Armed Conflict Cybersecurity & Tech

Deeks on the Geography of Cyber Conflict

Matthew Waxman
Monday, March 18, 2013, 7:58 PM
Our colleague Ashley Deeks has just published "The Geography of Cyber Conflict: Through a Glass Darkly," as part of the Naval War College's volume of International Law Studies on the geography of war. The U.S. government has said it deems jus ad bellum and jus in bello rules as applicable in cyber, and Harold Koh's 2012 speech at U.S. Cybercommand started to unpack how it might apply those rules to cyber situations.  That remains the most detailed U.S.

Published by The Lawfare Institute
in Cooperation With
Brookings

Our colleague Ashley Deeks has just published "The Geography of Cyber Conflict: Through a Glass Darkly," as part of the Naval War College's volume of International Law Studies on the geography of war. The U.S. government has said it deems jus ad bellum and jus in bello rules as applicable in cyber, and Harold Koh's 2012 speech at U.S. Cybercommand started to unpack how it might apply those rules to cyber situations.  That remains the most detailed U.S. government articulation on this issue, but it still just scratches the surface of some very difficult questions. One significant U.S. government claim in the non-cyber context has been that it can use force in another state's territory against a lawful target where that state is unwilling or unable to suppress the threat itself, and Ashley's article on that "unwilling or unable" standard is must-reading in the field.  In this piece, Ashley notes that the U.S. government presumably would apply this same test in the cyber context, but it has said nothing publicly about how it would do so.  Ashley explores what it might look like to apply the unwilling/unable test in the face of several different types of cyber activity, such as if a state or non-state armed group launched a cyber "armed attack" against the United States via a third state's territory, or if a state or non-state actors in an armed conflict with the United States launched attacks from a third state. Ashley makes an interesting argument that applying the unwilling/unable test in the cyber context highlights the importance of a victim state's relationship with the "territorial" state, which affects the victim state's willingness to reveal information about attacks and the territorial state's willingness to reveal its own technological capabilities. I think she's right that often-discussed features of cyberspace -- anonymity, difficulty in attribution, geographic disinhibitions, and speed of actions -- make this an important set of issues to consider, especially if the United States truly is committed to analogizing existing rules to the cyber context.

Matthew Waxman is a law professor at Columbia Law School, where he chairs the National Security Law Program. He also previously co-chaired the Cybersecurity Center at Columbia University's Data Science Institute, and he is Adjunct Senior Fellow for Law and Foreign Policy at the Council on Foreign Relations. He previously served in senior policy positions at the State Department, Defense Department, and National Security Council. After graduating from Yale Law School, he clerked for Judge Joel M. Flaum of the U.S. Court of Appeals and Supreme Court Justice David H. Souter.

Subscribe to Lawfare