When one nation launches a missile at another, it's easy to pinpoint the aggressor. But during a cyber attack, the aggressor may not be so identifiable, and the traditional rules of warfare don't quite fit. As nations increasingly develop their cyber offenses and defenses, an international think tank in Estonia is researching a range of legal questions and concepts around clashes in cyberspace.
One of those questions is how to label these skirmishes and whether it's appropriate to call them "cyber warfare" or "cyber conflict," said Rain Ottis, a scientist with the Cooperative Cyber Defence Center of Excellence in Tallinn (CCDCOE).
The CCDCOE was launched in May 2008 to help NATO countries deal with ever-growing cyberthreats by focusing on defence tactics, training, protection of critical national infrastructure, and policy and legal issues. Although several nations have experienced significant cyberattacks, "we don't have a single good instance of real cyber warfare," Ottis said. He believes that warfare occurs between states.
"We are trying to come up with a way to explain this in a more formal way so not everything by default is cyber warfare," Ottis said. "Personally, I don't want to devalue the word 'war.'"
How to define a cyber incident is one of the topics on the agenda for the CCDCOE's 2010 Conference on Cyber Conflict in June, which will include a new legal and policy track.
CCDCOE researchers are also part of a working group studying the laws of armed conflict to see how cyber attacks should be interpreted. The laws of war, encompassed in international treaties, some of which are more than 100 years old, deal with issues such as when a nation can go to war and what is considered legal when at war, Ottis said.