or recreational hackers do not set precedent for international law, and as long as the actor remains unknown, the events have no precedential value. Cyber Activity and Espionage Much of what has occurred in cyberspace between states can be viewed as merely espionage—simply intrusions onto computer systems for the collection of intelligence. If these actions are equivalent to espionage, however, this creates a dilemma in the analysis of cyber law. Spying has been around even longer than customary international law. Despite the famous statement, “Gentlemen do not read other gentlemen’s mail,” espionage has existed since the earliest days of armed conflict.36 Al­ though the law of war addresses wartime espionage and the treatment of captured spies, customary international law is notably silent on the prac­ tice of spying during peacetime. States have domestic laws prohibiting espionage—including the United States, where spying is punishable by death—but there is no international law prohibiting espi ...
Purchase answer to see full attachment

Tutor Answer

School: Boston College


Surname 1

Cyber Action


Surname 2
In the current world, as we know it, there are new wars between countries is being
fought in the online space. These types of attacks are normally in the form of cyber actions
which manifest themselves in the form of hacks and attacks which are done in the online.
Take, for instance, the hacking of the emails in the 2016 election in the US. In this instance,
the emails of the head of the Hillary Clinton’s campaign, John Podesta were hacked and
released to the public by what seemed to be hackers from Russia. Additionally, the hack that
happened in Ukraine which paralyzed different essential services in the country. The hackers
were also believed to have originated from Russia. Lastly, it is the attack that happened in the
years 2013 against tech giant Yahoo, where...

flag Report DMCA

Good stuff. Would use again.

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors