The cyber war rulebook

War has always been a dirty business, both bloody and chaotic, but that hasn’t stopped us from imposing codes of conduct on combat. They might not mean a lot in the heat of battle or be relevant to achieving strategic objectives, but they are there for a reason.

As modern warfare and technology entwine it’s only natural that we seek to place similar rules of engagement to cyber warfare. That’s exactly what NATO’s hoping to achieve through the Tallinn Manual – its handbook on cyber war, which include rules on battlefield behaviour for future cyber wars.

Gaining international agreement on battlefield rules, such as the 1949 Geneva Convention, has always been a key means of civilising warfare over the millennia. The inception of the convention was precipitated by the horrors of 20^th century warfare. World War I and II illustrated warfare at an industrial scale and where our introduction to weapons of mass destruction, including chemical and nuclear weapons. From the deadly plumes of mustard gas that wafted across Ypres in 1915 to the atomic bombs that obliterated the Japanese cities of Hiroshima and Nagasaki in 1945, their impact on our collective consciousness led to the development of stringent rules.

Both types of weapons are now subject to international battlefield rules that ban their use.

The Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on the Destruction was ratified in November 1996 and has 184 state parties (effectively countries) today. The International Court of Justice, the United Nations highest court, issued an advisory opinion on 8 July 1996 on the Legality of the Threat or Use of Nuclear Weapons. The court found that the use or threat of use of nuclear weapons would violate international laws, including the Geneva Conventions, the Hague Conventions, the Universal Declaration of Human Rights, and the UN Charter.

A necessary extension

The Tallinn manual is a necessary extension of this process given that the nature of modern warfare has increasingly started to shift towards the digital realm. Cyber warfare is no longer a dystopian mirage. It’s real and its destructive potential cannot be underestimated.

The manual is the result of a three-year effort by an independent group of international experts from a wide range of organisations, including the International Committee of the Red Cross, who were invited to participate by the North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Centre of Excellence.

It brings together international laws regulating the conduct of armed conflict and describes how these laws would be applied to cyber war. A focus for the experts was to provide a framework for state conduct in cyberspace based upon international laws, conventions and agreements.

In 2011, the US president issued a paper titled the International Strategy for Cyberspace which stated “the development of norms for state conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete.  Long-standing international norms guiding state behaviour – in times of peace and conflict – also apply in cyberspace.” A caution was also provided in the paper with the comment “unique attributes of networked technology require additional work to clarify how these norms apply and what additional understandings might be necessary to supplement them.”

By publishing the Tallinn Manual the US and NATO have provided an insight into how international norms might apply within cyberspace, though the Tallinn Manual is not an official document and does not represent policy views of any of the nations involved in its preparation.

The cyber war rules in the Tallinn Manual were adopted unanimously by the group of international experts and provide commentary that identifies their legal basis and highlights any difference of opinion among the experts as to interpretation of the rules in the cyber context.

Humanitarian protections (prisoner rights and protection for medical computer networks and applications) and provisions for cyber war crimes, such as launching an attack from a neutral nation’s digital network, are included in the manual.

Dr Marco Roscini, Reader in International Law at the UK’s University of Westminster, was quoted by News Limited this week saying “I’m sure it [the 282 page Tallinn Manual] will be quite influential” with military lawyers across the world as they grapple with cyber war.

Should we prepare for cyber war?

Countries now have an important opportunity to prepare urgently needed cyber war policies based upon the Tallinn Manual. Small scale cyber wars have already commenced (Israel versus Hamas, US versus China) and all nations are being drawn into cyber conflicts of one form or another.

It is only a matter of time before a conflict breaks out in our backyard. Former prime minister Kevin Rudd wrote earlier this year that East Asia is “a tinderbox on water”. As conflicts escalate in our region, Australia should anticipate and prepare for increased cyber-attacks and potential cyber war that would inevitably spill over onto Australia’s network or our international connecting networks.

Australia should use its membership of the UN Security Council in 2013 to push for the international community to develop and adopt an international cyber war convention.

Mark Gregory is a senior lecturer in Electrical and Computer Engineering at RMIT University.