The panel discussed challenges around applying international law regarding use of force and armed conflict to cyber operations. Key questions included whether advances in technology nullify traditional rules of engagement in cyberspace, and if so how the rules apply in this new domain. Panelists also addressed when cyber operations constitute an armed attack, and when those conducting cyber operations would be considered combatants under international law. They discussed whether cyber operations fall under domestic or international law and which legal regimes, such as criminal, espionage, or law of armed conflict, should apply. Finally, the panel examined how international law addresses non-state actors conducting cyber operations.
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi
The National Security Law Brief is excited to publish the second issue of the Forum on National Security Law. This issue, completed with the help and support of the Volume IX editorial board, is a project designed to increase the Brief’s scope by providing an opportunity for practitioners and students alike to explore debates in national security law and policy through short, topical pieces.
As the Trump administration has provided a limited framework on cybersecurity issues, opportunities still exist for companies to involve themselves in the formation of this agenda. Companies looking to influence the cyber policy debate should reach out to the administration and influential parties early to participate in this rapidly changing conversation.
Brunswick’s cybersecurity experts provide insight into who the prominent policy influencers are and the likely cyber issues confronting the Trump administration.
Contact our Washington DC office for more information: http://www.brunswickgroup.com/contact-us/washington-dc/
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesChikere Uchegbu
- President Obama outlined a new U.S. strategy for cyberspace in 2011 that asserts the right to retaliate against cyber attacks using conventional military means.
- The strategy aims to deter cyber attacks, particularly from China which is viewed as the most prolific perpetrator of cyber espionage against the U.S.
- The document analyzes whether the new strategy could lead to a conventional war between the U.S. and China by examining their economic interdependence and applying international relations theories to assess the likelihood of conflict.
Chinese cyberattacks against the US pose long term threats to national security. The US power grid and critical infrastructure sectors are most vulnerable. While the daily number of attacks has decreased since 2015 agreements, China has increased sophistication so attacks are harder to detect. The US lacks effective countermeasures and China has no incentive to fully stop cyber espionage. Future disputes could prompt more attacks aimed at the US private sector.
This document provides an analysis of Assembly Bill 3597 in New York, which aims to regulate recreational drone use. Recent incidents have highlighted safety and privacy concerns from recreational drones. The bill was introduced by Assemblymember Zebrowski and addresses issues like restricting drone flight near airports and facilities. It prohibits certain risky drone behaviors and establishes penalties. Support comes from privacy advocates and legislators, while opposition argues it overregulates and burdens businesses. Debate continues over balancing safety, privacy and economic impacts of drone legislation.
China poses the biggest long-term threat to U.S. cybersecurity through frequent cyberattacks. While attacks have decreased in recent years due to an agreement between the U.S. and China, the threat is expected to increase again over the long term as China has no incentive to fully stop attacks. The U.S. private sector and critical infrastructure are most vulnerable. A major international dispute could prompt a large-scale Chinese cyberattack against the U.S. as retaliation.
Www ratical org_ratville_cah_hsa_ro_aps_htmlAaron Davis
Editors Note: This a three-part series on the Homeland Security Act (HSA). Part 1 reviews the origins of the Act in the Hart-Rudman Commission and the Council on Foreign Relations. Part 2 discusses Cheney's plan for global dominance and how that relates to homeland security. Part 3 details some of the HSA provisions themselves and briefly discusses what worries civil libertarians.
The document discusses the United States' current cyber strategy and whether it supports offensive cyber operations. It analyzes several scholarly articles on cyber warfare doctrine and strategy. While the articles provide examples of states conducting offensive cyber attacks, the document's hypothesis is that the US cyber strategy focuses on defense and does not explicitly support offensive computer network attacks to achieve national security objectives. The purpose is to examine US cyber strategy and determine if it should incorporate offensive operations to help achieve national goals.
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi
The National Security Law Brief is excited to publish the second issue of the Forum on National Security Law. This issue, completed with the help and support of the Volume IX editorial board, is a project designed to increase the Brief’s scope by providing an opportunity for practitioners and students alike to explore debates in national security law and policy through short, topical pieces.
As the Trump administration has provided a limited framework on cybersecurity issues, opportunities still exist for companies to involve themselves in the formation of this agenda. Companies looking to influence the cyber policy debate should reach out to the administration and influential parties early to participate in this rapidly changing conversation.
Brunswick’s cybersecurity experts provide insight into who the prominent policy influencers are and the likely cyber issues confronting the Trump administration.
Contact our Washington DC office for more information: http://www.brunswickgroup.com/contact-us/washington-dc/
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesChikere Uchegbu
- President Obama outlined a new U.S. strategy for cyberspace in 2011 that asserts the right to retaliate against cyber attacks using conventional military means.
- The strategy aims to deter cyber attacks, particularly from China which is viewed as the most prolific perpetrator of cyber espionage against the U.S.
- The document analyzes whether the new strategy could lead to a conventional war between the U.S. and China by examining their economic interdependence and applying international relations theories to assess the likelihood of conflict.
Chinese cyberattacks against the US pose long term threats to national security. The US power grid and critical infrastructure sectors are most vulnerable. While the daily number of attacks has decreased since 2015 agreements, China has increased sophistication so attacks are harder to detect. The US lacks effective countermeasures and China has no incentive to fully stop cyber espionage. Future disputes could prompt more attacks aimed at the US private sector.
This document provides an analysis of Assembly Bill 3597 in New York, which aims to regulate recreational drone use. Recent incidents have highlighted safety and privacy concerns from recreational drones. The bill was introduced by Assemblymember Zebrowski and addresses issues like restricting drone flight near airports and facilities. It prohibits certain risky drone behaviors and establishes penalties. Support comes from privacy advocates and legislators, while opposition argues it overregulates and burdens businesses. Debate continues over balancing safety, privacy and economic impacts of drone legislation.
China poses the biggest long-term threat to U.S. cybersecurity through frequent cyberattacks. While attacks have decreased in recent years due to an agreement between the U.S. and China, the threat is expected to increase again over the long term as China has no incentive to fully stop attacks. The U.S. private sector and critical infrastructure are most vulnerable. A major international dispute could prompt a large-scale Chinese cyberattack against the U.S. as retaliation.
Www ratical org_ratville_cah_hsa_ro_aps_htmlAaron Davis
Editors Note: This a three-part series on the Homeland Security Act (HSA). Part 1 reviews the origins of the Act in the Hart-Rudman Commission and the Council on Foreign Relations. Part 2 discusses Cheney's plan for global dominance and how that relates to homeland security. Part 3 details some of the HSA provisions themselves and briefly discusses what worries civil libertarians.
The document discusses the United States' current cyber strategy and whether it supports offensive cyber operations. It analyzes several scholarly articles on cyber warfare doctrine and strategy. While the articles provide examples of states conducting offensive cyber attacks, the document's hypothesis is that the US cyber strategy focuses on defense and does not explicitly support offensive computer network attacks to achieve national security objectives. The purpose is to examine US cyber strategy and determine if it should incorporate offensive operations to help achieve national goals.
The document analyzes the 2001 cyber attacks between the United States and China following a collision between a U.S. plane and Chinese fighter jet. Chinese hackers began attacking U.S. websites in protest, and U.S. hackers retaliated, launching a 7-day cyber battle. The attacks involved web defacement, viruses, and DDoS attacks targeting government websites. Both sides were motivated by patriotism and tensions between the countries. The U.S. responded defensively while China took a more offensive approach. The attacks exposed vulnerabilities in how each country approached cyber defense and deterrence at the time.
The document summarizes recent revelations from Israel and the US about cooperation in cyber warfare against Iran's nuclear program. It notes that for the first time, the IDF admitted using offensive cyber capabilities and the US revealed details of joint operations with Israel, including developing Stuxnet. It questions whether these disclosures were coordinated to increase pressure on Iran and convince Israel not to conduct military strikes, or if different government agencies are trying to claim credit. It raises the possibility that acceptance of cyber warfare as an extension of diplomacy may increase in the future.
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
The US National Security Agency is hoping to recruit "cyber warriors" to help fight international cyber warfare. Representatives from NSA and other government security agencies will attend the annual DEF CON hacker conference to find potential recruits. DEF CON is a major meet-up for US hackers, attracting about 10,000 attendees annually. The NSA hopes to find skilled individuals willing to help the US conduct defensive and offensive cyber operations against the growing threats of hacker groups, foreign government-sponsored hackers, and more.
This document discusses how Sun Tzu's classic work The Art of War can provide a framework for understanding cyber warfare, though it is not a perfect fit. It summarizes key concepts from The Art of War related to strategic thinking, cultivating success on defense, and gaining foreknowledge of adversaries. While cyber warfare is an unconventional threat, nations should still make strategic preparations and investments in network security to prevent being caught off guard by attacks.
The document discusses the USA Patriot Act, which was passed in 2001 in response to the 9/11 terrorist attacks. It aimed to strengthen security by expanding surveillance and counterterrorism powers. While this increased security capabilities, it also reduced privacy protections and gave the government broad authority. The document examines both sides of the debate, noting the Patriot Act enhanced national security but also potentially violated civil liberties through vague language and unconstitutional surveillance practices.
China has developed extensive cyber warfare capabilities since the mid-1990s. They have intelligence and military organizations dedicated to cyber warfare and conduct frequent exercises. These capabilities include penetrating other networks and planting viruses. However, China's own networks remain vulnerable. As a result, China has adopted a pre-emptive cyber strategy of unleashing its capabilities at the start of potential conflicts to disrupt enemy systems, though these are still relatively unsophisticated. It is difficult to attribute many Chinese cyber activities to official agencies due to use of private actors.
Witnessing the series of attacks, debates and laws on cyber terrorisms or attacks viz- a-viz application of self-defense doctrine has become a hot button issue in global arena. Self defense per se an magnetic subjects which fascinates lawmaker and international bodies to play their active role. But as the emanation of a new threat of Cyber attacks and bit of new technologies, the issue of security has reached to its zenith. International laws, domestic laws, regulations, treaties etc. turn out to be vague and handicap to tackle this concept of cyber terrorism.
The document discusses the increasing tensions around cyber warfare between nations. It notes that in 2013, President Obama publicly accused the Chinese government of cyber attacks against the US. Experts predict that state-sponsored cyber attacks will become more common and potentially lethal in 2013. While there is no consensus on what constitutes an act of cyber war, events like US and Iranian attacks suggest the cyber war may already be underway. Nations are rapidly expanding their cyber military programs and capabilities. The US in particular is developing both defensive and offensive cyber strategies, but critical infrastructure remains vulnerable to disruptive attacks.
This document discusses the difficulties corporations face in responding to cyber threats from state actors. It begins by noting the ambiguity between cyber crime and cyber war. While cyber crime is generally defined as using computers to commit illegal acts, the line is often blurred with state-sponsored activities. The Sony hack is presented as an escalation that targeted the company ideologically rather than for traditional espionage or disruption reasons. Domestically, corporations have limited options under US law to defend themselves from foreign state cyber attacks. Internationally, the right of self-defense does not clearly apply to corporations. The document aims to analyze corporate responses available and recommend partnerships with governments for improved cybersecurity.
Volume 7, Issue 1 (2014) of the Journal of Physical Security, a peer-reviewed journal devoted to research, development, modeling, testing, experimentation, and analysis of physical security. Includes both technical and social science approaches.
This issue has 7 papers on the following topics: testing locks; seals and nuclear safeguards; a security thought experiment; vulnerability assessment issues; the levels of critical infrastructure risk; and community partnerships for counteracting radicalization.
For more information about JPS, to download individual papers from this or earlier issues, or to get on the email notification list, see http://jps.anl.gov
This summary provides an overview of the document, which appears to be an annotated bibliography written by Jerica Knox for an English class. The bibliography includes summaries of five sources that Knox will use for a research paper on airport security. The sources evaluate whether security measures are effective at preventing terrorist threats on planes and in airports. One source criticizes the Department of Homeland Security for failing to adequately protect infrastructure. Another argues new legislation has not improved security and expresses doubt about the ability to fully secure borders. A film segment discusses how explosives can evade x-ray detection. The bibliography demonstrates Knox has selected sources from diverse formats to incorporate differing viewpoints in her evaluation of airport security.
PRISM is a secret NSA program that collects intelligence from major tech companies like Google and Facebook. It allows analysts access to emails, chats, photos, and other data from foreigners using these services. While the NSA claims PRISM only targets non-US persons abroad, it may also incidentally collect some data on Americans due to large amounts of foreign data being routed through US servers. The program is conducted under Section 702 of the FISA Amendments Act but was leaked to the public by Edward Snowden.
Hackers are used to call bad guys but in reality this is not (always) true. In some situations they can be the integral part of national cyber security system especially in those small or midsize countries where the army or the secret services don’t have enough resources and knowledge to avoid a complex network attack. The study examines the public and realistic possibilities of a midsize Central-European country in cyber defense using the experiences of last years’ net wars. It’s clear that a small country hasn’t got enough professionals in this area and such an attack is too fast for a sudden NATO response so some kind of public-private partnership is required. The paper gives some possible solutions for this cooperation involving civil professionals and hackers. It also studies the hackers’ attitude of a midsize Central-European country based on personal interviews and anonymous questionnaire focusing on their opinion about participating in national security. In the last part the type of involvement is proposed and the motivations are examined including the great question: why should we trust in hackers?
This slideshow discusses the importance of Government Surveillance as it pertains to National Security. A Look at some of the legal issues on Public Privacy and Mass Information Intelligence Gathering.
Instructions please write a 5 page paper answering the question consimba35
Stuxnet was a sophisticated computer virus that targeted Iran's nuclear program in 2010. It exploited vulnerabilities in Windows and industrial control systems to damage nuclear centrifuges at Natanz. Stuxnet demonstrated the destructive potential of cyberweapons and marked the emergence of cyberwarfare. The document discusses Stuxnet's technical details and impact, and poses questions about preventing future cyberattacks of this nature.
The Estonian Cyber Defense League was formed in 2007 in response to cyberattacks on Estonian government, financial, and media networks by unknown Russian hackers. The League gathers computer experts who would work under military command in times of cyberwar to defend Estonia's networks. With over 1,000 members, it is one of the first official government-sanctioned cyber militias.
Hello dr. aguiar and classmates,for this week’s forum we were assimba35
The document discusses three potential capstone project topics related to security management. Topic 1 examines the positive and negative effects of implementing Crime Prevention Through Environmental Design (CPTED) at public schools. Topic 2 focuses on the essential need for U.S. maritime port security and the importance of compatibility between private and government security functions. Topic 3 addresses the required need for adequate training of private security professionals and how integrated training with law enforcement could advance security.
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
Online hate speech is a big issue, and many are worried that it leads to radicalization and actions in the real world. Here, we look at how artificial intelligence (AI) can now be used to detect hate speech and predict its impact.
1) The WikiLeaks document dump reflected positively on US diplomacy and policy, showing efforts to prevent Iran from obtaining nuclear weapons and negotiations with Saudi Arabia over oil.
2) While some documents were embarrassing, they did not reveal sensitive information like assassination attempts or illegal torture that could have been in past leaks.
3) The impact on US foreign policy is considered "fairly modest" according to the Defense Secretary, and unlike the Pentagon Papers, the WikiLeaks documents did not involve deliberate government lies that led to loss of life.
Each question should be done on a separate word document, with referwildmandelorse
Each question should be done on a separate word document, with references.
Question 1
Revelations about the collection of vast amounts of data on telephone and computer use by the National Security Agency (NSA) have raised concerns about the threat to privacy. At the same time, many private companies collect extensive information on computer users. Read Craig Mundie (2014) "
Privacy
(Links to an external site.)Links to an external site.
pragmatism: A
(Links to an external site.)Links to an external site.
focus on data use, not data collection (Links to an external site.)Links to an external site.
." (right-click to open in new window)Â
Foreign Affairs,
Mar.-Apr. 2014. Retrieved from Columbia College online library,
Global Issues in Context
database. Look for a copy in
Files
Also, take a look at this one page brief by the
National Review (Links to an external site.)Links to an external site.
on the unmasking of U.S. Citizens. Does this review give you a reason for heartburn over not just the unmasking, but then leaking to the press? Click on the National Review link or see in course materials Unit 4. For background on the legal requirements of NSA unmasking and the 702 warrants see Hirsch and Maxey (March 24, 2017).
What are the arguments for changing the way we think about privacy in the modern world?
What concerns do you have about the extent to which government and corporations store and use information collected from citizens to spy on those same citizens? What benefits do you see?
References
Hirsch, S. and Maxey, L., (March 24, 2017). "Unmasking of U.S. Citizens in NSA Intercepts," The Cipher Brief. Retrieved from
https://www.thecipherbrief.com/article/exclusive/north-america/unmasking-us-citizens-found-nsa-intercepts-1091 (Links to an external site.)
Question 2
Watch the Frontline episode “Top Secret America: 9/11 to the Boston Bombings” that recounts a history of American intelligence efforts since 9/11. The program touches on many highly controversial intelligence issues including the justification for the Iraq War, the use of rendition and torture to gather intelligence, the use of drone weapons, broad surveillance of telephone and computer communications, widespread use of license plate and facial recognition technology, and camera surveillance. There has been a substantial investment in intelligence capabilities to conduct the War on Terror and prevent terrorist attacks. Is this effort relevant today?
Please address the following questions with brief answers (about 150 to 200 words):
Write using third person perspective
Justify using authoritative sources (peer review journals, published sources, FBI, etc.)
What questions does “Top Secret America” raise about U.S. intelligence gathering?
Is the gathering of intelligence infringing on civil liberties? Justify your answer.
Is the intelligence effort making America safe? Justify your answer.
Are these efforts relevant today?
Video
Frontline (2013). ...
Click on the following link(s) for the Phase 2 Reading Assignment.docxvernettacrofts
Click on the following link(s) for the Phase 2 Reading Assignment:
Annual Report to Congress on ISE
Most people attribute the creation of law enforcement and intelligence fusion centers with the events of September 11, 2001. However, from 1999–2002, a series of major events primed policy makers within the U.S. intelligence and law enforcement communities to formalize cross-community information sharing activities and ultimately to create an effective law enforcement and intelligence information-sharing environment.
As the new millennium was set to begin, Ahmed Ressam (the Millennium Bomber) was stopped as he exited a ferry crossing from Canada to a remote U.S. entry point. The contents found in his trunk would have allowed Ressam to achieve his goal of setting off an explosive device at the Los Angeles airport. This event, which occurred just two years before 9/11, led to meetings regarding the creation of some type of fusion and/or sharing process. Further discussions would advance this idea in the fall of 2002. In October of 2002, unprovoked shootings in the Washington DC metropolitan area resulted in 10 people dead and three critically injured. At the outset of these shootings, a massive police investigation across local and federal levels developed to apprehend the so-named Beltway Sniper. Local and federal law enforcement officials in the East attempted to fit the pieces together and analyze messages left by the killer or killers. This sniper case, combined with previous lessons learned, culminated in the realization for the need to formalize a multijurisdictional information-sharing activity. Members from across the law enforcement community—combining with elements of the homeland security, defense, and intelligence communities
—
set about institutionalizing this effort as quickly as possible.
Assignment Guidelines
For this assignment, you are a member of the law enforcement community tasked with institutionalizing this effort.
Address the following in 1,000 words:
What are the challenges for federal, state, and local law enforcement in collecting intelligence information as it pertained to these two events? Explain.
What lessons were learned from these events with regards to intelligence collection and information-sharing? Explain.
What recommendations can you offer on how to create an information-sharing environment? Explain.
How would your recommendation effectively formalize multijurisdictional information sharing to counter some of existing challenges? Explain.
Be sure to reference all sources using APA style
...
A Survey of National Security Law seminar-Chicago Kent College of LawChicagoKent565
This one-day seminar provides an overview of national security law from various perspectives. It is organized by the Center for National Security and Human Rights Law at Chicago-Kent College of Law. The seminar will cover topics such as the principles of self-defense and separation of powers in national security, laws of armed conflict, intelligence collection and cyber law, use of drones, interrogation and detention operations, and national security criminal law. It aims to introduce participants to this complex and evolving area of law through presentations by experts and practitioners in the field.
The document analyzes the 2001 cyber attacks between the United States and China following a collision between a U.S. plane and Chinese fighter jet. Chinese hackers began attacking U.S. websites in protest, and U.S. hackers retaliated, launching a 7-day cyber battle. The attacks involved web defacement, viruses, and DDoS attacks targeting government websites. Both sides were motivated by patriotism and tensions between the countries. The U.S. responded defensively while China took a more offensive approach. The attacks exposed vulnerabilities in how each country approached cyber defense and deterrence at the time.
The document summarizes recent revelations from Israel and the US about cooperation in cyber warfare against Iran's nuclear program. It notes that for the first time, the IDF admitted using offensive cyber capabilities and the US revealed details of joint operations with Israel, including developing Stuxnet. It questions whether these disclosures were coordinated to increase pressure on Iran and convince Israel not to conduct military strikes, or if different government agencies are trying to claim credit. It raises the possibility that acceptance of cyber warfare as an extension of diplomacy may increase in the future.
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
The US National Security Agency is hoping to recruit "cyber warriors" to help fight international cyber warfare. Representatives from NSA and other government security agencies will attend the annual DEF CON hacker conference to find potential recruits. DEF CON is a major meet-up for US hackers, attracting about 10,000 attendees annually. The NSA hopes to find skilled individuals willing to help the US conduct defensive and offensive cyber operations against the growing threats of hacker groups, foreign government-sponsored hackers, and more.
This document discusses how Sun Tzu's classic work The Art of War can provide a framework for understanding cyber warfare, though it is not a perfect fit. It summarizes key concepts from The Art of War related to strategic thinking, cultivating success on defense, and gaining foreknowledge of adversaries. While cyber warfare is an unconventional threat, nations should still make strategic preparations and investments in network security to prevent being caught off guard by attacks.
The document discusses the USA Patriot Act, which was passed in 2001 in response to the 9/11 terrorist attacks. It aimed to strengthen security by expanding surveillance and counterterrorism powers. While this increased security capabilities, it also reduced privacy protections and gave the government broad authority. The document examines both sides of the debate, noting the Patriot Act enhanced national security but also potentially violated civil liberties through vague language and unconstitutional surveillance practices.
China has developed extensive cyber warfare capabilities since the mid-1990s. They have intelligence and military organizations dedicated to cyber warfare and conduct frequent exercises. These capabilities include penetrating other networks and planting viruses. However, China's own networks remain vulnerable. As a result, China has adopted a pre-emptive cyber strategy of unleashing its capabilities at the start of potential conflicts to disrupt enemy systems, though these are still relatively unsophisticated. It is difficult to attribute many Chinese cyber activities to official agencies due to use of private actors.
Witnessing the series of attacks, debates and laws on cyber terrorisms or attacks viz- a-viz application of self-defense doctrine has become a hot button issue in global arena. Self defense per se an magnetic subjects which fascinates lawmaker and international bodies to play their active role. But as the emanation of a new threat of Cyber attacks and bit of new technologies, the issue of security has reached to its zenith. International laws, domestic laws, regulations, treaties etc. turn out to be vague and handicap to tackle this concept of cyber terrorism.
The document discusses the increasing tensions around cyber warfare between nations. It notes that in 2013, President Obama publicly accused the Chinese government of cyber attacks against the US. Experts predict that state-sponsored cyber attacks will become more common and potentially lethal in 2013. While there is no consensus on what constitutes an act of cyber war, events like US and Iranian attacks suggest the cyber war may already be underway. Nations are rapidly expanding their cyber military programs and capabilities. The US in particular is developing both defensive and offensive cyber strategies, but critical infrastructure remains vulnerable to disruptive attacks.
This document discusses the difficulties corporations face in responding to cyber threats from state actors. It begins by noting the ambiguity between cyber crime and cyber war. While cyber crime is generally defined as using computers to commit illegal acts, the line is often blurred with state-sponsored activities. The Sony hack is presented as an escalation that targeted the company ideologically rather than for traditional espionage or disruption reasons. Domestically, corporations have limited options under US law to defend themselves from foreign state cyber attacks. Internationally, the right of self-defense does not clearly apply to corporations. The document aims to analyze corporate responses available and recommend partnerships with governments for improved cybersecurity.
Volume 7, Issue 1 (2014) of the Journal of Physical Security, a peer-reviewed journal devoted to research, development, modeling, testing, experimentation, and analysis of physical security. Includes both technical and social science approaches.
This issue has 7 papers on the following topics: testing locks; seals and nuclear safeguards; a security thought experiment; vulnerability assessment issues; the levels of critical infrastructure risk; and community partnerships for counteracting radicalization.
For more information about JPS, to download individual papers from this or earlier issues, or to get on the email notification list, see http://jps.anl.gov
This summary provides an overview of the document, which appears to be an annotated bibliography written by Jerica Knox for an English class. The bibliography includes summaries of five sources that Knox will use for a research paper on airport security. The sources evaluate whether security measures are effective at preventing terrorist threats on planes and in airports. One source criticizes the Department of Homeland Security for failing to adequately protect infrastructure. Another argues new legislation has not improved security and expresses doubt about the ability to fully secure borders. A film segment discusses how explosives can evade x-ray detection. The bibliography demonstrates Knox has selected sources from diverse formats to incorporate differing viewpoints in her evaluation of airport security.
PRISM is a secret NSA program that collects intelligence from major tech companies like Google and Facebook. It allows analysts access to emails, chats, photos, and other data from foreigners using these services. While the NSA claims PRISM only targets non-US persons abroad, it may also incidentally collect some data on Americans due to large amounts of foreign data being routed through US servers. The program is conducted under Section 702 of the FISA Amendments Act but was leaked to the public by Edward Snowden.
Hackers are used to call bad guys but in reality this is not (always) true. In some situations they can be the integral part of national cyber security system especially in those small or midsize countries where the army or the secret services don’t have enough resources and knowledge to avoid a complex network attack. The study examines the public and realistic possibilities of a midsize Central-European country in cyber defense using the experiences of last years’ net wars. It’s clear that a small country hasn’t got enough professionals in this area and such an attack is too fast for a sudden NATO response so some kind of public-private partnership is required. The paper gives some possible solutions for this cooperation involving civil professionals and hackers. It also studies the hackers’ attitude of a midsize Central-European country based on personal interviews and anonymous questionnaire focusing on their opinion about participating in national security. In the last part the type of involvement is proposed and the motivations are examined including the great question: why should we trust in hackers?
This slideshow discusses the importance of Government Surveillance as it pertains to National Security. A Look at some of the legal issues on Public Privacy and Mass Information Intelligence Gathering.
Instructions please write a 5 page paper answering the question consimba35
Stuxnet was a sophisticated computer virus that targeted Iran's nuclear program in 2010. It exploited vulnerabilities in Windows and industrial control systems to damage nuclear centrifuges at Natanz. Stuxnet demonstrated the destructive potential of cyberweapons and marked the emergence of cyberwarfare. The document discusses Stuxnet's technical details and impact, and poses questions about preventing future cyberattacks of this nature.
The Estonian Cyber Defense League was formed in 2007 in response to cyberattacks on Estonian government, financial, and media networks by unknown Russian hackers. The League gathers computer experts who would work under military command in times of cyberwar to defend Estonia's networks. With over 1,000 members, it is one of the first official government-sanctioned cyber militias.
Hello dr. aguiar and classmates,for this week’s forum we were assimba35
The document discusses three potential capstone project topics related to security management. Topic 1 examines the positive and negative effects of implementing Crime Prevention Through Environmental Design (CPTED) at public schools. Topic 2 focuses on the essential need for U.S. maritime port security and the importance of compatibility between private and government security functions. Topic 3 addresses the required need for adequate training of private security professionals and how integrated training with law enforcement could advance security.
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
Online hate speech is a big issue, and many are worried that it leads to radicalization and actions in the real world. Here, we look at how artificial intelligence (AI) can now be used to detect hate speech and predict its impact.
1) The WikiLeaks document dump reflected positively on US diplomacy and policy, showing efforts to prevent Iran from obtaining nuclear weapons and negotiations with Saudi Arabia over oil.
2) While some documents were embarrassing, they did not reveal sensitive information like assassination attempts or illegal torture that could have been in past leaks.
3) The impact on US foreign policy is considered "fairly modest" according to the Defense Secretary, and unlike the Pentagon Papers, the WikiLeaks documents did not involve deliberate government lies that led to loss of life.
Each question should be done on a separate word document, with referwildmandelorse
Each question should be done on a separate word document, with references.
Question 1
Revelations about the collection of vast amounts of data on telephone and computer use by the National Security Agency (NSA) have raised concerns about the threat to privacy. At the same time, many private companies collect extensive information on computer users. Read Craig Mundie (2014) "
Privacy
(Links to an external site.)Links to an external site.
pragmatism: A
(Links to an external site.)Links to an external site.
focus on data use, not data collection (Links to an external site.)Links to an external site.
." (right-click to open in new window)Â
Foreign Affairs,
Mar.-Apr. 2014. Retrieved from Columbia College online library,
Global Issues in Context
database. Look for a copy in
Files
Also, take a look at this one page brief by the
National Review (Links to an external site.)Links to an external site.
on the unmasking of U.S. Citizens. Does this review give you a reason for heartburn over not just the unmasking, but then leaking to the press? Click on the National Review link or see in course materials Unit 4. For background on the legal requirements of NSA unmasking and the 702 warrants see Hirsch and Maxey (March 24, 2017).
What are the arguments for changing the way we think about privacy in the modern world?
What concerns do you have about the extent to which government and corporations store and use information collected from citizens to spy on those same citizens? What benefits do you see?
References
Hirsch, S. and Maxey, L., (March 24, 2017). "Unmasking of U.S. Citizens in NSA Intercepts," The Cipher Brief. Retrieved from
https://www.thecipherbrief.com/article/exclusive/north-america/unmasking-us-citizens-found-nsa-intercepts-1091 (Links to an external site.)
Question 2
Watch the Frontline episode “Top Secret America: 9/11 to the Boston Bombings” that recounts a history of American intelligence efforts since 9/11. The program touches on many highly controversial intelligence issues including the justification for the Iraq War, the use of rendition and torture to gather intelligence, the use of drone weapons, broad surveillance of telephone and computer communications, widespread use of license plate and facial recognition technology, and camera surveillance. There has been a substantial investment in intelligence capabilities to conduct the War on Terror and prevent terrorist attacks. Is this effort relevant today?
Please address the following questions with brief answers (about 150 to 200 words):
Write using third person perspective
Justify using authoritative sources (peer review journals, published sources, FBI, etc.)
What questions does “Top Secret America” raise about U.S. intelligence gathering?
Is the gathering of intelligence infringing on civil liberties? Justify your answer.
Is the intelligence effort making America safe? Justify your answer.
Are these efforts relevant today?
Video
Frontline (2013). ...
Click on the following link(s) for the Phase 2 Reading Assignment.docxvernettacrofts
Click on the following link(s) for the Phase 2 Reading Assignment:
Annual Report to Congress on ISE
Most people attribute the creation of law enforcement and intelligence fusion centers with the events of September 11, 2001. However, from 1999–2002, a series of major events primed policy makers within the U.S. intelligence and law enforcement communities to formalize cross-community information sharing activities and ultimately to create an effective law enforcement and intelligence information-sharing environment.
As the new millennium was set to begin, Ahmed Ressam (the Millennium Bomber) was stopped as he exited a ferry crossing from Canada to a remote U.S. entry point. The contents found in his trunk would have allowed Ressam to achieve his goal of setting off an explosive device at the Los Angeles airport. This event, which occurred just two years before 9/11, led to meetings regarding the creation of some type of fusion and/or sharing process. Further discussions would advance this idea in the fall of 2002. In October of 2002, unprovoked shootings in the Washington DC metropolitan area resulted in 10 people dead and three critically injured. At the outset of these shootings, a massive police investigation across local and federal levels developed to apprehend the so-named Beltway Sniper. Local and federal law enforcement officials in the East attempted to fit the pieces together and analyze messages left by the killer or killers. This sniper case, combined with previous lessons learned, culminated in the realization for the need to formalize a multijurisdictional information-sharing activity. Members from across the law enforcement community—combining with elements of the homeland security, defense, and intelligence communities
—
set about institutionalizing this effort as quickly as possible.
Assignment Guidelines
For this assignment, you are a member of the law enforcement community tasked with institutionalizing this effort.
Address the following in 1,000 words:
What are the challenges for federal, state, and local law enforcement in collecting intelligence information as it pertained to these two events? Explain.
What lessons were learned from these events with regards to intelligence collection and information-sharing? Explain.
What recommendations can you offer on how to create an information-sharing environment? Explain.
How would your recommendation effectively formalize multijurisdictional information sharing to counter some of existing challenges? Explain.
Be sure to reference all sources using APA style
...
A Survey of National Security Law seminar-Chicago Kent College of LawChicagoKent565
This one-day seminar provides an overview of national security law from various perspectives. It is organized by the Center for National Security and Human Rights Law at Chicago-Kent College of Law. The seminar will cover topics such as the principles of self-defense and separation of powers in national security, laws of armed conflict, intelligence collection and cyber law, use of drones, interrogation and detention operations, and national security criminal law. It aims to introduce participants to this complex and evolving area of law through presentations by experts and practitioners in the field.
The USA PATRIOT Act was passed shortly after the September 11th attacks to expand the surveillance and investigative powers of US government agencies. It allowed for increased monitoring of electronic communications and social media activity. While supporters argued these powers were necessary to prevent terrorism, critics saw it as an erosion of civil liberties and privacy protections. The act allowed government access to records from internet providers, phone calls, emails and social media without requiring a warrant or notice to the individuals being monitored. It remained a highly controversial law around issues of security, privacy and constitutional rights.
ECON 202 Written AssignmentDue April 28th Submitted through BlacEvonCanales257
ECON 202 Written Assignment
Due April 28th Submitted through Blackboard
Topic: You can choose a business or industry that has been impacted by COVID 19. I want you to write a 2 page paper on how you think the pandemic has effected the business and the impact on society. I want you to relate the topic to the economic effects on the society. This will require you to use the terms we have learned and relate the economic principles we have studied in class.
When I say 2 pages I MEAN content of 2 pages. Do not put your name, class section, or any other info at the top or bottom of the page. I will know who it is when you submit it in blackboard, but, if you want to put that information on your paper, Do A Title Page! Use double spacing and a font of 14 for your paper.
The rubric is:
Economic termsuse a minimum of 15 @ 2points each 30 points
Length of paper minimum of 2 pages, 5 paragraphs 10 points
Content of paper is your paper logical, did you present an
Economic position, is it relevant to society? 10 points
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
The Cyber Domain
Metcalf, Andy, USMC;Scott, Dan
Marine Corps Gazette; Aug 2015; 99, 8; ProQuest
pg. 57
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.
Cyber Espionage: The Silent Crime of Cyberspace
Virginia Greiman
Boston University, Boston, USA
[email protected]
Abstract: In recent years, the disclosure of secrets through cyber infiltration of America’s largest intelligence organization,
the National Security Agency (NSA), has raised the fears of veteran intelligence officials and close allies around the globe that
no institution or government is secure from those who roam the discrete halls of cyberspace. Although espionage has existed
since before the days of the Greek mythological Trojan horse, no one could have envisioned the sophisticated use of
espionage in today’s networked world. Espionage has been used for political and military intelligence and economic and
industrial pursuits with a lack of understanding of all of the impacts on our daily lives. In the context of foreign or international
law, espionage is sometimes characterized as lawless, without controls or regulation, and it rarely distinguishes between
economic and security based cyber espionage. Through empirical analysis this paper explores the treatment of espionage
under various legal systems including those countries and regions considered the most advanced at cyber espionage, the
United States, the United Kingdom, Russia and China. To provide greater insight into the different perspectives of cyber
espionage from a legal standpoint, this paper distinguishes the law of national intelligence collection from the cr ...
Cyber Espionage The Silent Crime of Cyberspace Virginia GOllieShoresna
Cyber Espionage: The Silent Crime of Cyberspace
Virginia Greiman
Boston University, Boston, USA
[email protected]
Abstract: In recent years, the disclosure of secrets through cyber infiltration of America’s largest intelligence organization,
the National Security Agency (NSA), has raised the fears of veteran intelligence officials and close allies around the globe that
no institution or government is secure from those who roam the discrete halls of cyberspace. Although espionage has existed
since before the days of the Greek mythological Trojan horse, no one could have envisioned the sophisticated use of
espionage in today’s networked world. Espionage has been used for political and military intelligence and economic and
industrial pursuits with a lack of understanding of all of the impacts on our daily lives. In the context of foreign or international
law, espionage is sometimes characterized as lawless, without controls or regulation, and it rarely distinguishes between
economic and security based cyber espionage. Through empirical analysis this paper explores the treatment of espionage
under various legal systems including those countries and regions considered the most advanced at cyber espionage, the
United States, the United Kingdom, Russia and China. To provide greater insight into the different perspectives of cyber
espionage from a legal standpoint, this paper distinguishes the law of national intelligence collection from the criminal laws
of economic/industrial espionage on the domestic front. The purpose of this research is to analyze the development of cyber
espionage as a preferred means of contemporary warfare, as well as a tool for economic and political intelligence. The paper
concludes by responding to the challenges faced by nation-states in the development of an effective legal system governing
espionage at the domestic and international level.
Keywords: cyber espionage, cybercrime, foreign surveillance, national intelligence, economic espionage, cyber warfare
1. Introduction
Although many countries all over the world are committing cyber espionage, the United States, Russia, and China
represent the most sophisticated cyber spying capabilities (Senate, 2014). A 2011 Report by the Office of the
National Counterintelligence Executive (ONCIX) suggested that the rise of cyberspace as a platform for
innovation and storage of trade secrets was greatly enhancing the risks faced by American firms. The report also
found that the United States remains the prime target for foreign economic collection and industrial espionage
by virtue of its global technological leadership and innovation (ONCIX, 2011).
Cyber espionage has also become an accepted and even preferred means of warfare. That is not to say that
cyber espionage will replace traditional means of warfare, but it is already affecting the nature of nation-state
conflict. Dunn Cavelty (2012) suggests that this shift began with the Cold War ...
This document provides a summary of a student's senior thesis analyzing the "Bybee Memo," a legal memorandum authored by the Office of Legal Counsel that provided justification for the use of torture on detainees. The thesis examines the memo through an interdisciplinary lens, analyzing the legal, historical, and policy contexts. It explores how the memo relied on a "discourse of fear" following 9/11 to dismiss anti-torture laws and argues its defenses of torture were flawed. The methodology section outlines how the thesis uses perspectives from insiders, legal experts, and torture experts to analyze how the memo was produced and implemented as policy.
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...James Creamer III
This document provides a summary of a paper analyzing the cyber security dilemma between the United States and China. It begins with an introduction outlining increased cyber attacks and the resulting buildup of cyber capabilities in the US and China. It then provides definitions of key terms and reviews relevant literature on the modern security dilemma with China, US-China relations, and cyber security. The literature discusses factors that can exacerbate or alleviate security dilemmas and different viewpoints on China's rise and the threat it poses. The document aims to determine if the US and China are justified in their reactions or if their actions are contributing to an escalating cyber security dilemma.
Conflicts Affecting Economic Trade Between the UnitedSta.docxmaxinesmith73660
Conflicts Affecting Economic Trade Between the UnitedStates and Mexico
Policy Paper Proposal
John Doe
GOVT 2305-2XXX Spring 2018
Dr. J. Mark Skorick
Word Count (206)
On January 1, 1994, the North American Free Trade Agreement (NAFTA) became law. NAFTA is an agreement between the United States, Mexico, and Canada that allows free trade across its borders and brings economic growth between the three countries (Hymson et al. 220). The policy paper will speak specifically on the economic trade between the United States and Mexico. Currently, there are worries about the security of the United States border due to several detrimental matters that have occurred. Some major issues that have occurred since NAFTA became law include: drug smuggling by criminal cartels, human smuggling into the United States, money laundering and sex trafficking, to name a few (Cooper 471-2). While there are some risks that pose a threat to US border security, the United States has greatly benefited from the economic free trade with Mexico (Gallaher 331). Such benefits include: reduced costs of goods, increased job growth, and Mexico becoming one of the largest auto exporters to the United States (Gallaher 332). This policy paper will outline the advantages and disadvantages United States and Mexican foreign policy concerning economic trade policy. The paper will investigate various ways that both the United States and Mexico can improve the border’s security so economic trade can continue seamlessly.
Works Cited
COOPER, JAMES M. "The Rise of Private Actors along the United States-Mexico Border." Wisconsin International Law Journal, vol. 33, no. 3, Winter2015, pp. 470-511. EBSCOhost, dcccd.idm.oclc.org/login?url=http://search.ebscohost.com.dcccd.idm.oclc.org/login.aspx?direct=true&db=a9h&AN=113657684&site=ehost-live.
Gallaher, Carolyn. "Mexico, the Failed State Debate, and the Mérida Fix." Geographical Journal, vol. 182, no. 4, Dec. 2016, pp. 331-341. EBSCOhost, doi:10.1111/geoj.12166.
Hymson, Edward, et al. "Increasing Benefits and Reducing Harm Caused by the North American Free Trade Agreement." Southern Law Journal, vol. 19, no. 1, Fall2009, pp. 219-243. EBSCOhost, dcccd.idm.oclc.org/login?url=http://search.ebscohost.com.dcccd.idm.oclc.org/login.aspx?direct=true&db=a9h&AN=48238274&site=ehost-live.
1
Strengthening the United States Cybersecurity Relationship with China
Policy Paper Project
Jane Doe
GOVT 2305-2XXX
Dr. J. Mark Skorick
Spring 2018
Word Count (1636)
The United States and China are intense competitors for global dominance. The U.S. and China are the two largest economies in the world and the two nations are in constant economic competition. The two nations also compete politically and ideologically, with China being a communist state with harsh restrictions on freedom of speech and the U.S. being a representative democracy with strict protections for freedom of speech. As China seeks to surpass the United States in economic.
This document summarizes and analyzes a paper about recent efforts in the US Congress to pass legislation addressing cybersecurity and data protection. It argues that corporations lobbying for such legislation are cynically shaping laws to shift responsibility for data protection from companies to the public, benefiting corporations without risk. By conflating cybercrime and cyberterrorism, corporations position protecting private interests as protecting national security, gaining influence over the legislative process. However, this does little to safeguard individual rights while protecting corporate interests at public expense.
The document summarizes a presentation arguing that existing international laws of war can adequately address issues raised by cyber warfare, without needing new treaties. It outlines the current legal framework, including when cyber attacks may constitute use of force or armed attacks. It also discusses challenges like attribution and dual-use networks. The presentation argues against new treaties for cyber warfare, saying adversaries would not comply and existing laws can adapt to technology changes.
Balancing National Security and Civil LibertiesU.S. policy m.docxAMMY30
U.S. policymakers have long struggled to balance national security and civil liberties. Prior to 9/11, government agencies could access private records with simple requests, citing national security. After 9/11, these rules were further eased through laws like the USA Patriot Act, allowing entire database access without explanation to investigate terrorists and prevent attacks. While supporters believe this protects Americans, critics argue it infringes too much on civil liberties.
After putting a box of old poetry manuscripts in the trash, a professor was reported to police by a student as a "Middle Eastern man" acting suspiciously. This led to an evacuation of campus buildings and cancellation of classes as the bomb squad investigated. It was revealed to be just recycling. However, the incident showed how an innocent action by a person of color can be viewed as a threat due to a culture of fear and profiling. While the university denied the report was racially motivated, the professor was deeply troubled by the profiling and atmosphere of suspicion it revealed.
Provide a half page comments to attached.docxwrite30
The document discusses two articles related to cyber attacks attributed to North Korea. The first article from 2014 expresses skepticism about the FBI's attribution of the Sony attack to North Korea, as the evidence was largely circumstantial. The second 2019 article discusses US sanctions on three North Korean cyber groups and questions their effectiveness, as the groups are not based in the US. It recommends developing relationships rather than sanctions to create positive change.
This document summarizes and analyzes the USA Patriot Act passed shortly after 9/11. It provides background on the Act and examines some of its most controversial provisions, such as expanded surveillance and investigative powers for law enforcement and national security agencies. The document reports on two surveys of academics, attorneys, and police chiefs that found concern about the Act's impacts on civil liberties protections in the First and Fifth Amendments. While supporters argue the Act is necessary to fight terrorism, many professionals and civil liberties groups believe certain provisions infringe on constitutional rights.
Similar to Crossing the Line: The Law of War and Cyber Engagement - A Symposium (15)
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
This document briefly explains the June compliance calendar 2024 with income tax returns, PF, ESI, and important due dates, forms to be filled out, periods, and who should file them?.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
1. Crossing the Line: The Law of War and Cyber
Engagement – An Introduction
JONATHAN M. MEYER1
On April 27, 2017, The National Security Committee of the American
Bar Association, Section of International Law organized and executed a
blue-ribbon panel titled, “Crossing the Line: The Law of War and Cyber
Engagement.”2 The panel’s participants were tasked with building analytical
bridges by and between the laws of armed conflict and self-defense and
answering questions concerning cyber security.3 The panel’s participants,
comprised of experts in the fields of National Security, the Law of Armed
Conflict (“LOAC”), and technology and export controls, cogently addressed
presenting questions, such as, whether advancements in technology nullify
the traditional rules of engagement, or in the alternative, do the rules of
engagement have application to cyberspace as a new battlefield?4 If so, how
and in what context do such rules apply? Further, when do cyber operations
constitute an “armed attack” or “use of force” pursuant to International Law
and Article 51 of the U.N. Charter?5 When are those engaged in cyber
operations “belligerents” or “combatants” pursuant to such laws? Are cyber
operations subject to domestic jurisdiction under national legal regimes, or
in the alternative, does international law govern these operations? Which
legal regimes are to be applied (e.g., criminal/espionage/sabotage or the law
of armed conflict)? In conclusion, panelists discussed how non-state actors
(i.e., hackers or hacker groups) conducting information gathering or denial
operations (e.g., DoS or DDoS) are to be addressed pursuant to
international law.
1. Jonathan Michael Meyer, Attorney at Law, Vice Chair of the ABA SIL, National Security
Law Committee, Co-Chaired and Moderated the Panel, “Crossing the Line: The Law of War
and Cyber Engagement,” which transpired on April 27, 2017, during the ABA SIL Spring
Meeting in Washington, DC.
2. Crossing the Line: The Law of War and Cyber Engagement, ABA SECTION OF
INTERNATIONAL LAW: NATIONAL SECURITY COMMITTEE (Apr. 27, 2017), https://www.
americanbar.org/groups/international_law/media/crossing_the_line.html.
3. Id.
4. Id.
5. U.N. Charter art. 51.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
2. THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
3. Crossing the Line: Law of War and Cyber
Engagement-The U.S. Position
PHILIP D. O’NEILL, JR.1
I. Introduction
The basic U.S. policy regarding the applicability of the law of war to cyber
engagement is of recent vintage, articulated largely during this decade,
impelled as the range of actions and actors on the threat continuum evolved
with increasingly acute results.2
To begin to meet the challenge of cyber competition yielding to conflict,
in 2011 President Obama recognized as a matter of declaratory policy in his
“International Strategy for Cyberspace”3 that “[l]ong-standing international
norms guiding state behavior — in times of peace and conflict — also apply
in cyberspace.”4 That said, President Obama’s policy pronouncement also
cautioned that: “unique attributes of networked technology require
additional work to clarify how these norms apply and what additional
understandings might be necessary to supplement them.”5
A legal and political policy debate over cyber “acts of war,” “use of force,”
and “armed attacks” ensued in recent years, with the notion of “equivalence”
to traditional military force triumphing doctrinally through adoption of an
“effects-based” standard. Reduced to essentials, we gauge attacks, including
those perpetrated through cyber operations, by their consequences, not the
means of delivery. This evaluative approach was desirable both for what it
prohibits and for what it permits as a two-edged sword. According to public
acknowledgement by former Chairman Dempsey of the Joint Chiefs of
Staff, the U.S. had not declared exactly what kinds of cyber-attacks and what
1. This article is based upon a presentation by Mr. O’Neill at the ABA Spring meeting of the
International Section in Washington D.C. on April 26, 2017, available at https://static.ptbl.co/
static/attachments/150017/1495047643.pdf?1495047643. Mr. O’Neill taught Nation Security
Law at Boston University Law School, and is the author of books on national security law and
arms control published by Oxford University Press. He presently serves as co-chair of the ABA
International Section’s National Security Law Committee.
2. See, e.g., Office of the Director of National Intelligence, Worldwide Threat Assessment of the
U.S. Intelligence Community, at pp. 5-6 (Feb. 13, 2018) https://www.dni.gov/files/documents/
Newsroom/Testimonies/2018-ATA—-Unclassified-SSCI.pdf.
3. See generally International Strategy for Cyberspace, obamawhitehousearchives.org (May 1,
2011), https://www.google.com/search?client=safari&rls=en&q=international+Strategy+or+
Cyberspace”++2011&ie=UTF-8&oe=UTF-8.
4. Id. at 9.
5. Id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
4. 590 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
level of damage hits the threshold of an “act of war.”6 The position received
an updated confirmation in June 2016 in testimony before the House Armed
Services Committee; then acting Department of Defense (DOD) Assistant
Secretary for Homeland Defense and Global Security Atkins confirmed that
a cyber-strike as an act of war “has not been defined. We’re still working
toward that definition.”7 His testimony was the same as to a lack of
definition when asked about state or non-state actor cyber-attacks against
civilian targets with “significant consequences.”8
The Trump administration, pursuant to Congressional direction,
submitted a classified national policy for cyberspace and cyber warfare in
April 2018.9 Little has emerged since then publicly.10 In April 2018,
testimony before the House Armed Services Committee, former DHS
Secretary (and DOD General Counsel) Jeh Johnson observed in testimony
at hearings on information warfare below the traditional level of armed
conflict that: “Under what circumstances can a cyberattack constitute an act
of war? At the moment there is no legal definition for the term. Essentially,
the answer from [legal scholars] and me, is “maybe,” or “it depends” or “we
will know it when we see it.”11 Most recently, in a reported remark that did
not even warrant a headline, General Paul Nakasone, the head of the
National Security Agency and U.S. Cyber Command, stated (apparently
without qualification) at an Aspen conference that “cyber attack from
6. See Gen. Dempsey’s Remarks and Q&A on Cyber Security at the Brookings Institute at 5, JOINT
CHIEFS OF STAFF (2013), http://www.jcs.mil/Media/Speeches/Article/571864/gen-dempseys-
remarks-and-qa-on-cyber-security-at-the-brookings-institute/.
7. Statement of Mr. Thomas Atkin Acting Assistant Sec’y of State of Def. of Homeland Def. and
Global Sec. Office of the Sec’y of Def.; Lt. Gen. James K. McLaughlin Deputy Commander, U.S. Cyber
Command; and Brigadier Gen. Charles L. Moore Jr. Deputy Director Global Operations (J-39), JOINT
STAFF BEFORE THE HOUSE ARMED SERVICES COMMITTEE (June 22, 2016), https://docs.house
.gov/meetings/AS/AS00/20160622/105099/HHRG-114-AS00-Wstate-AtkinT-20160622.pdf.
8. Military Cyber Operations: Hearing Before the Committee on Armed Services at 16, 114th
Cong. 2 (2016) (statement of Assistant Secretary for Homeland Defense and Global Security
Thomas Akins), https://fas.org/irp/congress/2016_hr/mil-cyber.pdf.
9. See, e.g., Morgan Chalfant, Trump sends cyber warfare strategy to Congress, THE HILL, Apr.
19, 2018, http://thehill.com/policy/cybersecurity/384017-trump-sends-cyber-warfare-strategy-
to-congress; See also Derek Hawkins, The Cybersecurity 202: Senate defense bill pushes Trump to get
tougher on Russian hacking, June 19, 2018, https://www.washingtonpost.com/news/powerpost/
paloma/the-cybersecurity-202/2018/06/19/the-cybersecurity-202-senate-defense-bill-pushes-
trump-to-get-tougher-on-russian-hacking/5b279a0c1b326b3967989b34/?utm_term=.082718
d587f5.
10. Derek Hawkins, The Cybersecurity 202: Congress isn’t happy with Trump’s cyber strategy. It
wants a commission to help., WASH. POST (July 25, 2018), https://www.washingtonpost.com/
news/powerpost/paloma/the-cybersecurity-202/2018/07/25/the-cybersecurity-202-congress-
isn-t-happy-with-trump-s-cyber-strategy-it-wants-a-commission-to-help/5b5751da1b326b1e
64695504/?utm_term=.4f8188b1484e.
11. Prepared Statement of Jeh Charles Johnson before the House Armed Services Committee
hearing on “Cyber Operations Today: Preparing for 21st Century Challenges in an
Information-Enabled Society”, 2 nt. 5 (Apr. 11, 2018), https://docs.house.gov/meetings/AS/
AS00/20180411/108077/HHRG-115-AS00-Wstate-JohnsonJ-20180411.pdf.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
5. 2018] THE U.S. POSITION 591
another government on U.S. critical infrastructure would cross the threshold
into war, ‘and we would certainly respond.’”12
In those circumstances, how do our officials measure malicious cyber
incidents for appropriate response, particularly those of non-state fronts and
cut-outs? When does the DOD take the governmental lead in responding
to a cyber-attack? How and where does that lead us and others in discerning
“when the line is crossed.” In other words, when does a cyber-war start and
precisely how are we supposed to know it?
The short answer is not missing in action; rather, as a matter of official
policy, hitherto we basically had criteria for evaluation, which are applied on
a case by case, fact-specific basis for serious cyber incidents by the President
and his national security team. As the former Deputy Assistant Secretary of
Defense for Cyber Policy, Aaron Hughes, observed in the “Digital Acts of
War” hearings in July 2016 before the Subcommittees on Information
Technology and National Security of the House Committee on Oversight
and Reform:
[W]hen determining whether a cyber-incident constitutes an ‘armed
attack’, the US Government considers a number of factors, including
the nature and extent of injury or death to persons and the destruction
of, or damage to property. As such cyber incidents are assessed on a
case-by-case basis and, as the President has publicly stated, the U.S.
Government’s response to any particular cyber incident would come in
a place and time and manner that we choose.13
It suffices to say that these criteria were offered in lieu of rather than as “red
lines” delineating exact thresholds of behavior triggering “use of force.” In
sum and substance, that was the testimony on July 13, 2016 of State
Department official Christopher Painter, then the Coordinator of Cyber
Issues, in those same hearings. He further explained that this is really no
different than the historic position of the U.S. and other nations, which have
refrained from “defin[ing] precisely (or stat[ing] conclusively) what
situations would constitute armed attacks in other domains and there is no
reason cyberspace should be different.”14 In any event, it bears added
observation that the evaluative criteria say nothing about the requisite level
12. Sean Lyngrass, “NSA chief confirms he set up task force to counter Russian hackers”,
CYBERSCOOP (Apr. 22, 2018), https://www.cyberscoop.com/donald-trump-white-house-
cybersecurity-strategy/.
13. Statement of Mr. Thomas Atkin Acting Assistant Sec’y of State of Def. of Homeland Def. and
Global Sec. Office of the Sec’y of Def.; Lt. Gen. James K. McLaughlin Deputy Commander, U.S. Cyber
Command; and Brigadier Gen. Charles L. Moore Jr. Deputy Director Global Operations (J-39) at 1,
JOINT STAFF BEFORE THE HOUSE ARMED SERVICES COMMITTEE (June 22, 2016), https://
docs.house.gov/meetings/AS/AS00/20160622/105099/HHRG-114-AS00-Wstate-AtkinT-2016
0622.pdf.
14. Digital Acts of War: Evolving the Cybersecurity Conversation: Hearing Before the Committee on
Oversight and Government Reform at 5, 114th Cong. 2 (2016) (testimony of Christopher M.E.
Painter, Coordinator for Cyber Issues U.S. Department of State), https://oversight.house.gov/
wp-content/uploads/2016/07/Painter-Statement-Digital-Acts-of-War-7-13.pdf.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
6. 592 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
of proof to be required — a matter of some import, as history in this century
informs us.
Thus, we have a traditional standard and we have applicable evaluative
criteria. But as Acting DOD Deputy Assistant Hughes also acknowledged to
the House Armed Services Committee in July, 2016 in other cyber warfare
hearings: “We just don’t have guidance on application to scenarios.”15 That
is a bit of an of an overstatement, but not by much. Drilling down somewhat
into the public record to see what examples we and others, including
potential adversaries, do have to base decisions on, there is minimal
substance or clarity to be found. The initial illustrative examples flowed
from former Legal Advisor Koh‘s explanation in a scripted, inter-agency
commentary in September 2012, that cyber activities that proximately result
in death, injury or significant destruction “would likely” be viewed as the
“use of force.”16 By analogy with kinetic weapon parallels, he specifically
likened the effects of cyber operations to those of kinetic attacks upon a
nuclear power plant, which melted down, or bombing a dam in a populated
area, or disabling air traffic control so that a plane crashed.17 Similarly, the
DOD observes in the most recent edition of its Law of War Manual, that
where cyber operations against military logistics systems cripplingly impede
the ability to conduct and sustain military operations, that “might equal a use
of force.”18 At the same time, the Manual also provides examples of factors
indicating when a cyber-operation does not amount to an “attack” under the
Law of War (Section 16.5.2), such as when a cyber-operation only causes
reversible or temporary effects.19
Accordingly, per the Manual, actions amounting to minor or brief
disruption of internet services, or the brief disruption, disability, or
interference with communications do not qualify.20 In that regard, one
might inquire how “temporary” is defined. For example, the U.S.
experienced a significant Distributed Denial of Service (DDOS) attack on
October 21, 2016 that brought down many prominent sites for much of a
15. Statement of Mr. Thomas Atkin Acting Assistant Sec’y of State of Def. of Homeland Def. and
Global Sec. Office of the Sec’y of Def.; Lt. Gen. James K. McLaughlin Deputy Commander, U.S. Cyber
Command; and Brigadier Gen. Charles L. Moore Jr. Deputy Director Global Operations (J-39), JOINT
STAFF BEFORE THE HOUSE ARMED SERVICES COMMITTEE (June 22, 2016), https://docs.house.
gov/meetings/AS/AS00/20160622/105099/HHRG-114-AS00-Wstate-AtkinT-20160622.pdf.
16. Harold Hongju Koh, International Law in Cyberspace, 54 HARV. INT’L L.J. 1, 3-4 (2012)
(remarks as prepared for Delivery by Harold Hongju Koh to the USCYBERCOM Inter-
Agency Legal Conference Ft. Meade, MD., Sept. 18, 2012).
17. Id.
18. DEPT. OF DEFENSE, OFFICE OF GEN. COUNSEL, LAW OF WAR MANUAL at 985-1000
(June 2015, updated May 2016), https://www.documentcloud.org/documents/2997317-DoD-
Law-of-War-Manual-June-2015-Updated-May-2016.html.
19. Id. at 996.
20. Id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
7. 2018] THE U.S. POSITION 593
day, with considerable economic consequence.21 In comparison, we also
know that the Russia-sourced cyber-attack on Estonia in 2007 took down
the internet there for two weeks,22 but Estonia did not seek to invoke Article
5 of the North Atlantic treaty for collective defense. Even a June 2017
attack, attributed by the White House Press Secretary to the Russian
military and dubbed as the most destructive and costly cyber-attack in
history23, was not characterized as an “act of war” — economic or otherwise.
Indeed, it was mentioned almost in the same breath of subsequent
Congressional testimony as the observation that “we are in the midst of a
‘very real series of (minor) military squirmishes’ in cyberspace.”24 In
comparison, no less of an authority than the President of the United States
in late 2014 publicly branded the North Korean attack on SONY as an “act
of cyber-vandalism,” and expressly disclaimed it as an “act of war”.25
Nevertheless, this direct attack on American civilians by a foreign power was
publically acknowledged in the DOD’s cyber strategy as “one of the most
destructive cyber-attacks yet on a US entity”.26
Further articulation of applicable criteria for the “effects-based” standard
and application of the law of war has, to date, largely been delivered through
a combination of executive orders and statements; Presidential Policy
Directives; Departmental Strategy and Policy Statements and Reports; as
well as public remarks by senior officials — often reactive in event-driven
circumstances — and in their testimony before Congress. Additionally,
further insight may be derived by logical implication from our command and
control structuring for cyber operations. The process also is now being
driven in part by Congress, pursuant to annual DOD funding
authorizations, particularly in Fiscal Year 2017 and again for 2019. So, what
can be gleaned from all of these sources?
21. See, e.g., Sara Ashley O’Brien, Widespread Cyberattack Takes Down Sites Worldwide, CNN
(October 21, 2016, 8:11 PM), http://money.cnn.com/2016/10/21/technology/ddos-attack-
popular-sites/index.html.
22. Peter Finn, Cyber Assaults on Estonia Typify a New Battle Tactic, WASH. POST (May 19,
2007), http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR20070518021
22.html.
23. The White House, Statement from the Press Secretary (Feb. 15, 2018), https://www.white
house.gov/briefing-statement/statement-press-secretary-25/.
24. Prepared Statement of GEN (Ret) Keith B. Alexander, “Cyber warfare Today: Preparing
for the 21st Century Challenges in an Information-Enabled Society” before the House Armed
Services Committee (Apr. 11, 2018), http://nationalsecurity.gmu.edu/wp-content/uploads/
2018/05/Alexander-Testimony-Cyber-Warfare-Today.pdf.
25. Eric Bradner, Obama: North Korea’s Hack Not War, But ‘Cybervandalism,’ CNN (Dec. 24,
2014, 9:20 AM), http://www.cnn.com/2014/12/21/politics/obama-north-koreas-hack-not-war-
but-cyber-vandalism/index.html (quoting President Obama in interview on Sunday December
21, 2016 on “State of the Union”).
26. DEPT. OF DEFENSE, THE DOD CYBER STRATEGY at 2 (April 17, 2015), https://www.
defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRAT
EGY_for_web.pdf.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
8. 594 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
II. The Development (and Export) of the US Legal Position
The DOD, in the 2010 Quadrennial Defense Review, identified
cyberspace as a global commons and domain.27 This recognition followed
purported Russian cyber activity in Estonia in 2007 and Georgia in 2008,28
as well as our own experience with it from Serbian cyber-attacks in 1998,29
and reported use by Israel in its attack on a Syrian nuclear reactor in 2007,30
among other cyber activity in a political/military context. Against this
background, in May 2011 the DOD issued a “Strategy for Operating in
Cyberspace” which expressly recognized cyberspace as an operational
domain equal to those of land, sea, air and outer space.31 The DOD also
specifically, albeit generally, acknowledged that computer sabotage by
another country could constitute an “act of war.”32
With respect to the development of US declaratory policy on the
intersection of cyber activity and applicable law, the “effects-based” prism
through which we now view any “use of force” or an “armed attack,” drew
upon the conclusions of leading legal scholars in the area working on it since
the 1990s.33 It also found official recognition at the DOD as early as May
1999, in the “Assessment of the International Legal Basis in Information
Operations.”34 There, the DOD General Counsel observed that “the
international community is more interested in the consequences [of an
attack] than its mechanism,”35 in suggesting that cyber operations could
constitute armed attacks giving rise to the right of self-defense. Hence, the
results of attacks, rather than means, matter most in all physical and virtual
operating domains.
27. DEPT. OF DEFENSE, QUADRENNIAL DEFENSE REVIEW REPORT at 37, (Feb. 1, 2010),
http://archive.defense.gov/pubs/2014_Quadrennial_Defense_Review.pdf.
28. See, e.g., David J. Smith, Russian Cyber Strategy and the War Against Georgia, ATLANTIC
COUNCIL (Jan. 17, 2014), http://www.atlanticcouncil.org/blogs/natosource/russian-cyber-
policy-and-the-war-against-georgia.
29. See, e.g., Jason Healey, Cyber Attacks against NATO, then and now, ATLANTIC COUNCIL
(Sept. 6, 2011), http://www.atlanticcouncil.org/blogs/new-atlanticist/cyber-attacks-against-
nato-then-and-now.
30. See generally Sharon Weinberger, How Israel spoofed Syria’s Air Defense System, WIRED (Oct.
4, 2007, 3:14 PM), https://www.wired.com/2007/10/how-israel-spoo/.
31. Department of Defense Strategy for Operating in Cyberspace, NATIONAL INSTITUTE OF
STANDARDS AND TECHNOLOGY at 5 (July 1, 2011), https://csrc.nist.gov/presentations/2011/
department-of-defense-strategy-for-operating-in-cy.
32. See generally Siobhan Gorman, Cyber Combat: Act of War, WALL ST. J. (May 31, 2011, 2:01
AM), https://www.wsj.com/articles/SB10001424052702304563104576355623135782718.
33. Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law:
Thoughts on a Normative Framework, INSTITUTE FOR INFORMATION TECHNOLOGY
APPLICATIONS (June 1999), www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993.
34. DEPT. OF DEFENSE, OFFICE OF GEN. COUNSEL, AN ASSESSMENT OF INTERNATIONAL
LEGAL ISSUES IN INFORMATION OPERATIONS (May 1999), http://www.au.af.mil/au/awc/
awcgate/dod-io-legal/dod-io-legal.pdf.
