Inside Cyber Warfare - Jeffrey Carr [48]
[31] Tellini case, 4 League of Nations O.J. 524 (1924).
[32] S.S. Lotus (Fr. v. Turk.) 1927 P.C.I.J. (ser. A) No. 10, at 4, 88 (Moore, J., dissenting).
[33] Corfu Channel Case (Merits), 1949 I.C.J. 4, 22 (Apr. 9).
[34] This position is supported by numerous UN General Assembly Resolutions, the European Convention on Cybercrime, and other UN documents, which all urge states to cooperate in investigating and prosecuting the criminal misuse of information technologies. See supra notes 24, 27 and accompanying text; United Nations Manual on the Prevention and Control of Computer Related Crime, 268–73 (1995).
The Choice to Use Active Defenses
Although this chapter urges states to use active defenses to protect their computer networks, states that choose to use them will find themselves confronted with difficult legal decisions as a result of the limits of technology. Technological limitations will place states in a position where a timely decision to use active defenses requires states to decide to use them with imperfect knowledge. Since forcible responses to cyber attacks must comply with both principal areas of the law of war—jus ad bellum and jus in bello—the decision to use active defenses raises several other questions of law resulting from these technical limitations. From a practical standpoint, this will affect state decision-making at the highest and lowest levels of government. State policymakers will need to account for these limitations when setting policy, whereas state system administrators will need to account for these limitations when responding to actual cyber attacks.
This section analyzes these issues. First, it addresses the technological limitations that are likely to affect state jus ad bellum analysis. Next, it moves on to jus in bello issues. Jus in bello analysis will begin with the decision to use force, analyzing why active defenses are the most appropriate forceful responses to cyber attacks. Finally, jus in bello analysis will conclude with the impact that technological limitations are likely to have on state decisions to use force. Once this is complete, it will be clear that active defenses are a viable way for states to protect themselves, despite the fact that technological limitations will complicate state decision-making.
Technological Limitations and Jus ad Bellum Analysis
While cyber attack analysis is greatly simplified by looking at whether a state of origin has violated its duty to prevent, rather than having to attribute an attack, states are still likely to find cyber attacks difficult to deal with in practice. Jus ad bellum requires states to carefully analyze a cyber attack and ensure that (1) the attack constitutes an armed attack or imminent armed attack; and (2) the attack originates from a sanctuary state. Both of these conditions must exist before a state can lawfully respond with active defenses under jus ad bellum.
Cyber attack analysis will be conducted by system administrators, whose position puts them at the forefront of computer defense. System administrators can use various computer programs to facilitate their analysis. Automated detection and warning programs can help detect intrusions, classify attacks, and flag intrusions for administrator action. Automated or administrator-operated trace programs can trace attacks back to their point of origin. These