Cyber-Attacks Evaluation Using Simple Additive Weighting Method on the Basis of Schmitt\u27s Analysis

A systematic modelling methodology is presented in this paper, so as to evaluate the effects of cyber-attacks on states’ Critical Information Infrastructure, in order to answer the question of whether these attacks have risen to the level of a ‘use of force’ under the principles of international law. By using the qualitative criteria for recognizing the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying the Simple Additive Weighting method, the widely used Multiple Attribute Decision Making method, cyber-operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition system is employed. Taking into account the qualitative and quantitative aspects of such attacks and adding for the first time the ‘military character’ attribute as defined by the Tallinn Manual in the calculation procedure, a more complete evaluation of such attacks is achieved

Cyber Operations and the Humanization of International Humanitarian Law: Problems and Prospects

The aim of International Humanitarian Law (‘‘IHL”) is to regulate the conduct of hostilities while, at the same time, balancing the two overarching concepts of military necessity and humanity. While the principle of military necessity allows a party to a conflict to exercise any amount of armed violence which is necessary for the accomplishment of a military purpose, the principle of humanity aims at minimizing the amount of physical violence caused to combatants and the civilian population. From the late 19th century onwards the principle of humanity has progressively eroded the domain of military necessity, influencing the creation and interpretation of IHL, in a process which is referred to as the ‘‘humanization” of IHL. A key area of IHL in which such process has taken place is the law of targeting, whose aim is to limit ‘‘attacks”, by prohibiting belligerents to direct them against civilians. In this context, the rise of cyber warfare capabilities establishes a tension between the violencecentered rationale of the law of targeting and the nature of cyber attacks, as their effects may have devastating consequences even without causing any form of physical violence. What kind of cyber operations should qualify as ‘attacks’ under the law of targeting? The answer to this question can reconfigure the delicate balance between military necessity and humanity, raising implications for the protection of the civilian population and the humanitarian aims of IHL. My contribution offers a critical evaluation of the relationship between the principle of humanity within the law of targeting and cyber warfare, and proposes a ‘‘human security” paradigm for the regulation of cyber attacks in armed conflict

You can’t cyber in here, this is the War Room! A rejection of the effects doctrine on cyberwar and the use of force in international law

There is a growing consensus in the literature on the applicability of the jus ad bellum to cyber-attacks that the effects caused by an attack should determine whether the attack constitutes a use of force (Article 2(4) of the UN Charter) or an armed attack giving rise to self-defence (Article 51 of the UN Charter). This article argues that this approach is inconsistent and dangerous. The push to include cyber-attacks in the existing framework on the use of force disregards the consensus on other non-conventional uses of force like economic sanctions and damage caused by espionage, and it is premised on dangerous hyperbole in sensational media stories. Such an approach ignores serious practical problems regarding the attribution of cyber-attacks and would open the door wide for abuse. There is no reason to weaken the effectiveness of a deliberately narrow system on the use of force based on dystopian scenarios

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

NATO Cyberspace Capability: A Strategic and Operational Evolution

The development of cyberspace defense capabilities for the North Atlantic Treaty Organization (NATO) has been making steady progress since its formal introduction at the North Atlantic Council Prague Summit in 2002. Bolstered by numerous cyber attacks, such as those in Estonia (2007), Alliance priorities were formalized in subsequent NATO cyber defense policies adopted in 2008, 2011, and 2014. This monograph examines the past and current state of cyberspace defense efforts in NATO to assess the appropriateness and sufficiency to address anticipated threats to member countries, including the United States. The analysis focuses on the recent history of cyberspace defense efforts in NATO and how changes in strategy and policy of NATO writ large embrace the emerging nature of cyberspace for military forces as well as other elements of power. It first examines the recent evolution of strategic foundations of NATO cyber activities, policies, and governance as they evolved over the past 13 years. Next, it outlines the major NATO cyber defense mission areas, which include NATO network protection, shared situational awareness in cyberspace, critical infrastructure protection, counter-terrorism, support to member country cyber capability development, and response to crises related to cyberspace. Finally, it discusses several key issues for the new Enhanced Cyber Defence Policy that affirms the role that NATO cyber defense contributes to the mission of collective defense and embraces the notion that a cyber attack may lead to the invocation of Article 5 actions for the Alliance. This monograph concludes with a summary of the main findings from the discussion of NATO cyberspace capabilities and a brief examination of the implications for Department of Defense and Army forces in Europe. Topics include the roles and evolution of doctrine, deterrence, training, and exercise programs, cooperation with industry, and legal standards.https://press.armywarcollege.edu/monographs/1422/thumbnail.jp

False Comfort from Nuclear Analogies : How International Trade Restrictions Apply to Cyberspace

