Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Dr William Boothby
1. Cyber Warfare Law
and the Tallinn Manual
by
William H. Boothby
Copyright for this presentation belongs to Bill Boothby. The presentation is not to be copied
in whole or in part without his prior written permission.
2. What are we talking about?
Cyber will have a role in warfare
Is this the new wild west?
Tallinn Manual Process and the role of
NATO CCD COE, Tallinn
Tallinn Manual is not a source of law
Opinions differ – China/Russia speak
of information space
3. GGE process
GGE members agree states should:
1. Abide by international law in cyberspace
2. Honour state responsibility norms for
cyber attacks from their territory
3. Develop confidence building measures
4. Build capacity to enable developing
countries to protect networks and citizens
– 2013
4. Context
Prohibition on the use of force – UN
Charter art 2(4)
Most grave forms = armed attack
Inherent right of individual or
collective self defence
Underlying principle that states
should resolve their differences
peaceably
Sensible to apply this to cyber?
5. Cyber hostilities
ICJ said IHL applies “to any use
of force regardless of the
weapons employed” Nuclear
Weapons Advisory Opinion, para 39
ICJ also said distinction is a
‘cardinal’ principle Nuclear Weapons
Advisory Opinion, para 78
6. Principle of distinction
“…the Parties to the conflict shall
at all times distinguish between
the civilian population and
combatants and between civilian
objects and military objectives
and accordingly shall direct their
operations only against military
objectives” – API, art 48
7. Principle of distinction 2
Attacks = acts of violence against
adversary, in offence or defence
– art 49(1), Additional Protocol I
Notion of violent consequences
Enables application of detailed
targeting law
Issue is HOW rules apply
8. Principle of distinction 3
So, indiscriminate attacks, including
undirected attacks, prohibited
Cyber attackers must take
precautions
Constant care and specific rules for
planners and those who decide upon
attacks….AND
Precautions against the effects of
attacks
9. Cyber weapons – myth or
sensible?
No legal definition of weapon
Used, designed or intended to be
used to apply an offensive
capability to an enemy person or
object
If ‘cyber weapon’ makes sense
weapons law applies
10. Implications for cyber
weapons/attack procedures
To attack without doing anything to
verify unlawful
To attack without considering civilian
consequences also unlawful
Can we cyber map without disclosing
our intentions?
Can we know we have the right target
without cyber mapping?
Can we know collateral dangers without
cyber mapping?
Battle damage assessment advisable
11. Implications for those in control
Take precautions early
Segregate military and civilian
networks if possible
Segregate critical infrastructure
from Internet if possible
Reinforce control of entry in light of
known vulnerabilities – fingerprints
seem inadequate
Which of our systems is liable to be
attacked?
12. Precautions against attack
effects - contd
Are techies on duty 24/7 during
period of danger to reboot/repair
as necessary
Backing up
Anti-virus/patching etc
arrangements in place and always
up to date
13. Weapons law implications
Superfluous injury principle applies
Is cyber weapon indiscriminate by
nature? Stuxnet?
No ad hoc weapons law rule on
cyber
Is the cyber weapon capable of use
iaw Targeting Law?
14. The Future
Cyber deception operations
Law distinguishes deception as to
protected status (illegal) and ruses
(lawful)
Future priority = reliability of information,
robustness of systems, indications of
intrusions, indications of implications of
tampering for data reliability
Will wars be won by the most effective
liar?
15. The Future 2
Major disruption (without actual
damage) = attack?
Notion of ‘damage’ to include damage to
data?
If treaty law on cyber unlikely, legal
development requires customary law
through state practice. Consider …
Tallinn Manual and GGE processes
16. Role of states
States make international law
Regional responses to Tallinn
Manual and GGE processes can
drive law forward
States can/should develop own
legal interpretations
17. The ‘Balkanisation’ risk
National ‘Information space’ notion
could jeopardise free access for all
BUT
All states have an interest in
maintaining national cyber security
SO
Can states agree on when control
of access to information ceases to
be legitimate?