Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Cyberwarfare in International Law

Posted by Zonk on Thu Jan 24, 2008 05:19 PM
from the thorny-issue dept.
The Military Government Security The Courts News
belmolis writes "If the CIA is right to attribute recent blackouts to cyberwarfare, cyberwarfare is no longer science fiction but reality. In a recent op-ed piece and a detailed scholarly paper, legal scholar Duncan Hollis raises the question of whether existing international law is adequate for regulating cyberwarfare. He concludes that it is not: 'Translating existing rules into the IO context produces extensive uncertainty, risking unintentional escalations of conflict where forces have differing interpretations of what is permissible. Alternatively, such uncertainty may discourage the use of IO even if it might produce less harm than traditional means of warfare. Beyond uncertainty, the existing legal framework is insufficient and overly complex. Existing rules have little to say about the non-state actors that will be at the center of future conflicts. And where the laws of war do not apply, even by analogy, an overwhelmingly complex set of other international and foreign law rules purport to govern IO.'"
+ -
story

Related Stories

[+] IT: CIA Claims Cyber Attackers Blacked Out Cities 280 comments
Dotnaught writes to tell us InformationWeek is reporting that the CIA admitted today that recent power outages in multiple cities outside the United States are the result of cyberattacks. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
Submission: Cyberwarfare in International Law by belmolis (702863)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Cyberwarfare in International Law 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • As is the tradition, I haven't RTFA and I don't think IO means input/output in this context ...
  • Anyone care to translate into plain-speak english?
    • Existing laws can't be made to fit the crimes of cyberwarfare without extensive revision.

      • Fixed (Score:2, Insightful)

        by philam3nt (267961)
        I fixed this for you:

        Existing [international] laws can't be made to fit the crimes of cyberwarfare without extensive revision.

        The world is growing into the tech age at different rates. The issue is that international laws differ greatly on what constitutes a cyber-crime (see: China) -- what one country considers harmless in another country may result in a lifetime sentence in prison. This discourages not only crime, but international espionage, because the consequences could be disastrous. Laws also diff

        • Re: (Score:3, Insightful)

          by KublaiKhan (522918)
          I stand corrected. The difference in tech levels (and further, the governments' understanding of said tech) amongst countries is extremely pertinent to the issue at hand.

          I personally think that the understanding is more important than the tech level insert series of tubes comment here.
    • Google Translate English->Japanese->English:

      If the CIA is right to the recent blackouts cyberwarfare attributes of the computer war However, the reality is no longer science fiction. Op-ed piece in a recent scholarly papers and detailed, legal scholars DANKANHORISU raise the question of whether the existing international law to the appropriate regulatory cyberwarfare. His conclusion is not: 'translating the existing rules IO generated widespread uncertainty in the context of the conflict is a dangerous military escalations where interpretation is not intended to be the difference between what is permissible. Also, this kind of uncertainty might be deterred from the use of low-IO, even if you might have a harmful effect on productivity than traditional means of warfare. Uncertainties beyond the existing legal framework is inadequate and overly complex. Existing rules, which have little to say, especially non-state actors in future conflicts. And the laws of war do not apply where the analogy with the overwhelmingly complex configuration and other foreigners to the rules of international law governing the purpose IO.

      Hope this helps!

      • Another translation:

        I had a small house of brokerage on Wall Street... many days no business come to my hut... my hut... but Jimmy has fear? A thousand times no. I never doubted myself for a minute for I knew that my monkey strong bowels were girded with strength like the loins of a dragon ribboned with fat and the opulence of buffalo... dung. ...Glorious sunset of my heart was fading. Soon the super karate monkey death car would park in my space. But Jimmy has fancy plans... and pants to match. The monkey clown horrible karate round and yummy like cute small baby chick would beat the donkey.

      • Certainly, the existing body of law, like this town, needs an enema.
        What will be interesting to watch (for those keen on subtle, baseball-like action that is exciting as watching paint dry for the casual viewer) is the interplay between the need for legal recourse, which implies some international body having jurisdiction, and the serious US allergy to anything that sets precedent to diminish national sovereignty.
        That issue is among the major reasons http://en.wikipedia.org/wiki/United_Nations_Convention_ [wikipedia.org]

        • Re: (Score:2, Offtopic)

          by PopeRatzo (965947) *
          Informative as usual, smitty, but I'm afraid this all has more to do with digital file-sharing than anything else.

          Our window of privacy is closing rather rapidly. Today, the US Eavesdropping Regime made a huge step forward, using complicit and spineless democrats like Harry Reid and Jay Rockefeller as their point men. The telecommunications industry's bribes were just to much for them to resist, apparently.

          The lesson I've learned in the past 7 years is this: when you start to hear trial balloons floated a

          • The lesson I've learned in the past 7 years is this: when you start to hear trial balloons floated about an issue of authoritarian enforcement, whether it's surveillance, police powers, rights of the accused, it's almost always about corporate profits rather than the "security" of the citizens of America or anywhere else.

            I guess I'd echo that sentiment by saying that the amount and flavors of fear used by both conferences of the American Political Football League is quite staggering.
            You've got fear of: o

      • They want to make Cyber warfare illegal thus having a legal recourse for those who use it.

        I think that they just want to blather on as if they understand what is going on here. Trying to ascribe other motives assumes too much of them.

        Cyberwarfare has been going on for almost ten years. It does not amount to very much because we are not as dependent on technology as folk imagine. Case in point we lost all power on the North East coast of the US a few years back, civilization did not collapse. Even if the

  • Enemy combatants? (Score:4, Interesting)

    by KublaiKhan (522918) on Thursday January 24 2008, @05:27PM (#22174296) Homepage Journal
    I dare say that any "cyberwarrior" would not have a recognizable uniform, and as such, would probably be classed as an 'enemy combatant' by the gov't...which gives me the screaming blue creevles, given the gov't's current attitude towards anyone they suspect to be such an 'enemy combatant'--Guantanamo Bay doesn't have broadband, does it? Will they torture this new class of enemy combatant by making them dial into AOL with a 300 baud modem on a keyboard with a broken shift/caps key?

    • Re:Enemy combatants? (Score:4, Insightful)

      by The Queen (56621) on Thursday January 24 2008, @05:41PM (#22174494) Homepage
      You are correct in having "screaming blue creevles" as you put it since yes, cyber-warriors are likely to be a mix of military and civilians, and what with all the lawsuits and spying already going on it wouldn't be much of a leap for some hax0r to be tagged by the feds and shipped off for questioning. The real sticky part though is how the law will cross borders. Cyber warfare knows no borders, so what would our government do if someone from Iran came calling to arrest one of our own on such charges?

      This is the inevitable and ingenious evolution of war, IMO. Not, as ST:TOS "A Taste of Armageddon" would have it, but without any bloodshed or casualties in the physical sense. By hitting people in their infrastructure, their way of life, and their economy. (Sortof what the 9-11 guys thought they were doing...and heck, what all us 'rich' countries do all the time through sanctions, trade agreements, 'wars' on drugs, and such...)

      • The real sticky part though is how the law will cross borders. Cyber warfare knows no borders, so what would our government do if someone from Iran came calling to arrest one of our own on such charges?

        It wouldn't be pretty, that's for sure--probably some sort of extradition amongst allied countries, o'course, but with hostile countries, it could lead to a meatspace conflict of some kind should it escalate far enough.

        But what exactly would be considered an 'act of war' in such a situation, anyway? Would it have to cause some form of physical or financial damage to a person or institution in the country being attacked? Or would merely an "illegal border crossing" (e.g. gaining access to a server)

    • no evidence (Score:4, Insightful)

      by Presto Vivace (882157) on Thursday January 24 2008, @06:27PM (#22175080) Homepage Journal
      Neither the Information Week article I saw, nor any other story has provided any details. It is alleged that blackouts occurred due to cyber attacks, but no specific locations are provided. What black outs? When and where? No details are given. And what is the evidence that cyber attacks were involved? We should with hold judgment until we are provided with the specifics.
      • Exactly why I get the screaming heebeejeebies about how our gov't would treat someone classed as an 'enemy cyber combatant'--and what would the proof be? Connecting to a 'foreign' IP address?

