Computer Network Attack And International Law

This book offers a comprehensive overview of the international law applicable to cyber operations. It is grounded in international law, but is also of interest for non-legal researchers, notably in political science and computer science. Outside academia, it will appeal to legal advisors, policymakers, and military organisations.

With their unique characteristics computer network attacks challenge the current legal framework which is based on a state-centred concept of armed force involving the clements of blast, heat and fragmentation. This challenge has resulted in calls for the negotiation of a dedicated regulatory framework to govern the use of computer network attacks. An evaluation of such calls lies at the core of this thesis. It seeks to identify the challenges computer network attacks pose to international law on the use of force and international humanitarian law, and to ascertain whether these challenges warrant a new legal framework. To that end, the thesis evaluates the technological features of computer network attacks and the conceptual limits of key international law provisions imposed by techniques of legal interpretation. This allows for the identification of the legal challenges posed by computer network attacks, namely ambiguity, uncertainty, insufficiency, and ineffectiveness. Whereas these challenges provide a measure for the adequacy of current legal frameworks, the thesis argues that the need for a new legal framework is ultimately determined by how states view and respond to these challenges. Thus, an examination of the positions of key states in international political processes, chiefly in cyber security debates at the United Nations, significantly informs the potential need for dedicated legal regimes to govern computer network attacks. Analysis of relevant UN debates and the individual positions of the People's Republic of China, the Russian Federation, the United Kingdom and the United States shows that whereas efforts at an international treaty have not materialised, the emerging interpretative approaches of the four states reveal the potential need for additional norms in some areas, while limiting it in others.

The internet has changed the rules of many industries, and war is no exception. But can a computer virus be classed as an act of war? Does a Denial of Service attack count as an armed attack? And does a state have a right to self-defence when cyber attacked? With the range and sophistication of cyber attacks against states showing a dramatic increase in recent times, this book investigates the traditional concepts of 'use of force', 'armed attack', and 'armed conflict' and asks whether existing laws created for analogue technologies can be applied to new digital developments. The book provides a comprehensive analysis of primary documents and surrounding literature, to investigate whether and how existing rules on the use of force in international law apply to a relatively new phenomenon such as cyberspace operations. It assesses the rules of jus ad bellum and jus in bello, whether based on treaty or custom, and analyses why each rule applies or does not apply to cyber operations. Those rules which can be seen to apply are then discussed in the context of each specific type of cyber operation. The book addresses the key questions of whether a cyber operation amounts to the use of force and, if so, whether the victim state can exercise its right of self-defence; whether cyber operations trigger the application of international humanitarian law when they are not accompanied by traditional hostilities; what rules must be followed in the conduct of cyber hostilities; how neutrality is affected by cyber operations; whether those conducting cyber operations are combatants, civilians, or civilians taking direct part in hostilities. The book is essential reading for everyone wanting a better understanding of how international law regulates cyber combat.

At its current rate, technological development has outpaced corresponding changes in international law. Proposals to remedy this deficiency have been made, in part, by members of the Shanghai Cooperation Organization (led by the Russian Federation), but the United States and select allies have rejected these proposals, arguing that existing international law already provides a suitable comprehensive framework necessary to tackle cyber-warfare. Cyber-Attacks and the Exploitable Imperfections of International Law does not contest (and, in fact, supports) the idea that contemporary jus ad bellum and jus in bello, in general, can accommodate cyber-warfare. However, this analysis argues that existing international law contains significant imperfections that can be exploited; gaps, not yet filled, that fail to address future risks posed by cyber-attacks.

Tallinn Manual 2.0 expands on the highly influential first edition by extending its coverage of the international law governing cyber operations to peacetime legal regimes. The product of a three-year follow-on project by a new group of twenty renowned international law experts, it addresses such topics as sovereignty, state responsibility, human rights, and the law of air, space, and the sea. Tallinn Manual 2.0 identifies 154 'black letter' rules governing cyber operations and provides extensive commentary on each rule. Although Tallinn Manual 2.0 represents the views of the experts in their personal capacity, the project benefitted from the unofficial input of many states and over fifty peer reviewers.

In the last five years the topic of cyber warfare has received much attention due to several so-called "cyber incidents" which have been qualified by many as State-sponsored cyber attacks. This book identifies rules and limits of cross-border computer network operations for which States bear the international responsibility during both peace and war. It consequently addresses questions on jus ad bellum and jus in bello in addition to State responsibility. By reference to treaty and customary international law, actual case studies (Estonia, Georgia, Stuxnet) and the Tallinn Manual, the author illustrates the applicability of current international law and argues for an obligation on the State to prevent malicious operations emanating from networks within their jurisdiction.This book is written for academics in public international law and practitioners from the military and other public security sectors

An analysis of the status of computer network attacks in international law.

This timely Research Handbook contains an analysis of various legal questions concerning cyberspace and cyber activities and provides a critical account of their effectiveness. Expert contributors examine the application of fundamental international la