Handbook is first attempt to codify how international law applies to state-sponsored online attacks
With the support of NATO, legal experts have released a manual as a first broad attempt to codify how international law applies to state-sponsored hacking. The handbook, authored by legal experts working in conjunction with the International Committee of the Red Cross and the U.S. Cyber Command, details what is or is not a legitimate target in cyberwarfare.
It states not only that full-scale conventional wars may be triggered by cyberattacks, but that civilian “hacktivists” can be targeted with conventional weapons if their cyberattacks seriously damage property or cause deaths. The handbook, titled “The Tallinn manual,” is primarily advisory and is not an official NATO document; the rules of cyberwarfare remain hotly debated. As the HuffPo U.K. pointed out, experts were divided on exactly when a civilian hacker might be a target. The manual explicitly notes that consensus has not been reached on this issue:
Consider the example of an individual hacktivist who has, over the course of one month, conducted seven cyber attacks against the enemy’s command and control system. By the first view the hacktivist was only targetable while conducting each attack. By the second he was targetable for the entire month. Moreover in the absence of a clear indication that the hacktivist was no longer engaging in such attacks, he or she would have remained targetable beyond that period.
As the Guardian noted, the manual follows the Geneva conventions in outlawing certain civilians sites as cyberattack targets. Rule 80 of the handbook states: “In order to avoid the release of dangerous forces and consequent severe losses among the civilian population, particular care must be taken during cyber-attacks against works an installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations, as well as installations located in their vicinity.” Hospitals and medical units are also protected.
Although recent years have seen major incidents such as the Stuxnet virus, which targeted alleged Iranian nuclear enrichment facilities and was believed to have come from the U.S. or Israel, the manual states that, “To date, no international armed conflict has been publicly characterized as having been solely precipitated in cyberspace.”
Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email firstname.lastname@example.org. More Natasha Lennard.
More Related Stories
- Teenagers care more about online privacy than you think
- The Maker kids are alright
- Radio host tweets rape joke, blames journalists for reporting on it
- Cyber attacks could cause the next world war
- Snapchat is secretly storing your photos
- Apple's biggest sin: Popularity
- Facebook's hate speech problem
- Amazon set to launch fine-art gallery
- Twitter torches Dan Brown's "Inferno"
- Looting in Oklahoma?
- Wikipedia cleans up its mess
- You are less beautiful than you think
- Should wunderkinds be allowed to drop out of high school?
- Don't cry climate-change wolf
- Apple uses foreign companies to avoid billions in taxes
- Gitmo hunger striker launches Twitter campaign
- How to screw up Tumblr
- Yahoo shells out $1.1 billion for Tumblr
- Chinese hackers resume attacks against U.S.
- Must-see morning clip: Facial recognition software identifies "faceprints"
- Facebook "like" on trial in Virginia
Featured Slide Shows
The week in 10 picsclose X
- 1 of 11
Credit: AP/LM Otero
Credit: AP/Matt Rourke
Credit: AP/Jenny Aicher
Credit: AP/Molly Riley
Credit: AP/J. Scott Applewhite
Credit: AP/Carolyn Kaster
Credit: AP/Las Vegas Review-Journal/Jeff Scheid
Credit: AP/NASA/Chris Hadfield
Credit: AP/Jacquelyn Martin
Credit: AP/The Duluth News-Tribune/Clint Austin
Recent Slide Shows
- 1 of 11