TALLINN MANUAL & GLOBAL CYBER WARFARE POLICIES

Module 19
Cyber Warfare & Tallinn
Manual By: Anupam Tiwari

PRAY for all COVID Warriors and Nation in such Tough TIMES

Questions can be posted in the chat window or can
be taken on at the end of presentation

FOR AUDIENCE RETENTION, SLIDES ARE
GRAPHIC INTENSIVE FROM OPEN DOMAIN IN
GOOGLE SEARCH
I WILL RUSH THROUGH FEW SLIDES &
DELIBERATE ON FEW
The slides I rush are respective take off points for
interested participants to explore and know more.
Slides will show LESS and I will SPEAK more

The PRESENTATION brings…….

Artificial Intelligence
Bitcoin & other crypto-currencies
Cloud computing
Cryptography
Cyber Crime Investigation and Forensics
Cyber Insurance
Cyber security and incident response
Cyber Terrorism & Warfare
Data breaches and data privacy
Digital Evidence
Digital payments, credit, debit & cash cards,
mobile wallets, net banking, UPI
Domain name disputes
E-commerce
E-governance, E-courts & E-tenders
Electronic & Digital Signatures
Electronic contracts
Electronic voting machines
Extradition of cyber criminals
Hacking, malware, ransomware, and other cybercrimes
Information Technology Law Compliance
Intermediaries like Internet Service Providers (ISPs), Social Media Platforms, Email services,
video streaming services
Internet of Things
Online education
Online gambling & gaming, and pharmacies
Online share trading, banking, and tax filing
Spam, hate speech and trolling
Telemedicine
Torrents, dark web, p2p networks, and file-sharing
Video conferencing
Software licenses

STEP 1 : Simple Understanding: No CONFUSION
STEP 2 : Connecting DOTS: Little CONFUSION
STEP 3 : Global view : Awesome CONFUSION
STEP 4 : Towards Conclusion: ????? (We will discuss)

POLICIES & THEORY LECTURES ON
ROUTINE CYBER WARFARE

Michael N. Schmitt
,an American
international law
scholar specializing
in international
humanitarian law,
use of force issues,
and the international
law applicable to
cyberspace
Known for his work in directing
the 7+ year project leading to
publication of the two Tallinn
Manuals

Tallinnis the capital and most populous city of
Estonia. Located in the northern part of the country,
on the shore of the Gulf of Finland of the Baltic Sea, it
has a population of 437,619 in 2020
HOME to the NATO Cyber Defence Centre of Excellence &
listed among the top ten digital cities in the world in 2007

The Tallinn Manual is an academic, non-binding
study on how international law (in particular the jus
ad bellum and jus in Bello) applies to CYBER
CONFLICTS & CYBER WARFARE
TALLINN MANUAL

Between 2009 and 2012, the Tallinn Manual was
written at the invitation of the Tallinn-based NATO
Cooperative Cyber Defence Centre of Excellence by
an international group of approximately twenty
experts. In April 2013, the manual was published by
Cambridge University Press
TALLINN MANUAL

BIRTH OF NATO with 12 countries
Belgium, Canada, Denmark, France,
Iceland, Italy, Luxembourg, Netherlands,
Norway, Portugal, United Kingdom and
United States
Often said that the North Atlantic
Treaty Organization was founded
in response to the threat posed
by the Soviet Union

BIRTH OF NATO with 12 countries
These countries were sworn to stand
against aggression
“AN ATTACK AGAINST ONE WILL BE AN
ATTACK AGAINST ALL”

NATO started with 12 countries
While as on date the strength is 30
countries

North Atlantic Treaty Organization also called
the North Atlantic Alliance, is an
intergovernmental military alliance between
30 European and North American
countries.
NATO

NATO PURPOSE
The organization implements the North Atlantic Treaty that
was signed on 4 April 1949

NATO's essential and enduring purpose is TO
SAFEGUARD THE FREEDOM AND SECURITY of
all its members by political and military means
COLLECTIVE DEFENCE is at the heart of the
Alliance and creates a spirit of solidarity
and cohesion among its members
NATO PURPOSE

Alliance’s creation was part of a broader effort to serve three
purposes:
NATO PURPOSE
 Deterring SOVIET EXPANSIONISM
 FORBIDDING revival of nationalist MILITARISM in
Europe through a strong North American presence on
the continent
 Encouraging European POLITICAL INTEGRATION

NATO's Headquarters are located in Haren, Brussels, Belgium,
while the headquarters of Allied Command Operations is near
Mons, Belgium.
NATO HQs

Informal name of a controversial Soviet World War
II war memorial in Tallinn, Estonia, built at the site of
several war graves
BRONZE SOLDIER OF TALLINN
The monument depicting a Soviet soldier
was unveiled by the Soviets on 22
September 1947, at burial site of Soviet
troops who died while taking Tallinn in
World War II on 22nd Sept 1944

This monument had developed two very distinct
identities
For the local Russian minority it
represents the “LIBERATOR” while for
the Estonians it represents the
“OPPRESSOR”
Over years, the STATUE had become a
focal point of tension between pro-
Kremlin and Estonian nationalist
movements

In order to DEFUSE THE SITUATION and to RELOCATE THE WAR-
DEAD from a traffic intersection to a more peaceful resting
place the Estonian government DECIDED to move the
monument and the accompanying remains to A MILITARY
CEMETERY in Tallinn
Work began on the 26th of April 2007 and during the
day, mostly PEACEFUL protesters gathered at the site,
but in the evening a more VIOLENT CROWD emerged

On 27 April 2007, the Estonian government relocated
the Bronze Soldier and, after their EXHUMATION
AND IDENTIFICATION, the remains of the Soviet
soldiers, to the Defence Forces Cemetery of Tallinn
POLITICAL DIFFERENCES over the interpretation of the
events of the war symbolised by the monument led
to a controversy between Russia and Estonia

A series of CYBERATTACKS which began on 27 April
2007 and targeted websites of Estonian organizations,
including Estonian parliament, banks, ministries,
newspapers and broadcasters.
This came amidst the COUNTRY―s DISAGREEMENT
WITH RUSSIA about THE RELOCATION OF THE

The events caught INTERNATIONAL
ATTENTION and led to a multitude of political
reactions

Attacks that had any influence on the general public
were DISTRIBUTED DENIAL OF SERVICE TYPE ATTACKS
ranging from single individuals using various
methods like ping floods to expensive rentals of
botnets usually used for spam distribution

Spamming of bigger news
portals commentaries and
DEFACEMENTS including that
of the Estonian Reform Party
website also occurred
Research has also shown that large conflicts took
place to EDIT the English-language version of the
Bronze Soldier's Wikipedia page

May have been the SECOND-LARGEST INSTANCE of
state-sponsored cyberwarfare, following TITAN RAIN

Titan Rain hackers GAINED ACCESS to many United
States DEFENSE CONTRACTOR computer networks
Titan Rain was a series of coordinated attacks on
computer systems in the United States since 2003
which went ON for at least three years
Attacks originated in Guangdong, China
Believed to be associated with a STATE-SPONSORED
advanced persistent threat.

