Is cyberwar lawful?

The answer is probably not -- at least an unprovoked attack -- based on extensive new legal research appearing in an upcoming issue of the British journal INFO.

The research describes a 150-year-old series of Geneva Conventions relating to cyberwar. However, a precise answer to the question is impossible because no one has actually defined the term "cyberwar" and reaching broad agreement on a definition seems problematic at best.

Quiz: Separate cyber security fact from fiction

Both "cyber" and "war" have remained elusive abstractions over many years. In addition, once attacked, all nations typically assert a right to proportional responsive measures, and during war, all means of attack are usually employed.

The topic of cyberwar is much discussed worldwide. What is not well known, however, is that two key provisions were added in the 1990s to an international treaty signed and ratified by almost every country that constrain the conditions under which a nation could adversely affect the networks, services and equipment in another nation.

The provisions were added after major cyber security incidents and obligate every nation:

1) Not to cause "technical harm … to the operation of … telecommunication services of other … States."

2) "Recognize the necessity of taking practical measures to prevent … disrupting the operation of telecommunication installations within the jurisdiction of other Member States."

The term "telecommunication" here includes essentially every kind of service, signal or communicated intelligence via any medium. There is so little wiggle room here that a "defensive measures" clause may emerge the next time this treaty is reviewed.

From the first time the states agreed to interconnect their networks in 1850 or enable worldwide wireless in 1906, the potential for information and communication technology (ICT) cyber incidents and adverse actions during conflicts were on the table. Many decades of experience refined relevant treaty provisions -- which were further enhanced more than a decade ago following early Internet incidents.

In addition to obligations concerning other countries, all states recognize a broad "stoppage" right to cut off any communications within their jurisdiction that "may appear dangerous to the security of the State or contrary to its laws, to public order or to decency."

The next steps to pave the way for implementing these "ICT security" provisions now appear to be moving forward under a U.N. Experts Group agreement reached by 15 of the world’s major powers on July 15.

While no one may be able to define "cyberwar," it appears that nations want to avoid any approximation by cooperating to diminish threats, risks and vulnerabilities through a broad array of different forums and means.

So it appears that cyberspace is emulating the real world, and countries are finding common ground in taking steps to implement existing treaty provisions and avoiding the escalation of cyber conflict even if they cannot define cyberwar.

Rutkowski is a well-known expert in international telecommunication law. He currently serves as the international cybersecurity rapporteur in the Geneva-based ITU-T and is a senior fellow in the Georgia Tech's Sam Nunn School.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies