Is A Cyberattack An Act of War?

As warfare becomes increasingly digital, countries are facing a major problem: It’s hard to define when a cyberattack constitutes an act of war.

Avril Haines, a former deputy national security adviser during the Obama administration, said recently that while there are established norms around what counts as a physical act of war, those same metrics don’t exist for digital attacks.

“In the conventional world, we have a long history of rules that tell us when another country has used force, when what they do constitutes an armed attack, and therefore when we have a legal basis to respond to it in a kinetic way or in other ways,” she said during an onstage interview at the Cloudflare Internet Summit in San Francisco.

But digital attacks don’t have the same set of laws and norms around them, Haines said. That’s particularly important in the case of what she called asymmetric state-sponsored attacks, when one country is able to put a critical piece of digital infrastructure at risk without incurring the costs traditionally associated with such an action.

Another issue is that one country declaring a cyberattack an act of war means that it would then be bound by that same statement for similar situations in the future. In her view, the solution is to create an international framework that can help remove ambiguity around these issues.

Determining the seriousness of attacks isn’t an academic exercise. Consider the United States Justice Department’s indictment in 2014 of four Chinese army officers for hacking-related offenses. The American government has also blamed North Korea for a massive attack on Sony Pictures.

Haines said maritime law provides a ray of hope for nailing down international issues around cyberwar. Because the law of the sea has been so defined, it’s possible for international trade and sailing to take place.

In some cases, it’s possible to sidestep that issue when hacking and other campaigns accompany traditional military actions. Distributed denial of service attacks originating from Russia hit key websites in Georgia prior to and during a war between the two countries in 2008. The Russian government denied responsibility for the attacks.

Tech companies are also getting into the mix around cyberwar regulations. Microsoft chairman Brad Smith has been advocating aggressively on behalf of his company for a “digital Geneva Convention” establishing norms and protecting civilians.

VentureBeat

You Might Also Read: 

International Co-Operation: Challenges & Potential For Engaging In Cyberspace:

NATO Could Go To War In Response To A Cyber Attack:

Image: US DoD:

« Get Your Data Strategy On Board
Wikileaks Release Details Of Mass Surveillance In Russia »

Directory of Suppliers

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

Hudson Institute

Hudson Institute

The Hudson Institue is an independent policy research organization. Cybersecurity is covered within the National Security topic area.

Utimaco

Utimaco

Utimaco security modules are certified to the highest security standards, enabling them to optimally protect your data and business processes.

Dimension Data

Dimension Data

Dimension Data specialising in IT services in areas including network integration, security and data centres

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

AltheimLaw

AltheimLaw

AltheimLaw app will keep the user informed in real time on the latest developments in privacy, global data protection, ediscovery, social media and information governance matters.

BalaBit IT Security

BalaBit IT Security

BalaBit IT Security is a leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies to help protect against internal and external threats

CommonKey

CommonKey

CommonKey encrypts all your sensitive information using a strong AES symmetrical key. This key is your single point of access to all your personal and shared data.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Comodo

Comodo

Comodo provide information security products for both enterprises and consumers that secure endpoints, networks and boundaries against cyber threats using on premise and cloud-based offerings.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Transaction Network Services (TNS)

Transaction Network Services (TNS)

TNS has been delivering industry-leading solutions for the payments, financial and telecommunications industries since 1990.

CyberHat

CyberHat

CyberHat is a proactive Cyber Defense solutions company specializing in cyber defense and intelligence, with a wide range of experience from all areas of the cyber domain.

Tresys

Tresys

Tresys is a trusted partner in cybersecurity. Our solutions help our defense, intelligence, federal civilian agency and critical infrastructure customers meet ever-evolving cybersecurity threats.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including IT Consulting, Cyber Security and IT Products.