This page contains a Flash digital edition of a book.
Cyberattacks, the Laws of War, and the Crime of Aggression

by Kevin Miller

nity. How is a “cyber-weapon” classified when it has no physical manifestation other than incon- venience? How is data loss quantified? When a nation uses a computer virus to attack another na- tion’s infrastructure, is the attacker breaking any laws? Is the victim state justified in responding in self-defense? Assuming a nation has the right to counterattack, how do plan- ners evaluate the proportionality of their response, especially if the counterattack includes tra- ditional munitions? International law is far from settled in this area. This article will examine both the traditional laws of war and the newly- drafted ICC crime of aggression in the context of state-sponsored cyberattacks.


On June 17, 2010, a Belarusian antivirus company reported the existence of a new kind of computer virus it had discovered on the computers of an Iranian customer. The new virus was unusual be- cause it had the “feel” of professional software: it was much larger and more complex than typi- cal malware, and it was digitally “signed” to look like trusted, legitimate software to the operating system.

Most malware steals data, destroys data, or seizes control of the host computer to enlist it in an alter-

ategorizing state-sponsored cyberat- tacks using classical descriptions of war and weaponry has proven chal- lenging for the international commu-

[I]nterpretations targeted at the laws of war - like the Tallinn

Manual - may have a larger impact on curbing cyber-aggression than the ICC crime of aggression.

nate purpose, such as sending spam emails. As experts began to dissect the complex code of this new virus, it became clear that its ultimate target was the programmable logic controllers which run industrial automation processes. The new virus was dubbed “Stuxnet.” Since the vast majority of machines infected were Iranian, experts deduced that the target was Iran’s Natanz nuclear facility, which enriches uranium for use in power plants and, possibly, atomic bomb- making. Stuxnet’s attempt to damage physical infrastructure made it a new, and terrifying, form of cyberattack.

The function of Stuxnet was to instruct the centrifuges to spin at higher than normal speed, then decelerate rapidly, caus- ing them to become unbal-

anced and destroy themselves. Its secondary function was to disguise the changes in speed by “playing back” normal readings to plant operators while the attack was occurring. This kept plant op- erators from understanding the failure and inter- vening to shut down the centrifuges before they could be destroyed.

Stuxnet largely achieved its goals, destroying 1,000 centrifuges completely and taking thou- sands out of operation; the total impact was to set back the Iranian nuclear program 12-18 months. Over the next two years, culminating in mid-2012, it became clear that Stuxnet was created through a joint effort of the United States government and Israel’s Mossad, codenamed “Operation Olympic Games”. While the U.S. government has never

ILSA Quarterly » volume 22 » issue 1 » October 2013


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56