Feeds

Dear gov cyber-ninjas, try NOT to KILL PEOPLE. Love from the lawyers

Stick nuke plants and hospitals on no-go list too - war manual

5 things you didn’t know about cloud backup

A NATO-backed manual that attempts to pull together all the bits of international law regarding the "hostile use" of the internet has prohibited attacks against civilian targets.

According to the legal experts who helped draw up the manual, attacks in cyberspace should avoid anything that might affect civilian targets such as hospitals, dams and nuclear power plants.

The manual was compiled by an independent group of legal scholars, lawyers, academics and technical experts who gathered up all the existing relevant norms in existing international law as a guide for legal advisers to military and state bodies, law students, academics and law firms, although the manual itself is not an official document and does not reflect NATO doctrine or policy. Nevertheless, it's expected to be widely read in government circles, as NATO's CCDoE said at the time of the launch.

A draft copy of the Tallinn Manual on the International Law Applicable to Cyber Warfare came out last September but the issue has hit the news again as result of security conferences in London late last week and Washington, DC on 28 March that featured panel discussions on the weighty tome, which runs to 215 pages.

The manual looks at laws pertaining to armed conflict and the use of force and how they could be extended to regulate conflicts between nation states that have spilled over onto the internet. Technical experts advised on the three-year process of putting together the mega-guide, which featured observers from the International Committee of the Red Cross, United States Cyber Command and NATO’s Allied Command.

The project was backed by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, but the compilers and experts worked in their personal capacity.

The prospective users of the Tallinn Manual are government legal advisers to Ministries of Defence, Foreign Affairs, Interior and Justice; legal advisers to military forces and intelligence agencies; academics and graduate students in law, government and security studies; general counsel for defence industry; think tanks; consultancies; and law firms. The Tallinn Manual is designed to be accessible to lawyers with basic knowledge of international law.

The draft manual can be viewed at the CCDoE website here At the time of publication, it was unavailable for viewing.

When two crews go to war...

The manual covers 95 "rules". Among those that caught our eye were a discussion on attribution (rule 7) that "the mere fact that an operation has been launched or otherwise originates from a government cyber infrastructure is not sufficient evidence for attributing the operation to that state but is an indication that the state in question is associated with that operation".

Another interesting discussion on self-defence in the face of hacker attack (rule 9), posits that: "A state injured by an internationally wrongful act may resort to proportionate countermeasures, including cyber-countermeasures, against the responsible state". Rule 13, meanwhile, says: "A state that is the target of a cyber operation that rises to the level of an armed attack may exercise its inherent right of self-defence. Whether a cyber operation constitutes an armed attack depends on its scale and effects."

The legal experts were split over whether an attack that crashed the New York Stock Exchange, for example, justified a response that could be legally defended as self-defence.

But they did agree on rule 14, that any response ought to be "necessary and proportionate". So, "you hacked us, we'll bomb you", isn't going to wash with international legal experts who want to restrict reprisals to acts of self-defence or actions authorised by the UN Security Council. However the right of self-defence may be exercised collectively, as per the coalition forced to expel Saddam Hussein's Iraqi troops from Kuwait in 1991, for example.

The experts went on to say that the law on armed conflict didn't apply to highly publicised DDoS attacks on Estonia in 2007 but did apply to cyber skirmishes that occurred between Georgia and Russia a year later because these occurred during the course of a ground war (a bullet-and-bombs armed conflict).

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?