U.S.-Israeli cyberattack on Iran was ‘act of force,’ NATO study found

Strike devastated nuclear program

continued from page 1

“We were not making recommendations, we did not define best practice we did not want to get into policy,” he said.

Instead, the authors had tried to write the definitive account of “how does existing law apply in cyberspace,” he said.

The threshold questions of what constitutes an act of force and what triggers international hostilities are far from merely hypothetical questions, Mr. Schmitt said.

In August 2008, Georgia and Russia went to war in the disputed border province of South Ossetia. The shooting war was accompanied by cyberattacks that knocked offline many Georgian news sites and much of the country’s government, including the foreign ministry.

Mr. Schmitt said that if a cyberattack occurs before the shooting starts, “It’s a crime.” If it occurs after the shooting begins, then the hackers behind the cyberattack effectively have joined the hostilities as combatants and can be targeted with lethal force, he said.

Some researchers in cybersecurity and international law believe that judgment, like many others in the manual, is contentious.

“That’s is why you don’t let lawyers go off on their own,” said James A. Lewis, a scholar at the Center for Strategic and International Studies.

Mr. Lewis said there has not yet been enough conflict in cyberspace to allow states to develop the norms and rules needed to interpret international law. The manual’s authors “are writing way ahead of practice,” he said.

“A cyberattack is generally not going to be an act of force,” Mr. Lewis said. “That is why Estonia did not trigger Article 5 in 2007.”

Article 5 of the NATO treaty obliges member states to come to the aid of a fellow member state that has been attacked.

In 2007, Estonia was locked in a civil and political conflict with its ethnic Russian population and with Russia over the removal of a war memorial to the Russian soldiers killed fighting Nazism in World War II. The country was beset by massive cyberattacks that crippled computer networks belonging to the government, news organizations and banks.

The attacks were traced to hackers in Russia, and most Western observers believe they were encouraged or even orchestrated by the Kremlin.

But the murky circumstances of the attacks against Georgia and Estonia illustrate an important truth that severely complicates international law when it comes to cyber, Mr. Schmitt said.

“The facts of a cyberincident are generally not well known, difficult to ascertain in detail and unclear even years in retrospect,” he said.

A central issue for international law, such as who carried out an attack, for instance, is generally regarded as extremely difficult to ascertain — the so-called attribution problem.

Story Continues →

View Entire Story

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...

Latest Stories

Latest Blog Entries

Comments
blog comments powered by Disqus
TWT Video Picks