  • cluelessness (Score:3, Insightful)

    by Quadraginta (902985) on Thursday January 24 2008, @05:32PM (#22174372)
    Gosh, only a lawyer could have the utter cluelessness about the real world and real people necessary to imagine that war has ever been, or ever will be, regulated by law.

    • Re: (Score:3, Insightful)

      by Chirs (87576)
      But it has. There is a whole regulatory framework around things like "just war", definition of a combatant, treatment of spies/prisoners, etc.

      Now if you'd said that someone would have to be clueless to imagine that combatants always *abide* by the laws regarding war, that's a whole different issue.
      • Garbage. What you're saying is that people have described "rules" for warfare. But they're not followed when inconvenient, and there's no way at all of enforcing them -- what would you threaten? More war? Those aren't "rules." They're wishes and hopes.
    • War has rules. Check out the Geneva Convention.

      They aren't always followed, and they certainly aren't being followed by some countries I could mention, but war is supposed to have rules.

      The problem with electronic warfare (Cyberwar? e-war? wartronics?) is that you're attacking civilians. There are horrible weaknesses in a great many systems (including the trunked radios used by first responders) that can easily be exploited. Remember, a lot of our coding is done overseas and/or done by exchange students on

      • Re: (Score:3, Insightful)

        by Quadraginta (902985)
        Ah? Why don't you check out the history of, say, the war in the Pacific 1941-1945 and tell me if you think the Geneva Conventions have any serious force. Better yet, ask a vet. Then duck. The Geneva Conventions are one of history's endless series of pious wishes that seek to outlaw inhumanity, like the Kellogg-Briand pact, the founding charter of the League of Nations, the UN, et cetera and so forth ad infinitum.

        All of these quaint efforts overlook the fact that war is, by definition, the breakdown of a

        • Re:cluelessness (Score:5, Insightful)

          by rtechie (244489) on Thursday January 24 2008, @08:58PM (#22176662)

          All of these quaint efforts overlook the fact that war is, by definition, the breakdown of any shred of mutual trust and willingness to compromise. War is about killing people, and when you get to that stage of mutual rage and madness, no piece of paper full of high-minded sentiment is going to stop you from doing what you think you must to win (or not lose). I can't think of any historical exceptions. Can you?
          The short answer is: yes. There have been rules of war that have been closely followed, for centuries, by various groups. There were strict laws of war governed by the Church in the Middle Ages. Imperial Japan followed rules of war, right into WWII (you might not agree with those rules, but they existed). The Roman Army followed strict rules. The idea of soldiers acting in a discipled and humane fashion is nothing new. The big problem is that these rules only tend to be followed in cultural sandboxes: European vs. European, Japanese vs Japanese, etc. When conflicts are cross-cultural the tendency to dehumanize opponents increases and you get much bloodier conflicts: Crusades, Native American wars, Vietnam, etc.

          I don't think it's useless to have laws of war. There is no reason to believe they make conflicts worse and every reason to believe that they help reduce civilian casualties, torture, etc. During WW1 gas weapons saw wide deployment, and they were banned not because they were ineffective, but because of the danger they reprsented to all soldiers and civilians. Gas weapons have been used since (notably in the Iran-Iraq war), but widespread use is a thing of the past. Ditto for flamethrowers and flame weapons in general (Phosphor weapons are making a comeback though. Bush apparently thinks burning people alive is fun).

      • War is supposed to target just those in uniform, fighting at the time.

        No, war is supposed to achieve a political objective by destroying the opponent's ability to resist your political will. This can be achieved by:

        1. Destroying the enemy's manpower - kill all his soldiers and anyone likely to become a soldier.
        2. Destroying the enemy's equipment and his ability to produce new equipment (or at least prevent delivery to the troops).
        3. Destroying the enemy's moral strength, so that he is unwilling to continue the fight.

        Case 1 is very traditional, but since nations conscript soldier

    • I'd also like to point out that, while there are conventions for war that western countries tend to follow, China is in the section of the world that has the worst record for treatment of prisoners. Vietnam and Japan were both brutal to POW's. Who's to say whether China would pretend to abide by the rules like the rest of the world does?

      • Re:cluelessness (Score:4, Insightful)

        by Quadraginta (902985) on Thursday January 24 2008, @06:35PM (#22175176)
        I think you are confusing "has been regulated" with "has been imagined to be regulated by lawyers and naive fools." To be "regulated" requires a bit more than the mere existence of regulations on paper. It requires that these things have actual force, that they actually do something, they restrain people in some way.

        The only thing that has ever restrained the behaviour of nations in combat is plain fear of the direct consequences, e.g. retaliation by the enemy. Can you give me a counter-example? Some case where a nation committed to a war, with substantial interests at stake, eschewed methods of war because some lawyer somewhere said they were "illegal?" If not, then those "regulations" are as insubstantial as moonbeams.

        • Re: (Score:2, Insightful)

          by cptdondo (59460)
          I agree with you. What regulates military actions is the real or imagined consequences if the tables are reversed. Atrocities on a systematic basis occur if and when the conflict is one-sided either due to military might or sheer force of numbers.

          My biggest concern with the currect US treatment of supposed terrorists, is that we are implicitly agreeing to the same treatment of our GIs in enemy hands. There is no doctrinal difference between the Hanoi Hilton and Guantanamo Bay.

          There are dozens of examples

  • Cyber- (Score:3, Funny)

    by Rukki (1226524) on Thursday January 24 2008, @05:39PM (#22174464)
    I must not be the only one worried that the international regulations are being levied by people so out of step that they think "Cyber" still means "Internet" not "Text-Sex"?
    • What do you expect when you get rid of congressmen like Mark Foley who clearly understand what "Cyber" means?

  • A big IF (Score:3, Funny)

    by mangu (126918) on Thursday January 24 2008, @05:43PM (#22174520)

    "If the CIA is right to attribute recent blackouts to cyberwarfare, ...

    Hey, look, "Die Hard 4" is fiction, and not very good fiction at that.
    • Hey! Die Hard 4 is a great movie if you watch it with the understanding that it is a comedy.
    • The power system does have a lot remote switch's , recloser's and so on with wire less links on them. So you may be able to tell them to trun off by taking over that link.

  • The US=The World (Score:3, Informative)

    by STrinity (723872) on Thursday January 24 2008, @05:44PM (#22174530) Homepage

    "If the CIA is right to attribute recent blackouts to cyberwarfare, cyberwarfare is no longer science fiction but reality.
    So Estonia only exists in sci-fi novels [bbc.co.uk]?

  • Adequate laws? (Score:3, Funny)

    by El Yanqui (1111145) on Thursday January 24 2008, @05:45PM (#22174558) Homepage
    Duncan Hollis raises the question of whether existing international law is adequate for regulating cyberwarfare

    Because existing international law has done such a bang up job regulating real warfare.

  • True stateless war (Score:5, Interesting)

    by G4from128k (686170) on Thursday January 24 2008, @05:53PM (#22174660)
    What stops a Saudi IslamoFascist living in Canada from buying malware from the Russian mafia and redirecting attacks through servers in China? Who do we attack when the attacker is a botnet consisting of a bunch of infected PCs on some UK cablemodem network?

    The extreme malleability of data, software, and networks means that anyone can make anyone look like they are a participant in an attack. It won't surprise me if a large percentage of counterattacks, reprisals, or sanctions target the wrong party because they were just the last identifiable node in a long chain of proxies and dark-net hops. If one can make one enemy look like it attacked another enemy, then one can kill two enemy for the price of on DDoSing.
  • I can just see it now. First, we had to have duct tape (what a fiasco...). Now, we're likely to see snake-oil salespeople and inept government officials inducing a semi-panic.

