Order from us for quality, customized work in due time of your choice.
How important is a nations national security? What would happen if one of their critical infrastructures failed? These are some of the topics that are discussed by nations around the globe. The one thing both of the above-mentioned examples have in common is more than likely they have some sort of computer working on them, some cyber device. If I attempted to assassinate another countries Prime Minister, that would be considered an act of war. But if I hacked into that same countries nuclear power plant and caused a nuclear meltdown, would that be considered an act of war? Well, according to the Cornell School of Law, Legal Information Institute (LII), an act of war is any act occurring in the course of (A)declared war; (B)armed conflict, whether or not war has been declared, between two or more nations; or (C)armed conflict between military forces of any origin (LII, 2019).
Man has battled one another for centuries; wars have been fought over a plethora of differing things, people, resources, and ideas. Some say the just war tradition is equally as old as war in and of itself. The definition for the Just war theory as explained by James Johnson, as notion that the resort to armed force (jus ad bellum) is justified under certain conditions; also, the notion that the use of such force (jus in bello) should be limited in certain ways (2019). I took this as the theory attempting to bring war under the control so, if practiced, it could potentially eliminate war altogether. This theory is scattered throughout the bible; for example in Deuteronomy 20: 10-12, it is explained that when an army marches up to attack a city, they should first ask for their surrender, and should they refuse your request for surrender, then they army should engage in battle (Holy Bible, n.d.). This theory has even been brought to light in the 21st century pertaining to the U.S. (U.S.) involvement in the various wars and operations; World War II and more recently, Operations Iraqi Freedom and Enduring Freedom. Arguments can be made on both sides that the Just war theory is outdated and has no business in modern military, and that it is practical today just as it was in biblical times. If the goal of the Just war theory is to possibly eliminate war altogether, then why not look to Cyber warfare as the risk of casualties is far less, right?
There are numerous variants to the theory of war, such as Chinese Warfare Theory, Russian Theory, Western Theory, Just War Theory, Islamic (Jihad) Theory, etc. The term Theory of War can be taken to mean common guidelines of how a war should be conducted from the view of a given culture, based upon their nation-states view of laws and justice (Moseley, 2019). From this we can see the theory of war is not a singular theory, as it is a host of theories dependent on where the war has occurred or who is involved.
Of the aforementioned theories, we will look at Western and Chinese War Theories. Each nation (culture) views war, whether it be asymmetric, unconventional warfare, cyber warfare, from a different angle, philosophy, and have differing theories.
Between the Western, and Chinese War Theories, the western is by far the newest. The Western War Theory is often referenced as the Western conception of just war (Izbicki, 2011). As mentioned in the Just War Theory section, the theory has resurfaced in todays modern era, and according to Emba, a columnist for the Washington Post, most recent conflicts have not been the sort to which just war theory normally applies state-centric wars between sovereign nations deploying regular armies (2015). This prompted the adaption of modern realities and modern warfare in general. I think the Catechism of the Catholic Church said it best when they described one formulation as a legitimate defense by military force, further described as for criterium for meeting jus ad bellum (Catholic Church, 2012). As echoed by Professor Nicholas Fotion when he said, The concept of just war remains rooted in ancient ideals. A just war, then and now, should not be self-serving, to gain land, resources, or power, and should be declared only after all non-violent forms of diplomacy have been exhausted. A just war is always a last resort (2007). War as a last resort can be seen, even today in the way the U.S. goes about is policy pertaining to attacks, but more specifically Cyber-attacks.
The Chinese theory of war is somewhat similar to the western theory, as the Chinese just war theory also proposes a guideline that must be met and followed for a war to be considered just and fair. Just as the Just war idea is not foreign to the Chinese, it has its roots in their theory of war dating back to ancient times. The term yi zhan means just war or righteous war as described by Lo. Furthermore, the ancient Chinese had their versions of Jus ad Bellum and Jus In Bello. Many of the ways the Chinese learned how to conduct war was trial and error, though the successes and failures of their generals. Sun Tzu, a prominent general and strategist in Chinese history who lived more than 2500 years ago wrote, War is a matter of vital importance to the State: the province of life or death; the road to survival or ruin. It is mandatory that it be thoroughly studied (n.d.). Today, the works, The Art of War is still considered in the theory of war and strategy. Additionally, in the Art of War Sun Tzu accepts the idea that war is tragic and should be reluctantly employed only as a last resort (Lo, 2012, 410-411). Sun Tzu further addresses unjust wars as the conditions might direct a righteous ruler to wage war (jus ad bellum); however, this may not make this a just war & such wars by a moral rule a virtuous&should not wage wars. However, circumstances sometimes demand flexibility. (Lo 2012, 415-416). I believe that the Western theory echoes the Chinese Theory since the Chinese theory was adopted in ancient times.
With a Cyber war being a new type of war, one must look at what cyber actions could reasonably generate a physical war. As I mentioned above the attractiveness of cyber war is great due to the lack of casualties, funds and risks; but what if an act was prematurely used before it was justified, and this sparked a physical aggression in return? The theory of an attack in the cyber arena causing no impact in the physical world is incorrect. Case in point, 2007 was when cyberwar went from the theoretical to the actual. When the government of the eastern European state of Estonia announced plans to move a Soviet war memorial, it found itself under a furious digital bombardment that knocked banks and government services offline (Ranger, 2019). That example is one of many that show actions in the cyber world can have great ramifications in the physical world. More examples are provided in section IV. Furthermore, as Martin Libicki, in conjunction with Head Quarters Air Force explained, cyberspace needs to be thought of by itself; we can longer make policy and blanket it across cyberspace as we did the other four domains (15, 2009). Lastly, individuals, military and civilian alike, need to realize a war in cyberspace is not something fiction books are wrote about anymore; it is happening all around us and we do not even know.
Functioning in cyberspace and being in/working for the military conducting operations presents a rather unique set of concerns such as criminal law, civil rights, etc. The U.S. Department of Defense defined cyberspace as: A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers (CJCS, 57, 2019). As I previously wrote about in an unpublished works, the Department of Defense did define the domains of Land, Air, Sea, and Space, but not a Cyber Domain per se (Johnson, 2019). Furthermore, I went on and spoke about the similarities and boundaries they share and how the only pseudo boundary for cyber was a firewall. This led me to believe that the military policy makers have a perceived comfort level speaking about the four domains. Moreover, my assessment was echoed by Brown and Metcalf when they said, Military legal analysts are comfortable discussing the concepts of warfare in the contexts of other domains, such as land-warfare or air warfare, but the common use of those terms and the distinct characteristics those terms convey do not seem to have carried over to discussion of cyber warfare (118, 2014).
Additionally, from one U.S. Governmental entity to another the term cyberspace held multiple definitions. As previously mentioned, the Department of Defense definition compared to the U.S. Air Force definition outlined in the Air Force Cyber Command Strategic Vision, domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures (Lord, 2, 2019) differs. Granted, the Air Force definition closes mirrors the National Military Strategy for Cyberspace Operations. Nevertheless, if you look at the 2018 Congress Research Service concerning Cybersecurity, their definition is again different; Cyberspace can be considered to be the services that use the infrastructure of the Internet to deliver information to users through their devices (1, 2018). With the differing definitions of Cyberspace I can see why there are many differing views on Cyberware, attacks, operations, etc. The differing definitions were pointed out in Cyber Warfare Operations: Development and Use Under International Law: The multiple definitions of ‘cyberspace’ illustrate the difficulty in defining the term, which may be one of the difficulties in creating any type of common agreement among states as to how international law should be applied to warfare conducted in cyberspace (Schaap, 126, 2009). Conversely, Lt Col, David Fahrenkrug said, depending on how you define or interpret cyberspace determines what you think warfighting in the domain will look like (2017).
If we cannot agree on a definition of Cyberspace, how can there be a singular definition for Cyber Warfare? This may be correct; however, the Department of Defense does define Cyberspace Operations as The employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace (CJCS, 58, 2019). The U.S. Air Forces definition of Cyberspace Operation mirrors that of the Department of Defense.
Ultimately the U.S. Constitution established that the President of the U.S. is the Commander in Chief of the Armed Forces and gave Congress the authority to fund and regulate the Armed Forces. As such, this allows commanders to conduct Cyber operations when directed by their chain of command; President, Secretary of Defense, Combatant Commanders, etc. to conduct operations (Dept. of the Army, 1-12, 2017).
