NATO Cyberwar Book Doesn't Preclude Death Strikes on Hacktivists in Some Cases
March 21, 2013 2:00 PM
If hacktivists cause death, they may be liable for physical counterattacks
The North Atlantic Treaty Organization
Cooperative Cyber Defence Centre of Excellence
[PDF] a guideline of rules on how to respond to cyberaggression against the government. Among the intriguing possibilities of the guide --
Tallinn Manual on the International Law Applicable to Cyber Warfare
-- is that it suggests that the U.S. and its European allies respond to cyberaggression from domestic hackers, with counterattacks.
I. NATO Cyberwar Manual Deals With Tough Issue of Civilian Attackers
The manual was written over the course of three years by a team of 20 international warfare experts and drew from a variety of historic non-digital warfare conduct guidelines, including the 1868 St. Petersburg Declaration and the 1949 Geneva Convention.
It suggests that
"hacktivists" can be considered digital terrorists
, and can be countered with digital force -- or in extreme cases (such as attacks on hospitals or nuclear plants) -- even physical force.
Cyberwar is upon us. [Image Source: Interplay (cover art for
The rulebook was unveiled at the think-tank
in London, UK. It contains 95 "black letter rules", spread over 302 pages of text. Colonel Kirby Abbott (Canada, NATO) remarked, "[This document] is the most important document in the law of cyber-warfare. It will be highly useful."
Rule 22 is among the most important provisions, as it echoes
previous cyberwarfare guidelines from the Pentagon
, in stating that cyber-attacks alone can be considered acts of war. States the manual:
An international armed conflict exists whenever there are hostilities, which may include or be limited to cyber operations occurring between two states or more.
To date, no international armed conflict has been publicly characterised as having been solely precipitated in cyberspace. Nevertheless, the international group of experts unanimously concluded that cyber operations alone might have the potential to cross the threshold of international armed conflict.
NATO has agreed to a series of cyberwarfare guidelines.
Starting with Rule 14, the concept of proportionality is often mentioned in the document. The document suggests that counterattacks on civilians are arguably allowable, although general attacks on civilian "objects" (data) are generally forbidden. The proportionality rule suggests that if hacktivist attacks cause death or serious harm,
a physical response (e.g. a drone deaths strike) may be acceptable
II. Counterattacks on
The rules raise a number of interesting scenarios.
In recent years
and other "hacktivist" groups have oft
defaced the U.S. government webpages
scooped sensitive government database data
via exploits, hit government domains with
distributed denial of service attacks
, infiltrated systems, and conducted
similar attacks on government contractors
The glossary of the manual defines a "hacktivist" as:
A private citizen ho on his or her own initiative engages in hacking for, inter alia, ideological, political, religious or patriotic reasons.
Rule 35, in particular defines rules related to attacks by civilians. Its third and seventh subsections read:
An act of direct participation in hostilities by civilians renders them liable to be attacked, by cyber or other lawful means.
An act of direct participation in hostilities by civilians renders them liable to be attacked, by cyber or other lawful means... An act of direct participation in hostilities by civilians renders them liable to be attacked, by cyber or other lawful means.
In other words, the NATO members agreed that civilians open themselves up to counterattacks if they attack NATO member-state governments. However, not all members agreed that this opens up those citizens for attacks in the long-term after the immediate threat passed.
Anonymous's members may face dire consequences if their attacks go too far.
[Image Source: Jason Mick/DailyTech]
As none of these attacks caused "significant" infrastructure damage or resulted in death, it seems that the government -- under the new rules -- would only be able to use digital counterattacks. However, the government could potentially use the rules as a justification to try to take out social media tools -- YouTube channels or Twitter accounts, for example -- of
If future attacks resulted in death (say an attack on a utility leading to a power outage that killed patients), the responsible civilians could face physical attacks -- potentially even the kind of
drone death strikes
that President Obama's administration has pushed to
make legal for use on U.S. citizens on U.S. soil
III. U.S. May be Allowed to Counter-Cyber-Attack China
Then there's the
issue of China
, which the U.S. government has increasingly accused of sweeping
government-endorsed hacking and intellectual property theft
. President Obama recently threatened economic "consequences" if the hacking continues.
China claims the U.S. is the real cyberaggressor. [Image Source: Asia Society]
Rule Seven states:
[If an attack originates from a government network] it is not sufficient evidence for attributing the operation to that state but is an indication that the state in question is associated with the operation.
