TheConversation

Blog archive

More questions on global cyber war

world map

A NATO document seeks to establish a global framework for cyberwar. (Stock image)

Regarding our article on the effects of international law on cybersecurity, Randy Soper commented via Twitter: Interesting questions are how "neutrality" will be defined and "civilian"; e.g., is a "zombie" botnet member a legit mil target?

Amber Corrin responds: According to the Tallinn Manual, neutrality – which applies only during international armed conflict, cyber or otherwise – refers to neutral cyber infrastructure, public or private, that is located in neutral territory or owned by a neutral state and is located outside belligerent territory.

"The global distributions of cyber assets and activities, as well as global dependency on cyber infrastructure, means that cyber operations of the parties to a conflict can easily affect private or public neutral cyber infrastructure. Accordingly, neutrality is particularly relevant in modern armed conflict," the manual states.

Logistically, that means something like this: Hackers and other hostile parties frequently route attacks through servers located in various countries throughout the world. Neutrality means that those countries aren't considered combatants if they have nothing to do with the attacks other than their servers being, for all intents and purposes, hijacked to conduct hostile activities.

Speaking of combatants, the manual is clear – as were its backers who spoke at the Atlantic Council event in the original story – on the role of civilians in cyber warfare. There are no laws against civilians taking part in combat, but so long as they do, they do not receive the protections afforded to civilians under international humanitarian laws.

A "zombie" botnet member would, therefore, be a legitimate military target if what they are doing is deemed an act of war (which is also addressed in the manual) – if it is more than disruptive and actually destructive and causes harm or damage to people or cyber assets. In that case, even if the botnet operator is a civilian, they are engaging in cyber warfare activities and thus forfeiting their civilian protections. As things currently stand, the operations of botnets typically are not what would be deemed acts of war; they tend to be more on the disruptive side of the coin – think distributed denial of service attacks and the like.

Posted by Amber Corrin on Apr 04, 2013 at 12:10 PM


Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above