NATO Cyberwar: Establishing Rules Of Engagement

Uploaded on 2016-11-09 in NEWS-News Analysis, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Counter-measures are operations that would otherwise be unlawful but can be used if the purpose is to stop another state from violating the law. 

In a red brick building on a 19th-century Russian czarist military compound in Tallinn, Estonia, a team of cyber experts is analyzing the hacking of the Democratic National Committee and how a Western democracy can legally respond.

Inside, the building is cutting-edge high-tech. These military officers, lawyers and cyber techies are part of NATO's Cooperative Cyber Defence Centre of Excellence, carrying out research, training and exercises. One of their biggest challenges: When it comes to cyber, so far, there is no agreed-upon international law of war.

"The international community is extraordinarily interested in this," said Michael N. Schmitt, chairman of the US Naval War College's international law department. "They're struggling with questions like, when the Russians hack into the DNC database and then release it, is that a violation of international law? What doors does that open with respect to our responses?"

Three years ago, Schmitt and his team at the NATO Cyber Centre wrote the book, literally, on international law and the use of cyber in warfare, the "Tallinn Manual." Applying principles of the international law of war, they provided answers to questions like: "In war, how can you use cyber and how can you not use it? If you operate against civilians, is that prohibited?"

They're now completing the "Tallinn Manual 2.0," examining how international law applies to cyber-attacks that don't cross the line into armed conflict by one state against another or by a terrorist group that kills civilians, what's called "below the threshold" operations.

The DNC hacks and the release of emails are "below the threshold" operations and, although Russia denies it did the hacking, the US government has been extraordinarily clear in accusing Moscow, citing 17 US government agencies that have concluded Russia was behind it.

"This, in my opinion, has reached a specific threshold in the audacity and impact of the attack," said the Cyber Defence Centre's Strategy Branch Chief Matthijs Veenendaal, a Dutch citizen. "This is still very much an attack on civilian infrastructure and government infrastructures and not an armed attack."

If that's the case, did Russia violate international law? Schmitt has no doubt. "In my mind, it is crystal clear that the Russians have violated international law in this particular case." But here is where it gets less clear: Schmitt and other experts say Russia and cyber-savvy countries like China are "playing the margins."

"They're operating within the space where there is some degree of uncertainty," he explained. If Russia had destroyed America's cyber infrastructure, that would be a use of force and hence a violation. If Russia is simply engaging in low-level espionage, that's a violation of domestic US law, but probably not a violation of international law.

Schmitt, however, called the DNC hack a "prohibited intervention into the internal affairs of the United States," affairs that include running elections, and that means it is a violation of international law.

It may also be a violation of US sovereignty, he said. If Russia is simply "infiltrating" data, or stealing it but not doing anything with it, that's not a violation, but if there is proof it is using data and manipulating election results, that would be a violation.

As Schmitt sees it, the DNC hacks are not a game-changer, but a major disruption of the US economy would be. "My personal view is that would constitute moving over the threshold and allow us to take off the gloves."

"But," he added, "that view is not universally held."

Vice President Joe Biden has indicated the US will retaliate against the hack of the DNC and other Democratic Party entities, warning that the administration will be "sending a message" to Russian President Vladimir Putin. Putin, he said, "will know it, and it will be at the time of our choosing, and under the circumstances that have the greatest impact."

But under international law, does President Barack Obama have the legal right to retaliate? Schmitt of the Naval War College maintains that Obama "unambiguously" does have the right to respond, but Schmitt would not use the term "retaliate."

"In international law, we don't do tit for tat," he said. "What we may do is engage in what is called, and this is a legal term, 'counter measures.' "

Counter-measures are operations that would otherwise be unlawful but can be used if the purpose is to stop another state from violating the law. So the US could hack back against the Russians? The answer is yes, Schmitt said, as long as Washington reasonably believes Moscow is going to continue to hack it.

Counter-measures don't have to be cyber-related. The US, for example, could prevent Russian ships from transiting its territorial waters until Russia stops its cyber breaches. The response, however, must be "proportionate." Shutting down a Russian electric grid would only be permissible if it didn't cause more harm to Russia than its hacking caused the US, a tricky thing to measure.

As the US considers itself a law-abiding country, it most often tries to follow accepted international law of war principles. It could, however, ignore those internationally accepted principles or interpret them in its favor. "I know some in America have called for that (retaliation), and I can see where the urge comes from, because you want Russia to stop it," said the Cyber Defence Centre's Veenendaal, but going on a path of escalation with the Russians is a "recipe for disaster."

"Responding to an escalation with your own escalation will lead to further escalation, which -- in cyber space -- is extremely hard to contain and monitor, especially for Western democracies," he warned.

The cyber world presents unique challenges, like the ability for actors to maintain "plausible deniability," which makes it devilishly hard to define who is behind an attack.

"You can always just plausibly state that this was just a 19-year-old hacker working in someone's basement in Belarus," said Kadri Kaska, an Estonian researcher at the NATO center.

Pointing the finger at the perpetrators, "attribution", also is not that simple. If an intelligence agency says it knows who did it, it could be challenged to reveal sources and methods of how it collects intelligence data.

"Probably in the US National Security Agency there are a lot of discussions ongoing, like, 'How far should we go in publicly attributing these attacks to these guys in St. Petersburg? We know who their girlfriends are, we know who they talk to. We're deep in their systems, we're deep in any Russian system you can think of. And we want to stay there,' " according to Veenendaal.

The US has responded to hacks by China by "naming and shaming" specific officials in the Chinese military whom it holds responsible for attacks, then entering discussions with Beijing to deter further economic espionage. "But against the Russians," he said, "no, we haven't been effective."

Veenendaal and other cyber experts say the Chinese, in an effort not to jeopardize their economic relations with the US, have quietly pulled back some of their hacking. With Russia, however, there is little economic incentive.

In July, NATO included cyber as a domain of its military operations, along with land, sea, air and space. That means if there is an armed attack through cyberspace, NATO members can call on their allies for collective defense.

But intrusions, like the DNC hacks, that fall short of armed attacks still lie in a gray zone, exploited by nations clever enough not to cross the line that would trigger an armed response. They are the cyber equivalent of the "little green men" that Russia used in Crimea: Russian armed forces without insignia whose existence Putin, at first, denied.

The West, so far, has no common strategy to deter "little green hackers." The DNC hacks may be their first major operation against the US, but they almost surely won't be their last.

Ein News:              Russian General Brags About Cyberwar Successes:     NATO Tools Up For Cybewar:

 

« Fears Of Hacked US Election Ebb Away
Smartphone Attachment Can Detect Cancer »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.