U.S. Gov’t: Laws of war apply to cyber conflict
This week, the Tallinn Manual — a NATO initiative by which legal experts have articulated laws for the cyber battlefield — is set to make its stateside debut. But the United States says it is already ahead of the document’s recommendations: it insists the existing laws of war are sufficient to govern the use of ...
This week, the Tallinn Manual — a NATO initiative by which legal experts have articulated laws for the cyber battlefield — is set to make its stateside debut. But the United States says it is already ahead of the document’s recommendations: it insists the existing laws of war are sufficient to govern the use of cyber weapons.
"Existing international law applies to cyberspace just as it does in the physical world," said Christopher Painter, the State Department’s coordinator for cyber issues, during a forum at George Washington University last Thursday. "That is a very important concept. It means a couple of things. First, it means we don’t need new norms in cyberspace; we apply existing norms."
The United States is trying to establish international rules of the road in cyberspace that are accepted by other nations, but it believes they should reflect rules that are already on the books, such as the law of armed conflict.
"It is the clear and consistent policy of the United States that the Law of Armed Conflict applies to our operations in all domains, including cyberspace," a Pentagon official told Killer Apps when asked about the Tallinn manual. "The cyber activities of the Department of Defense are always undertaken in accordance with existing policy and law and executed under specific authority."
Adhering to existing law, according to Painter, means that militaries should recognize the distinction between soldiers and civilians and exercise proportionality in using force. They should not target civilians, and nations should be held accountable when proxy cyber groups use force on their behalf.
The Tallinn Manual was commissioned by NATO, but it was produced by independent legal scholars and practitioners and does not speak for any government. But the Pentagon official said that "the department values the contributions that independent reports like the Tallinn Manual for Cyber Law bring to the dialogue and important work being done in the realm of Cybersecurity."
(Click here to read remarks a State Department lawyer gave regarding the law of armed conflict and cyberspace during a speech at U.S. Cyber Command last summer.)
U.S. officials say the process of formalizing rules for cyberspace will likely take decades given the differing priorities among various governments. For example, the U.S. and its allies want to focus on things like fighting intellectual property theft and banning destructive cyber attacks during peacetime, while nations such as China and Russia want to be free to censor information and monitor what their citizens do online — a stance U.S. officials call a "nonstarter."
Painter said that, while nations continue to discuss such issues, they may want to develop cyber hotlines so that government leaders can communicate freely and directly about cyber incidents.
"You can do confidence and transparency measures for those states where there may be some distrust, just understanding how they’re organized, maybe having hotlines between them. I think that’s an important part of the political-military bucket," he said.
The notion of a cyber hotline, similar to the nuclear hotline between the White House and the Kremlin, is something yours truly has also heard suggested by senior foreign officials, who wished to remain anonymous.