What does international law mean for cyber warfare?

world map

A NATO document seeks to establish a global framework for cyberwar. (Stock image)

Creating rules of engagement for operations in cyberspace has been an ongoing process at the Defense Department, where such rules -- if and when they are finished -- will remain classified. Now some say a new international manual intended for application to cyber warfare could provide a boost for the Pentagon.

The Tallinn Manual, commissioned by NATO but created by several dozen experts, builds on established international law, much as the Pentagon’s cyber rules are modeled on existing rules of engagement. The manual particularly focuses on the principles of jus ad bellum, which regulates use of force in international law, and jus in bello, which governs conduct in armed conflict.


From The Tallinn Manual, Sections 13 and 14 of Rule 22, the Characterization of International Armed Conflict:

"To be 'armed,' a conflict need not involve the employment of the armed forces. Nor is the involvement of the armed force determinative. For example, should entities such as civilian intelligence agencies engage in cyber operations otherwise meeting the armed criterion, an armed conflict may be triggered. Similarly, using the armed forces to conduct tasks that are normally the responsibility of non-military agencies does not alone initiate an armed conflict."

According to cyber and legal experts, the Tallinn Manual will help supplement DOD’s guidelines for cyber warfare by offering additional insight and references to international law that can help with strategic, tactical and operational decision-making.

"I think the manual will have greater influence on battlefield rules of engagement because there’s a lot more granularity in the section on the use of in bello and humanitarian law," said Michael Schmitt, chairman of the International Law Department at the Naval War College. "I think that will feed into battlefield [rules of engagement], as distinct from the day-to-day [rules of engagement]."

Schmitt, who spoke as part of a panel convened by the Atlantic Council on March 28 in Washington, noted that one of the toughest aspects of cyber conflict is determining use of force, which the manual addresses. Furthermore, determining what constitutes a cyberattack has also been a sticking point in U.S. policy-making, the panelists said.

"For years, U.S. policy has been frozen, sort of burdened, with this overly generous definition of computer network attacks that the Defense Department had put forth," said Gary Brown, deputy legal adviser for the U.S. and Canadian regional delegation at the International Committee of the Red Cross. "That made it difficult to move forward because folks were reluctant to say that international humanitarian law applies to…everything we do in cyber that denies, degrades, disrupts or destroys cyber systems. That’s a very broad range of cyber activities that would be governed by [international law], so there was a reluctance to put pen to paper."

Brown, a retired Air Force colonel, said that attitude has changed in recent months -- something that might be reflected in how the Tallinn Manual affects DOD’s cyberspace operations.

"It will have some effect, and it will have positive effect because the United States is going to comply with international laws and comport with the rules as presented," he said. "We don’t know what the rules are, but just this month [Gen. Keith Alexander, commander of U.S. Cyber Command] came out and indicated there will be specific offensive teams, so one wonders what the rules of engagement will be to govern these offensive cyber teams. The manual can’t hurt."


The Tallinn Manual, from Rule 30, Sections 2-3:

"The notion of an 'attack' is a concept that serves as the basis for a number of specific limitations and prohibitions in the law of armed conflict. For instance, civilians and civilian objects may not be 'attacked' (Rule 32). This rule sets forth a definition that draws on that found in Article 49(1) of Additional Protocol 1: 'attacks means acts of violence against the adversary, whether in [offense or defense]. By this widely accepted definition, it is the use of violence against a target that distinguishes attacks from other military operations. Non-violent operations, such as psychological cyber operations or cyber espionage, do not qualify as attacks."

Although the military’s cyber rules of engagement remain classified for national security reasons, some transparency could help gauge where DOD stands on cyber conflict’s most significant issues. Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative, said that although Pentagon officials have noted the need to respond quickly to cyber threats, fast reactions are not necessarily as important as some believe.

"Seeing how much engagement in conflicts can take weeks, months and years, I’m personally cautious the [rules of engagement] will be built by people who have dealt with this tactically, saying ‘A strike could come at us from nowhere, and we have to respond quickly,’" Healey said. "Which is absolutely true, but that can be true in all the other domains of warfare also. So I’m concerned we could be focused on the technical truths rather than the strategic truths, which say we have more time."

As the United States and other countries struggle to define cyberattacks, officials also must consider how to handle activities in cyberspace that do not necessarily constitute an attack but do have malicious intent, such as disruptive actions or espionage, the panelists said.

"One of the big challenges now is we’ve drawn that line in the sand of what a cyberattack is and what might constitute armed conflict in cyber," Brown said. "That leaves unanswered most of the issues around what’s happening now outside the context of armed conflict. Most things we read about fall into this second category. It’s not part of a conflict, it’s not part of an ongoing war. These are things that aren’t really addressed by laws of warfare because it doesn’t fall under that definition of warfare. But the main reason the manual is incredibly important is because it finally draws the line."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Wed, Apr 3, 2013 Harvey

If I take this correctly, a cyberattack involving large scale disruptions of power grid and water systems would be illegal as it impacts many more civilians than non-civilians due to the indiscriminate behavior of such attacks.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group