35. Id. at 18.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
9. 2018] THE U.S. POSITION 595
U.S. cyber law views are also shaped within the context of long-standing
U.S. articulation of its construction of applicable U.N. Charter Articles (e.g.,
the inherent right of self-defense potentially applies against any illegal use of
force). U.S. positions were largely developed in the context of the Cold
War, when U.S. policymakers and diplomats emphasized the might of arms
as a trigger, as opposed to different forms of coercion (economic; diplomatic
or otherwise) championed primarily by less powerful and developing
nations. Whether past restrictive views of “use of force” will continue in the
cyber context will most likely be tested in the future by “disruptive” attacks.
Even in the absence of physical destruction, they can have serious economic
impacts, particularly if directed at critical infrastructure sectors. Such
attacks can be relatively enduring and at such a scale — even if shy of a
“significant consequences” threshold — that those unique aspects may
eventually give us pause for consideration of the continuing viability of past
interpretation of “use of force” in such circumstances.
Doctrinally, the current U.S. position was largely memorialized in the
most recent revision of the DOD Law of War Manual, as noted above. The
Manual also generally identifies and describes the international legal
architecture applied to military cyber activity.36 There, one finds
acknowledgement that the law of war rules are not framed in terms of
specific technological means, and are not well settled on precisely how they
apply to cyber operations.37 Perhaps that ambiguity will invite the kind of
“supplementation” expressly contemplated in President Obama’s 2011
Cyber Strategy to address seriously disruptive cyber activity—whether in
isolation—or more likely, cumulatively.38 After all, international and
domestic lawyers alike are familiar with principled exceptions to many rules,
and the cyber area may prove to be no different in that regard as well.
Presently though, such disruptive activity does not “cross the line” under the
US position, consistent with past Charter Article 2(4) interpretation.
In any event, by September 2012, Legal Advisor Koh (as previously
referenced) articulated the consensus view on how we apply old laws of war
to new cyber circumstances. First came confirmation that existing
international law principles do apply in cyber-space; it is not a “law-free”
zone.39 This recognition is really no different than that which occurred with
other technological advances in the past, such as the airplane’s impact on
warfare, or the opening of new physical domains, including outer space with
restrictions and, in contrast, peaceful use of Antarctica. These were all areas
or technological advances where the need to account for change arose in the
last century. Additionally, the September 2012 commentary expressly
recognized that cyber activities can constitute a “use of force” under U.N.
Charter Article 2(4), with the national right of self-defense per Article 51
potentially triggered by cyber activities that amount to an “armed attack” or
36. See LAW OF WAR MANUAL, supra note 18.
37. See id. at 988-99.
38. See International Strategy for Cyberspace, supra note 3, at 9.
39. See Harold Hongju Koh, supra note 16, at 1-2.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
10. 596 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
imminent threat thereof.40 Further, U.S. recognition at that time
acknowledged that the law of armed conflict applies to regulate use of cyber
tools in hostilities.41 Related principles that apply include those of
distinction; limitations through necessity and proportionality; limitations on
indiscriminate weapons; as well as state sovereignty, including attribution
through “control” of proxies. The current DOD Law of War Manual
echoes these views, which retain continuing vitality in the cyber domain.42
The State Department also took the lead in various international forums
in recent years to promote a consensus among allies and other states on the
applicability of international law generally to cyberspace, as well as in efforts
to develop recognized norms of acceptable/unacceptable peacetime behavior
in cyber space, together with confidence building measures (CBM). The
State Department’s multilateral efforts to develop cyber principles seeks to
reduce risk of escalatory spirals. These efforts were recognized in the U.N.
Group of Governmental Experts on Developments in the Field of
Information and Telecommunications in the Context of International
Security. For example, the U.N. Group in a 2013 report affirmed the
applicability of international law and the U.N. Charter to cyber space.43 In
2014-15 the UN Group affirmed the inherent right of self-defense under
Article 51 in cyberspace.44 Another highpoint came in November 2015 with
the issuance of the G-20 Leaders Communique in which G-20 Leaders
affirmed that international law, and in particular the U.N. Charter, is
applicable to state conduct in the use of information and communications
technology.45 It is fair to say the cyber norm and CBM-building effort by
the State Department emerged as a U.S. foreign policy imperative in such
forums in the Obama years. A focal point in the prior international
consensus building effort of the State Department was establishing voluntary
peace-time norms in which key areas of cyber risk, such as critical
infrastructure, are identified and placed “off limits” to hostile cyber
operations. That effort found successful recognition in the 2015 Report of
the U.N. Group of Experts,46 but not operationally in the digital world.
In comparison, the Trump administration has repeatedly de-emphasized
cyber issues in foreign policy thus far. From the State Department’s closure
40. Id. at 3-4
41. Id. at 4-5.
42. See LAW OF WAR MANUAL, supra note 18.
43. U.N. Secretary-General, Report of the Group of Governmental Experts on Developments
in the Field of Information and Telecommunications in the Context of International Security,
U.N. Doc A/68/98 at 8 (June 24, 2013), http://undocs.org/A/70/174 (Reissue for technical
reasons on 30 July 2013).
44. Id. at 12.
45. Antalya Summit, G20 Leaders’ Communiqu´e, ¶ 26 15-16 November 2015, https://
www.mofa.go.jp/files/000111117.pdf.
46. Group of Governmental Experts on Developments in the Field of Information and
Telecommunications in the Context of International Security, ¶ 13(f), U.N. Doc A/70/174 (July 22,
2015), http://undocs.org/A/70/174.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
11. 2018] THE U.S. POSITION 597
of a dedicated cyber-security coordination office47, to current National
Security Advisor John Bolton’s parallel elimination of the cybersecurity
coordinator position on the National Security Council, the current
administration has been consistent on this front.48 Whether these actions
signal a complete diplomatic retreat, is open to interpretation. The two
summary public reports,49 totaling eight pages, released by the Office of the
Coordinator for Cyber Issues in late May 2018, provided no clear answer in
this regard, and only the most general recommendations to the President on
protecting cyber interests and the American people.50 But these and other
actions are appropriately viewed as an indication of an impending policy
shift toward exploiting ambiguity, rather than seeking to limit it. Indeed,
the reported replacement of an Obama era Presidential Policy Directive
with a new classified one that grants far more latitude for offensive use of
cyber actions, appears to confirm the conclusion that exploitation is now the
preferred path to achieving deterrence that proved so elusive under the prior
restrictive reaction and norm building approach.51
Still, a dual track approach of parallel legal efforts in military forums met
with considerable success over time in embracing the U.S. position. For
example, NATO cyber defense policy evolved to recognize the applicability
of international law to cyber space. This was manifested both in the general
declaratory policy of NATO as in the more detailed explication of cyber
operations and the law of war produced by the group of experts convened by
NATO in 2009, who delivered the Tallin Manual in 201352 on the
application of international law to cyber operations, and the 2.0 version
47. See, e.g., David P. Fidler, U.S. Cyber Diplomacy Requires More than an Office, COUNCIL ON
FOREIGN REL., July 26, 2017, https://www.cfr.org/blog/us-cyber-diplomacy-requires-more-
office.
48. There has been some effort legislatively to counter these re-organization efforts. See, e.g.,
Joseph Marks, Lawmakers Take Another Shot at Transforming Trump Cyber Policy, NEXTGOV, June
11, 2018, https://www.nextgov.com/cybersecurity/2018/06/lawmakers-take-another-shot-trans
forming-trump-cyber-policy/148909/.
49. U.S. Dep’t of State, Office of the Coordinator for Cyber Issues, Recommendations to the
President on Deterring Adversaries and Better Protecting the American People from Cyber
Threats (May 31, 2018) https://www.state.gov/s/cyberissues/eo13800/282011.htm.; see also U.S.
Dep’t of State, Office of the Coordinator for Cyber Issues, Recommendations to the president
on Securing America’s Cyber Interests and Deterring Cyber Threats Through International
Engagement, (May 31, 2018) https://www.state.gov/s/cyberissues/eo13800/281980.htm.
50. See, e.g., David P. Fidler, Trump Administration Cyber Reports Offer No New Ideas and
Highlight Problems with Its Own Actions, COUNCIL ON FOREIGN REL., June 11, 2018, https://
www.cfr.org/blog/trump-administration-cyber-reports-offer-no-new-ideas-and-highlight-prob
lems-its-own-actions.
51. Dustin Volz, Trump, Seeking to Relax Rules on U.S. Cyberattacks, reverses Obama Directive,
WALL ST. J., Aug. 15, 2018 https://www.wsj.com/articles/trump-seeking-to-relax-rules-on-u-s-
cyberattacks-reverses-obama-directive-1534378721; See also discussion at text beginning infra,
note 61.
52. See generally Michael N. Schmitt, Tallinn Manual on the International Law Applicable to Cyber
Warfare, NATO COOPERATIVE CYBER DEFENCE CENTRE OF EXCELLENCE (2013), https://
www.peacepalacelibrary.nl/ebooks/files/356296245.pdf.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
12. 598 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
earlier this year (which goes into much greater depth on evaluative
criteria).53 From the standpoint of declaratory policy, NATO has
acknowledged publicly, since September 2014, that (i) international law
applies in cyber space; (ii) cyber defense is part of the core task of collective
defense; and (iii) hostile activity in cyberspace can potentially trigger Article
V obligations where the effects are comparable to those of a conventional
attack.54 Such invocation determinations are made by the North Atlantic
Council on a case-by-case basis. There is alliance recognition that “cyber-
attacks can reach a threshold that threatens national and Euro-Atlantic
prosperity, security, and stability.”55 Where that line is to be drawn awaits
further elaboration or experience. In any event, NATO affirmed in July
2016 that cyberspace is a domain of operations in which NATO must defend
itself as effectively as it does in the air, on land, and at sea.56 At that time, the
NATO Secretary General also publicly declared that a “severe” cyber-attack
may be classified as a case for the alliance and, further, that the members
intend to respond to any assault, including a cyber-attack that could be
classified as an “act of war.”57
III. The U.S. Command Structure as a Reflection of Where the
Line is Crossed
Along with general recognition of the need for and efforts to establish
shared voluntary normative cyber behavior in peacetime, as well as adapting
common understandings of it in the law of war, came recognition of the
deficiencies in our organizational structure for response. Addressing this
deficit results both in alerting others where we stand for deterrent purposes,
as well as in establishing the operational architecture of how our own
command and control would be triggered and flow in the event of “attack”
— which is often used in the cyber context in a colloquial sense, rather than
to connote actual physical violence.
The US has certainly made known for deterrence purposes in its Cyber
Strategy since 2011 that:
[w]hen warranted, the US will respond to hostile acts in cyber space as
we would to any other threat to our country. We reserve the right to
use all necessary means — diplomatic, informational, military and
economic — as appropriate consistent with applicable international law,
53. See generally Michael N. Schmitt, Tallinn Manual 2.0 on the International Law Applicable to
Cyber Warfare, NATO COOPERATIVE CYBER DEFENCE CENTRE OF EXCELLENCE (2017), http:/
/assets.cambridge.org/97811071/77222/frontmatter/9781107177222_frontmatter.pdf.
54. Wales Summit Declaration, NORTH ATLANTIC TREATY ORGANIZATION (Sept. 5. 2014),
¶72-73, http://www.nato.int/cps/en/natohq/official_texts_112964.htm.
55. Id. at ¶72.
56. Cyber Defence Pledge, NORTH ATLANTIC TREATY ORGANIZATION at 1 (July 18, 2016),
http://www.nato.int/cps/en/natohq/official_texts_133177.htm.
57. See generally Massive cyber attack could trigger NATO response: Stoltenberg, REUTERS (June
15, 2016, 4:38 PM), https://www.reuters.com/article/us-cyber-nato-idUSKCN0Z12NE.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
13. 2018] THE U.S. POSITION 599
in order to defend our Nation, our allies, our partners, and our
interests.58
There was also a caveat in the public fact statement59 — which achieved
unintended full transparency when Edward Snowden made public in June
2013 Presidential Policy Directive (PPD) 2060 — that “[i]t is our policy that
we shall undertake the least action necessary to mitigate threats and that we
will prioritize network defense and law enforcement as preferred courses of
action.”61 It appears that policy statement is now history. The directive
itself was reportedly terminated (as this article went to press) and replaced by
a new Presidential Policy Directive, the contents of which are as yet
publically unknown.62
Still, this “whole of government” approach to response was embedded in
the governance structure of dealing with cyber threats. In the six years
following issuance of President Obama’s 2011 Cyber Strategy, the DOD,
State and the Department of Homeland Security (DHS), acted in concert
with other agencies, Congress, and increasingly with allies such as NATO,
other like-minded nations, and even the private sector. The prior
administration articulated general policies and endeavored to fill in some of
the blanks to help establish the legal architecture for the cyber domain to
provide some notice of the cyber trigger line, as well as a hierarchy of shared
command and control of response. The results, which in some instances
were reactive to circumstance, matured and moved well beyond an
embryonic stage of development. Response procedures were in place,63
assuming that authority was recognized by agreement on the effects analysis.
Since one of the criticisms of that structure was the unwieldy aspects of
having “too many cooks” involved, presumably the new policy directive
emphasizes a more streamlined approach, with attendant potential
coordination issues64.
The issue remains, then, of how the latest refinement of the operational
structuring of governmental and defense assets to address experience with
malicious cyber activity below the act of war threshold will play out,
including application of appropriate rules of engagement in response by the
DOD and others. To that end, section 1632 of the National Defense
Authorization Act of 2019 did seek to diminish inter-agency friction and
58. See International Strategy for Cyberspace, supra note 2, at 14.
59. See generally John Reed, The White House’s secret cyber order, FOREIGN POLICY (Nov. 14,
2012, 7:59 PM), http://foreignpolicy.com/2012/11/14/the-white-houses-secret-cyber-order.
60. Presidential Policy Directive/PPD-20, U.S. Cyber Operations Policy, https://fas.org/irp/off
docs/ppd/ppd-20.pdf.
61. Fact Sheet on Presidential Policy Directive 20 (Jan. 2013), https://fas.org/irp/offdocs/ppd/
ppd-20-fs.pdf.
62. See Presidential Policy Directive/PPD-20, supra note 60.
63. Defending the Nation at Network Speed, THE BROOKINGS INSTITUTION at 41-42 (June
27, 2013), https://www.brookings.edu/wp-content/uploads/2013/06/20130627_dempsey_cyber
security_transcript.pdf.
64. See Presidential Policy Directive/PPD-20, supra note 60.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
14. 600 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
settle some issues with respect to Tilte 10/Title 50 debates regarding the
Cyber Command’s conduct of operations outside of combat zones; it did so
by affirming that clandestine military operations in cyber space “in areas
where hostilities are not occurring” is traditional military activity within the
Title 50 exception to covert action requirements65.
The legislative clarification should help smooth operational activity, for
our officials will likely continue to grapple with categorization and response
to attacks of increasing frequency. This is so because “[w]e are vulnerable in
this wired world” — to quote the DOD Cyber Strategy released in 2015.66
Ample alarm was previously sounded in detail about the extent of that
vulnerability in the January 2013 Defense Science Board Cyber Report.67
Less than a month later President Obama issued Executive Order 1363668 to
strengthen U.S. policy to enlarge the security and resilience of the Nation’s
critical infrastructure. That infrastructure was then defined generally as
“systems and assets, whether physical or virtual, so vital to the United States
that the incapacity or destruction of such systems and assets would have a
debilitating impact on security, national economic security, national public
health or safety, or any combination of those matters.”69 It is noteworthy
that no express temporal component was publicly embedded as a
qualification to an effect of “incapacity” in that definition, although one
might be implied from the concept of “debilitating.”70 Still, the gauntlet was
thrown down: what would be protected to give concrete expression within
the definitional parameter?
To that end, on the same day in February 2013 as the executive order was
released, Presidential Policy Directive 2171 also was issued. Among other
things, it provided greater clarity to the roles and shared responsibilities
assigned to promote cyber defense, to be led by DHS, including the
identification of sixteen critical infrastructure sectors.72 Implementation
followed; assets were prioritized and vulnerabilities were and are being
assessed.73 Cyber targeting of those sectors with “significant consequences”
now carries a giant flashing caution sign to deter adversaries in peacetime;
65. See generally Robert Chesney, The Law of Military Cyber Operations and the New NDAA,
LAWFARE, (July 26, 2018), https://www.lawfareblog.com/law-military-cyber-operations-and-
new-ndaa.
66. DEPT. OF DEF., THE DOD CYBER STRATEGY at 1 (April 17, 2015), https://www.defense
.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_
for_web.pdf; See also id at 33.
67. See generally DEPT. OF DEFENSE, RESILIENT MILITARY SYSTEMS AND ADVANCED CYBER
THREAT (2013), http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf.
68. Exec. Order No. 13636, 78 Fed. Reg. 11739 (Feb. 12, 2013).
69. Id. § 2.
70. Id.
71. Presidential Policy Directive/PPD-21 - Critical Infrastructure Security And Resilience,
2013 WL 503845, at *1 (Feb. 12, 2013).
72. See id.
73. See generally DEPT. OF HOMELAND SECURITY, CRITICAL INFRASTRUCTURE SECTORS
(July 11, 2017), https://www.dhs.gov/critical-infrastructure-sectors.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
15. 2018] THE U.S. POSITION 601
equally though, it potentially helps them prioritize preparatory steps for
target selection in time of war.74 Indeed, the continuing extent of that
sector’s vulnerability was confirmed recently in Senate hearings early in
2017 by the Chairman of the Defense Science Board, who observed that our
critical infrastructure vulnerability to major adversaries’ cyber offenses will
exceed our ability to defend for at least the next decade75 — hence the public
elevation in import of deterrence. It suffices to say that since 2013 the
Director of National Intelligence (DNI) has named the cyber threat as the
number one strategic threat to the US, ahead of terrorism76 — with good
reason, as Ex-Joint Chief Chairman Dempsey publicly confirmed the multi-
fold rise in cyber assaults against critical sectors.77
In terms of “crossing the line” for DOD purposes, scenarios to consider
continue to range from penetration efforts in critical infrastructure to
prepare future battle fronts, to existing attacks on DOD and Defense
Industrial Base cyber networks, to those of “significant consequence” to the
sixteen civilian critical infrastructure sectors (as identified in PPD 21 and
pursuant to it) and electoral systems infrastructure78. This range of activity
may trigger DOD defense, as opposed to DHS control or that of sector
specific agencies. There is no assurance that President Trump’s new Policy
Directive will add sufficient clarity to responsibility assignment, particularly
if the DOD is granted new operational authorities.79 One may still look for
some guidance on where the “line is crossed” in the DOD’s most recent
Cyber Strategy, as in future ones. Currently, there is general reference in
that context to “loss of life, significant damage to property, serious adverse
74. Philip D. O’Neill, Crossing the Line: Law of War and Cyber Engagement, THE U.S.
POSITION (Apr. 26, 2017) (transcript available at https://static.ptbl.co/static/attachments/
150017/1495047643.pdf?1495047643).
75. DEPT. OF DEFENSE, OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR ACQUISITION,
TECHNOLOGY, AND LOGISTICS, TASK FORCE ON CYBER DETERRENCE at 5 (2017), https://
www.armed-services.senate.gov/imo/media/doc/DSB%20CD%20Report%202017-02-27-17_v
18_Final-Cleared%20Security%20Review.pdf.
76. See generally LAW OF WAR MANUAL, supra note 18.
77. General Martin E. Dempsey, U.S. Army, Gen. Dempsey’s Remarks and Q&A on Cyber
Security and the Brookings Institute (July 27, 2013), http://www.jcs.mil/Media/Speeches/
Article/571864/gen-dempseys-remarks-and-qa-on-cyber-security-at-the-brookings-institute/;
See also id. at 10 ((“The gap between cyber defenses employed across critical infrastructure and
offensive tools we know exist presents a significant vulnerability for our nation.”); See also id. at
12 (“. . .cyber may be our nation’s greatest vulnerability. . . .”).
78. DHS designated the country’s election infrastructure as “critical” at the end of the Obama
administration. See, e.g., Katie Bo Williams, DHS designates election systems as ‘critical
infrastructure’, THE HILL, Jan. 6, 2017, http://thehill.com/policy/national-security/313132-dhs-
designates-election-systems-as-critical-infrastructure.
Trump administration efforts in this regard are summarized in a White House fact sheet
dated July 17, 2018, see President Donald J. Trump is Protecting Our Elections and Standing Up to
Russia’s Malign Activities, WHITE HOUSE (July 17, 2018), https://www.whitehouse.gov/
briefings-statements/president-donald-j-trump-protecting-elections-standing-russias-malign-
activities/.
79. TASK FORCE ON CYBER DETERRENCE, supra note 65, at 5.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
16. 602 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
U.S. foreign policy consequences, or serious economic impact on the U.S.”80
Yet, in Congressional testimony in the summer of 2016, a DOD official
could not answer a hypothetical question on whether loss of life resulting
from a cyber-attack on the electrical grid that cut off power to hospitals,
would cross the line of “significant consequence” — although he did
volunteer that DOD assistance would be provided if DHS needed help,
which provides some insight into the DOD domestic operational mindset.81
Such matters simply highlight the difficulty of applying the standard and
concomitant impact on response operational control. Frustration with
general criteria will surely mount, for if hypotheticals can’t be answered,
there is also the added challenge arising from the absence of visible custom
and practice in the cyber domain. To explain, so much of cyber operation is
covert, clandestine, or by proxy operatives and activists— basically the
equivalent of cyber “little green men” through use of “cut out agents.”82 In
such circumstances it can be hard to see (and foresee) the myriad threats and
operations that will trigger serious and harmful results, although we are
building up all too much experience to draw upon. Hence, state practice in
the cyber domain is likely to remain relatively veiled in comparison to
others. This impedes the development of customary norms of acceptable
and unacceptable behavior through visible state practice. As a result,
experts, the public, and Congress alike justifiably fear that deterrence is not
being well served by generalities. In short, we have moved past theory and
are confronted by practice. This is particularly the case with respect to
“disruptive” cyber-attacks, and even more so for “destructive” ones — a
distinction recognized in the 2014 Defense Quadrennial Review83 — below
the “significant consequence” threshold, wherever that may be.84 Moreover,
“attribution” of cyber “control” for Article 2(4) purposes now, as in the past
— ranging from the Wars of National Liberation in the Cold War to today’s
“low intensity conflicts” — remains an issue of fact and law.85 U.S. national
technical means increasingly provide the answer, but not necessarily in real
time, nor to the public.
The terrain of “disruption” with or without destruction, thus expands the
attack surface on the cyber battlefront. It has emerged as the “soft spot” of
choice in exploiting both our vulnerabilities and emerging defensive regime.
It is a potential magnet in this new era of threat to our industry, which acts
80. Id.
81. See generally Scott Maucione When Should DoD Respond to a Cyber Attack? No One Really
Knows, FEDERAL NEWS RADIO (June 23, 2016, 4:13 PM), https://federalnewsradio.com/
defense/2016/06/dod-respond-cyber-attack-no-one-really-knows/; see generally Military Cyber
Operations (C-SPAN television broadcast June 22, 2016)(military officials testified at a hearing
on the Pentegon’s cyber operations to combat ISIS); see also General Martin E. Dempsey, Gen.
Dempsey’s Remarks and Q&A on Cyber Security and the Brookings Institute (July 27, 2013).
82. O’Neill, supra note 74.
83. DEPT. OF DEFENSE, QUADRENNIAL DEFENSE REVIEW 2014 at 14 (2014), http://
archive.defense.gov/pubs/2014_Quadrennial_Defense_Review.pdf.
84. Id.
85. Id. at 37; see also U.N. Charter art. 2.4.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
17. 2018] THE U.S. POSITION 603
as a force multiplier for any adversary who seeks to inflict economic death on
us by a thousand cuts. The attack on the Sands in February 2014 by Iran,86
and more publicly visible attack on Sony later that year by North Korea,87
both exemplify such attacks. These were the first destructive cyber assaults
on civilian targets in the United States, which were ultimately attributed to
nation states. Neither, of course, rose to the level of a crippling assault on
U.S. critical infrastructure, but they are a wave of the future. Indeed, in
February 2015, testifying before the Senate Armed Services Committee,
former DNI James Clapper acknowledged publicly that: “[w]e foresee an
ongoing series of low-to-moderate level cyber-attacks from a variety of
sources over time, which will impose cumulative costs on U.S. economic
competitiveness and national security.”88 This represented something of a
shift in focus from prior concerns articulated by former Defense Secretary
Panetta over a “cyber Pearl Harbor” paralyzing the country.89 Still, multiple
high profile attacks occurred before April 2015, when Executive Order
1396490 created a new, targeted authority for the U.S. government to
respond more effectively to many serious cyber threats that don’t “cross the
line.” This executive order focused not only on cyber-enabled malicious
activities that harmed or significantly compromised the provision of services
by entities in our critical infrastructure, but also extended even to the
significant disruption of a computer or network of computers.91 This latter
criterion was not linked to critical infrastructure.92 Accordingly, its
applicability could reach attacks such as those on the Sands and Sony. Thus,
this added economic weapon helps extend our layered cyber national
defenses to attacks that do not necessarily trigger a DOD led response.
Additionally, though, as we seek to gauge the existing effectiveness of
deterrence now and in the future cyber-security environment, we should
pause to observe and acknowledge that it has worked thus far — to the
extent that no catastrophic cyber-attack has been experienced yet by the
American people, although one could well be in preparation through
ongoing probing of our critical infrastructure of power grids and dams, for
example. At the same time, we do know that there is adversarial capacity to
engage in cyber acts that no one would doubt constituted “acts of war” by
their destructiveness from public acknowledgement by Ex-Joint Chiefs
Chairman Dempsey.93
86. Worldwide Cyber Threats: Hearing Before the Senate Select Committee on Intelligence, 114th
Cong. 2 at 4 (2016) (statement of James R. Clapper, Director of National Intelligence).
87. Id.
88. Id. at 2.
89. Leon E. Panetta, Secretary of Defense, Remarks by Secretary Panetta on Cybersecurity to
the Business Executives for National Security, New York City (Oct. 11, 2012) (transcript
available at http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136).
90. Exec. Order No. 13694, 78 Fed. Reg. 11739 (Feb. 12, 2013).
91. Id. § 1(a)(i)(C).
92. Cf. id. § 1(a)(i)(A) with id. § 1(a)(i)(C).
93. General Martin E. Dempsey, U.S. Army, A Discussion on Cybersecurity with General
Martin E. Dempsey 24-25 (June 27, 2013).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
18. 604 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
Still, there has been some general line drawing from an operational
standpoint from which we and others can glean insight on what cyber
actions may “cross the line”. The question of which types of attacks will
likely be regarded as “acts of war” has been the subject of at least brief
commentary by top officials in the past administration, who periodically
endorsed U.S. general policy approach with some explanation. In particular,
former Secretary of Defense Ash Carter, in his Drell Lecture at Stanford,
was asked about the “low end of the threshold of significant consequence”
that would trigger DOD involvement in the response hierarchy.94 His reply:
Something that threatens significant loss of life, destruction of property,
lasting economic damage to the people. Any such use of force against
America or American interests where the President would determine
what the response ought to be on the basis of its proportionality and its
effectiveness. It won’t be any different in cyber than it will be in any
other domain — with the response not limited to the cyber domain.95
The answer does add a temporal component not expressly present in the
sector definition of Executive Order 13636. Regardless, the temporal
component of “lasting” might benefit from further elaboration to clarify
when it is not “temporary” as the DOD Manual references.96 On the other
hand, creative ambiguity both masks and maximizes executive discretion to
deal with cyber confrontations, even if does not fix a precise declaratory line
in the sand that cyber adversaries knowingly cross at their own risk.
We also have a qualitative guidepost to “line crossing” from public
testimony three years ago by then Assistant Secretary of Defense for
Homeland Security and Global Affairs Rosenback before the Senate Armed
Services Committee. He acknowledged that the DOD is expected to take
the lead authority only on the most serious cases — about the “top 2% of
attacks,”97 with responsibility at DHS, Treasury or the sector specific lead
agencies for the other 98%. We also know from that testimony that it would
not include DOS cyber-attacks, “unless it would cross the threshold of
armed attack in most instances.”98 Where is the line drawn? As then
Secretary Carter somewhat obliquely referenced at Stanford, if a U.S. cyber-
attack is one which the President must authorize (and for which pre-
decisional operational plans are already in place), the United States certainly
94. See generally DEPT. OF HOMELAND SECURITY, MEM. OF AGREEMENT BETWEEN THE
DEP’T OF HOMELAND SECURITY AND THE DEP’T OF DEFENSE REGARDING CYBERSECURITY
(2010), https://www.dhs.gov/xlibrary/assets/20101013-dod-dhs-cyber-moa.pdf.
95. Defense Secretary Ash Carter, Remarks by Secretary Carter at the Drell Lecture Cemex
Auditorium, Stanford Graduate School of Business, Stanford, California (Apr. 13, 2015)
(transcript available at https://www.defense.gov/News/Transcripts/Transcript-View/Article/
607043/remarks-by-secretary-carter-at-the-drell-lecture-cemex-auditorium-stanford-grad/).
96. See id.
97. Army Sgt. 1st Class Tyrone C. Marshall Jr., New DoD Cyber Strategy Nears Release, Official
Says, DEPT. OF DEFENSE (April 14, 2015), http://archive.defense.gov/news/newsarticle
.aspx?id=128587.
98. Id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
19. 2018] THE U.S. POSITION 605
has another internal guidepost from it on what would likely be regarded as
an “armed attack” against the U.S. We do not know, nor do our adversaries
yet, whether the new Presidential Policy Directive will change the DOD
trigger point, or simply authorize a more flexible operational response when
it is reached, or both. Certain adversaries do know, however, that Section
1642 the 2019 National Defense Authorization Act, signed by the President
on August 13, 2018,99 grants Congressional pre-authorization for an active
“proportional” DOD cyber response against them if authorized by the
National Command Authority (the President and Secretary of Defense).
That Congressional authorization requires as a rule of construction a
“systematic, and ongoing campaign” of cyber attacks, including attempts to
influence our democratic processes, by Russia, China, North Korea or Iran.
This authorization, if utilized, would seemingly task the DOD at levels
below the threshold acknowledged just a few years ago.
Further, we previously knew from PPD 20 that with respect to cyber
operations directed at our critical infrastructure:
[s]pecific Presidential approval is required for any cyber operations -
including cyber collection, DCEO, and OCEO - determined by the
head of a department or agency to conduct the operation to be
reasonably likely to result in “significant consequences” as defined in
this directive. This requirement applies to cyber operations generally,
except for those already approved by the President. . . .”100
The definition of “significant consequences, under the former directive was
“[l]oss of life, significant responsive actions against the United States,
significant damage to property, serious adverse U.S. foreign policy
consequences, or serious economic impact on the United States.”101 PPD 20
also previously authorized emergency cyber action by the Secretary of
Defense, or authorized department agency heads pursuant to procedures
authorized by the President, if such authorization was needed, to conduct
emergency cyber actions necessary to mitigate an imminent threat or
ongoing attack using defense cyber effects operations (DCEO) if
circumstances did not permit obtaining prior approval.102 This delegation of
authority also was measured under a standard of matters involving imminent
loss of life or significant damage with “enduring” national impact to essential
functions of government, critical infrastructure, key resources, or the
mission of U.S. military forces.103 There were other conditioning factors,
including among them, that the emergency action be necessary in
99. See S. COMM. ON ARMED SERVICES, 115TH CONG,, JOHN S. MCCAIN NAT’L DEF.
AUTHORIZATION ACT FOR FISCAL YEAR 2019 (Conf. Summary 2019), https://www.armed-
services.senate.gov/download/fy19-ndaa-conference-summary.
100. Presidential Policy Directive/PPD-20 – U.S. Cyber Operations Policy § IV (Oct. 16,
2012), https://fas.org/irp/offdocs/ppd/ppd-20.pdf.
101. Id. § I.
102. Id. § V.
103. See id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
20. 606 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
accordance with the inherent right of self-defense under international law
and, further, that the DCEO not be likely to have “significant
consequences” nor be lethally intended.104 The U.S. Government was also
previously instructed to conduct DCEO with the least intrusive methods
feasible to mitigate a threat.105 In PPD 20, the temporal component missing
in the subsequent publicly released Executive Order 13636 was found, which
provided the missing link of executive gloss on how to measure
consequences.106 What the new Presidential Policy Directive does in this
regard is classified, as was its predecessor until Snowden released it publicly.