Cyber attacks in question took place between 27
April and 18 May of 2007
Vast majority of the malicious traffic
originated from OUTSIDE ESTONIA
Malicious traffic contained clear indications of
Russian language background

Estonia's Response & Legalities

On 2 May 2007, a criminal investigation was
opened into the attacks under a section of the
Estonian Penal Code criminalizing computer
sabotage and interference with the working
of a computer network, felonies punishable
by imprisonment of up to three years
Estonia's response & Legalities

As a number of attackers turned out to be within the
jurisdiction of the Russian Federation, on 10 May 2007,
Estonian Public Prosecutor's Office made a formal
investigation assistance request to the Russian
Federation's Supreme Procurature under a Mutual
Legal Assistance Treaty (MLAT) existing between
Estonia and Russia

Russian State DELEGATION PROMISED that it
would AID such investigation in every way and
visit Estonia soon

On 28 June, RUSSIAN SUPREME Procurature REFUSED
ASSISTANCE, claiming that the proposed
investigative processes are not covered by the
applicable MLAT

Estonian Public Prosecutor's Office CRITICIZED this
decision while pointing out that all the requested
processes are actually enumerated in the MLAT
On 24 January 2008, Dmitri Galushkevich, a
student living in Tallinn, was FOUND GUILTY
of participating in the attacks and fined 17,500
kroons (approximately US$1,640) for attacking
the website of the Estonian Reform Party

Dmitri Galuškevitš conviction was POSSIBLE because
he committed the attacks from ESTONIA and
therefore enough evidence could be collected

RUSSIAN Response
Since 2008, RUSSIAN AUTHORITIES have been
consistently denying Estonian law
enforcement any investigative cooperation,
thus effectively ELIMINATING CHANCES that
those of the perpetrators that fall within
Russian jurisdiction will be brought to TRIAL

The attacks triggered a number of MILITARY
ORGANIZATIONS around the world TO RECONSIDER
THE IMPORTANCE OF NETWORK SECURITY to modern
military doctrine
International & NATO Response
On 14 June 2007, DEFENCE MINISTERS of NATO org
held a meeting in Brussels, PROMISING IMMEDIATE
ACTION

In response to such attacks, NATO
conducted an internal assessment of
their cyber security and
infrastructure defenses
NATO response
Developed into the creation of a cyber defense
policy and the creation of the NATO Cooperative
Cyber Defence Center of Excellence (CCDCOE)
The assessment resulted in a report issued
to the allied defense ministers

NATO CCD COE
The report OUTLINED
INTERNATIONAL LAWS which are
considered applicable to the CYBER
REALM
The manual includes a total of NINETY-FIVE "BLACK-
LETTER RULES" addressing cyber conflicts

On 25 June 2007, Estonian president met with US
president, and among the topics DISCUSSED were the
attacks on Estonian infrastructure and est of NATO
Cooperative Cyber Defence Centre of Excellence
(CCDCOE) to operate out of Tallinn, Estonia, since
August 2008
CCDCOE

• Analysis and Simulation for Air
operations
• Civil-Military Cooperation
• Cold Weather Operations
• Combined Joint Operations from
the Sea
• Command and Control
• Cooperative Cyber Defence
• Counter-Improvised Explosive
Devices
• Counter Intelligence
• Crisis Management and Disaster
Response
• Defence Against Terrorism
• Energy Security
• Explosive Ordnance Disposal
• Human Intelligence
• Integrated Air and Missile
Defence
• Joint Air Power
• Joint Chemical, Biological,
Radiological and Nuclear Defence
• Maritime Security
• Military Engineering
• Military Medicine
• Military Police
• Modelling and Simulation
• Mountain Warfare
• Naval Mine Warfare
• Operations in Confined and
Shallow Waters
• Security Force Assistance
• Stability Policing
• Strategic Communications

ESTABLISHED on 14 May 2008, it
received full accreditation by NATO and
attained the status of International
Military Organisation on 28 October
2008

NATO CCD COE
i.e. NATO Cooperative Cyber Defence
Centre of Excellence
Located in Tallinn, Estonia

“DIRECT RESULT of the cyberattacks was
the creation of the NATO Cooperative
Cyber Defence Centre of Excellence in
Tallinn, Estonia”

TALLINN MANUAL
Tallinn Manual originally entitled,
“Tallinn Manual on the International Law
applicable to Cyber Warfare”

The manual suggests that states do not
have SOVEREIGNTY OVER THE INTERNET,
but that they do have SOVEREIGNTY OVER
COMPONENTS OF THE INTERNET in their
territory
Tallinn Manual has WORKED TO PROVIDE A
GLOBAL NORM in cyber space by applying
existing international law to cyber warfare
TALLINN MANUAL

The Tallinn Manual is an academic, non-
binding study on how international law (in
particular the jus ad bellum and jus in
bello) applies to cyber conflicts and cyber
warfare
TALLINN MANUAL

TALLINN MANUAL
The Tallinn Manual is an academic, non-
binding study on how international law (in
particular the jus ad bellum and jus in
bello) applies to cyber conflicts and cyber
warfare

"refers to the CONDITIONS under which
STATES may RESORT to WAR or to the
use of armed force in general.“
These rules FOCUS on certain CRITERIA
for what makes a war just
Jus ad bellum

Jus in bello
International humanitarian law, or jus in bello,
is the law that governs the way in which
warfare is conducted
Independent from questions about the
justification or reasons for war, or its
prevention, covered by jus ad bellum
IHL is purely humanitarian, seeking to
limit the suffering caused

NON-STATE ACTORS include organizations and
individuals that are not affiliated with, directed by,
or funded through the government
In United States law, a STATE ACTOR is a person who
is acting on behalf of a governmental body, and is
therefore subject to limitations imposed on
government by the United States Constitution
STATE vs NON STATE ACTORS

LEX LATA
Is a Latin expression that means "the law
as it exists”

Is a Latin expression that means "future law" used in
the sense of "what the law should be"
LEX FERENDA

SOVEREIGNTY
In any state, sovereignty is assigned to the PERSON, BODY,
OR INSTITUTION that has the ULTIMATE AUTHORITY over
other people in order to ESTABLISH A LAW
Sovereignty is the SUPREME AUTHORITY within a TERRITORY
In political theory, sovereignty is a SUBSTANTIVE TERM
designating SUPREME LEGITIMATE AUTHORITY
In international law, sovereignty is the Exercise of Power by
A State. De jure sovereignty refers to the legal right to do so;
De facto sovereignty refers to the factual ability to do so.