This could be significant, as some attacks have reportedly been
traced back to Chinese military networks
The new guidelines make it clear that the
U.S. Department of Defense
(USCYBERCOM) could also respond (legally) with counterattacks, as the guidelines state that cyberattacks on hostile foreign governments are valid if carried out in "self-defense".
IV. Was Stuxnet Legal?
Lastly, the guidelines revive questions about the legality of the U.S. and Israel's
"preemptive strike" on Iran's nuclear capabilities
with Stuxnet. If the Pentagon's rules, and now NATO's rules call cyberattacks an act of war, the question is whether President George W. Bush (R) and President Barack Obama were within the law in
ordering the Stuxnet operation
Stuxnet mapped Iranian networks and damaged nuclear centrifuges. President Bush and President Obama authorized these attacks. [Image Source: CBS]
Article 1, Section 8 of the U.S. Constitution
e foundation of the U.S. government, clearly grants Congress the power:
[Image Source: EL Civics]
The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and
provide for the common Defence
and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;
To raise and support armies
, but no appropriation of money to that use shall be for a longer term than two years;
Hence traditionally the President was required to receive Congressional permission to go to war.
The new document is simply a suggested guideline for NATO members, but is not consider rule of law. It has no power to enforce its provisions, although member states are encouraged to do so. It should be noted that the document is rather ambiguous in its language at times, and at others makes it clear that the participating member states did not agree on a number of issues.
NATO [as e-book]
"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner
Obama's AG Won't Rule Out Drone Death Strikes on U.S. Soil
March 6, 2013, 12:34 PM
Anonymous Hacks State Department, Hacks Bank, Defaces "Federal Agents" Page
February 22, 2013, 1:22 PM
White House Threatens Action Against China Over Corporate Espionage
February 21, 2013, 1:33 PM
"Secret" Chinese Military Unit May Be Behind Series of Hacks on U.S. Since 2006
February 19, 2013, 11:41 AM
FBI Opens Fresh Criminal Investigation Into Anonymous Following Hack
February 8, 2013, 11:42 AM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
Samsung Galaxy S8, Rumored Launch Date!
March 18, 2017, 6:45 AM
Lenovo MIIX 510 – Excellent 2-In-One Tablet with Unique Watchband Hinge
March 17, 2017, 7:50 AM
Gigabyte GA-Z170X-Gaming G1 – Intel Thunderbolt 3 Certified Motherboard
March 9, 2017, 6:25 AM
Lenovo ThinkPad T460 - Ultra-Thin and Feather-light
March 3, 2017, 6:00 AM
Nokia has ditched this camera technology in its new smartphones
March 7, 2017, 8:45 AM
Latest Blog Posts
Are you thinking of performance and speed? Intel claims:
Mar 25, 2017, 7:45 AM
Apple buys an automation app called Workflow. The deal was completed today and brings the app along with its developers.
Mar 23, 2017, 7:35 AM
Apple Announces new color for iPhones and iPads
Mar 22, 2017, 7:45 AM
Instagram: You Can Now Save Live Videos For Later
Mar 21, 2017, 7:49 AM
Samsung Galaxy S8 to Get New Color Scheme
Mar 20, 2017, 7:45 AM
What else to worry about?
Mar 17, 2017, 6:45 AM
Icon of the Day: Intel/ NVIDIA or Mobileye
Mar 16, 2017, 6:15 AM
JUST IN - Twitter Hijacked : High-Profile Account Accesses
Mar 15, 2017, 7:07 AM
Mar 14, 2017, 7:30 AM
News and Tips
Mar 13, 2017, 6:30 AM
iPhone 8 – May Not Get Curved Screen
Mar 11, 2017, 8:00 AM
California paves way to self-driving car tests without humans
Mar 11, 2017, 7:18 AM
Smart Machines V hackers
Mar 10, 2017, 7:00 AM
Uber Can Resume Autonomous Car Testing in California
Mar 9, 2017, 6:50 AM
Mar 8, 2017, 7:09 AM
Mar 7, 2017, 8:45 AM
World news 3-6
Mar 6, 2017, 5:40 AM
Mar 4, 2017, 7:40 AM
Mixed News of the Day
Mar 4, 2017, 6:32 AM
Jaguar Land Rover invests in ride-sharing
Mar 3, 2017, 7:00 AM
Mixed News of The World:
Mar 2, 2017, 7:02 AM
World New 3-1
Mar 1, 2017, 6:30 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information