This thesis evaluates the international legal framework of trade restrictions in the context of cyberspace. Certain cyber goods are recognized as dual-use goods based on their potential military applications. Thereby, the existing legal framework for governing the trade of sensitive goods is extended analogically to apply to cyber goods. The first research question presented in this paper is whether international law includes a legal basis for using trade policy as a measure for security governance in cyberspace. To answer this research question, the paper evaluates how security interests are regarded in trade policy. This evaluation is conducted by analysing the nature of security interests with the constructivist method and reviewing the General Agreement on Tariffs and Trade with the de lege lata approach. The second research question evaluates whether trade policy is a suitable model for governing threats in the cyberspace. This research question covers the evaluation of existing non-proliferation focused trade policies, mainly the Wassenaar Arrangement, and grounds for applying the same approach to cyber goods. This evaluation also includes observing the nature of cyber goods and the cyber goods industry with a socio-legal method. Dual-use nuclear goods are used as a reference point in a comparison between cyber goods and conventional dual-use goods. The purpose of the thesis is to examine the implications of applying trade policy as a security measure in cyberspace. The choice of extending an existing legal framework instead of establishing a separate framework specifically for cyberspace may have a broader impact on the legal status of cyberspace. The paper evaluates whether the current legal approach to governing dual-use cyber goods takes into account the nature of cyberspace in an adequate manner. This paper concludes that international trade law provides a legal basis for imposing trade restrictions for cyber goods based on security interests. However, the analogical extension of the non-proliferation focused trade policy framework does not fully adapt to the nature of cyber goods and the cyber goods industry. Thereby, the current model for the governance of dual-use cyber goods may result in negative effects in the industry by restricting trade without providing equivalent benefit in the form of decreasing cyber risks. The possible solutions proposed based on the research conducted in this paper include incorporating views and practices of private sector stakeholders as an essential input in any regulation related to cyberspace, establishing a separate cyber convention for properly defining the legal status of cyberspace, and promoting global initiatives for cyber resilience

Distinguishing Acts of War in Cyberspace: Assessment Criteria, Policy Considerations, and Response Implications

View the Executive SummaryDetermining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved. This monograph seeks to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with essential background on this topic as well as introduce an analytical framework for them to utilize according to their needs. It develops this theme in four major sections. First, it presents the characterization of cyberspace to establish terms for broader dialogue as well as to identify unique technical challenges that the cyberspace domain may introduce into the process of distinguishing acts of war. Second, it explores assessment criteria involved with assaying cyber incidents to determine if they represent aggression and possible use of force; and if so, to what degree? Third, it looks at the policy considerations associated with applying such criteria by examining relevant U.S. strategies as well as the strategies of other key countries and international organizations, and considers how nonstate actors may affect U.S. deliberations. Fourth, it examines the influences that course of action development and implementation may have on the assessment of cyberspace incidents, such as reliable situational awareness, global and domestic environment considerations, and options and their related risks and potential consequences. It argues that the United States must also expect and accept that other nations may reasonably apply the criteria we develop to our own actions in cyberspace.https://press.armywarcollege.edu/monographs/1481/thumbnail.jp

"Out of the loop": autonomous weapon systems and the law of armed conflict

The introduction of autonomous weapon systems into the “battlespace” will profoundly influence the nature of future warfare. This reality has begun to draw the attention of the international legal community, with increasing calls for an outright ban on the use of autonomous weapons systems in armed conflict. This Article is intended to help infuse granularity and precision into the legal debates surrounding such weapon systems and their future uses. It suggests that whereas some conceivable autonomous weapon systems might be prohibited as a matter of law, the use of others will be unlawful only when employed in a manner that runs contrary to the law of armed conflict’s prescriptive norms governing the “conduct of hostilities.” This Article concludes that an outright ban of autonomous weapon systems is insupportable as a matter of law, policy, and operational good sense. Indeed, proponents of a ban underestimate the extent to which the law of armed conflict, including its customary law aspect, will control autonomous weapon system operations. Some autonomous weapon systems that might be developed would already be unlawful per se under existing customary law, irrespective of any treaty ban. The use of certain others would be severely limited by that law. Furthermore, an outright ban is premature since no such weapons have even left the drawing board. Critics typically either fail to take account of likely developments in autonomous weapon systems technology or base their analysis on unfounded assumptions about the nature of the systems. From a national security perspective, passing on the opportunity to develop these systems before they are fully understood would be irresponsible. Perhaps even more troubling is the prospect that banning autonomous weapon systems altogether based on speculation as to their future form could forfeit their potential use in a manner that would minimize harm to civilians and civilian objects when compared to non-autonomous weapon systems