Cyber warfare : military cross-border computer network operations under international law

In the last five years the topic of cyber warfare has received much attention due to several so-called "cyber incidents" which have been qualified by many as State-sponsored cyber attacks. This book identifies rules and limits of cross-border computer network operations for which States bear the international responsibility during both peace and war. It consequently addresses questions on jus ad bellum and jus in bello in addition to State responsibility. By reference to treaty and customary international law, actual case studies (Estonia, Georgia, Stuxnet) and the Tallinn Manual, the author illustrates the applicability of current international law and argues for an obligation on the State to prevent malicious operations emanating from networks within their jurisdiction. This book is written for academics in public international law and practitioners from the military and other public security sectors.

Acknowledgements Abbreviations Introduction 1. Research Question 2. Objectives of the Study 3. Research Subject 4. Structure of the Study PART I. THE INTERNET AS A UNIVERSAL YET TERRITORIALISED INFRASTRUCTURE Chapter 1. A Sur vey of Computer Network Operations 1. The Medium of Computer Network Operations: the Internet 1.1. The Internet as a Network of Networks: Technical Fundamentals 1.2. The Significance of the Internet for Modern Societies 1.2.1. The Information and Knowledge Society 1.2.2. State and eGovernment 1.2.3. The Military Sector 2. The Characteristics of Computer Network Operations 2.1. Defining and Differentiating Computer Network Operations 2.1.1. In Military Doctrine 2.1.2. In Legal Scholarship 2.1.3. Approach of this Study 2.2. The Technicalities of Computer Network Operations 2.2.1. The Main Types of Malicious Computer Network Operations 2.2.1.1. Distributed Denial of Service Attacks 2.2.1.2. Trojan Horses, Computer Viruses and Worms 2.2.2. Tracing Computer Network Operations back to their Source 2.3. Target Scenarios of Computer Network Operations 2.3.1. Military Targets 2.3.2. The Public Infrastructure as a Target 2.3.3. Interference with Financial Assets 2.4. Conclusion 3. Case Studies 3.1. Computer Network Espionage 3.2. Estonia 2007 3.3. Georgia 2008 3.4. Stuxnet and the Iranian Nuclear Programme 3.5. Conclusion Chapter 2. The Legal Regime of Cyberspace 1. Jurisdiction in Cyberspace 1.1. Cyberspace as a Jurisdiction Sui Generis 1.2. Cyberspace as an International Commons 1.3. The Territorialisation of Cyberspace 1.3.1. Jurisdiction to Prescribe 1.3.2. Jurisdiction to Adjudicate 2. Actors in Cyberspace 2.1. International Internet Regulation 2.1.1. Internet Governance 2.1.2. Technical Regulation 2.1.3. Content Regulation 2.2. Internet Security Organisations 2.3. The Militarisation of Cyberspace 2.3.1. Within the United States Military 2.3.2. Within Other Militaries 3. The Gradual Development of Common Cybersecurity Standards 3.1. The International Level 3.2. The Regional Level 4. Conclusion: the Territorialisation of a Universal Infrastructure PART II. THE LEGAL QUALIFICATION OF COMPUTER NETWORK OPER ATIONS Chapter 3. Computer Network Operations Outside of Armed Conflict 1. Rules of Attribution 1.1. Actions of States 1.1.1. Actions of States through their Organs 1.1.2. Actions of States through Non-State Actors 1.1.2.1. The Required Level of Control 1.1.2.2. The Level of Control over Computer Network Operations 1.2. Omissions of State Organs 1.2.1. The General Criteria of the Duty to Exercise Due Diligence 1.2.1.1. No Justification by Recourse to National Law 1.2.1.2. The Element of Disposability of Means 1.2.1.3. Prosecution of Individual Perpetrators und National Criminal Laws 1.2.1.4. The Principle of Proportionality 1.2.2. Due Diligence and Malicious Computer Network Operations 1.2.2.1. The Thesis of a Specific Obligation 1.2.2.2. A General Obligation to Prevent Malicious Cross-Border Computer Network Operations 2. Breach of an International Obligation 2.1. Computer Network Operations Below the Level of Armed Force 2.1.1. The Prohibition of Intervention 2.1.1.1. Domaine Reserve in Cyberspace 2.1.1.2. Means of Interference 2.1.1.3. Conclusion 2.1.2. The Regime of International Telecommunications 2.1.3. The Regime of Outer Space 2.1.4. The Law of the Sea 2.1.5. Conclusion 2.2. The Prohibition of the Use of Forceful Computer Network Operations 2.2.1. The Notion of Force 2.2.1.1. Armed Force and Economic Coercion 2.2.1.2. Physical Force 2.2.2. Computer Network Operations as Armed Force 2.2.2.1. The Applicability Ratione Loci of the UN Charter in Cyberspace 2.2.2.2. The Different Approaches of Qualifying Computer Network Operations as Force 3. Circumstances Precluding Wrongfulness 3.1. Force Majeure 3.2. Computer Network Operations as Countermeasures 3.2.1. The Absence of a Self-Contained Regime Applicable to Computer Network Operations 3.2.2. Subsidiarity of Countermeasures 3.2.3. Possible Computer Network Operation Countermeasures 3.2.3.1. Automated Responses 3.2.3.2. A Right of 'Cyber Hot Pursuit'? 3.2.3.3. Human Rights as Limits to Countermeasures 4. Conclusion Chapter 4. The Justified Use of Forceful Computer Network Operations 1. The Right of Self-Defence 1.1. Requirements for the Presumption of an Armed Attack 1.1.1. General Requirements 1.1.2. Computer Network Operations as an Armed Attack 1.1.3. The Gathering of Evidence in Proof of a Claim to Act in Self-Defence 1.2. Self-Defence against Non-State Actors 1.3. Anticipatory and Pre-emptive Self-Defence 1.4. Limits to the Right of Self-Defence 2. UN Security Council Enforcement Measures 2.1. The Prerequisites for a Decision of the UN Security Council 2.2. Computer Network Operations as Measures under Chapter VII 3. Conclusion Chapter 5. Computer Network Operations During an International Armed Conflict 1. Introduction 2. The Applicability of International Humanitarian Law to Military Computer Network Operations 2.1. General Applicability of Humanitarian Law to New Weapons 2.2. The Spatial Applicability of Humanitarian Law: the Region of War 2.3. The Qualification of Military Computer Network Operations as an Attack under International Humanitarian Law 3. The Rules of Humanitarian Law as Applied to Military Computer Network Attacks 3.1. The Rules concerning the Methods of Computer Network Attacks 3.1.1. Precautions before Launching Computer Network Attacks 3.1.2. The Principle of Distinction 3.1.2.1. The Prohibition of Indiscriminate Attacks 3.1.2.2. The Wearing of Uniform 3.1.2.3. The Duty to Separate Military from Civilian Targets 3.1.3. Perfidy and Ruses in Cyber Warfare 3.1.4. The Principle of Proportionality in Cyber Warfare 3.2. Valid Targets of Computer Network Attacks, Their Control and Abandonment 3.2.1. The Military Objectives of Cyber Warfare 3.2.2. Controlling Military Objectives via Cyber Warfare 3.2.3. The Clearance of Remnants Caused by Cyber Warfare 3.3. The Status of Actors in Cyber Warfare 3.3.1. Combatants in Cyber Warfare 3.3.1.1. Regular Members of Armed Forces 3.3.1.2. The Utilisation of Individuals who are not Regular Members of the Armed Forces of a State 3.3.2. Civilian Participation in Cyber Warfare 3.3.2.1. Actions Taken in Cooperation with the Armed Forces 3.3.2.2. Actions by Civilians Taken Independently from the Armed Forces 3.3.2.3. Cyber Levee en Masse 3.3.3. Spies and Computer Network Espionage 4. Limits: Human Rights 5. Conclusion Chapter 6. Neutrality in Cyber Warfare 1. No Prohibition on Routing CNAs through Neutral States' Territory 2. The Prohibition on Masking CNAs as Originating from a Neutral State 3. Obligations of Neutral States 4. The Hosting of Government Websites on Foreign Servers 5. Conclusion PART III. CONCLUSION Computer Network Operations Restrained Bibliography