In any event, our own contemplated cyber attacks with “significant
consequences” had a top level command structure similar to that of nuclear
weapons. Based on the delegation authority provided in PPD 20, one might
surmise that a cyber-delegation of command or devolution of control
structure is in place in the event of emergency or catastrophic attack (similar
to that for nuclear attacks).107 Former Joint Chiefs Chairman Dempsey
publicly confirmed the existence of pre-decisional emergency response
procedures.108 At the same time, he also acknowledged the ongoing revision
of cyber rules of engagement. Still, it is noteworthy that the then head of
the US Cyber Command, Navy Admiral Mike Rogers, publicly expressed in
February 2017 the hope that greater tactical delegation of cyber weapons
will be afforded to commanders in the five to ten year range, as presently
outside a defined area of hostilities is controlled at the executive level and
not delegated down, except in certain circumstances.109 His view was that
with greater experience, greater confidence is expected to be engendered to
push offensive cyber capabilities down to the tactical level.110 Whether that
operational timetable was actually advanced by the new Presidential Policy
Directive is currently unknown outside the Executive branch and
responsible Congressional oversight committees. But any necessary
Congressional clarification as to the authorization process for such
clandestine cyber operations, as noted above,111 is found in section 1632 of
the 2019 National Defense Authorization Act’s confirmation that it is Title
10 traditional military activity, so it may well be felt by virtual adversaries
already. In any event, DOD cyber operations will more closely resemble
special forces activity for oversight purposes. After all, the legislation that
created our cyber military force several years ago, and which very recently
104. See id.
105. Id. § III.
106. See Presidential Policy Directive/PPD-20 – U.S. Cyber Operations Policy (Oct. 16, 2012),
https://fas.org/irp/offdocs/ppd/ppd-20.pdf.
107. Id.
108. General Martin E. Dempsey, U.S. Army, A Discussion on Cybersecurity with General
Martin E. Dempsey at 36-37 (June 27, 2013).
109. Cheryl Pellerin, Rogers Discusses Near Future of U.S. Cyber Command, DEPARTMENT OF
DEFENSE (Feb. 24, 2017), https://www.defense.gov/News/Article/Article/1094167/rogers-
discusses-near-future-of-us-cyber-command/.
110. See id.
111. See TASK FORCE ON CYBER DETERRENCE, supra note 65, at 5.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
21. 2018] THE U.S. POSITION 607
empowered112 and elevated it to a unified command, with a direct report to
the Secretary of Defense (rather than commander of our strategic forces),
was closely modeled after the much earlier 1980s legislation with respect to
our Special Operations Command.
Importantly, from the standpoint of fixing the demarcation line for cyber-
attack, the 2017 Defense Authorization Act also sought to improve cyber
deterrence by pushing the fiscal button on how the United States responds.
Rather remarkably, it sought to do so by impelling the Secretary of Defense
and Chairman of the Joint Chiefs of Staff to provide a list of military and
non-military options available to deter or respond to malicious cyber
activities, and a list of rules of engagement and operational plans to execute
options.113 Given the then existing regulatory limitation on DOD response
to cyber events outside its own and DIB systems, the logical focus of such
plans would be tied to significant consequences to our critical infrastructure,
and not to 98% of the disruptive and less destructive attacks on U.S.
networks — unless that threshold for DOD involvement changed, with the
engagement “line” drawn at a lower threshold, or through shared
responsibility granted to DOD to provide assistance. Armed with that list,
the President was then required by law to articulate when and in what
circumstances he would authorize the execution of the options.
As such, the FY 2017 Defense Authorization Act was the successor to the
legislation introduced in 2016 by Senator Rounds114 pursuant to which
“digital acts of war” were to be defined to better, deter, and enable the DOD
to respond. That proposed legislation was resisted by the Executive Branch
and not well received by Congress. While the then DIA Director in Senate
testimony on February 9th, 2016 observed it would be helpful to have a clear
definition of both a cyber act and an “act of war,”115 it is one thing to task
our DOD acting in concert with other governmental entities with analysis of
which attacks are catastrophic or destructive enough to define it as an
“armed attack;” it is quite another to give a specific “heads up” to adversaries
about it for deterrence purposes. Certainly, highly classified and unclassified
versions of the report were anticipated, but how deterrence is served is
unexplained when where the line is crossed is undisclosed.
Still, we do see “notice” or “signaling” play out from time to time and in
various alternative ways in the cyber warfare sector. That is well illustrated
by the public observation on June 10, 2016 when a ranking member of the
House Permanent Select Committee on Intelligence stated that an attack on
a U.S. satellite, such as strategic indication and warning systems, could be
112. See generally H.R. REP. NO. 114-840 (2017).
113. See id.; see also Charley Snyder, Decoding the 2017 NDAA’s Provisions on DoD Cyber
Operations, LAWFARE (Jan. 30, 2017, 3:31 PM), https://www.lawfareblog.com/decoding-2017-
ndaas-provisions-dod-cyber-operations.
114. S. 163, 114th Cong. 2 (2015), https://www.rounds.senate.gov/imo/media/doc/Bill,%20
NDAA%202017%20Related,%20Cyber%20Act%20of%20War.pdf.
115. Global Threats (C-SPAN television broadcast Feb. 9, 2016)(director of National
Intelligence James Clapper testified before the Senate Armed Services Committee).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
22. 608 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
considered an “act of war”.116 But what significance, if any, does an
adversary attach to such pronouncements if not echoed by the Secretary of
Defense or President? There are similar parallels with recent
pronouncements about Russian cyber forces by members of the Russia
legislative oversight committees that invite inquiry into what significance to
attach to them.117
Nevertheless, after the previously referenced hearings and rejection of the
“Cyber Act of War Act,” Congress sought to highlight the lack of specific
policy and strategy for deterring, defending, and responding to cyber-
attacks. With the FY 2107 Defense Authorization Act, Congressional
intrusion into Executive branch prerogative through use of the purse strings
surfaced seeking predetermined cyber security related decision making. Yet,
it did not even draw ire from outgoing President Obama in his signing
statement in December, 2016,118 but it seemingly will when push eventually
comes to shove — constitutionally or otherwise — in the Trump
administration. From a deterrence perspective, which purportedly impelled
the legislative direction, one certainly cannot imagine that we will want such
lists and options to see the light of day, so let us hope our cyber adversaries
cannot hack into those lists and future reports. But given the inherent
secrecy that need be accorded to such operational details, it is rather hard to
see how deterrence is served, because historically it is accomplished by
visibility to adversaries; that is, either by declaratory policy in which clear
lines are drawn, or by making transparent operational steps with weapons or
force deployment as a tangible and visible sign of transgression. In the cyber
world where such visibility typically tends to be the least desirable option, it
is a real challenge to deter acts that fall short of activity that all would tend
to recognize as “crossing the line” such that they constitute a “use of force”
or “armed attack” or “act of war.” In this regard, the “visibility deficit” was
not filled by President Trump’s classified report to Congress in April 2018
on national policy for cyberspace and cyberwarfare. That report filed
pursuant to the requirements of the FY 2018 National Defense
Authorization Act may communicate Executive Branch intentions to our
legislature on military led cyber operations, but it will only communicate to
adversaries by implementation of those policies.119 Ultimately, it would
seem that “signaling” where precise lines are drawn will be in cyberspace
through action; not through public discourse, other than continuing
116. Colin Clark, Cyber Attack On Satellite Could Be Act Of War: HPSCI Ranking, BREAKING
DEFENSE (June 10, 2016, 4:43 PM), https://breakingdefense.com/2016/06/cyber-attack-on-
satellite-could-be-act-of-war-hpsci-ranking/.
117. See, e.g., Vladimir Isachenkov, Russian military acknowledged new branch: info warfare troops,”
AP NEWS (Feb. 22, 2017), https://www.apnews.com/8b7532462dd0495d9f756c9ae7d2ff3c.
118. See President Barack Obama, Statement by the President on Signing the National Defense
Authorization Act for Fiscal year 2017 (Dec. 23, 2017).
119. See generally National Defense Authorization Act for Fiscal Year 2018, Public Law No.
115-91 § 1631, 131 Stat 1283 (Dec. 12, 2017).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
23. 2018] THE U.S. POSITION 609
Congressional monitoring120 and expressions of disappointment with past
responses of the executive branch to adversary cyber attacks121.
IV. The Import of Recent Cyber Operations to “Crossing the
Line”
We may have hit upon something of a solution to the deterrence dilemma,
in demonstrating our cyber capabilities to a certain extent that could be
leveraged now and in the future as a credible threat for deterrence purposes.
In the recent past we actively and admittedly engaged in offensive cyber
warfare operations against ISIS. It is, after all, easier to attack an entity that
is not recognized as a sovereign, than it is to attack a full blown nation state.
The point remains that what we were doing was engaging in cyber warfare
— “dropping cyber bombs” to quote our Ex-Deputy Secretary of Defense
Bob Work.122 Our cyber-attack was conducted in the context of our fight
with ISIS, and was said by our former President and then top DOD officials
to be directed at its “command and control network.”123
That concept usually triggers a direct military association with respect to
impairing oversight and direction of forces and weapons. With respect to
ISIS, we know from former Secretary of Defense Carter’s remarks at a press
conference that our cyber capabilities being exercised go beyond jamming in
traditional electronic warfare. They extend to operations calculated to
promote loss of confidence by the enemy in their network, overloading it
and reportedly doing “all of these things that will interrupt their ability to
command and control forces there, control the population and the
economy.”124 Now the novel magic in that formulation relates to the
“population control and the economy” addendum (which was not reported
in all news accounts) — matters that we historically have tended to think of
as “governance” rather than “command and control”. If it is the case and the
U.S. took a more expansive view of “command and control” by
encompassing those governance sectors, then depending upon what we did
and how visible it was to adversaries like Russia, there was increased insight
into what constitute cyber “use of force” and an “armed attack.” Where the
effects can be monitored by the intelligence services of existing or potential
120. The 2019 National Defense Authorization Act reorganizes the few recent Congressional
oversight statutes with respect to DOD cyber operations, transferring them to the new Title 10
Chapter 19 from Chapter 10.
121. See e.g., H.R. REP. NO. 115-874, at 1055 (2018) (Conf. Rep.), https://docs.house.gov/
billsthisweek/20180723/CRPT-115hrpt863.pdf.
122. Ryan Browne & Barbara Starr, Top Pentagon Official: ‘Right Now it Sucks’ to be ISIS, CNN
(Apr. 14, 2016, 7:52 AM), https://www.cnn.com/2016/04/13/politics/robert-work-cyber-
bombs-isis-sucks/index.html.
123. Id.
124. Defense Secretary Ash Carter, Dep’t of Defense Press Briefing by Sec. Carter and Gen.
Dunford in Pentagon Briefing Room (Feb. 29, 2016) (transcript available at https://
www.defense.gov/News/Transcripts/Transcript-View/Article/682341/department-of-defense-
press-briefing-by-secretary-carter-and-gen-dunford-in-the/).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
24. 610 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
adversarial regimes, that serves to remove doubts about our force structure,
capacities, and political will to engage them. Perhaps, though, any
conclusions are best not entirely separated from context — as with the
Russian based cyber-attack on Ukraine’s power grid — which directly
impacted the civilian population, but which came in retaliation, one must
add, for good old-fashioned sabotage by physically bombing the power lines
going into Crimea the month before.125 In assessing when the “line is
crossed” by cyber operations, context clearly does matter.
In any event, despite all of the efforts to promote standards, identify
criteria, and apply traditional international law to considerations of what
constitute the “use of force”, “armed attack”, or “act of war,” we still differ
when lines are drawn with such precision that matters perhaps falling short
of the stated criteria are nonetheless very serious actions by sovereign and
other adversaries. Most recently, with respect to the Russian cyber intrusion
into our electoral process, top leaders in our defense establishment differed
over whether such action against something as fundamental to Americans as
the integrity of our electoral process constituted an” act of war” — which
was Senator McCain’s reported view,126 or an “aggressive act” — which was
Secretary Carter’s response when apprised of the remarks of the Chairman
of our Senate Armed Services Committee.127 Clearly a line was crossed in
the context of intelligence operations through the release and subsequent
misinformation campaign. Whether a line was crossed in terms of a “use of
force” determination or “act of war” is quite another matter. Still, for as
much progress as we have made in this decade about when the “line is
crossed,” our work is not done yet; the DOD seemingly remains unsure
precisely when it is tasked with response — even though it expressly
recognized in the April 2015 DOD Cyber Strategy that “[t]he increased use
of cyber-attacks as a political instrument reflects a dangerous trend in
international relations.”128 On the other hand, President Obama publicly
recognized on December 29, 2016 that increasing use of cyber means to
undermine democratic processes here and abroad, warranted an economic
weapon explicitly targeting attempts to interfere with elections.
Accordingly, the President approved, amending Executive Order 13964 to
authorize sanctions on those who: “tamper with, alter, or cause a
misappropriation of information with the purpose or effect of interfering
with or undermining election processes or institutions.”129 Using the new
125. Zim Zetter, Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid, WIRED (Mar.
3, 2016, 7:00 AM), https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-
ukraines-power-grid/.
126. Theodore Schleifer & Deirdre Walsh, Russian Cyberintrusions An ‘Act of War’, CNN (Dec.
30, 2016, 8:27 PM), https://www.cnn.com/2016/12/30/politics/mccain-cyber-hearing/
index.html.
127. Mallory Shelbourne, Carter: We shouldn’t ‘Limit Ourselves’ In Response to Russia, THE HILL
(Jan. 8, 2017, 11:34 AM), http://thehill.com/policy/defense/313222-carter-we-shouldnt-limit-
ourselves.
128. See THE DOD CYBER STRATEGY, supra note 66.
129. Exec. Order No. 13757, 82 Fed. Reg. 1 § 1(a)(ii)(E) (Jan. 3, 2017).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
25. 2018] THE U.S. POSITION 611
authority, that President visibly sanctioned nine Russian entities and
individuals.130 One concludes per the DOD Law of War Manual (section
16.3.3.3) if the Russian action was not the “use of force,” one may still take
necessary and appropriate actions in response that do not constitute a use of
force. The former President’s public actions were consistent with the
restrictive response policy previously articulated; whether there will be an
“invisible” additional response is open to conjecture given the new
Presidential Policy Directive.
In closing, the employment of such cyber attacks represents a continuing
adversarial threat to our political order and democracy. The temptation is
certainly there, on a matter of such fundamental importance, to fix sooner
rather than later, where in the spectrum such matters fall on the line of
hostile action to provide notice to adversaries — and to do so by design,
rather than either by inadvertence or by reactive ad hoc additions to the
response tool box for possible calibrated use. But given U.S. past history of
intrusion in foreign governance and interest in “freedom to operate” in like
fashion where national interest dictates around the globe, the issue bears
wider policy consideration than just within the narrow confines of a debate
over hostile acts of cyber intrusion. In the meantime, the rules of cyber
warfare remain in development from a U.S. standpoint. But the United
States continues to respond to cyber attacks against national interests when,
where, and how it choses; using what it considers to be appropriate
instruments of power; and acting in accordance with our view of applicable
law and Presidential policy directive. While we have a cyber force structure
as well as this administration’s “warfare” strategy and operational policy now
in place, how it will all be actually employed in the “common defense” of our
people when lines are crossed still remains a “work in progress.”131
130. Id. § 2 (listing Russian entities and individuals).
131. See, e.g., the remarks of DNI Dan Coates in response to a question from Senator Mike
Rounds in testimony before the Senate Armed Services Committee, 31 nt. 4-10 (Mar. 6, 2018),
https://www.armed-services.senate.gov/imo/media/doc/18-20_03-06-18.pdf.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
26. THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
27. Crossing the Line: The Law of War and Cyber
Engagement – Applying the Existing Body of
Law to this New National Security Threat
SANDRA L. HODGKINSON1
I. Introduction
Over the past decade, there has been a growing awareness of the threat
caused by the increasing reliance on cyberspace and the risk to national
security it brings. Cyber “attacks” against the U.S. government can be
launched by a variety of actors with different motivations for intelligence
collection, data or intellectual property theft, espionage, or ultimately to
threaten our national security by offensively crippling a military asset or
critical U.S. infrastructure.2 Notwithstanding, a large majority of cyber
incidents are often aimed at data theft for personal gain, rather than
launched by would-be enemy nations as an instrument of warfare. Whatever
the motivation, the damage from a cyber-attack can be serious, and can put
our national interests at risk.
When we talk about “crossing the line,”—we are discussing at what point
the law of armed conflict is triggered in a cyber “attack” which would justify
a lawful military response. This is a very narrow subset of current cyber
events, and it requires its own set of laws and policies. The last ten years has
seen a significant shaping of the law in this area and even a growing
consensus between the U.S. and the international community as to when a
cyber-event has crossed the threshold into becoming an “armed attack.”3
This short article will, at a very high level, discuss the threshold jus ad bellum
question that other panelists are also addressing. In addition, this article will
focus on what the practical effect of a cyber “armed attack” means and how
some of the law of armed conflict principles may apply. Volumes can be
written about these topics, but the goal here, in this panel, is to lay them out
for discussion.
