Towards a Cyberspace Legal Regime in the Twenty-First Century

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Towards a Cyberspace Legal Regime in the Twenty-First Century

Full Citation

Charles J. Dunlap, Jr., Towards a Cyberspace Legal Regime in the Twenty-First Century: Considerations for American Cyber-Warriors, 87 Neb. L. Rev. 712 (2009).



Key Words

Casus Belli, Civilian Participation, Cyber Warfare, DDoS Attack, Information Asymmetries, Kinetic Attack, Lawfare, Laws of War, SCADA Systems


This text was presented at the Air University 2008 Cyberspace Symposium, Maxwell AFB, AL, on 16 July 2008. Before going into the detail of what should constitute a cyberspace legal regime in the twenty-first century, Major General Charles J. Dunlap, Jr makes important remarks about cyber-warfare:

  • The cyber world in all its many dimensions is embedded in virtually all national security issues.
  • Much of what transpires in the cyber realm does not resemble traditional military threats. However, current legal architecture for the law of war is built upon the concept of traditional military threats (not all laws and treaties are irrelevant; rather, it means that it takes hard work and innovative analysis to apply existing law to emerging cyber issues).
  • Appropriate commanders should be given authority to utilize non-kinetic, or cyber, responses under the same rules that govern their use of weapon systems that result in kinetic effects.
  • It may well be prudent, for many reasons, to support civilian law enforcement agencies as the first line of defense for such probes, even for cyber actions aimed at domestic military facilities.
  • The notion of the teenage hacker able to cause catastrophic damage from the computer in his bedroom is outdated. Some years ago, the authors says, there may have been a "window of opportunity" where such scenarios might have occurred, but much has happened in the interim. If terrorist groups are a threat, he thinks that only a nation-state could cause the kind of debilitating damage that would equate to defeat in war.

Moving forward with international legal instruments regarding cyberwar:

Whether consolidated in a unitary convention or strengthened in existing regimes, the scope of protections available is limited only by the imagination and the need for agreement. Possibilities offered by a number of people include:

  • Reaffirming the sanctity of communications relay systems, including those in space -- a regime begun under the Hague Convention of 1907 and elaborated upon under the International Telecommunications Union ("ITU");
  • Strengthening protections for communications systems and stations -- elements of which can be found within the ITU and the Law of the Sea Convention;
  • Reinforcing the sanctity of navigational tools such as Tactical Air Navigation ("TACAN") and the Global Positioning System ("GPS"), including systems both terrestrial and those in space--a regime supported by the Chicago Convention and International Civil Aviation Organization;
  • Reaffirming the sanctity of arms control verification tools, especially those in space -- a regime established through multiple arms control agreements;
  • Protecting supervisory control and data acquisition ("SCADA") systems that control critical infrastructure like dams, pipelines, and nuclear reactors;
  • Providing prohibitions and consequences for economic espionage;
  • Agreements to cooperate in cyber criminal investigations modeled on mutual legal assistance treaties ("MLATs") or the Cybercrime convention;
  • Creation of a tracking and logging regime to strip the anonymity of global hackers, much the way tracking materials can be embedded in high explosives to identify their origin;
  • Baseline speech restrictions -- for example rules against terrorist incitement, bomb building instructions, exchange of computer network attack programs, and so forth -- so long as such rules comply with domestic laws, such as the U.S. First Amendment.

Additional Notes and Highlights

Expertise Required: None