Rapid technological advancements and societal inclusion of these technologies have expanded civil and defense capabilities but have also created significant vulnerabilities. Cyber-weapons have the potential to affect interaction between states by exploiting this vulnerability. To better understand the mechanics of how cyber-weapons affect state relations this research applies a common framework to explore the attributes of traditional weapons—conventional, nuclear, and RMA—and how they typically influence this behavior. After proposing selected factors that influence the effectiveness of a cyber-attack, the research examines the cyber-attacks in 2007 on Estonia and 2008 on Georgia in order to refine and provide nuanced analysis on the role of the proposed causal factors. The proposed factors are government involvement, level of attack sophistication, and the degree to which the state is dependent upon digitally connected technology. The research indicates that the role of the state is one of the most significant factors in influencing the effectiveness of a cyber-attack and highlights the role that plausible deniability plays in this relationship. Some initial policy recommendations are made based on the finding that the use of cyber-weapons as a deterrent is still ill-defined and that the focus should be on decreasing state vulnerability to these attacks.
There is a lack of attention to the aftermath of a deployed cyber weapon: There is no mechanism for the assignment of accountability for the restoration of affected infrastructure and remediation of violation of established laws of war after cyberattacks occur. This study analyzes International Humanitarian Law and international treaties as they apply to the cyber post-conflict period and explores current jus post bellum frameworks, which can be used to design a cyber-warfare jus post bellum framework. It also analyzes analogies to traditional warfare in the damage assessment and aid provided during the recovery period of the 1998 Kosovo and the 2003 Iraq Wars. It also discusses the available international cyber organizations. As an example, the study analyzes responses to cyberattacks in a case study involving South Korea and North Korea.
Additionally, this study examines the related issues of the effects of deploying a cyber-weapon, the ways to establish acceptable levels of attribution, the challenges of cyber-damage assessments, and the ability to contain and reverse cyberattacks. This thesis proposes a cyber-warfare jus post bellum framework, with emphasis on prevention and cyber weapons control, proposes cyberattack relief-effort actions, and offers a post-cyberattack cost checklist.
Self-attribution is a public declaration of responsibility for the conduct of an operation. It is distinguished from covert operations, where perpetrators provide no such acknowledgement and attempt to conceal their identities. Although self-attribution is always an option, this thesis examines legal and strategic reasons for a nation state to publically acknowledge its role in the conduct of a cyber-operation. The central result is that whereas neither international law nor national policy requires self-attribution, under certain strategic conditions it may be preferred.
Defining and understanding what constitutes a cyber-attack is a complicated matter, largely due to the fact that there has not yet been a large-scale cyber-attack upon any nation. With the help of Michael Schmitt’s Tallinn Manual, published in 2013 by Cambridge University Press, it is possible to gain an understanding, although no policy expectations, of what elements need to be met for a cyber-attack to warrant a NATO response. This study analyzes and explores the unique position that NATO operates in and the duty of NATO to protect its alliance members, and member states to protect each other. Topics discussed include how cyber-attacks are defined and identified, the particular challenges of NATO when addressing cyber-attacks, the severity of cyber-attacks, and what would need to occur in order for a victim-state to ask NATO to invoke Article 5. This thesis discusses the readiness of NATO to respond to a cyber-attack and what the conditions necessary for an Article 5 response, and what that response would potentially look like. Finally, this work provides recommendations for actions that NATO could take to both prevent and confront cyber attacks.
Dr. Berg P. Hyacinthe (PhD, Florida State University; LLD Candidate, Assas School of Law, CERSA-CNRS, La Sorbonne) is internationally recognized as an eminent and multidisciplinary scientific investigator. A U.S. patent holder featured in Harvard's Smithsonian/NASA Astrophysics Data System, Dr. Hyacinthe recently served as Assistant Professor and Scientific Advisor to Taibah University's Strategic Science & Advanced Technology Unit. Dr. Hyacinthe held several positions at County and State levels of the U.S Government in the Information Technology arena. He has been featured in conferences held at the U.S. Naval Postgraduate School, Monterey (author); Defence Academy of the United Kingdom, Shrivenham (invited session Chair); and National Defence College, Helsinki (session Chair). In CYBER WARRIORS AT WAR, he draws on the triangular relationship between technology, law, and Information Age warfare to propose solutions against potential charges of having committed Information Operations (IO) war crimes and/or IO crimes against humanity. According to Dr. Hyacinthe, the success of pre-emptive strikes and decisive military operations depends profoundly upon both reliable human intelligence and the versatile skills of 21st century “cyber warriors” whose IO activities are conducted through modern warfare's pentagonal synchrony – land, sea, air, cyberspace, and outer space. Unfortunately, these operations are commonly effectuated under a legal reasoning that is ambiguous in important ways: a threat to the national security of the United States of America and to the entire international community. Hence, as this Essay argues, the evolution of modern computer systems as weapons of war compels wary jurists to turn to the laws that should govern development and use of lethal information technologies. Further, this Essay examines how certain military operations within Information Warfare (IW) require new legal framework, and recounts specific events involving various types of IW conduct and cyber attack: an interesting exposé to jurists, military personnel, policymakers, and the growing and diverse body of information professionals around the world.