Book Symposium: Cyber War–Introduction

[Kevin Govern is Associate Professor of Law at Ave Maria School of Law.]

The science fiction author William Gibson coined the term cyberspace in his short story, Burning Chrome (1982), before most of the public had a concept of, let alone experience with, using networked computer systems. Science fiction has given way to cyber reality, with 42.3% of the world’s population using the Internet on a regular basis, some 741% growth between 2000-2014 alone. At the same time, cyber weapons and cyber warfare are among the most dangerous innovations in recent years. Cyber weapons can imperil economic, political, and military systems by a single act, or by multifaceted orders of effect, with wide ranging potential consequences. A non-exclusive list of some notable past cyber incidents includes but is not limited to:

• 1994: Chechen rebels use internet-enabled propaganda in the Russo-Chechen war.
• 1999: Serbian hackers try to disrupt NATO military operations that clogged NATO’s e-mail server with 2,000 messages a day.
• 2007: Syrian air defense was reportedly disabled by a cyber attack moments before the Israeli Air Force demolished an alleged Syrian nuclear reactor; massive cyber attacks experienced by Estonia, with most of the compromised and attacking computers located within the U.S. but attributed to Russia.
• 2008: Russo-Georgian war with integrated cyber and conventional operations.
• 2009: the whole of Kyrgyzstan was knocked offline during a time of domestic political crisis.
• 2010: Stuxnet worm attacking Iranian nuclear centrifuges identified as most sophisticated state-sponsored malware.
• 2014: Release of confidential data belonging to Sony Pictures Entertainment including employee personal information, e-mails, copies of (previously) unreleased Sony films, and other information, via a hack believed to be of North Korean origin, and two major breaches reputedly by China of U.S. government databases exposed sensitive information about at least 22.1 million people, including not only federal employees and contractors but their families and friends.
• 2015: A Chinese attack targeted personal emails of “all top [U.S.] national security” officials just days after a “spear-phishing” attack of suspected Russian origin on the Pentagon’s joint staff email system, which exposed some 4,000 civilian and military employees.

The US director of national intelligence, James Clapper, recently told the House intelligence committee the next phase of escalating online data theft most likely will involve manipulation of digital information, with a lower likelihood of a “cyber Armageddon” of digitally triggered damage to catastrophically damage physical infrastructure.

Contemporaneous with this writing, a Chinese delegation met with representatives from the FBI, the intelligence community and the state, treasury and justice departments for a “frank and open exchange about cyber issues” amounting to “urgent negotiations…on a cybersecurity deal and may announce an agreement when President Chinese President Xi Jinping arrives in Washington on a state visit on Thursday [24 September].”

In this era of great cyber peril and opportunity, my colleagues and co-editors Jens Ohlin from Cornell Law School and Claire Finkelstein from the University of Pennsylvania Law School and I had the privilege of contributing to and editing a book that assembles the timely and insightful writings of renowned technical experts, industrial leaders, philosophers, legal scholars, and military officers as presented at a Center for Ethics and the Rule of Law roundtable conference entitled Cyberwar and the Rule of Law.

The collected work, Cyber War – Law and Ethics for Virtual Conflicts, explores cyber warfare’s moral and legal issues in three categories. First, it addresses foundational questions regarding cyber attacks. What are they and what does it mean to talk about a cyber war? State sponsored cyber warriors as well as hackers employ ever more sophisticated and persistent means to penetrate government computer systems; in response, governments and industry develop more elaborate and innovative defensive systems. The book presents alternative views concerning whether the laws of war should apply, whether transnational criminal law or some other peacetime framework is more appropriate, or if there is a tipping point that enables the laws of war to be used. Secondly, this work examines the key principles of the law of war, or jus in bello, to determine how they might be applied to cyber-conflicts, in particular those of proportionality and necessity. It also investigates the distinction between civilian and combatant in this context, and studies the level of causation necessary to elicit a response, looking at the notion of a “proximate cause.” Finally, it analyzes the specific operational realities implicated by cyber warfare technology employed and deployed under existing and potential future regulatory regimes.

Here is the full Table of Contents:

Introduction: Cyber and the Changing Face of War

Claire Finkelstein and Kevin Govern

PART I: FOUNDATIONAL QUESTIONS OF CYBERWAR

1. The Nature of War and the Idea of “Cyberwar”

Larry May

2. Is There Anything Morally Special about Cyberwar?

James L Cook

3. Cyber Causation

Jens David Ohlin

PART II: CONCEPTUALIZING CYBER ATTACKS: THE CIVIL-MILITARY DIVIDE

4. Cyberterrorism and Enemy Criminal Law

Stuart Macdonald

5. Cyberwar versus Cyber Attack: The Role of Rhetoric in the Application of Law to Activities in Cyberspace

Laurie R Blank

6. The Rise of Non-State Actors in Cyberwarfare

Nicolò Bussolati

PART III: CYBERSECURITY AND INTERNATIONAL HUMANITARIAN LAW: THE ETHICS OF HACKING AND SPYING

7. Re-Thinking the Boundaries of Law in Cyberspace: A Duty to Hack?

Duncan B Hollis

8. Cyber Espionage or Cyberwar?: International Law, Domestic Law, and Self-Protective Measures

Christopher S Yoo

9. Deception in the Modern, Cyber Battlespace

William H Boothby

PART IV: RESPONSIBILITY AND ATTRIBUTION IN CYBER ATTACKS

10. Evidentiary Issues in International Disputes Related to State Responsibility for Cyber Operations

Marco Roscini

11. Low-Intensity Cyber Operations and the Principle of Non-Intervention

Sean Watts