Idea to CONTROL AND GOVERN ACCESS,
Information, Communication, Network, and
Infrastructure in digital realm by international actors
DIGITAL SOVEREIGNTY
Source: Couture, Stephane & Toupin, Sophie. 2019. “What Does the Notion of “Sovereignty”
Mean When Referring to the Digital?”, New Media & Society, 21(10):2305-2322.

CYBERCRIME LEGISLATION
WORLDWIDE

Cybercrime Legislation Worldwide

United Nations Conference on Trade and Development
154 countries (80 per cent) have enacted CYBERCRIME
LEGISLATION
EUROPE has the HIGHEST ADOPTION RATE (93 per cent)
and ASIA and the Pacific the LOWEST (55 per cent)
Evolving cybercrime landscape and resulting skills gaps are a
SIGNIFICANT CHALLENGE for LAW ENFORCEMENT AGENCIES
and prosecutors, especially for cross-border enforcement

https://unctad.org/page/cybercrime-legislation-worldwide

Legal frameworks addressing cyberspace are
well-developed in DEVELOPED countries

In the federal level, U.S. has three fundamental regulations
enacted in HIPAA (1996), Gramm-Leach-Billey Act (1999), and
Homeland Security Act (2002)

The Gramm-Leach-Bliley Act requires financial
institutions – companies that offer consumers
financial products to explain their information-
sharing practices to their customers and to
safeguard sensitive data

Prevent terrorist attacks within the United
States, reduce the vulnerability to terrorism, and
minimize damage and assist in recovery for
terrorist attacks

In FRANCE, the national authority has enacted
and developed legal frameworks on
cyberspace since 1988

In RUSSIA, the federal authority adopted the Russian Federal
Law on Personal Data no. 152 FZ since 2006
Russia controversially stipulates SECURITY concern as a
priority over PRIVACY RIGHTS and the U.S. have a
similar problem since Snowden‖s issue rise into public
attention
Source: Kittichaisaree, Kriangsak. 2017. Public International Law of Cyberspace. New York:
Springer.

Malaysia does not have a standalone cyber act or bill in
which it creates room for deep state‖ intervention to citizen‖s
data (ICLG, 2019).
INDONESIA is in worse condition–its proposed law on
cybersecurity was postponed to be adopted due to massive
student demonstrations in 2019 caused by human rights
concerns
Source : ICLG. 2019. Cybersecurity Laws and Regulations: Malaysia. https://iclg.com/practice-areas/cybersecurity-laws-
andregulations/malaysia and Jakarta Globe. 2019. Cybersecurity Bill Postponed Until Houses Next Term.
https://jakartaglobe.id/context/cybersecurity-bill-postponed-until-houses-next-term/

BUDAPEST CONVENTION is claimed to be the only
international treaty on cyberspace
Convention on Cybercrime of the Council of Europe (CETS
No.185), known as the Budapest Convention, is the only
binding international instrument on this issue
Source: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185

Serves as a GUIDELINE for any country developing
comprehensive national legislation against Cybercrime and as
a framework for international cooperation between State
Parties to this treaty
The Budapest Convention is supplemented by a Protocol on
Xenophobia and Racism committed through computer
systems

Serves as a GUIDELINE for any country developing
comprehensive national legislation against Cybercrime and as
a framework for international cooperation between State
Parties to this treaty
The Budapest Convention is supplemented by a Protocol on
Xenophobia and Racism committed through computer
systems
Refers to the fear or hatred of that which is perceived
to be foreign or strange.

"They are the founder members,
they will make the law and they will
change the law. We can become a
member but we cannot participate
in making or changing the law,”
https://www.outlookindia.com/newsscroll/india-cant-be-guest-member-of-eu-budapest-
convention-dr-gulshan-rai/1373827

https://www.nationaldefensemagazine.org/articles/2020/3/18/geneva-conventions-for-cyber-warriors-long-
overdue

COMPLEXITIES & CHALLENGES
IN INTERNATIONAL CYBER
LAWs

“Complexities & challenges of international law on
cyberspace are increasingly deprived by recent trend on
DIGITAL SOVEREIGNTY INTERPRETATIONS”
COMPLEXITIES & CHALLENGES OF INTERNATIONAL LAW
Source: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-
digital-sovereignty/

COMPLEXITIES & CHALLENGES OF INTERNATIONAL LAW
Source: https://www.e-ir.info/2020/03/14/international-law-on-cyber-security-in-the-age-of-
digital-sovereignty/
In recent years, this idea has been gaining traction because of
three historical conjunctures in cyberspace: China and Russia
cyber alliance on digital sovereignty; Snowden and Wikileaks
cases; and the rise of GAFA

CHINA AND RUSSIA CYBER ALLIANCE ON DIGITAL
SOVEREIGNTY

SOVEREIGNTY
Source: https://theglobalobservatory.org/2016/12/russia-china-digital-sovereignty-shanghai-cooperation-
organization/

SOVEREIGNTY
organization/
Officials and high-profile media figures from Russia and China
met in Guangzhou for the first ever CHINA-RUSSIA INTERNET
MEDIA FORUM in October 2016
Discussions in detail about the countries‖ overlapping
cybersecurity concerns
Speakers congratulated each other and planned their
collective effort to combat attempts by “Western
mainstream media” to control the informational space

SOVEREIGNTY
organization/
Substantial degree of collaboration was formalized in the context of
heightened Russo-Chinese cooperation with signing of an agreement on
CYBERSECURITY COOPERATION PROVISIONS that primarily included to
limit the use of informational technology designed “to interfere in the
internal affairs of states; undermine SOVEREIGNTY, POLITICAL, ECONOMIC
and SOCIAL STABILITY; [and] DISTURB PUBLIC ORDER”

SOVEREIGNTY
organization/
Russian cybersecurity company Kaspersky Labs
reporting 194 Chinese cyberattacks in the first seven months —
compared to just 72 in 2015. These attacks targeted Russian
government agencies, the defense and aerospace industries,
and nuclear technology companies. And they‖re probably
UNDERREPORTED: A Kaspersky Labs spokesperson told that
only around 10% of their corporate clients exchange data
related to hacks with their security network.

SOVEREIGNTY
organization/
“Despite the attacks, Russia and China have continued their
cybersecurity cooperation, at least publicly. As per Russian
Deputy Minister of Foreign Affairs , representatives of this
ministry and intelligence services hold consultations with
Chinese officials on cybersecurity issues twice a year. Still,
these exchanges do not amount to substantive agreements.”

SOVEREIGNTY
Russia seems impressed!!!!!

The STRONG Chinese HOLD : GFWC

DEEP PACKET INSPECTION: Advanced method of examining
and managing network traffic. It is a form of packet filtering
that locates, identifies, classifies, reroutes or blocks packets
with specific data or code payloads that conventional packet
filtering, which examines only packet headers, cannot detect

Chinese government uses Deep Packet Inspection to monitor
and censor network traffic and content that it claims is
harmful to Chinese citizens or state interests. This material
includes pornography, information on religion, and political
dissent
Source: https://en.wikipedia.org/wiki/Deep_packet_inspection
Chinese network ISPs use DPI to see if there is any
sensitive keyword going through their network. If so,
the connection will be cut. People within China often
find themselves blocked while accessing Web sites
containing content related to Taiwanese and Tibetan
independence

Is a Chinese Internet meme created as a mocking
protest against Internet censorship and the Great
Firewall and means literally "fuck your mother“
GRASS MUD HORSE
It has become an Internet chat forum cult
phenomenon in China and has garnered
worldwide press attention, with videos, cartoons
and merchandise of the animal
Source: https://en.wikipedia.org/wiki/Grass_Mud_Horse

SOVEREIGNTY
organization/
Rather than an alliance, Russia and China have a marriage of convenience that
reflects a shared priority: REGIME STABILITY
Note: Given Russian hostility to consumer encryption, these tools are likely to be particularly
attractive to the state
Russia mentions that efforts at monitoring by china at deep packet
inspection are well-established in Chinese internet infrastructure, and have
thus received a great deal of attention in Russia. Also China has employed
effectively to bypass encryption efforts, may be receiving similar attention
among officials in the Russian government.
On the Russian side, this amounts in part to envy of China‖s near-
comprehensive control of national cyberspace.

SNOWDEN & ASSANGE
Source:
www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiRvNz86KXwAhUlyzgGHc9dBDQQFjAAegQIBRAD&url=https%3A%2F%2Fwww.
aph.gov.au%2FDocumentStore.ashx%3Fid%3Db52d9a86-9d30-4029-9168-4c429289cb6e%26subId%3D668365&usg=AOvVaw2mOCX2hF_X0dje4WPreixn
“ Whether Chelsea (formerly Bradley) Manning, Julian
Assange, and Edward Snowden are heroes or traitors is a
divisive question.”

SNOWDEN & ASSANGE
Source:
“ Whether Chelsea (formerly Bradley) Manning, Julian
Assange, and Edward Snowden are heroes or traitors is a
divisive question.”
Well known, the WikiLeaks saga began in 2010 when
Manning, an intelligence
analyst for the US military in Iraq, downloaded the contents
of a secure military database and sent them to WikiLeaks

SNOWDEN & ASSANGE
Source:
Documents that Manning leaked to WikiLeaks included more
than 250 000 diplomatic cables from the US State Department,
around 500 000 secret military documents linked to the wars in
Iraq and Afghanistan, confidential files relating to nearly 800
detainees at Guantanamo Bay, and videos of US forces killing
Iraqi and Afghani civilians

SNOWDEN & ASSANGE
Source:
Documents that Manning leaked to WikiLeaks included more
than 250 000 diplomatic cables from the US State Department,
around 500 000 secret military documents linked to the wars in
Iraq and Afghanistan, confidential files relating to nearly 800
detainees at Guantanamo Bay, and videos of US forces killing
Iraqi and Afghani civilians
Published in stages on the WikiLeaks website and by
newspapers including The Guardian, The New York
Times, and Der Spiegel

SNOWDEN & ASSANGE
Manning was convicted by US military court of
multiple offences under the US Espionage Act and
sentenced to 35 years‖ imprisonment 2010 onwards
until 2017 when her sentence was commuted
There after…suicide attempts, gender change etc and
In out In Out In Out …..continues
Source:

SNOWDEN & ASSANGE
Source:
Julian Assange, an Australian citizen and founder of
WikiLeaks, remains in London. Assange sought
asylum in June 2012 to evade sexual assault charges
in Sweden, although his larger concern is to avoid
extradition to the United States and possible
reprisals from the US government

SNOWDEN & ASSANGE
Source:
Julian Assange, an Australian citizen and founder of
WikiLeaks, remains in London. Assange sought
asylum in June 2012 to evade sexual assault charges
in Sweden, although his larger concern is to avoid
extradition to the United States and possible
reprisals from the US government
During the 2016 US elections, WikiLeaks hosted
emails sent /received by presidential candidate
Hillary Clinton while she was Secretary of State.
United States

SNOWDEN & ASSANGE
Source:
The emails had been released by the US State
Department under a Freedom of information request in
February 2016. WikiLeaks also created a SEARCH ENGINE
for the emails which became a major point of discussion
during the presidential election.

SNOWDEN & ASSANGE
Source:
The emails had been released by the US State
Department under a Freedom of information request in
February 2016. WikiLeaks also created a SEARCH ENGINE
for the emails which became a major point of discussion
during the presidential election.
In February 2016, Assange wrote: "I have had years of
experience in dealing with Hillary Clinton and have
read thousands of her cables. Hillary lacks judgment
and will push the United States into endless, stupid
wars which spread terrorism. ... she certainly should not
become president of the United States”

SNOWDEN & ASSANGE
Source:
On 4 January 2021, Judge Baraitser ruled that Assange
could not be extradited to the United States, citing
concerns about his mental health and the risk of suicide
in a US prison
JUDGE SIDED WITH THE US on every other point,
including whether the charges constituted political
offences and whether he was entitled to freedom of
speech protections
On the same day, President of Mexico said it was ready
to offer political asylum

SNOWDEN & ASSANGE
Source:
Meanwhile Edward Snowden released details
of PRISM, a worldwide data mining program
conducted by the US government‖s National
Security Agency

SNOWDEN & ASSANGE
Continues…..

