via Lobe Log
The Washington Post’s Ellen Nakashima examines the question of what constitutes war if the trigger point originates in cyberspace:
Deciding what amounts to an act of war is more a political judgment than a military or legal one. International law avoids the phrase in favor of “armed attack” and “use of force.” Retired Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff, has often said that an act of war “is in the eye of the beholder.”
As Cartwright has pointed out, the United States didn’t go to war with North Korea after it sank a South Korean warship in 2010, nor with Iran after the U.S. Embassy in Tehran was seized in 1979. Would we want to start a war over a virus that causes a power blackout? And if not, what other actions might the government contemplate?
The government has defined an armed attack in cyberspace as one that results in death, injury or significant destruction, as Harold Koh, the State Department’s chief legal adviser, recently put it. Here’s the rule of thumb, as Koh stated it: “If the physical consequences of a cyberattack work the kind of physical damage that dropping a bomb or firing a missile would, that cyberattack should equally be considered a use of force.” If an attack reaches those levels, then a nation has a right to act in self-defense.
Columbia Law School professor Matthew Waxman elaborates on the legal and policy dimensions at the Lawfare blog. Demonstrating attribution and the need for self-defence will be a multi-dimensional, complicated process, he writes:
As to the last questions, whatever certainty about the perpetrator is necessary to satisfy internally the legal self-defense question, a state will also need to explain and justify its military response externally, to domestic and international audiences – and those exercises may look very different. A state may not be willing to disclose publicly some of the intelligence information and analysis used to satisfy its internal legal analysis (I’m assuming that the attribution of a major cyber-attack could involve a combination of sophisticated digital forensics, human intelligence, reliance on circumstantial evidence and reasoning, and other means). Even if it chooses to disclose intelligence, that information might be unintelligible or unpersuasive to skeptical outside audiences. And the threshold of certainty necessary to win support from allies and partners may be higher (or perhaps in some cases lower) than that needed to satisfy legal requirements.
In terms of evolving international law in this area, the challenges of demonstrating attribution – besides just assessing it internally – will make it especially difficult to develop consensus legal appraisal of self-defensive actions against cyber-attacks, because so many of the key facts about the attack will be contested, secret, or difficult to observe.
- We Must Take Care of Nature, Because Without Rain There Is No Fresh Water
- Restoring U.S. Aid Crucial to Avoid a Water Catastrophe in Gaza
- Why You Should Care About the Water Crisis
- UAE policy on access to justice is a shining expression of item 16.3 of the 2030 Agenda for Sustainable Development on the rule of law
- Equal Citizenship Rights is Prerequisite for Elimination of Racial Discrimination says Chair of Geneva Centre
- High and Dry: Can We Fix the World’s Water Crisis?
- Balancing Green & Grey this World Water Day
- How Nature Can Quench Our Thirst & Bring Water Back to Our Ecosystems
- ILO Fails to Cut Ties with Tobacco Industry – Yet Again
- Achieving Universal Access to Water and Sanitation