Inside Cyber Warfare - Jeffrey Carr [51]
Active defenses are the most appropriate type of force to use against cyber attacks in light of the principles of jus in bello. First, in terms of military necessity, active defenses probably represent all the force needed to accomplish the mission of defending against a cyber attack. Active defenses can trace an attack back to its source and immediately disrupt it, whereas kinetic weapons will be slower and less effective than the lightning speed of a hack-back. Therefore, employing kinetic weapons over active defenses will not only be less effective, but will also violate the principle of necessity by employing force purely for destruction’s sake. Second, in terms of proportionality, active defenses are less likely to cause disproportionate collateral damage than kinetic weapons. The traceback capabilities of active defenses allow them to target only the source of a cyber attack. Although collateral damage may still result because the originating computer system may serve multiple functions, unless an attacker uses critical information systems to conduct the attack, damage should be fairly limited from the use of active defenses.
Furthermore, since the majority of cyber attacks are conducted by nonstate actors, it seems unlikely that many attacks will be launched from the computers that serve as components of a state’s critical infrastructure. Thus, active defenses provide states a way to surgically strike at their attacker with minimal risks of severe collateral damage to the host-state, thereby meeting the proportional requirement to select the weapon least likely to cause excessive collateral damage or incidental injury.
Finally, while not stemming from jus in bello, choosing active defenses versus kinetic weapons should reduce the chance of escalating these situations into full-scale armed conflicts between states.
Technological limitations and jus in bello analysis
Unfortunately, despite the increased security that active defenses provide, using them is not without legal risk. Technological limitations may prevent states from conducting the surgical strikes envisioned with active defenses. The more an attacker routes his attack through intermediary systems, the more difficult it is to trace.
Furthermore, complex traces take time, which is not always available during a moment of crisis. Adding to these difficulties, trace programs often have problems pinpointing the source of an attack once an attacker terminates his electronic connection. Sometimes these difficulties will simply result in a failure to identify the source of an attack; other times it may result in the incorrect identification of an intermediary system as the source of an attack. Even when the source of an attack is correctly identified, the victim-state’s system administrator must map out the attacking computer system to distinguish its functions and the likely consequences that will result from shutting it down. However, system mapping takes time, often more time than a state has to make an informed decision. Sometimes an administrator will be able to map a system quickly, allowing states to make informed decisions about likely collateral damage. But other times a state will be forced to predict the likely consequences of using active defenses without having fully mapped a system. As a result, any state that employs active defenses runs the risk of accidentally targeting innocent systems and causing unintended, excessive collateral damage.
To ensure the lawful use of active defenses in accordance with the principles of distinction and proportionality, states must try to mitigate these risks. In the realm of active defenses, this means doing everything feasible to identify (1) the computer system that launched the initial attack and (2) the probable collateral damage that will result from using active defenses