The U.N. Charter promises that members will not use the “threat or use of force against the territorial integrity or political independence of any state” (Article 2, Section 4).
Does the cyberweapons race require treaties similar to the Treaty on the Non-Proliferation of Nuclear Weapons?
In May 2009, the head of the United States Strategic Command, Gen. Kevin P. Chilton, told reporters that in the event of a cyberattack “the law of armed conflict will apply,” and warned that “I don’t think you take anything off the table” in considering a response.
The definition of cyberwar has been expanded to include government-sponsored espionage, potential terrorist attacks in cyberspace, large-scale criminal fraud, and even hacker kids attacking government networks and critical infrastructure. This definition is being pushed both by the military and by government contractors, who are gaining power and making money on cyberwar fear. Correctly define cyberwar, cyberconflict and cyberweapon has significant legal and political consequences as well as the security itself. The line between what is a cyberwar and what is not is subtle.
The Tallinn Manual states: “In order to avoid the release of dangerous forces and consequent severe losses among the civilian population, particular care must be taken during cyber-attacks against works an installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations, as well as installations located in their vicinity.”
The manual also states that so-called hacktivists who participate in online attacks during a war can be legitimate targets even though they are civilians.
Particular care doesn’t mean it should be prohibited and in context of war on terror, give hints about the direction Cyber-Treaties are taking.
The existing international legal regime governing Use of Force and the Law of Armed Conflict is insufficient; we can’t trust all state actors not to use their ever evolving cyber capabilities to cause devastating damage. Since there are already special arms and proliferation treaties for all kinds of technologies (nuclear, biological, chemical) some kind of Cyber-Treaty is only logical consequence. We might argue the effectiveness of every and all of those, but those treaties can help to prevent and/or repair injustice. International law is a framework for the practice of stable and organised international relations and should therefore be adapted to deal with emerging issues.
[…] There are, slowly, measures being implemented to counteract this, with US companies increasingly pressured to disclose any cyber attacks. The European Commission is considering proposals to force European companies to do the same. But until there is a clearer line that cuts through the fear and hype of cyber attacks and focuses on defence rather than attack, we will be hearing talk of that cyber 9/11 for a while yet.
We’re in the early years of a cyberwar arms race. It’s expensive, it’s destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat. […]
There’s a common belief within the U.S. military that cyberweapons treaties are not in our best interest: that we currently have a military advantage in cyberspace that we should not squander. That’s not true. We might have an offensive advantage—although that’s debatable—but we certainly don’t have a defensive advantage. More importantly, as a heavily networked country, we are inherently vulnerable in cyberspace.