Last March marked the publication of the Tallinn Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual), described here as a “long-awaited” document that “may be an important milestone in the development of the law of war in the cyber context.” Now, DefenseNews reports, a sequel is underway. According to project director Michael Schmitt, whereas the first Tallinn Manual focused upon cyber attacks that “are physically disruptive or injure people,” the second project will look at “the other half of the equation, i.e., what happens on a day-to-day basis.”
Here is an excerpt from the news story, including some more information from Schmitt:
“There are regular attempts to intrude into military systems,” Schmitt says. Possible scenarios include hackers trying to put malware into a country’s military command-and-control systems that could then be activated if that country gets into a conflict, or mapping air defense systems of a country so that a potential enemy could be in a position to attack it.
“At a conservative estimate, there are thousands of attacks on ministries of defense on a daily basis. Some are easily handled with anti-virus software but some are very complex. A key question is how countries should respond legally if this happens,” he says.
The idea of the project is to explain, in particular scenarios, if a country has acted illegally, under international law, against another country and if the second country has responded illegally. For example, Schmitt says that it may be legal for country X to ‘hack back’ by destroying data in country Y’s military system if country Y has destroyed similar data in country X first.
Like the original Tallinn Manual, the project will represent the opinions of a group of international law scholars and other experts and is sponsored by NATO’s Cooperative Cyber Defence Centre of Excellence.
We’ll look forward to seeing what they come up with!
Richard B. Eisenberg
Office of the General Counsel
U.S. Air Force