The military as a whole, including cyber, normally conducts operations under the authority of 10 U.S. Code, Title 10 Armed Forces, under Subtitles A-E that cover General Military Law, Army, Navy/Marine Corps, Air Force, and reserve Components; however, they can also operate under the authority of U.S. Code, Title 50 War and National Defense. A further breakdown of Titles and Authorities can be seen in Appendix A, Table 1. The type of operation and who is conducting it will dictate which title will be applied. As outlined in Annex 3-12, Authorities to act against adversaries are included in the execute order or operation order for a specific operation. If aggressive defensive responses or counter-offensive operations are authorized, authorities should be clearly defined and understood (Dept. of the Army, 37, 2011).
Furthermore, within Air Force Policy Directive, it states that the Air Force will execute Cyberspace Operations to support requirements, increase effectiveness, resiliency, and survivability&through innovative solutions (Dept. of the Air Force, 2, 2016). Also, it is worth noting, prior to any operation being conducted, cyber or otherwise, a commander and/or operator shall consult with legal staff and discuss the relevant framework, laws, and policies that may impact the purposed operation. Lastly, some of the legal considerations pertaining to Cyber Warfare cross over into the Law of Armed Conflict.
The Law of Armed Conflict or law of war as defined by the Department of Defense is That part of international law that regulates the conduct of armed hostilities (CJCS, 133, 2019). The above mentioned definition also suggested rules of engagement. Furthermore, rules of engagement are defined as Directives issued by competent military authority that delineate the circumstances and limitations under which U.S. forces will initiate and/or continue combat engagement with other forces encountered (CJCS, 192, 2019). Again, this definition suggested law of war. From these clear and distinct definitions that reference one another, they are closely related and go hand-in-hand. The Law of Armed Conflict does not only apply to operations and wars in the four other dimensions, it is included in Cyber Warfare as well. Many scholars have examined the Laws of Armed Conflict and focused on the use of force and armed attack aspects. Those, coupled with the grossly unattributable aspects of cyber-attacks make this a topic of discussion.
The use of force in cyberspace question has been a topic of conversation since the onset of (unclassified) operations within cyberspace. During the advance questioning of Lieutenant General Keith Alexander, Nominee for Commander, U.S. Cyber Command, he outlined that There is no international consensus on a precise definition of a use of force, in or out of cyberspace. Consequently, individual nations may assert different definitions and may apply different thresholds for what constitutes a use of force (Alexander, 2010). Alexander went on to say that there always will be a potential for a disagreement between nations on what constitutes a use of force; ultimately, the decision falls to the President of U.S. on what is a threat or a use of force.
Subtle nods to the Just war theory can be found in the last two National Cyber Strategies for the U.S. authored by former President Barrack Obama, and President Donald Trump. President Obama went on to say When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense and we reserve the right to use all necessary meansdiplomatic, informational, military, and economicto defend our Nation, our Allies, our partners, and our interests (Obama, 2, 2011). Echoed by President Trump in 2016, he said, The U.S. will develop swift and transparent consequences, which we will impose consistent with our obligations and commitments to deter future bad behavior (Trump, 21, 2018)
Everyone learned at a young age that actions have reactions, sometime consequential reactions, but reactions nonetheless. These reactions are similar to those reactions of weapon usage&sometimes denoted by physical or psychological injury, death, and destruction of property. These are considered a use of force and as such prohibited by both Article 2(4) and International Law and more specifically customary international law (LII, 2019).
Furthermore, The North Atlantic Treaty Organization (NATO) established at the signing of the North Atlantic Treaty on 4 April 1949 is an international alliance consisting of 29 nation states from North America and Europe. Put plainly by Carey, from the readings of NATOs Options for Defensive Cyber Against Non-State Actors said, that an attack on one NATO member shall be considered an attack against all the members of NATO, and this allows them the right to self-defense under Article 51 of the United Nations Charter. (Carey, 13, 2009). But does this attack include cyber-based attacks? In 2007, in the eyes of the NATO officials it did not meet the definition of attack. NATO officials said, At present NATO does not define cyber-attacks as a clear military action. This means that the provisions of Article V of the North Atlantic Treaty, or, in other words, collective self-defense will not be automatically extended to the attacked county (Carey, 9, 2009). To note, Article V as previously mentioned loosely mimics Article 51 of the United Nations Charter. Just as terms and definitions related to cyber grow daily, so does international law.
Following the statement in 2007, NATO had continued to look into its Cyber Defense Concept and strengthen its development concepts. Between the years of 2010 and 2016, NATO accomplished several milestones gaining Partnerships at national and international level with industry and academia (Dinu, 72, 29, 2017). In the midst of these developments, the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) was born in 2008 with the mission of supporting our member nations and NATO with unique interdisciplinary expertise in cyber defense (CCDCOE, 2019). The CCDCOE had been recognized for their research accomplishments as well as the Tallinn Manual development. Authored by nineteen international law experts, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (CCDCOE, 2019).
Moreover, as outlined in the Tallinn Manual 2.0, Jensen explained that experts agreed that the customary law of responsibilities also applies to cyber activities. This is a far cry from the 2007 NATO response of note meeting the definition of attack. Furthermore, Rule 14, outlines that [a] State bears international responsibility for a cyber related act that is attributable to the State and that constitutes a breach of an international legal obligation (Jensen,750, 2017). Lastly, Jensen went on to say that a cyber act need not have physical damage, injury, etc. to be considered a wrongful act (2017).
The 2007 cyberattacks on Estonia were a series of attacks which began in late April 2007 and ended in early May of the same year. These attacks have been well-documented in various news and media outlets, as well as topics in journals. The focus of these attacks was targeted against Estonias critical Internet infrastructure (Hughes, 4, n.d.) to include banks, ministries, newspapers and other news outlets. These attacks originated from outside Estonia and seemed to have anti-government phrases in Russian, such as ANSIP_PIDOR=FASCIST (Ottis, 2, n.d.). These attacks stemmed from the Estonians decision to relocate the Bronze Solider of Tallinn, a grave marker, to the Tallinn Military Cemetery. The majority of the attacks can be described as a as Denial of Service (DoS) style attack. Following the attack, Estonia requested NATO assistance but was denied (Carey, 9-10, 2009). However, as referenced above, the CDCE opened only a year later.
Throughout 2019 Iran has increased their cyber-attacks against various U.S. infrastructures. Some of these attacks are not a normal DoS attack or brute force-style attack. These attacks as described by FireEye, a cybersecurity company, cover the attack styles of social engineering, spear phishing, record manipulation, etc. (Bromiley, et al, 2019). Moreover, Iran has reinvigorated a phishing campaign geared toward LinkedIn users. This campaign targets users with invitations to professional groups or networks akin to their careers (Doffman, 2019). These invitations come via an email with attachments; the attachments have various malicious code hidden in them. The codes, commonly known as TONEDEAF, VALUEVAULT, and LONGWATCH are designed to steal certificates, create backdoors and log key strokes (Seals, 2019). Lastly, these cyber-related attacks come shortly after the U.S. Cyber Command hit Irans Command and Control structures.
In late June 2019 the U.S. Cyber Command executed a cyber-attack that disabled Iranian missile control systems and spy networks (Sharafedin, 2019). This was in response to Iran downing a U.S. drone in international airspace. In lieu of a kinetic style response, President Trump opted to go with a cyber style response after he learned that if he went with a kinetic style attack, approximately 150 people would lose their lives. He went on to say that the attack would not have been proportionate since the U.S. did not have a loss of life (Trump, 2019).
No matter where you are in the world, what country you belong to, or who you side with, war is experienced by everyone. Cyber warfare is the newest facet of warfare, and in this paper we looked at its viability as a warfare option by evaluating theory, policy, law, and actual occurrences. Throughout this paper we saw a number of similarities between the different policies, theories and even attack styles. We have seen U.S. law and International Policy adjust to allow the usage of cyber-weaponry. The policies that dictate both U.S. and international relations have been drafted and approved by different people, potentially a world apart& but a particular, unifying theme&cyber warfare is legal viable option, just as traditional war.
In the ever evolving, increasingly complex and convoluted world, one thing holds true, Whether a five-hundred-pound bomb or a computer is used to effect death and destruction, a weapon remains a weapon (Solis, 2016). This was evident when President Trump opted away from a kinetic attack, and opted instead for a cyber-attack. This shows the world that the U.S. not only can leverage the weight of a five-hundred-pound bomb upon them, but can also act as a thief in the night and infiltrate through a half-pound ethernet cable to deliver a devastating blow.
Order from us for quality, customized work in due time of your choice.