Revisiting past cyber operations in light of new cyber norms and interpretations of international law:: inching towards lines in the sand?

This article traces the evolution of interpretations of international law and international cyber norms on responsible state behaviour in cyberspace by reassessing five major – and allegedly state-led – cyber operations: Stuxnet 2010; Belgacom 2013-2014, the Ukrainian power grid 2015, the US presidential election 2016, and NotPetya 2017. Taking recent normative developments and emerging state practices as primary points of refence, it investigates how the current normative landscape can shed light on the nature, (il)legitimacy, and (un)lawfulness of these past operations. For each case, the analysis engages with: i) the elements triggering the violation of norms, principles and international law; ii) the legal and normative significance of recent sources of norms and interpretations of international law; and iii) the legal and political obstacles still lying beyond their application. Taken together, the reassessment of these cyber operations reveals how, in hindsight, the international community has come a long way in calibrating its normative language and practices in calling out irresponsible behaviour in cyberspace. With states taking small, but unprecedented, steps through public attributions and statements on international law in cyberspace, most of the past cyber operations analysed here would arguably feature an attribution in the current climate. At the same time, substantial differences in national interpretations of international law continue to stand in the way of clarity on the terms of its application. In light of this, this article ultimately suggests that cyber norms and the interpretations of international law require further granularity to become ‘lines in the sand’

Unseen war? : hackers, tactical media, and their depiction in Hollywood cinema

Emerging controversies about WikiLeaks' contribution to Donald Trump's electoral triumph and the ongoing persona-non-grata status of Edward Snowden highlight the notion of hacking in the modern world. Hackers used to be dualistically stereotyped on one hand as black hats, criminals and cyberpunk/cypherpunk hidden figures, and on the other as whistle-blowers, open access activists and hacktivists whose actions are potentially subversive. Film coverage of hackers and their tactics shows a paranoid and militarized vision of the world, with grey eminence often depicted either as a threat, or as survivors. Hence, from WarGames (1983, John Bedham), TRON (1982, Steven Lisberger) and Hackers (1995, Iain Softley) to The Fifth Estate (2013, Bill Condon), Live Free or Die Hard (2007, Len Wiseman) to Jason Bourne (2016, Paul Greengrass), hacking seems to have emerged as the avant-garde of militarized social space-as its main weapon and fundamental defence. Pop culture feeds itself with this ambiguity as long as it accommodates the dualistic needs of its receivers: a countercultural anti-hero becomes a scapegoat while a general sense of insecurity predominates. Distrust in technology and underground experts is simultaneous with redemption narratives about disclosing corporate/state/elite conspiracies and is heavily influenced by current non-cinematic events. This paper is an examination of hackers' cultural impact and their connection with tactical media through subversive actions. It becomes essential to decode their manipulated or simplified public image, especially with ongoing progressive politicization of hacking and its significance

Cross Domain IW Threats to SOF Maritime Missions: Implications for U.S. SOF

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable

Business Warfare

Businesses are under attack. State and non-state adversaries are assaulting companies using drones, mercenaries, cyberweapons, sanctions, and restrictions. Instead of military installations and government institutions, private firms are often the preferred targets in this mode of warfare. Instead of soldiers and squadrons with bullets and bombs, the weapons of choice are frequently economic hostilities and cyberattacks. This is the new war on business. This Article offers an original examination of contemporary business warfare, its growing importance to national and corporate affairs, and the need for better pragmatic approaches to understanding and addressing its rising threat to our economic stability, national security, and social welfare. It begins by providing an overview of the business theater of war, investigating the combatants, targets, and weapons. Next, this Article analyzes recent episodes of business warfare involving the United States, Russia, Iran, Saudi Arabia, and China to ground the theoretical discussion in the real world. These case studies illustrate the complex matrix of considerations posed by business warfare. The Article then contends with the fundamental legal and practical tensions of economic impact, business hostilities, cyberattacks, and non-state actors that emanate from business warfare. Finally, moving from problems to solutions, this Article proposes three workable initiatives to better protect firms and nations against the risks of business warfare. Specifically, it argues for robust business war games, smart cybersecurity guidance and incentives, as well as greater supply chain and market diversification. Ultimately, this Article aspires to provide a practical blueprint for government and corporate leaders to reflect, plan, and act with more urgency about the consequential realities of business warfare

Extinguishing the Firewall: Addressing the Jurisdictional Challenges to Bringing the Cyber Tort Suits against Foreign Sovereigns

The rapid advancement of technology has resulted in new forms of tortious activity. Increasingly, these cyber torts are perpetrated by foreign states. Notwithstanding other barriers to collecting damages for a cyber tort, a plaintiff suing for a foreign-state-perpetrated cyber tort must prove that the alleged tortious activity satisfies one of the Foreign Sovereign Immunities Act\u27s exceptions-most likely the noncommercial tort exception. Recently the U.S. Court of Appeals for the D.C. Circuit held that a U.S. court lacked jurisdiction to hear a claim against a foreign state that hacked a U.S. national\u27s email account. The court found the noncommercial tort exception inapplicable because the intent to hack was held by a party abroad, and thus the entire tort did not occur in the United States. This Note argues that the D.C. Circuit improperly extended the entire tort doctrine from traditional physical torts to cyber torts. Instead, the noncommercial tort exception should apply to foreign-state-perpetrated cyber torts. This Note further proposes a modified location test for courts to use in determining whether a cyber tort satisfies the exception\u27s occurring in the United States requirement

"Virtual disenfranchisement": cyber election meddling in the grey zones of international law

This Article examines remotely conducted election meddling by cyber means in the context of international law and asks whether such cyber operations qualify as "internationally wrongful acts." An internationally wrongful act requires both a breach of a legal obligation owed by one State to another under international law and attribution of the act to the former. The Article considers three possible breaches related to such meddling-violation of the requirement to respect sovereignty, intervention into the internal affairs of another State, and, when the cyber operations are not attributable to the State from which they were launched, breach of the due diligence obligation that requires States to ensure cyber operations with serious adverse consequences are not mounted from their territory. The Article then examines the various modalities for attributing a cyber operation to a State under international law. Whether cyber meddling in another State's election is unlawful, as well as the severity thereof, determines the range of responses available to the victim State. The Article concludes that the law applicable to remotely conducted meddling in another State's election is unsettled, thereby comprising a normative grey zone ripe for exploitation by States and non-State actors

Analogy and Authority in Cyberterrorism Discourse: An Analysis of Global News Media Coverage

This article explores constructions of cyberterrorism within the global news media between 2008 and 2013. It begins by arguing that the preoccupation with questions of definition, threat and response in academic literature on cyberterrorism is problematic, for two reasons. First, because it neglects the constitutivity of representations of cyberterrorism in the news media and beyond; and, second, because it prioritises policy-relevant research. To address this, the article provides a discursive analysis drawing on original empirical research into 31 news media outlets across the world. Although there is genuine heterogeneity in representations of cyberterrorism therein, we argue that constructions of this threat rely heavily on two strategies. First, appeals to authoritative or expert ‘witnesses’ and their institutional or epistemic credibility. And, second, generic or historical analogies, which help shape understanding of the likelihood and consequences of cyberterrorist attack. These strategies have particularly discursive importance, we argue, given the lack of readily available empirical examples of the ‘reality’ of cyberterroris

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp