The Herald of Everett, Washington
HeraldNet on Facebook HeraldNet on Twitter HeraldNet RSS feeds HeraldNet Pinterest HeraldNet Google Plus HeraldNet Youtube
HeraldNet Newsletters  Newsletters: Sign up | Manage  Green editions icon Green editions

Calendar


Weekly business news
HeraldNet Newsletter Delivered to your inbox each week.
Published: Wednesday, March 20, 2013, 12:01 a.m.

Cyberwar manual lays down rules for online attacks

LONDON -- Even cyberwar has rules, and one group of experts is putting out a manual to prove it.
Their handbook, due to be published later this week, applies the venerable practice of international law to the world of electronic warfare in an effort to show how hospitals, civilians and neutral nations can be protected in an information age fight.
"Everyone was seeing the Internet as the `Wild, Wild, West,"' U.S. Naval War College Professor Michael Schmidt, the manual's editor, said in an interview before its official release. "What they had forgotten is that international law applies to cyberweapons like it applies to any other weapons."
The Tallinn Manual -- named for the Estonian capital where it was compiled -- was created at the behest of the NATO Cooperative Cyber Defense Center of Excellence, a NATO think tank. It takes existing rules on battlefield behavior, such as the 1868 St. Petersburg Declaration or the 1949 Geneva Convention, to the Internet, occasionally in creative or unexpected ways.
Marco Roscini, who teaches international law at London's University of Westminster, described the manual as a first-of-its-kind attempt to show that the laws of war -- some of which date back to the 19th century -- were flexible enough to accommodate the new realities of online conflict.
The 282-page handbook has no official standing, but Roscini predicted that it would be an important reference as military lawyers across the world increasingly grapple with what to do about electronic attacks.
"I'm sure it will be quite influential," he said.
The manual's central premise is that war doesn't stop being war just because it happens online. Hacking a dam's controls to release its reservoir into a river valley can have the same effect as breaching it with explosives, its authors argue. Legally speaking, a cyberattack which sparks a fire at a military base is indistinguishable from an attack that uses an incendiary shell.
The humanitarian protections don't disappear online either. Medical computers get the same protection that brick-and-mortar hospitals do. The personal data related to prisoners of war have to be kept safe in the same way that the prisoners themselves are -- for example by having the information stored separately from military servers which might be subject to attack.
Cyberwar can lead to cyberwar crimes, the manual warned. Launching an attack from a neutral nation's computer network is forbidden in much the same way that hostile armies aren't allowed to march through a neutral country's territory. Shutting down the Internet in an occupied area in retaliation against a rebel cyberattack could fall afoul of international prohibitions on collective punishment.
The experts behind the manual -- two dozen officers, academics, and researchers drawn mainly from NATO member states -- didn't always agree on how traditional rules applied in the context of a cyberwar.
Self-defense was a thorny issue. International law generally allows nations to strike first if they spot enemy soldiers about to pour across the border, but how could that be applied to a world in which attacks can happen at the click of a mouse?
Other aspects of international law seemed obsolete -- or at least in need of an upgrade -- in the electronic context.
Soldiers are generally supposed to wear uniforms and carry their arms openly, for example, but what meaning could such a requirement have when they are hacking into distant targets from air conditioned office buildings?
The law also forbids attacks on "civilian objects," but the authors were divided as to whether the word "object" could be interpreted to mean "data." Did that leave a legal loophole for a military attack that erased valuable civilian data, such as a nation's voter registration records?

Share your comments: Log in using your HeraldNet account or your Facebook, Twitter or Disqus profile. Comments that violate the rules are subject to removal. Please see our terms of use. Please note that you must verify your email address for your comments to appear.

You are logged in using your HeraldNet ID. Click here to update your profile. | Log out.

Our new comment system is not supported in IE 7. Please upgrade your browser here.

comments powered by Disqus
digital subscription promo

Subscribe now

Unlimited digital access starting at 99 cents, or included with any print subscription.

HeraldNet highlights

'The Pinterest of beer'
'The Pinterest of beer': Lynnwood man's iPhone app tracks the beers you drink
Your photos
Your photos: A selection of our favorite reader-submitted photos
Tulips in bloom
Tulips in bloom: Photo gallery: A rainbow of color in Skagit County
He was a devoted family man
He was a devoted family man: Stephen Neal was working in a home when the mudslide hit