Is A Cyberattack An Act of War?

As warfare becomes increasingly digital, countries are facing a major problem: It’s hard to define when a cyberattack constitutes an act of war.

Avril Haines, a former deputy national security adviser during the Obama administration, said recently that while there are established norms around what counts as a physical act of war, those same metrics don’t exist for digital attacks.

“In the conventional world, we have a long history of rules that tell us when another country has used force, when what they do constitutes an armed attack, and therefore when we have a legal basis to respond to it in a kinetic way or in other ways,” she said during an onstage interview at the Cloudflare Internet Summit in San Francisco.

But digital attacks don’t have the same set of laws and norms around them, Haines said. That’s particularly important in the case of what she called asymmetric state-sponsored attacks, when one country is able to put a critical piece of digital infrastructure at risk without incurring the costs traditionally associated with such an action.

Another issue is that one country declaring a cyberattack an act of war means that it would then be bound by that same statement for similar situations in the future. In her view, the solution is to create an international framework that can help remove ambiguity around these issues.

Determining the seriousness of attacks isn’t an academic exercise. Consider the United States Justice Department’s indictment in 2014 of four Chinese army officers for hacking-related offenses. The American government has also blamed North Korea for a massive attack on Sony Pictures.

Haines said maritime law provides a ray of hope for nailing down international issues around cyberwar. Because the law of the sea has been so defined, it’s possible for international trade and sailing to take place.

In some cases, it’s possible to sidestep that issue when hacking and other campaigns accompany traditional military actions. Distributed denial of service attacks originating from Russia hit key websites in Georgia prior to and during a war between the two countries in 2008. The Russian government denied responsibility for the attacks.

Tech companies are also getting into the mix around cyberwar regulations. Microsoft chairman Brad Smith has been advocating aggressively on behalf of his company for a “digital Geneva Convention” establishing norms and protecting civilians.

VentureBeat

You Might Also Read: 

International Co-Operation: Challenges & Potential For Engaging In Cyberspace:

NATO Could Go To War In Response To A Cyber Attack:

Image: US DoD:

« Get Your Data Strategy On Board
Wikileaks Release Details Of Mass Surveillance In Russia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.