Can your country kill a hacker in a cyber war?

The frontline of a coming war? Cyber warfare raises a number of questions about  who can be defines as the enemy.
The front-line of a coming war? Cyber warfare raises a number of questions about how you define the enemy.

Wars moving from blowing stuff up to a fight for information, using the internet instead of missiles, has created a marked shift of who is on the front-line in the 21st century. It has also meant that the rules of engagement from previous centuries no longer apply. It created new questions like: can a nation kill an enemy hacker? If your country is a member of NATO, then the answer seems to be…maybe…

Recently, a group of hackers found itself in the midst of a media storm. The group in question is called PLA Unit 61398 and it was identified as being behind cyber attacks on hundreds of companies around the world The revelation came in a recent report by the American information-security company Mandiant .

In their report on PLA Unit 61398, Mandiant stipulated that the Chinese government must to some extent have known what the hackers were up to.

“The details we have analysed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese government is aware of them,” Mandiant said in the report.

“Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood,” Kevin Mandia, founder and chief executive of Mandiant, told The New York Times.

In other words: the hackers were – at least to some extent – working with the blessing of the Chinese Government. The reason could be that PLA Unit 61398’s attacks seemed to have a specific focus: information that could benefit both Chinese companies and the Chinese government.

Of course, China has denied any sort of involvement, saying it itself had been the victim of malicious cyber attacks.

And it might have been. and the attacks might even have come from somewhere deep in the US military system, which has previously been involved in cyber warfare.

As reported by Ars Technica, the US Military were, for instance, partly responsible for developing the Stuxnet virus, which targeted Iranian nuclear facilities.

Until now, the world has (luckily) yet to see a full-out cyber-war between nations, but the possibility has left military commanders throughout the world scratching their heads.

The reason is that a cyber-war is not actually fought in a physical world. It’s a new way of fighting that has given the commanders even more grey hair than the war on terror.

In conventional warfare, someone does something physical to something that’s part of your war machine; say blow up your tank, for example. This is great, because it’s definitely an act of aggression, meaning that you can, in turn, blow up something belonging to them.

You might be tempted to let this ‘something’ be your enemy’s entire country. Luckily, there is a Geneva Convention, which gives you a rough outline of how much you can blow up. It’s the idea of a proportionate response. But the convention was created at a time when enemies usually had countries.

Which is why I personally think the war on terror has given the Americans the problems/oppotunities it has. If your enemy turns out not to have a country, hell, he might not even have a tank, then what are you going to blow up? And if he hasn’t got a country, then how do you treat him?

One possibility is to do what the US did, which was basically to call in their lawyers, create a legal country called ‘Terroristland’, based on a really skewed interpretation of the Geneva convention, give anyone fighting in Iraq and Afghanistan a passport to Terroristland and then sail it straight into the Bermuda Triangle of human rights.

But at least the people in Terroristland had the common decency to blow your stuff up.

That’s not the case when it comes to the front-line soldiers of the 21st centuries potential cyber-wars, the hackers, who are more likely to be looking for information about your stuff that blows stuff up.

So how do you deal with hackers? What sort of rights do they have? Well, the Geneva conventions doesn’t really apply – hell, the convention is from a time long before Alan Turing was being prosecuted by the British Government for being homosexual (included as an example of how all governments – not just the US – have always had a knack for disregarding human rights)

The answer to this question is still in the wind, but some agencies and organisations have tried to come up with something approaching one.

NATO is one of these. As if often the case for NATO, the solution is to make a special division that deals with this sort of thing and then let them get on with writing a really long, ambiguous report. The division in question here is the Cooperative Cyber Defence Centre of Excellence (for reasons that must surely be an in joke, the acronym for this is NATO CCD COE).

The NATO CCD COE commissioned a group of experts to look at cyber-warfare, which they did in the The Tallinn Manual on the International Law Applicable to Cyber Warfare (TMILACW).

In the TMILACW, the experts offer the following answer to whether or not hackers can be seen as enemy combatants:

“A cyber operation by a State directed against cyber infrastructure located in another State may violate the latter’s sovereignty. It certainly does so if it causes damage.”

So if a cyber attack carried out by agents of country a brings down a plane belonging to country b, everything is clear – it’s definitely a military attack.

So does this merit a military response?

The TMILACW says yes, as long as the response tries to balance “[…] the level of harm inflicted and certain qualitative elements of a particular cyber operation.”

But how about attacks like those carried out by the Chinese hackers, who were after information, not bringing down planes or causing traffic lights to change colour, causing crashes?

“Acts of cyber intelligence gathering and cyber theft,” or “cyber operations that involve brief or periodic interruption of non-essential cyber services,” do not fall into this “armed attack” category.

It’s worth to note that TMILACW is in no way binding, so it’s up to the various members of NATO to decide if they’ll use its recommendation as words of gospel, or if they’ll make their own rules.

But for now, at least, it’s not likely that your country is going to be sending missiles after anyone with a laptop. Which is probably a good thing – especially when you consider how much software you find in an average missile these days.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s