GAFA PRIVACY, SECURITY & TAX
ISSUES

The Indian context
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwit3cXrl5nwAhV64zgGHSjZD5cQFjABegQIBBAD&url=https
%3A%2F%2Fniti.gov.in%2Fsites%2Fdefault%2Ffiles%2F2019-
07%2FCyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf&usg=AOvVaw3OYxN5diQ7XE-N04oCU6mm

Source: https://www.asianlaws.org/blog/the-ultimate-guide-to-global-cyber-laws/

Cyber Law of Antigua and Barbuda
The Electronic Crimes Act 2013 penalizes several cyber
crimes including unauthorized access, identify theft,
electronic forgery, electronic fraud, misuse of encryption,
child pornography, electronic terrorism, false websites &
spam
The Electronic Crimes Act 2013 also enables
mobile phone tracking in emergencies

Cyber Law of Australia
Australia has a VERY MATURE CYBER LAW ECOSYSTEM comprising
several Acts and Regulations
The Cybercrime Act 2001 was enacted by the Parliament of
Australia primarily to amend the LAW RELATING TO
COMPUTER OFFENCES
The Criminal Code Act 1995 penalizes Unauthorised access, modification
or impairment; with intent to commit a serious offence; Unauthorised
access or modification of restricted data; and Possession of hacking
tools
The Mutual Assistance in Criminal Matters Act 1987 allows for
international assistance in criminal matters to be provided and
obtained by Australia

The Spam Act 2003 sets up a scheme for REGULATING
COMMERCIAL EMAIL and other types of commercial
electronic messages
The Enhancing Online Safety Act 2015 establishes an eSafety
Commissioner and contains provisions relating to CYBER BULLYING
The Extradition (Cybercrime) Regulation 2013 read in conjunction
with section 5 of the Extradition Act 1988, DEFINES EXTRADITION
COUNTRIES
The Privacy Act 1998 sets up a scheme for notification of eligible
data breaches

The Telecommunications Act 1997 sets up a system for regulating tele-
communications. The Telecommunications (Interception and Access) Act 1979
establishes a system of preserving certain stored communications that are
held by a carrier. The purpose of the preservation is TO PREVENT THE
COMMUNICATIONS FROM BEING DESTROYED before they can be accessed
under certain warrants issued under the Act

Source: https://ciso.economictimes.indiatimes.com/news/australia-passes-cyber-
snooping-laws-with-global-implications/66983214
SYDNEY: Australia Thursday
passed controversial laws
allowing spies and police to
snoop on the encrypted
communications of
suspected terrorists and
criminals, as experts
warned the "unprecedented
powers" had far-reaching
implications for global
cybersecurity. There has
been extensive debate
about the laws and their
reach beyond Australia's
shores in what is seen as
the latest salvo between
global governments and
tech firms over national
security and privacy.

Source: https://theconversation.com/a-state-actor-has-targeted-australian-political-
parties-but-that-shouldnt-surprise-us-111997
“ The Australian political digital infrastructure is a target in an ongoing nation
state cyber competition which falls just below the threshold of open conflict “
Cyber power states capable of adopting “sophisticated”
measures might include the United States, Israel, Russia,
perhaps Iran and North Korea. Suspicion currently falls on
China.

Asia-Pacific Economic Cooperation (APEC), an international forum that
seeks to promote promoting open trade and practical economic
cooperation in the Asia-Pacific Region. In 2002, APEC issued Cybersecurity
Strategy which is included in the Shanghai Declaration. The strategy
outlined six areas for co-operation among member economies including
legal developments, information sharing and co-operation, security and
technical guidelines, public awareness, and training and education
https://en.wikipedia.org/wiki/International_cybercrime

The Organisation for Economic Co-operation and
Development (OECD) is an international economic
organisation of 34 countries founded in 1961 to stimulate
economic progress and world trade
In 1990, the Information, Computer and Communications Policy (ICCP) Committee
created an Expert Group to develop a set of guidelines for information security
that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD
announced the completion of "Guidelines for the Security of Information
Systems and Networks: Towards a Culture of Security"

The Economic Community of West African States (ECOWAS) is a regional
group of west African Countries founded in 1975 it has fifteen member
states. In 2009, ECOWAS adopted the Directive on Fighting Cybercrime in
ECOWAS that provides a legal framework for the member states, which
includes substantive criminal law as well as procedural law

LONDON ACTION PLAN
London Action Plan is a scheme to endorse worldwide spam enforcement
cooperation and address unnecessary email-related problems, such as
online fraud and deception, phishing, and distribution of internet viruses
On October 11, 2004, government and communal agencies
from 27 nations accountable for implementing rules in
relation to SPAM met in London to talk about global spam
enforcement assistance. At this gathering, a wide range of
spam enforcement organizations convened to chat about
international spam enforcement cooperation

Source: https://www.justsecurity.org/73061/finland-sets-out-key-positions-on-international-cyber-law/

Source: https://www.justsecurity.org/75278/germanys-positions-on-international-law-in-cyberspace-part-ii/

Cyber Law of the Commonwealth
The Commonwealth of Nations is a sui generis political
association of 53 member states, nearly all of them former
territories of the British Empire

The European Union (EU) is a political and economic union of
28 member states – Austria, Belgium, Bulgaria, Croatia,
Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland,
France, Germany, Greece, Hungary, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden and the UK
Cyber Law of Council of Europe

Cooperation Council consisting Bahrain, Kuwait, Oman, Qatar, Saudi
Arabia, and the United Arab Emirates
Cyber Law of GCC countries
The purpose of the Arab Convention on Combating Information
Technology Offences is to enhance and strengthen cooperation between
the Arab States in the area of combating information technology offences

The United Nations is an international organization
founded in 1945 and is currently made up of 193
Member States.
Cyber Law of United Nations

~400 pages

~100 pages

~120 pages

at
https://cyberlaw.ccdcoe.org/wiki/Main_Page

Consists of 19 hypothetical scenarios that contain a description
of cyber incidents inspired by real-world examples,
accompanied by DETAILED LEGAL ANALYSIS
The Cyber Law Toolkit is a dynamic interactive
web-based resource for legal professionals who
work with matters at the intersection of
international law and cyber operations

Aim of the ANALYSIS is to examine the
applicability of international law to the
scenarios and the issues they raise
Product of a yearlong project supported by the UK Economic
and Social Research Council. Partner institutions include the
University of Exeter, NATO Cooperative Cyber Defence Centre
of Excellence (CCDCOE), and the Czech National Cyber and
Information Security Agency (NCISA)

19 HYPOTHETICAL SCENARIOS

19 HYPOTHETICAL SCENARIOS
https://cyberlaw.ccdcoe.org
/wiki/Main_Page

“The International Cyber Law Project is an online reference
tool that maps the cybersecurity policies of countries globally.
Launched this year by the United States Chamber of
Commerce, the tool helps sort through the cyber laws of
countries around the world.”
Source: https://www.meritalk.com/articles/international-cyber-law-project-launched/

