cyber attack, cyberwar, cyber strategists, national security, law of armed conflict, LOAC, WikiLeaks
The proliferation of martial rhetoric in connection with the release of thousands of pages of sensitive government documents by the WikiLeaks organization underlines how easily words that have legal meanings can be indiscriminately applied to cyber events in ways that can confuse decision makers and strategists alike. The WikiLeaks phenomenon is but the latest in a series of recent cyber-related incidents––ranging from cyber crises in Estonia and Georgia to reports of the Stuxnet cyberworm allegedly infecting Iranian computers––that have contributed to a growing perception that “cyberwar” is inevitable, if not already underway. All of this generates a range of legal questions, with popular wisdom being that the law is inadequate or lacking entirely. Lt Gen Keith B. Alexander, the first commander of US Cyber Command, told Congress at his April 2010 confirmation hearings that there was a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.” Likewise, Jeffrey Addicott, a highly respected cyber-law authority, asserts that “international laws associated with the use of force are woefully inadequate in terms of addressing the threat of cyberwarfare.” This article takes a somewhat different tact concerning the ability of the law of armed conflict (LOAC) to address cyber issues. Specifically, it argues that while there is certainly room for improvement in some areas, the basic tenets of LOAC are sufficient to address the most important issues of cyberwar. Among other things, this article contends that very often the real difficulty with respect to the law and cyberwar is not any lack of “law,” per se, but rather in the complexities that arise in determining the necessary facts which must be applied to the law to render legal judgments.
Charles J. Dunlap Jr., Perspectives for Cyber Strategists on Law for Cyberwar, 5 Strategic Studies Quarterly 81-99 (2011).