    But, it couldn't hurt to have a slew of Honda generators, arm-driven dynamo radio-cell phone charger units on hand.
  • great...a new war on a poorly defined noun, this will go well.

    There's only one thing that can be done against any attacks in this vein, (and I don't trust a governmental analysis at all as a rule), and that is to tighten security on the defensive end. Trying to find and prosecute anybody is going to be a complete waste of time.

    Oy...gives the politicians something to scare people with though, most of whom still think the word "hacker" means criminal...

  • CIA: not exactly a trustworthy source (Score:4, Insightful)

    by foqn1bo (519064) on Thursday January 24 2008, @06:20PM (#22175006)
    Given their track record, and given who they work for, why on earth should any American in their right mind believe anything the CIA has to say? If this threat were real, they'd just keep it - and the methods used to combat it - a secret for as long as possible, which is what they usually do. What possible reason would they have to reveal it to the press unless the primary objective is propaganda?

    • Re: (Score:3, Insightful)

      by TubeSteak (669689)

      If this threat were real, they'd just keep it - and the methods used to combat it - a secret for as long as possible, which is what they usually do. What possible reason would they have to reveal it to the press unless the primary objective is propaganda?

      Obviously, the need for a secure U.S.A. infrastructure outweighs the CIA's desire for secrecy. If you keep it a secret, you can't really fix it now can you?

      Unless you think that somehow the Gov't will be able to get the private sector to fix the problem without any information leaks. That'd be impressive as hell.

  • Laws pertaining to war only have a meaning if real people can see if they are being broken or adhered to. A country's population can only protest anout atrocities (either committed by their own side or the other guy) if they know about them - which really means if they appear on TV.

    Cyber warfare does not exist in places you can get TV cameras. It is the perfect deniable operation. Therefore it is not possible to present "evidence" of transgressions to the court of public opinion, or international outrage

  • This crap might end... (Score:4, Interesting)

    by rickb928 (945187) on Thursday January 24 2008, @06:39PM (#22175226) Homepage
    ...when the packet you deliver to the datattackers is measured in kilotons, not kilobytes.

    And that's not gonna happen any time soon.

    It takes a lot to unravel an attack. More work than tracking down the source of a dirty bomb, or Avian Flu dose, or hallucinogens in the water supply.

    More good reasons to not go hell-bent on integrating our utilities over the Internet. It cannot be secured. Only a matter of time before someone breaks into a SCADA access point and causes trouble here.

    In the meantime, maybe Estonia's example is what we face. Temporary paralysis, expensive resolutions, and the awareness that this can and will happen again.

    And in all this, ICANN wants to be independent of the U.S. Harrr... It would appear that the U.S. is not the source of the real trouble on the Internet. It's all the litle wannabees desperate to hurt someone/something else.

    May they get a visit from a B-2 when they get caught.

    • or hallucinogens in the water supply.

      Could you imagine if DC's water supply got tainted with lsd?

      Hundreds of thousands of people would see pretty patterns, a relatively large percentage of those would have a religious experience, and most of them would come out of it feeling refreshed, seeing the world in a new light with optimism and peace.

      Sounds like it might end up being pretty rad, not terrorist at all...... that is, if they released it in such a low concentration that you'd only get 4-50 micro

  • >If the CIA is right to attribute recent blackouts to cyberwarfare

    Never attribute to malice that which can be adequately explained by stupidity.

  • Using government and global quasi government agencies to stop bad deeds on the internet is simply not a rational solution. You can't stop information with planes, boats, guns, and tanks. But this is exactly what government (global or otherwise) is about. Government is a tool of coercion. That tool simply doesn't work well online any more than it will work of you threaten to beat the crap out of me if you don't like what I say. Seriously, try it - see if I even care. The rational solution is self organ

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.