NATO Cyber War Manual Says Hackers Are Targets

Cyber war attacks can be a legitimate part of international conflict, but they should not hit civilian targets such as the technology behind hospitals and power stations, according to a manual on the legal status of online warfare, compiled by NATO.

The manual is the first attempt to define how international law such as the Geneva Convention applies to online warfare, and comes at a time when US and European voices are urging a cyber war strategy when faced with politically motivated cyber attacks.

It says that hackers who carry out online attacks on foreign nations can be legitimate targets in a cyber war counterstrike, and also says it is acceptable to respond with conventional force if an online attack leads to death or severe property damage.

Cyber war! What is it good for?

“No international armed conflict has been publicly characterised as having been solely precipitated in cyberspace,” the manual says, but adds the legal definition of an “armed conflict” should be extended to include situations where hostilities only take place in cyberspace, concluding that “cyber operations alone might have the potential to cross the threshold of international armed conflict.”

This has been a grey area so far. The British Government has set up cyber defence forces, and clearly has the capacity for offensive use of cyber technology, which experts argue is essential to keep the country safe, even if its legality might be questioned.

Prime Minister David Cameron and Cabinet Office Minister Francis Maude have both announced support for the the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), based in Tallinn, Estonia, which published the manual.

The manual says that any response to a cyber attack should be proportionate, and that conventional force should not be used unless the cyber attack resulted in death or significant property damage. Known as the Tallinn Manual on the International Law Applicable to Cyber Warfare, it has been published online, and was compiled by 20 international legal experts appointed by CCDCOE.

While providing a legal framework, the group is keen not to lower the bar so future cyber wars are more likely. “You can only use force when you reach the level of armed conflict,” the project leader, Professor Michael Schmitt of the US Naval War College, told the Guardian. “Everyone talks about cyberspace as though it’s the wild west. We discovered that there’s plenty of law that applies to cyberspace.”

There will still be difficulties of course – cyber attacks are notoriously difficult to pin down as an attack which appears to originate from one network may have been from somewhere else. However, launching an attack from a neutral nation’s computers in a bid to bring them into a cyberwar would be a war crime, according to the report.

How well do you know Internet security? Try our quiz!

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago