This page contains a Flash digital edition of a book.
Cyberattacks


perceive them as tools of war in themselves, will have a normalizing and consensus-building effect on that interpretation. With this in mind, it is fairly impossible to ignore the state practice and inter- pretive guidance put forth by the United States, the country with the world’s largest military bud- get and most advanced military technology.


By most measures, the United States is rapidly escalating its capacity for cyber defense, cyberat- tack, and cyber warfare. The terminology military and political leaders use to describe these efforts leaves little doubt as to their effect and purpose: the United States is building its own cyber-mili- tary-industrial complex to rival its other military in- dustries. Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, has asserted that “a cyber- attack could stop our society in its tracks,” and has often said that the world is more dangerous now than it was during the Cold War.9


Under the lead- 24


ership of Gen. Dempsey, former Defense Secre- tary Leon Panetta, and former Director of National Intelligence Michael McConnell, the Defense De- partment has assembled an array of military con- tractors and individual “black-hat” hackers to build offensive cyber-weapons.


In March 2013, the United States government publicly admitted that it was developing “offensive cyber-weapons.” General Keith Alexander, chief of the U.S. Cyber Command and head of the Nation- al Security Agency (NSA), reported in testimony before Congress that “this team, this defend-the- nation team, is not a defensive team. This is an offensive team.... Thirteen of the teams that we’re creating are for that mission alone.”10


The Defense


Department has also invested substantial sums in testing and training facilities in order to “practice” cyber-war.11


The various U.S. departments spend


at least $10 billion annually on these efforts, though the exact amounts are classified.


The collective impact that massive funding and the transfer of cyber-security capabilities to mili- tary control can have on lowering the standard for


what constitutes cyber-aggression is substantial. Two aspects of U.S. policy seem at odds with one another: On one hand, each time the U.S. re- sponds to an intrusion with aggressive posturing, it lowers the expectation for what constitutes an act of aggression. On the other hand, the negoti- ating history indicates that the U.S. sought a very high threshold for an aggressive act of force under the ICC crime, even though the U.S. is not a party to the Rome Charter. In practice, this places the U.S. between the horns of a dilemma in its public policy: the harder it tries to make cyberwar seem imminent for domestic political and budget rea- sons, the more it loosens the strict definition of aggression under international law, and the more likely it becomes that cyber-operations like Stux- net might be interpreted as an act of aggression.


The crime of aggression’s applicability to cyber- attacks has other elements which effectively nar- row its reach even further. Under Article 8 bis, the crime must be committed “by a person in a posi- tion effectively to exercise control over or to direct the political or military action of a State.” This re- striction is sometimes known as the “leadership clause.” However, most cyberattacks lack the rigid command hierarchy of the military chain-of- command, and are instead perpetrated by loose collectives or nationalist groups with only tenuous links to state leadership. Further, even if a state in- stigates a cyberattack, it is often difficult to gather evidence of its involvement; the architecture of the Internet enables IP hiding and other forms of obfuscated attacks. The servers which are used to perpetrate the attacks can be hidden in unas- sociated countries, and attackers can even utilize compromised infrastructure belonging to unrelat- ed parties to do their work. These characteristics of cyberattacks not only make it difficult to attri- bute the attack to any one party, they make tra- ditional notions of territoriality under international law seem almost quaint. Unless jurists consider a more expansive interpretation, the leadership clause severely restricts whether the crime can


ILSA Quarterly » volume 22 » issue 1 » October 2013


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56