Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberwarfare in International Law

Posted by Zonk on from the thorny-issue dept.

belmolis writes "If the CIA is right to attribute recent blackouts to cyberwarfare, cyberwarfare is no longer science fiction but reality. In a recent op-ed piece and a detailed scholarly paper, legal scholar Duncan Hollis raises the question of whether existing international law is adequate for regulating cyberwarfare. He concludes that it is not: 'Translating existing rules into the IO context produces extensive uncertainty, risking unintentional escalations of conflict where forces have differing interpretations of what is permissible. Alternatively, such uncertainty may discourage the use of IO even if it might produce less harm than traditional means of warfare. Beyond uncertainty, the existing legal framework is insufficient and overly complex. Existing rules have little to say about the non-state actors that will be at the center of future conflicts. And where the laws of war do not apply, even by analogy, an overwhelmingly complex set of other international and foreign law rules purport to govern IO.'"

15 of 136 comments (clear)

  1. cluelessness by Quadraginta · · Score: 2, Insightful

    Gosh, only a lawyer could have the utter cluelessness about the real world and real people necessary to imagine that war has ever been, or ever will be, regulated by law.

    1. Re:cluelessness by Chirs · · Score: 2, Insightful

      But it has. There is a whole regulatory framework around things like "just war", definition of a combatant, treatment of spies/prisoners, etc.

      Now if you'd said that someone would have to be clueless to imagine that combatants always *abide* by the laws regarding war, that's a whole different issue.

    2. Re:cluelessness by Beardo+the+Bearded · · Score: 2, Insightful

      War has rules. Check out the Geneva Convention.

      They aren't always followed, and they certainly aren't being followed by some countries I could mention, but war is supposed to have rules.

      The problem with electronic warfare (Cyberwar? e-war? wartronics?) is that you're attacking civilians. There are horrible weaknesses in a great many systems (including the trunked radios used by first responders) that can easily be exploited. Remember, a lot of our coding is done overseas and/or done by exchange students on co-op terms. It doesn't really effect the army if every mortgage in North America gets the "foreclose" tag set. The Air Force doesn't stay home if the SCADA system controlling the reservoir gets false readings about chloroform counts and turns off the taps. If the phone companies are hit with DDoS attacks and you can't get a dial tone, that doesn't stop aircraft carriers.

      What those acts do is target civilians. Suddenly, the water's off, the police are trying to kick me out of my home, and nobody can call a lawyer. War is supposed to target just those in uniform, fighting at the time.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    3. Re:cluelessness by Anonymous Coward · · Score: 1, Insightful

      I disagree. There are no laws regulating warfare. There are simply treaties in which the signatory countries agree to do or not to do specific things. Treaties are more akin to contracts between entities. The whole concept of international law is not really law but simply a web of agreements between various countries.

      War, by it very nature, is a chaotic business. One cannot regulate chaos using lawyers.

    4. Re:cluelessness by Quadraginta · · Score: 2, Insightful

      Ah? Why don't you check out the history of, say, the war in the Pacific 1941-1945 and tell me if you think the Geneva Conventions have any serious force. Better yet, ask a vet. Then duck. The Geneva Conventions are one of history's endless series of pious wishes that seek to outlaw inhumanity, like the Kellogg-Briand pact, the founding charter of the League of Nations, the UN, et cetera and so forth ad infinitum.

      All of these quaint efforts overlook the fact that war is, by definition, the breakdown of any shred of mutual trust and willingness to compromise. War is about killing people, and when you get to that stage of mutual rage and madness, no piece of paper full of high-minded sentiment is going to stop you from doing what you think you must to win (or not lose). I can't think of any historical exceptions. Can you?

      The problem with electronic warfare (Cyberwar? e-war? wartronics?) is that you're attacking civilians

      What's new about that? What do you suppose the Eighth Army Air Force was doing over Berlin in 1945? Who got snuffed in Hiroshima?

    5. Re:cluelessness by Quadraginta · · Score: 3, Insightful

      I think you are confusing "has been regulated" with "has been imagined to be regulated by lawyers and naive fools." To be "regulated" requires a bit more than the mere existence of regulations on paper. It requires that these things have actual force, that they actually do something, they restrain people in some way.

      The only thing that has ever restrained the behaviour of nations in combat is plain fear of the direct consequences, e.g. retaliation by the enemy. Can you give me a counter-example? Some case where a nation committed to a war, with substantial interests at stake, eschewed methods of war because some lawyer somewhere said they were "illegal?" If not, then those "regulations" are as insubstantial as moonbeams.

    6. Re:cluelessness by cptdondo · · Score: 2, Insightful

      I agree with you. What regulates military actions is the real or imagined consequences if the tables are reversed. Atrocities on a systematic basis occur if and when the conflict is one-sided either due to military might or sheer force of numbers.

      My biggest concern with the currect US treatment of supposed terrorists, is that we are implicitly agreeing to the same treatment of our GIs in enemy hands. There is no doctrinal difference between the Hanoi Hilton and Guantanamo Bay.

      There are dozens of examples of fighting men (and women, but mostly men) treating each other with respect and courtesy even while being determined to kill each other.

