Feeds

Dear gov cyber-ninjas, try NOT to KILL PEOPLE. Love from the lawyers

Stick nuke plants and hospitals on no-go list too - war manual

5 things you didn’t know about cloud backup

A NATO-backed manual that attempts to pull together all the bits of international law regarding the "hostile use" of the internet has prohibited attacks against civilian targets.

According to the legal experts who helped draw up the manual, attacks in cyberspace should avoid anything that might affect civilian targets such as hospitals, dams and nuclear power plants.

The manual was compiled by an independent group of legal scholars, lawyers, academics and technical experts who gathered up all the existing relevant norms in existing international law as a guide for legal advisers to military and state bodies, law students, academics and law firms, although the manual itself is not an official document and does not reflect NATO doctrine or policy. Nevertheless, it's expected to be widely read in government circles, as NATO's CCDoE said at the time of the launch.

A draft copy of the Tallinn Manual on the International Law Applicable to Cyber Warfare came out last September but the issue has hit the news again as result of security conferences in London late last week and Washington, DC on 28 March that featured panel discussions on the weighty tome, which runs to 215 pages.

The manual looks at laws pertaining to armed conflict and the use of force and how they could be extended to regulate conflicts between nation states that have spilled over onto the internet. Technical experts advised on the three-year process of putting together the mega-guide, which featured observers from the International Committee of the Red Cross, United States Cyber Command and NATO’s Allied Command.

The project was backed by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, but the compilers and experts worked in their personal capacity.

The prospective users of the Tallinn Manual are government legal advisers to Ministries of Defence, Foreign Affairs, Interior and Justice; legal advisers to military forces and intelligence agencies; academics and graduate students in law, government and security studies; general counsel for defence industry; think tanks; consultancies; and law firms. The Tallinn Manual is designed to be accessible to lawyers with basic knowledge of international law.

The draft manual can be viewed at the CCDoE website here At the time of publication, it was unavailable for viewing.

When two crews go to war...

The manual covers 95 "rules". Among those that caught our eye were a discussion on attribution (rule 7) that "the mere fact that an operation has been launched or otherwise originates from a government cyber infrastructure is not sufficient evidence for attributing the operation to that state but is an indication that the state in question is associated with that operation".

Another interesting discussion on self-defence in the face of hacker attack (rule 9), posits that: "A state injured by an internationally wrongful act may resort to proportionate countermeasures, including cyber-countermeasures, against the responsible state". Rule 13, meanwhile, says: "A state that is the target of a cyber operation that rises to the level of an armed attack may exercise its inherent right of self-defence. Whether a cyber operation constitutes an armed attack depends on its scale and effects."

The legal experts were split over whether an attack that crashed the New York Stock Exchange, for example, justified a response that could be legally defended as self-defence.

But they did agree on rule 14, that any response ought to be "necessary and proportionate". So, "you hacked us, we'll bomb you", isn't going to wash with international legal experts who want to restrict reprisals to acts of self-defence or actions authorised by the UN Security Council. However the right of self-defence may be exercised collectively, as per the coalition forced to expel Saddam Hussein's Iraqi troops from Kuwait in 1991, for example.

The experts went on to say that the law on armed conflict didn't apply to highly publicised DDoS attacks on Estonia in 2007 but did apply to cyber skirmishes that occurred between Georgia and Russia a year later because these occurred during the course of a ground war (a bullet-and-bombs armed conflict).

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.