Is A Cyberattack An Act of War?

As warfare becomes increasingly digital, countries are facing a major problem: It’s hard to define when a cyberattack constitutes an act of war.

Avril Haines, a former deputy national security adviser during the Obama administration, said recently that while there are established norms around what counts as a physical act of war, those same metrics don’t exist for digital attacks.

“In the conventional world, we have a long history of rules that tell us when another country has used force, when what they do constitutes an armed attack, and therefore when we have a legal basis to respond to it in a kinetic way or in other ways,” she said during an onstage interview at the Cloudflare Internet Summit in San Francisco.

But digital attacks don’t have the same set of laws and norms around them, Haines said. That’s particularly important in the case of what she called asymmetric state-sponsored attacks, when one country is able to put a critical piece of digital infrastructure at risk without incurring the costs traditionally associated with such an action.

Another issue is that one country declaring a cyberattack an act of war means that it would then be bound by that same statement for similar situations in the future. In her view, the solution is to create an international framework that can help remove ambiguity around these issues.

Determining the seriousness of attacks isn’t an academic exercise. Consider the United States Justice Department’s indictment in 2014 of four Chinese army officers for hacking-related offenses. The American government has also blamed North Korea for a massive attack on Sony Pictures.

Haines said maritime law provides a ray of hope for nailing down international issues around cyberwar. Because the law of the sea has been so defined, it’s possible for international trade and sailing to take place.

In some cases, it’s possible to sidestep that issue when hacking and other campaigns accompany traditional military actions. Distributed denial of service attacks originating from Russia hit key websites in Georgia prior to and during a war between the two countries in 2008. The Russian government denied responsibility for the attacks.

Tech companies are also getting into the mix around cyberwar regulations. Microsoft chairman Brad Smith has been advocating aggressively on behalf of his company for a “digital Geneva Convention” establishing norms and protecting civilians.

VentureBeat

You Might Also Read: 

International Co-Operation: Challenges & Potential For Engaging In Cyberspace:

NATO Could Go To War In Response To A Cyber Attack:

Image: US DoD:

« Get Your Data Strategy On Board
Wikileaks Release Details Of Mass Surveillance In Russia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

Zamna

Zamna

Zamna (formerly VChain Technology) is an award-winning software company building GDPR compliant identity platforms for the aviation industry.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.