    7. Re:cluelessness by rtechie · · Score: 4, Insightful

      All of these quaint efforts overlook the fact that war is, by definition, the breakdown of any shred of mutual trust and willingness to compromise. War is about killing people, and when you get to that stage of mutual rage and madness, no piece of paper full of high-minded sentiment is going to stop you from doing what you think you must to win (or not lose). I can't think of any historical exceptions. Can you? The short answer is: yes. There have been rules of war that have been closely followed, for centuries, by various groups. There were strict laws of war governed by the Church in the Middle Ages. Imperial Japan followed rules of war, right into WWII (you might not agree with those rules, but they existed). The Roman Army followed strict rules. The idea of soldiers acting in a discipled and humane fashion is nothing new. The big problem is that these rules only tend to be followed in cultural sandboxes: European vs. European, Japanese vs Japanese, etc. When conflicts are cross-cultural the tendency to dehumanize opponents increases and you get much bloodier conflicts: Crusades, Native American wars, Vietnam, etc.

      I don't think it's useless to have laws of war. There is no reason to believe they make conflicts worse and every reason to believe that they help reduce civilian casualties, torture, etc. During WW1 gas weapons saw wide deployment, and they were banned not because they were ineffective, but because of the danger they reprsented to all soldiers and civilians. Gas weapons have been used since (notably in the Iran-Iraq war), but widespread use is a thing of the past. Ditto for flamethrowers and flame weapons in general (Phosphor weapons are making a comeback though. Bush apparently thinks burning people alive is fun).

  2. Re:Enemy combatants? by The+Queen · · Score: 3, Insightful

    You are correct in having "screaming blue creevles" as you put it since yes, cyber-warriors are likely to be a mix of military and civilians, and what with all the lawsuits and spying already going on it wouldn't be much of a leap for some hax0r to be tagged by the feds and shipped off for questioning. The real sticky part though is how the law will cross borders. Cyber warfare knows no borders, so what would our government do if someone from Iran came calling to arrest one of our own on such charges?

    This is the inevitable and ingenious evolution of war, IMO. Not, as ST:TOS "A Taste of Armageddon" would have it, but without any bloodshed or casualties in the physical sense. By hitting people in their infrastructure, their way of life, and their economy. (Sortof what the 9-11 guys thought they were doing...and heck, what all us 'rich' countries do all the time through sanctions, trade agreements, 'wars' on drugs, and such...)

    --

    The House Between - Original Sci-Fi Series
  3. Fixed by philam3nt · · Score: 2, Insightful
    I fixed this for you:

    Existing [international] laws can't be made to fit the crimes of cyberwarfare without extensive revision.

    The world is growing into the tech age at different rates. The issue is that international laws differ greatly on what constitutes a cyber-crime (see: China) -- what one country considers harmless in another country may result in a lifetime sentence in prison. This discourages not only crime, but international espionage, because the consequences could be disastrous. Laws also differ in times of war, or if the citzen is a government agent, making things currently very complicated. Not to mention a [cr|h]acker routing their way through an unknowing 3rd party country. Where does the responsibility lie?

    Examples, FTA:

    ...serious "translation" problems make [the laws] ill-suited to the task. For example, the U.N. Charter clearly prohibits states from using force except in self-defense or with U.N. authorization. So does that ban Russia from computer attacks on Estonia? It might. Or is it a "use of force" only if the target is physically harmed? Or only if it leads to death and destruction? Or simply whenever the target is critical to a nation's security? Similar uncertainties surround rules on neutrality and civilian distinction...states may shy away from cyberattacks entirely if they don't know what's allowed -- even in cases in which those attacks might cause less harm than the bombs they'll use instead.

    When the laws of war don't apply -- even by analogy -- an overwhelmingly complex set of other international and foreign laws kicks in. For example, assume the hackers in the Estonia case were indeed operating from Russia but had no ties to the government or military. Under existing rules, Estonia should respond by asking Russia to police its own territory. To counter-attack would violate Russia's sovereignty. With new rules, however, nations could agree to waive sovereignty concerns and permit a direct response in certain cases, such as cyberattacks by terrorists that all nations might want thwarted.


    Hope that helps! The article is much more clearly written as a whole than what's just in the summary.
    --

    If I had a sig, this is where it would be.
    1. Re:Fixed by KublaiKhan · · Score: 2, Insightful

      I stand corrected. The difference in tech levels (and further, the governments' understanding of said tech) amongst countries is extremely pertinent to the issue at hand.

      I personally think that the understanding is more important than the tech level insert series of tubes comment here.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
  4. You don't understand, there is no law against war by NotQuiteReal · · Score: 1, Insightful
    You are just supposed to have nice, legal wars.

    Clear on that?

    --
    This issue is a bit more complicated than you think.
  5. CIA: not exactly a trustworthy source by foqn1bo · · Score: 3, Insightful

    Given their track record, and given who they work for, why on earth should any American in their right mind believe anything the CIA has to say? If this threat were real, they'd just keep it - and the methods used to combat it - a secret for as long as possible, which is what they usually do. What possible reason would they have to reveal it to the press unless the primary objective is propaganda?

    1. Re:CIA: not exactly a trustworthy source by TubeSteak · · Score: 2, Insightful

      If this threat were real, they'd just keep it - and the methods used to combat it - a secret for as long as possible, which is what they usually do. What possible reason would they have to reveal it to the press unless the primary objective is propaganda? Obviously, the need for a secure U.S.A. infrastructure outweighs the CIA's desire for secrecy. If you keep it a secret, you can't really fix it now can you?

      Unless you think that somehow the Gov't will be able to get the private sector to fix the problem without any information leaks. That'd be impressive as hell.
      --
      [Fuck Beta]
      o0t!
  6. no evidence by Presto+Vivace · · Score: 3, Insightful

    Neither the Information Week article I saw, nor any other story has provided any details. It is alleged that blackouts occurred due to cyber attacks, but no specific locations are provided. What black outs? When and where? No details are given. And what is the evidence that cyber attacks were involved? We should with hold judgment until we are provided with the specifics.