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks have
been designed by the U.S. Department of Commerce, European
Commission and Swiss Administration to provide companies on
both sides of the Atlantic with a mechanism to comply with
data protection requirements when transferring personal data
from the European Union and Switzerland to the United States
in support of transatlantic commerce

On July 16, 2020, the Court of Justice of the European Union issued
a judgment declaring as “invalid” the European Commission’s
Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection
provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-
U.S. Privacy Shield Framework is no longer a valid mechanism to comply
with EU data protection requirements when transferring personal data
from the European Union to the United States

INTERNATIONAL LAWS ON CYBER SPACE : CHALLENGES
&
CHALLENGES

STOP
WAIT
GO

CYBER WARFARE CONTEXT
REASONABLE
ABSOLUTE

Michael N. Schmitt
BIG DIFFERENCES between
THEORY & PRACTICAL realizations

Michael N. Schmitt
SMALLER vs BIGGER
Countries

Michael N. Schmitt
Version 1: The lawyer authors premised cloud as
something up in the sky, not aware of internet cables
Self confessed by author at
https://www.youtube.com/watch?v=w38HSUlnX6U 26:03

FEW EXAMPLES : CHALLENGES IN CLARITY
“….act in a reasonable way to defy threat”
“….will be binding if it is made in good faith”
“….when reasonable then….”
“….when appropriate, it acts…..”
“….when it is inevitable, then…..”
“….it is obvious but under limits…..”

Charter of the United Nations: Article 51
Source : https://legal.un.org/repertory/art51.shtml
“Nothing in the present Charter shall impair the inherent right of
individual or collective self-defence if an armed attack occurs
against a Member of the United Nations, until the Security Council
has taken measures necessary to maintain international peace
and security

TALLINN MANUAL 1.0
As per Schmitt, the group for Tallinn manual
Version 1.0 came up in 14 seconds as per
knowledge CENTRAL to him that mostly
included his own peers, friends and extended
friends

…Ok…we will attack 9999 websites

“Whatever you agree to or propose in the
policy/rule/standard , do not agree/propose to anything
that might strike at your state in future circumstances”
“BIND every CONCEIVABLE ADVERSARY as hard as you
can”

ABSENCE of effective international legal instruments on
cyberspace has largely been discussed in theoretical and
policy-making debates as the complexities in cyberspace
render difficult for actors to come into agreements, let alone
making agreeable binding law

Those who insist that cyberspace should remain a FREE and
DIFFUSED DOMAIN
STATES must take more influential roles in formulating
international law on cyberspace
3
Importance of THE INTERNATIONAL INSTITUTION and rule-
based multilateralism in managing cyberspace

International actors have not come into agreement
on the status of cyberspace whether it is global
commons, belongs to physical states‖ territory, or
based on their national origins
Source: Liaropoulos, Andrew. 2017. “Cyberspace Governance and State Sovereignty”, in Democracy and an Open-Economy
World Order, ed. George Bitros & Nicholas Kyriazis. Cham: Springer.
As a result, it creates MAJOR CHALLENGES to
determine JURISDICTION of international cyber
law until today

Further COMPLICATED by the fact that in the past few years
several international actors, mostly state actors, promote the
idea of DIGITAL SOVEREIGNTY to promote their interest to
take back control on information, communication, data, and
infrastructure related to the internet
Source: Gueham, Farid. 2017. Digital Sovereignty – Steps Towards a New System of Internet
Governance. Paris: Fondapol
Consequently, this creates harder
challenges on possible future international law on
CYBERSECURITY

When does STATE SPONSORSHIP of NON-
STATE CYBER OPERATIONS result in the two
states being “at war”?

Cyber attacks on the US banking sector have been attributed
primarily to the Izz ad-Din al-Qassam Cyber Fighters, a group
that launched them in response to the YouTube release of the
movie “Innocence of Muslims” and its alleged insult to the
Prophet Mohammed. Whether the Iranian government played
a part, and if so how, REMAINS UNCERTAIN.
Source: Ellen Nakashima, “Iran Blamed for Cyberattacks on US Banks and Companies,” The Washington Post, September 21,
2012, l; Jeb Boone,“WhoAre the Izz Ad-Din Al-Qassam Cyber Fighters?” GlobalPost, November 9, 2012,
http://www.globalpost.com/dispatches/globalpost-blogs/thegrid/who-are-the-izz-ad-din-al-qassam-cyberfighters

“A state agent hacks into a computer belonging to a private company
in another state in order to extract a ransom. The control and authority
over the computer are with the private company that owns the computer.
The computer and its contents have no relationship with the state‖s
exercise of its powers save for such purposes as criminal law
enforcement. As per xxx Law, a state‖s inherently sovereign powers
relate to areas over which a state has exclusive control, including state
infrastructure, rather than private citizens. If this is correct, such cyber
activity would not violate the independent powers of the state in which
the computer is located and neither could the activity be construed
as intervention, regardless of whether it is coercive”
PLEASE BEAR WITH LONG TEXT
Source: https://www.chathamhouse.org/2019/12/application-international-law-state-cyberattacks/4-application-law-case-studies

A state agent remotely shuts down the operation of a dominant internet
platform provider (such as Facebook) in another state, such that the entire
population of the latter state is unable to access the platform for three
days. On the basis of the above, only if the shutting down of the company
had a direct effect on the territorial state‖s exercise of its inherently
sovereign functions. Would the state-sponsored cyber activities constitute
a violation of the territorial state‖s sovereignty? If, for example, the
platform provider operated a portal on which a significant proportion
of the population were exclusively dependent to submit welfare claims,
that could be regarded as constituting a violation of sovereignty and the
non-intervention principle.

“In 2014, the Sands Casino in the US suffered a cyberattack, which
is suspected to have been carried out by Iran. Notwithstanding the
extensive damage done to the operation (including the wiping of hard
drives and permanent erasure of a vast quantity of essential data), the
US did not frame the operation as a violation of international law; the FBI
investigated it in conjunction with local state police, but no further action
was taken”
This kind of activity WOULD BE A CRIMINAL ACT UNDER THE DOMESTIC
LAW of almost any country..but then international cyber space…???!!!!!

In November 2014 , Sony PicturesSony‖s US affiliate was
hacked and confidential data extracted from its servers,
followed by the release of a huge quantity of personal data
More than 70 per cent of Sony‖s
computers were rendered inoperable
by the malware
Evidence suggests that the motive for the attack was
to persuade Sony not to release a film (―The Interview‖)
about North Korea, to which North Korea objected

The US attributed the cyberattack to North Korea
Incident constitutes an exercise of law enforcement power on the part
of North Korea (assuming that criticizing North Korea‖s leader, Kim Jong-
un, is a criminal offence)
That would fit the definition of violation of sovereignty used above
Secretary of State said that the hack ―violated international norms but NO
ACTION except few sanctions effected and criticism of North Korea

https://blogs.icrc.org/law-and-policy/2020/04/02/cyber-attacks-hospitals-covid-19/#_blank

https://medium.com/digital-diplomacy/the-impact-of-current-challenges-for-international-cyber-law-on-the-future-of-cybersecurity-
e2686f098e4c

https://www.lawfareblog.com/current-international-law-not-adequate-regime-cyberspace

Click, Print, Shoot!
Unimaginable as it may
sound, Cody Wilson, a law
student at the University
of Texas has made it
possible. Wilson created
the world’s first entirely
3d printed gun and named
it “The Liberator” as a
homage to the one-shot
pistols designed to be air-
dropped by the Allies over
France during its Nazi
occupation in World War
II
Cody Wilson

Three days after the plans were
released, the United States
Department of State demanded
that IT must retract the plans from
public availability. However, the
plans were downloaded over
100,000 times within those two
days. Later, the design even
appeared on The Pirate Bay and
the plans for the gun remain
available across the internet even
today

“To prove their responsibility requires evidence
of reports received, orders given and how
policies were set.”People with such information
should contact the investigators through secure
means of communication, he added, citing apps
such as Signal or a ProtonMail account.

Supposedly Iran conducted distributed denial of service campaign in 2011–
13 against the US financial sector which involved a sophisticated, globally
distributed network of compromised computer systems (a botnet),
reaching a cumulative total of 176 days of attacks
Harm sustained by US financial institutions targeted by the
operation ran into tens of millions of dollars
But how it ended up was with certain individuals involved indicted by the
US government in 2016 for attacking critical infrastructure

A state could use cyber operations to manipulate another country‖s electoral
infrastructure
For example, a hacking operation that tampers with the election results; changing
the status of voters on the roll so that their vote is listed only as provisional;
or deleting voters‖ names from the electoral roll.
In 2014 cyberattackers accessed the computer of Ukraine‖s Central
Election Commission and changed the result of the presidential election
to show the winner as a far-right candidate
In 2016, the website of Ghana‖s Central Election Commission was hacked and false
results announced from the Commission‖s Twitter account while votes were still
being counted

“In response to cyberattacks
on their election
infrastructure, some states
have designated their
electoral infrastructure
as critical national
infrastructure. This brings
electoral infrastructure
within the scope of the
consensus report of the 2015
UN Group of Governmental
Experts”
Source: https://leidensecurityandglobalaffairs.nl/articles/turning-down-the-heat-on-cyber-norms

States have peddled propaganda in other states for centuries
and advent of the internet has made this further easier. For
example through the use of bots operated from outside the
territory to circulate posts on social media about a particular
electoral candidate without the consent of the target state.
In the non-cyber context, if the information circulated
as propaganda is factual and neutral, such activity is not
considered to be a breach of the non-intervention principle

Source: For an excellent review of State and non-State activities in cyberspace, see Kenneth Geers etal., World War C:
Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks (Fire-Eye Labs), accessed January 31, 2014,
http://www.fireeye.com/resources/pdfs/fireeye-wwc-report.pdf.
…………….

While all AGREED that a cyber operation by another state that caused
damage to cyber infrastructure violated the territorial state‖s
sovereignty, whereas mere CYBER MONITORING DID NOT
BUT
DISAGREED over whether PLACING MALWARE INTO CYBER
INFRASTRUCTURE or altering or destroying data qualified as a violation
Experts that drafted the Tallinn Manual struggled with the
application of the principle of sovereignty

Experts that drafted the Tallinn Manual struggled with the
application of the principle of sovereignty
By this logic,
A cyber operation by State A that alters critical data stored in a
server on State B‖s territory violates State B‖s sovereignty.
BUT
However, if State B stored the same data in State C, State A‖s
operation would only violate State C‖s sovereignty

Source: https://voelkerrechtsblog.org/the-new-era-of-disinformation-wars/

Source site: https://www.yjil.yale.edu/grey-zones-in-the-international-law-of-cyberspace/

As Russia operates in this GRAY ZONE which does
not have clear laws established they get two
advantages:

advantages:
Firstly : Makes it hard globally to condemn and
blame them DIRECTLY, also a GLOBAL CONSENSUS is
NOT reached to conclude that what they have done
is wrong

advantages:
Firstly : Makes it hard globally to condemn and
blame them DIRECTLY, also a GLOBAL CONSENSUS is
NOT reached to conclude that what they have done
is wrong
Secondly, it COMPLICATES the RESPONSE option i.e.
no legal frames

Democratic National Committee cyber attacks took
place in 2015 and 2016, in which Russian computer
hackers infiltrated the Democratic National
Committee (DNC) computer network, leading to a
data breach
Cybersecurity EXPERTS, as well as the U.S.
government, determined that the cyberespionage
was the WORK OF RUSSIAN INTELLIGENCE agencies

On December 9, 2016, CIA concluded Russia
conducted the cyberattacks and other
operations during the 2016 U.S. election to
ASSIST DONALD TRUMP in winning the
presidency
Multiple U.S. intelligence agencies
CONCLUDED that Russian government
provided WikiLeaks with the stolen
emails from the DNC, as well as stolen
emails from Hillary Clinton

So proven on one side
technically that this is violation
of US SOVEREIGNITY
But then it lacked clarity as per
Russian side, so US could only
EXPEL DIPLOMATS and IMPOSE
SANCTIONS

So as per Schmitt, RUSSIA likes Gray Areas to
operate in

CYBERSPACE Anonymity
RELATIVE ANONYMITY of the Internet allows for a near
perfect deniability, as was the case in Estonia
All one has to do is either originate the attack
from or ROUTE the traffic through a country
that is not willing to cooperate
Makes it almost IMPOSSIBLE to bring the attackers to JUSTICE,
especially when considering the lack of common international
legal grounds for these new types of attacks and conflicts

“Ultimately, Tallinn Manual 2.0 must be understood only
as an expression of the opinions of the two
International Groups of Experts as to the state of the
law. This Manual is meant to be a reflection of the law
as it existed at the point of Manual’s adoption by the
two International Groups of Expert in June 2016. In is
not a „best practices‟ guide, does not represent
„progressive development of the law‟, and is policy and
politics-neutral. In other words, Tallinn Manual 2.0 is
intended as an objective restatement of the lex lata”
TALLINN MANUAL 2.0
Lex lata (also called de lege lata) is a Latin expression that means "the law as it exists"

The first Tallinn Manual dealt with the law applicable
to armed conflict
and
The second deals with a much broader type of cyber
operations—those both in and out of armed conflict
TALLINN MANUAL 1.0 vs 2.0

TALLINN MANUAL: EXPERT GROUPS
The first group included the law of armed conflict (LOAC)
experts primarily from the Western Hemisphere. In
response to criticism, the international group of experts for
Tallinn 2.0 was broader both in origin (including members
from Thailand, Japan, China, and Belarus) and substantive
expertise (including experts in human rights, space law,
and international telecommunications law)

Also, the Manual is divided into FOUR PARTS
 Part one deals with general international law and cyberspace.
 The second part covers specialized regimes of international law and
cyberspace.
 Third concerns international peace and security and cyber activities
are highlighted, which is drawn mostly from Tallinn 1.0.
 The last part is the rest of Tallinn 1.0 and applies to the law of cyber
armed conflict.
The International Committee of the Red Cross (ICRC) was
invited to send observers to both groups, as were other states
and organizations

In many cases, its panel of drafters was
unable to reach a consensus, illustrating the
complexities that still haunt the cyber world.

It finds that its panelists “were incapable of
achieving consensus as to whether remote
cyber espionage reaching a particular
threshold of severity violates international
law

RULE NINE establishes that the mere fact alone that a cyberattack
originates in a state’s territory and that a cyberattack is routed through a
state’s cyber infrastructure is NOT ENOUGH to attribute that attack to the
state in question. Therefore, rule nine regulates a victimized state‖s
potential countermeasures to a cyber operation.
Countermeasures to a CYBER OPERATION

RULE NINE establishes that the mere fact alone that a cyberattack
originates in a state’s territory and that a cyberattack is routed through a
state’s cyber infrastructure is NOT ENOUGH to attribute that attack to the
state in question. Therefore, rule nine regulates a victimized state‖s
potential countermeasures to a cyber operation.
“[a] State injured by an internationally wrongful act may resort to
proportionate countermeasures, including cyber countermeasures,
against the responsible State.”
Countermeasures to a CYBER OPERATION

Protection of the PoW in the CYBER ERA
“Prohibited cyber actions include posting defamatory information that
reveals embarrassing or derogatory information or their emotional state.
This would embrace, for example, posting information or images on the
Internet that could be demeaning or that could subject prisoners of war or
interned protected persons to public ridicule or public curiosity… guard
against intrusion by public and private actors into the communications,
financial assets, or electronic records of prisoners of war or interned
protected persons.”
Experts interpret traditional Geneva Convention protections for
prisoners of war in the cyber era
Source: Tallinn Manual 2.0 page 522

“Though both the Manuals are non-binding instruments, the
Group of International Experts claimed that they reflected the
lex lata applicable to cyber operations. However, this claim is
questionable due to the dominating role of a few Western
states in the drafting process and the linked neglect of the
practice of “affected states” in cyber operations”
Source:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjMtO2QsaXwAhXOfH0KHaxv
BUcQFjAFegQICxAD&url=https%3A%2F%2Fjournals.muni.cz%2Fmujlt%2Farticle%2Fdownload%2F11810%2F10665&usg=AOvVa
w3Gi6biqps0IhNUez2Aimzo

Criticism in the previous efforts was many states felt sidelined as their
viewpoints were not taken into consideration. Therefore, many experts
suggest that we NEED A TALLINN MANUAL 3.0, taking into account the
private interests and the interests of the Non-NATO member states from a
much broader spectrum
Do we need a Tallinn Manual 3.0?
Another challenge highlighted in the previous capacity building effort was that
“the states didn‖t want anyone to tell them what to do in the cyberspace.”
They want to leverage the cyberspace to fight a proxy war. Therefore, Tallinn
Manual 3.0 must be made with defined mechanisms of accountability, and all
the ambiguities must be addressed. Also, it must take into account incidents of
cyber-espionage and deem the act wrongful
Source: https://medium.com/@cyberdiplomacy/tallinn-manual-a-brief-review-of-the-international-law-applicable-to-cyber-
operations-5643c886d9e2

Do we need a Tallinn Manual 3.0?
Source: https://ccdcoe.org/news/2020/ccdcoe-to-host-the-tallinn-manual-3-0-process/
“The CCDCOE has committed to host a project to revise and
expand the influential Tallinn Manual 2.0 on International Law
Applicable to Cyber Operations. The comprehensive 2017
edition will be updated in the light of emerging State
practice.”

The Paris Call for Trust and Security in Cyberspace of 12
November 2018 is a call to come together to face the new
threats endangering citizens and infrastructure
Based around nine common principles to secure
cyberspace, which act as many areas for discussion
and action

The Paris Call invites all cyberspace actors to
work together and encourage States to
cooperate with private sector partners, the
world of research and civil society
The supporters of the Paris Call commit to working
together to adopt responsible behavior and
implement within cyberspace the fundamental
principles which apply in the physical world

LOT‖s of efforts taking place globally but CONSENSUS missing
among all..(and consensus seems in DISAGREEMENT)
All efforts in ISOLATION while least ISOLATION efforts
expected
REALISATIONS AND STATE
SERIOUS TRANSPARENT efforts required for true realisation of
global cyber hygiene..(…but seems IMPOSSIBLE given the complexities of cyberspace)
GLOBAL COMMONS criteria for CYBER SPACE
A term typically used to describe international, supranational,
and global resource domains in which common-pool
resources are found. Global commons include the earth's
shared natural resources, such as the high oceans, the
atmosphere and outer space and the Antarctic in particular.

THANK
YOU
THE WORLD AROUND ME
NO
END
TO
LEARNING
anupamtiwari@protonmail.com

TALLINN MANUAL & GLOBAL CYBER WARFARE POLICIES

Recommended

Recommended

More Related Content

What's hot

What's hot (14)

Similar to TALLINN MANUAL & GLOBAL CYBER WARFARE POLICIES

Similar to TALLINN MANUAL & GLOBAL CYBER WARFARE POLICIES (20)

More from anupriti

More from anupriti (20)

Recently uploaded

Recently uploaded (20)

TALLINN MANUAL & GLOBAL CYBER WARFARE POLICIES