1. This presentation was part of a panel discussion during the ABA Spring of the
International Section on April 26, 2017 in Washington, DC. Ms. Hodgkinson is a member of
the ABA Cyber Task Force, retired Captain from the U.S. Navy JAGC Corps reserves, and
former member of the U.S. Government’s Senior Executive Service with positions at DoD,
State Department and the National Security Council. She currently works as a Senior Vice
President in the defense industry at Leonardo DRS.
2. Cyberattack, TECHNOPEDIA, https://www.techopedia.com/definition/24748/cyberattack
(last visited June 17, 2018).
3. CYBERSECURITY LEGISLATION 2017, NCSL (Dec. 29, 2017), http://www.ncsl.org/
research/telecommunications-and-information-technology/cybersecurity-legislation-2017.aspx.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
28. 614 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
What does it mean to be in an “armed conflict” in a cyber-context?
Clearly, cyber bombs are not dropping from the sky, but there is a
significant threat to national security that arises from a cyber-war. And for
those individuals who engage in a cyber-attack, what is their status? Are
they lawful “combatants” entitled to prisoner of war status upon capture, and
possessing the greatest right of all in wartime—the right to kill? Or,
alternatively, are they more akin to the unprivileged belligerents we have
seen through the more recent asymmetrical conflicts with Al Qaeda and
other terrorist organizations? Are individual “hacktivists” capable of
launching a cyber-attack? How do the unique challenges of attribution in
cyber space affect the ability of nations to adequately deter, and respond to,
cyber threats? And how do the time-tested principles of necessity and
proportionality apply to cyber-attacks which have crossed the line? As in
wars of the past, does state sovereignty afford nations the right to be
“neutral” in these cyber conflicts, even if a cyber-event passes through their
networks? And once the line has been crossed, how does that impact the
applicability of other cyber-crime laws, espionage laws, and sabotage laws?
These are all questions that this panel discussion and supporting paper are
designed to address.
This presentation will first provide a quick summary of key developments
in the law governing cyber-attacks. Then, it will address the practical
implications of being in a cyber-war and discuss the status of individuals
involved in this war. Third, it will address the principles of necessity and
proportionality. Fourth, the article will discuss the role of state sovereignty
and neutrality. Finally, the article will address the applicability of other laws.
In its conclusion, the article will raise concerns about areas where the law of
armed conflict remains unclear and imperfect in addressing this new threat
emanating from the cyber world.
II. Growing Consensus That Cyber Attacks May be Acts of War
In July 2011, the U.S. Department of Defense (“DoD”) launched its first
official cyber strategy, and listed cyber space as an “operational domain,” like
sea, air, space and land.4 President Obama, consistent with his National
Security Strategy, signed a classified presidential directive related to cyber
operations, PPD-20 the following year, which recognized the growth in
cyber incidents and threats against the U.S. government.5 PPD-20
promoted a whole-of-government approach, establishing principles and
processes for cyber operations to enable more effective planning,
development, and use of our capabilities.6 PPD-20 aimed to take the least
action necessary to mitigate threats and emphasized network defense and law
4. U.S. DEP’T OF DEF., DEP’T OF DEF. STRATEGY FOR OPERATING IN CYBERSPACE (2011).
5. PRESIDENTIAL POLICY DIRECTIVE 20, PPD-20, U.S. CYBER OPERATIONS POLICY (Oct.
2012).
6. Id.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
29. 2018] APPLYING THE EXISTING BODY OF LAW 615
enforcement as the preferred courses of action.7 The 2011 DoD cyber
strategy,8 coupled with White House international strategy,9 together have
provided a framework for how the DoD addresses cybersecurity problems
with business, civilian government, and by working with international allies
to establish international norms. In April 2015, the DoD updated its
strategy, providing more detail and clarity, which included a description of
the newly developed DoD Cyber Mission Force, created to defend DoD
networks, protect U.S. homeland and vital interests, and enable full-
spectrum cyber capabilities for military operations.10
Several of these new policies have helped shape the overall approach to
cyberspace, but what happens when a foreign government uses cyber space
to directly attack another country? The 2007 computer network attack on
Estonia, generally attributed to the Russian government, was the first
reported cyber-attack by one country on another.11 Heavily reliant on the
Internet in cyber space, Estonia’s newspapers were attacked; the banks,
police, and government were attacked by botnets, immediately
overwhelming the government systems and emergency response systems.12
Similar computer network attacks from Russia into Georgia in 2008 were
also alleged and were more complex, including defacement of government
websites and altering news coverage.13 While Russian government
involvement has not been officially proven in either the Estonian or
Georgian attacks, several factors have at least demonstrated Russian
government complicity in the attacks.14 As NATO and EU debated whether
and how to respond to “attacks” such as these—whether as an armed attack
that would trigger collective self-defense under article 5 of the NATO
Charter, or something else—Tallinn, the capital of Estonia, became the
epicenter for the study of cyber-attacks.15 From 2009 to 2012, a group of
twenty international experts at the NATO Cooperative Cyber Defense
Center of Excellence (CCDCOE) drafted the Tallinn Manual, which
focused on the applications of international law to cyber operations and
7. Id.
8. U.S. DEP’T OF DEF., supra note 4.
9. International Strategy for Operating in Cyberspace (May 2011), available at https://obama
whitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace
.pdf.
10. U.S. DEP’T OF DEF., DEP’T OF DEF. CYBER STRATEGY (2015).
11. Damien McGuinness, How a cyber attack transformed Estonia, BBC (Apr. 27, 2017), http://
www.bbc.com/news/39655415.
12. Patrick Howell O’Neill, The Cyberattack That Changed the World, DAILY DOT (May 20,
2016), https://www.dailydot.com/layer8/web-war-cyberattack-russia-estonia/.
13. Sergei Boeke, Cyber war and the crisis in the Ukraine, LEIDEN SAFETY & SEC. BLOG (Mar.
16, 2014), leidensafetyandsecurityblog.nl/articles/cyber-war-and-the-crisis-in-the-ukraine; Sean
Watts, The Notion of Combatancy in Cyber Warfare, 2012 4th Int’l Conference on Cyber Conflict,
at 235, 241.
14. Boeke, supra note 13.
15. Joshua Davis, Hackers Take Down The Most Wired Country In Europe, WIRED (Aug. 21,
2007), https://www.wired.com/2007/08/ff-estonia/.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
30. 616 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
cyber warfare.16 Specifically, the Tallinn Manual analyzed when states could
respond to cyber-attacks as “armed attacks,” triggering the right of self-
defense under international law.17 Although it has not become a binding
legal document, the Tallinn Manual has become an important source of law
on this subject.
The U.S. State Department Legal Advisor, Harold Koh, was the first to
lay out an official government position declaring that a cyber-attack could be
an armed attack. In his speech at a U.S. Government Cyber Conference in
September of 2012, he articulated several factors in that determination,
which are laid out separately below.18 In September 2014, NATO followed
the U.S.’ lead and also determined that a cyber-attack could justify
invocation of article 5 of the NATO treaty.19 Under Article 5, the NATO
collective self-defense provision, a significant enough cyber-attack on one
member of NATO would be considered an attack on them all, justifying a
military response.20 Soon after NATO, a U.N. Group of Governmental
Experts on Developments in the Field of Information and
Telecommunications in the Context of International Security, the only U.N.
group studying the issue, also affirmed the right of self-defense under article
51 of the U.N. Charter.21 Most recently, in October 2017, EU nations
drafted a document stating that cyber-attacks can be acts of war, signaling
growing solidarity against countries like Russia and North Korea,22 which
has also been alleged to engage in cyber-attacks. As a result, there is
sufficiently broad-based international consensus that cyber-attacks can be
considered acts of war in appropriate circumstances.
In March 2016, the U.S. Justice Department claimed that members of
Iran’s Islamic Revolutionary Guards Corps had launched an online attack
against critical U.S. infrastructure in 2013 by entering the computerized
command and controls of a dam in New York City.23 The Iranians also
16. TALLINN MANUAL ON THE INTERNATIONAL LAW APPLICABLE TO CYBER WARFARE, 42
(Michael N. Schmitt ed., Cambridge Univ. Press 2013) [hereinafter Tallinn Manual].
17. Id.
18. Harold Honju Koh, International Law in Cyberspace, 54 HARV. INT’L L.J. 1, 4 (2012)
(footnoted version of speech delivered at the Cybercom Legal Conference, Ft. Meade, MD,
Sept. 18, 2012).
19. Roland Oliphant & Cara McGoogan, Nato warns cyber attacks ‘could trigger Article 5’ as
world reels from Ukraine attack, THE TELEGRAPH (June 28, 2017), http://www.telegraph.co.uk/
news/2017/06/28/nato-assisting-ukrainian-cyber-defences-random-ware-attack-cripples/;
Massive cyber attack could trigger NATO response: Stoltenberg, REUTERS (June 15, 2016), https://
www.reuters.com/article/us-cyber-nato-idUSKCN0Z12NE.
20. Russ Read, NATO Could Go To War Over a Cyber Attack, THE DAILY CALLER (May 31,
2017), http://dailycaller.com/2017/05/31/nato-could-go-to-war-over-a-cyber-attack/ (quoting
NATO delegates to the International Conference on Cyber Conflict in Estonia).
21. G.A. Res. A/68/98 (June 24, 2013).
22. James Crisp, EU Governments to warn cyber attacks can be act of war, THE TELEGRAPH (Oct.
29, 2017), http://www.telegraph.co.uk/news/2017/10/29/eu-governments-warn-cyber-attacks-
can-act-war/.
23. Mark Thompson, Iranian Cyber Attack on New York Dam Shows Future of War, TIME (Mar.
24, 2016), http://time.com/4270728/iran-cyber-attack-dam-fbi/; Dustin Volz & Jim Finkle,
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
31. 2018] APPLYING THE EXISTING BODY OF LAW 617
allegedly attacked the New York Stock Exchange, AT&T, and several
financial institutions,24 demonstrating the widespread capabilities of their
reach and the vulnerability of all of our institutions to cyber-attacks from
foreign governments. Attorney General Lynch worried that an attack on
critical infrastructure, particularly like this attack on the computerized
systems on a dam, could have a large impact on the safety and welfare of
U.S. citizens.25 The need to ensure that all our government’s assets are
protected from cyber-attacks is more critical than ever. What about future
attacks on the water supply, transportation infrastructure, hospitals, or larger
dams? The February 2017 Tallinn Manual 2.0 analyzes the law applicable to
attacks that may not rise to the level of “armed attack,”26 helping to draw
additional distinctions. Most recently, there have been a series of alleged
sonic cyber-attacks, accompanied by a high-pitched whine, directed at U.S.
Embassy personnel in Cuba.27 These attacks have reportedly resulted in
physical damage to at least twenty-two personnel, including hearing, visual,
cognitive, and other sleep and balance related problems.28 Would such
attacks, if we could determine who was carrying them out, be considered
“acts of war?”
III. Attacks That “Cross The Line”
What does it mean to say that a “cyber-attack” has crossed the line into
the threshold of armed conflict? There have been several different
definitions over time, all of which have morphed into an understanding that
the effects must be permanent and serious. The term “cyber-attack” has
been used very broadly to describe “any action taken to undermine the
functions of a computer network for a political or national security
purpose.”29 But Rule 30 of the Tallinn Manual defines a “Cyber Attack”
more narrowly as “a cyber operation, whether offensive or defensive, that is
reasonably expected to cause injury or death to persons or damage or
destruction to objects.”30 Consistent with the Tallin Manual, in 2012, the
U.S. was the first government to publicly state that a cyber-operation
resulting in “death, injury, or significant destruction” would likely be
U.S. Indicts Iranians for Hacking Dozens of Banks, New York Dam, REUTERS (Mar. 25, 2016),
https://www.reuters.com/article/us-usa-iran-cyber/u-s-indicts-iranians-for-hacking-dozens-of-
banks-new-york-dam-idUSKCN0WQ1JF.
24. Id.
25. Volz & Finkle, supra note 23.
26. TALLINN MANUAL 2.0 ON THE INTERNATIONAL LAW APPLICABLE TO CYBER
OPERATIONS (Michael N. Schmitt ed., Cambridge Univ. Press 2d ed. 2017) [hereinafter Tallinn
Manual 2.0].
27. Josh Lederman & Michael Weissenstein, Dangerous Sound, What Americans heard in Cuba
attacks, AP NEWS (Oct. 13, 2017), https://www.apnews.com/88bb914f8b284088bce48e54f6
736d84.
28. Id.
29. Oona A. Hathaway et al., The Law of Cyber-Attack, 100 CALIF. L. REV. 817, 826 (2012).
30. Tallinn Manual, supra note 16, at Rule 30 (emphasis omitted).
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW
32. 618 THE INTERNATIONAL LAWYER [VOL. 51, NO. 3
considered an illegal use of force, potentially triggering the right of self-
defense under article 51 of the U.N. Charter.31 The legal test on whether a
cyber-incident has crossed the line into an armed conflict is “effects-based,”
focusing on the nature and extent of the injury and damage caused on a case-
by-case basis and whether it has caused death or destruction.32 An attack
would generally not be considered to have crossed the line when it is
reversible or temporary.33 These definitions have led at least one author to
conclude that the attacks in Russia and Georgia, as described above, did not
meet the threshold of armed attack, as they did not cause permanent physical
damage.34 This author states that an alleged U.S. attack on the Iranian
nuclear program, known as Stuxnet, caused significant enough damage to
the Iranian nuclear program to be considered an armed attack.35
Harold Koh, in declaring the U.S. position on this definition, stated that
in assessing whether an event constituted a use of force in cyberspace, a
country must evaluate several factors, including: (1) the context of the event;
(2) the individual committing the act; (3) the target and location of the
attack; (4) and the effects and intent of the act, among other possible issues.36
He cited specific acts that would constitute a use of force to include cyber
operations that would trigger a nuclear plant meltdown, open a dam above a
heavily populated area that causes destruction, or operations that disable air
traffic control resulting in airplane crashes.37 Clearly, an attack that brings
the same physical damage that dropping a bomb or firing a missile would
should also easily meet this threshold and be considered a use of force.
In contrast, the collection of intelligence or exploitation of an enemy,
known as Computer Network Exploitation (CNE), using cyber capabilities
is not generally considered to be an armed attack, as it does not cause
physical or lasting damage.38 Cyber espionage, psychological operations,
and propaganda are likewise generally not considered to be armed attacks.39
Cyber espionage, under the Tallinn Manual, is a clandestine, or under false
31. Ellen Nakashima, Cyberattacks Could Trigger Self-Defense Rule, U.S. Official Says, WASH.
POST (Sept. 18, 2012), https://www.washingtonpost.com/world/national-security/us-official-
says-cyberattacks-can-trigger-self-defense-rule/2012/09/18/c2246c1a-0202-11e2-b260-32f4a8
db9b7e_story.html?utm_term=.E9c3b71536ae (referencing U.S. State Department Legal
Advisor Harold Koh in a speech at U.S. Cyber Command).
32. Philip O’Neill, Law Of War And Cyber Engagement (Apr. 26, 2017), https://static.ptbl.co/
static/attachments/150017/1495047643.pdf?1495047643.
33. Harry Farrell & Charles L. Glaser, The role of effects, saliencies and norms in US cyberwar
doctrine, 3 GEO. WASH. J. CYBERSECURITY 7 (Mar. 1, 2017).
34. Watts, supra note 13, at 244.
35. Id. at 244; see also David E. Sanger, America’s Dearly Dynamics With Iran, N.Y. TIMES
(Nov. 6, 2011), https://www.nytimes.com/2011/11/06/sunday-review/the-secret-war-with-
iran.html (breaking a story that alleges cyber activities carried out by the U.S. Government).
36. Koh, supra note 18, at 4.
37. Id.; Nakashima, supra note 31.
38. CLAY WILSON, CONG. RESEARCH SERV., RL31787, INFO. OPERATIONS, ELECTRONIC
WARFARE, AND CYBERWAR: CAPABILITIES & RELATED POL’Y ISSUES 5 (2007); Watts, supra
note 13, at 245.
39. Tallinn Manual, supra note 16, at 46, 192.
THE INTERNATIONAL LAWYER
A TRIANNUAL PUBLICATION OF THE ABA/SECTION OF INTERNATIONAL LAW
PUBLISHED IN COOPERATION WITH
SMU DEDMAN SCHOOL OF LAW