Cyberwar is a popular topic in national security circles of late. While there has been considerable discussion about whether the U.S. has been subject to cyber attacks in violation of the laws of war, much of the discussion has centered on technical questions related to the nature of various attacks, big and small, with little attention given to the terms being bandied about. In the common parlance, cyber war has been applied to espionage, theft, extortion as well as physical attacks resulting in real world damage. But is any of this really warfare within the definition of international law?
I recently wrote a paper entitled Stuxnet as Cyberwarfare: Distinction and Proportionality on the Cyber Battlefield, where I attempt to address a number of legal issues related to the recent attack known as Stuxnet, looking at the nature of the attack and whether it adhered to the law of war principles of distinction and proportionality. Focusing on whether the Stuxnet attack constituted a form of cyber warfare, I then looked at whether the attack adhered to these important legal principles.
While a number of legal scholars have written extensively on the subject of cyber war, until the discovery of Stuxnet, there was considerable disagreement as to whether a cyber war had ever occurred. While I believe that the Stuxnet event was in fact an attack within the meaning of international humanitarian law (IHL), I think that the attack on the Natanz nuclear facility by unknown aggressors raises as many questions as it answers, including questions of attribution and whether a proportional response by the victim state (in this case, Iran), would have been legitimate within the framework of the U.N. charter.
That said, I am attaching a copy of this paper for readers interested in my analysis of the subject.
Stuxnet as Cyberwarfare – Distinction and Proportionality on the Cyber Battelfield by John Richardson is licensed under a Creative Commons Attribution 3.0 Unported License.