Arming for Virtual Battle: The Dangerous New Rules of Cyberwar
Will it be appropriate to respond to a cyber attack with military means?
April 7, 2013— -- Now that wars are also being fought on digital battlefields, experts in international law have established rules for cyberwar. But many questions remain unanswered. Will it be appropriate to respond to a cyber attack with military means in the future?
The attack came via ordinary email, when selected South Korean companies received messages supposedly containing credit card information in the middle of the week before last.
Recipients who opened the emails also opened the door to the enemy, because it was in fact an attack from the Internet. Instead of the expected credit card information, the recipients actually downloaded a time bomb onto their computers, which was programmed to ignite on Wednesday at 2 p.m. Korean time.
At that moment, chaos erupted on more than 30,000 computers in South Korean television stations and banks. The message "Please install an operating system on your hard disk" appeared on the screens of affected computers, and cash machines ceased to operate. The malware, which experts have now dubbed "DarkSeoul," deleted data from the hard disks, making it impossible to reboot the infected computers.
DarkSeoul was one of the most serious digital attacks in the world this year, but cyber defense centers in Western capitals receive alerts almost weekly. The most serious attack to date originated in the United States. In 2010, high-tech warriors, acting on orders from the US president, smuggled the destructive "Stuxnet" computer worm into Iranian nuclear facilities.
The volume of cyber attacks is only likely to grow. Military leaders in the US and its European NATO partners are outfitting new battalions for the impending data war. Meanwhile, international law experts worldwide are arguing with politicians over the nature of the new threat. Is this already war? Or are the attacks acts of sabotage and terrorism? And if a new type of war is indeed brewing, can military means be used to respond to cyber attacks?
The War of the Future
A few days before the computer disaster in Seoul, a group led by NATO published a thin, blue booklet. It provides dangerous responses to all of these questions. The "Tallinn Manual on the International Law Applicable to Cyber Warfare" is probably no thicker than the American president's thumb. It is not an official NATO document, and yet in the hands of President Barack Obama it has the potential to change the world.
The rules that influential international law experts have compiled in the handbook could blur the lines between war and peace and allow a serious data attack to rapidly escalate into a real war with bombs and missiles. Military leaders could also interpret it as an invitation to launch a preventive first strike in a cyberwar.
At the invitation of a NATO think tank in the Estonian capital Tallinn, and at a meeting presided over by a US military lawyer with ties to the Pentagon, leading international law experts had discussed the rules of the war of the future. International law is, for the most part, customary law. Experts determine what is and can be considered customary law.
The resulting document, the "Tallinn Manual," is the first informal rulebook for the war of the future. But it has no reassuring effect. On the contrary, it permits nations to respond to data attacks with the weapons of real war.