{"id":19400,"date":"2016-09-27T13:00:53","date_gmt":"2016-09-27T20:00:53","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=19400"},"modified":"2020-04-21T14:24:57","modified_gmt":"2020-04-21T21:24:57","slug":"the-cybersecurity-canon-marco-roscinis-cyber-operations-and-the-use-of-force-in-international-law","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2016\/09\/the-cybersecurity-canon-marco-roscinis-cyber-operations-and-the-use-of-force-in-international-law\/","title":{"rendered":"The Cybersecurity Canon: Cyber Operations and the Use of Force in International Law"},"content":{"rendered":"

\"pan_cybercanon2016_web_banner_500x85\"<\/span><\/div><\/a><\/p>\n

We modeled the Cybersecurity Canon<\/a> after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/em><\/p>\n

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can <\/em>directly participate in the process<\/em>. Please do so!<\/em><\/p>\n

Book Review by\u00a0<\/strong>Canon Committee Member, Christina Ayiotis<\/strong><\/a>:\u00a0<\/strong>Cyber Operations and the Use of Force in International Law<\/em>\u00a0(2014)\u00a0<\/em>by\u00a0Marco Roscini<\/p>\n

EXECUTIVE SUMMARY<\/h3>\n

In a world awash with stories about \u201ccyberattacks,\u201d \u201ccyberwar\u201d and \u201ccyberespionage,\u201d it is difficult to understand exactly what is going on and why political leaders respond the way they do. After reading this book, an admittedly dense legal tome, any reader interested in or affected by the U.S. Office of Personnel Management \u201chack\u201d will have a better understanding of the U.S. government\u2019s response.<\/p>\n

Cyber Operations <\/em>provides an excellent overview of the international laws applicable to \u201ccyber attacks\u201d (a term of art) and will make its readers think twice about how they use cyber terminology. It is meticulously researched with a whopping 1,807 footnotes and cites leading authorities on the law of armed conflict, as well as on international law. In today\u2019s interconnected world, completely dependent on computers and the internet (where economic security is national security<\/em>), it will stimulate both lawyers (military, government, private sector, etc.) and laypersons to think about how much more we should all be doing to protect our networks, data, intellectual property and critical infrastructure.<\/p>\n

REVIEW<\/h3>\n

The Foreword, provided by esteemed scholar Yoram Dinstein, observes that \u201cproblems are scrutinized in a sober fashion, and that the legal investigation displays erudition as well as insight\u201d\u2014I concur. Organized like a textbook, the book reads quite easily for a law book. Several chapters even provide \u201cConclusion\u201d sections that include extremely helpful summaries (e.g., <\/em>in bullet-point fashion, as well as tables)\u2014a most satisfying reward to the journey through the complicated, multi-layered legal issues.<\/p>\n

Chapter 1 necessarily starts with the emergence of the cyberthreat to international security and explains where international law comes into play (to wit <\/em>\u201ccyber activities conducted by states against other states\u201d as distinguished from those activities that constitute cybercrime)<\/em><\/strong>. Taxonomy is established (Professor Roscini prefers \u201ccyber operations\u201d to \u201ccyberwar\u201d) and then we are off to the races, learning about the differences between \u201cinformation operations,\u201d \u201ccomputer network operations,\u201d \u201ccomputer network defense,\u201d \u201coffensive counter-cyber operations,\u201d \u201ccyber collection,\u201d \u201ccyber exploitation,\u201d etc. Terminology really matters\u2014particularly with respect to understanding the legality of these activities in the context of international law. The chapter includes a review of applicable law (i.e., <\/em>treaties, customary international law, and the Tallinn Manual on the International Law Applicable to Cyber Warfare<\/em>), as well as discussion of the \u201cIdentification and Attribution Problems.\u201d It ends with explaining the book\u2019s scope and purpose: analyzing the jus ad bellum (<\/em>Law establishing when states may use force in international relations) and jus in bello (<\/em>Law which regulates how hostilities may be conducted in armed conflict and that protects those affected by them) issues arising from military cyber operations.<\/p>\n

Chapters 2 and 3 walk through every stage in the lifecycle of cyber operations issues of<\/em> armed conflict and its attendant legal issues and criteria. Professor Roscini does a great job of illustrating concepts using well-known cyber examples, such as Stuxnet, Duqu, Flame, etc., as well as scenarios related to RBN, Hezbollah, botnets, Anonymous, etc. Chapter 4 addresses the legal issues arising from the use of cyberwarfare in<\/em> armed conflict, including \u201cmeans and methods,\u201d the law of targeting, and cyber operations short of attack. Chapter 5 focuses on the law of neutrality, a particularly interesting subject given the global nature of information technology infrastructure and the global companies that own it.<\/p>\n

For the more time-pressed reader, the General Conclusions<\/em><\/strong> expertly summarize the important issues in the book. Taking the militarization of cyberspace as a given, the author contends that \u201cexisting jus ad bellum<\/em> and jus in bello<\/em> provisions apply to cyber operations, even though the rules were adopted well before the advent of cyber technologies.\u201d He addresses the issue with lack of territoriality of cyberspace (in a Westphalian sense) by suggesting a focus on \u201cwhere the prejudicial activity is undertaken and where the effects occur.\u201d Finally, he acknowledges the likelihood of increased cyber operations (in frequency and gravity) but surmises that they \u201cwill probably supplement, not replace, traditional warfare.\u201d As such, we would do well to understand existing rules and apply them correctly.<\/p>\n

CONCLUSION<\/h3>\n

A scholarly work, Cyber Operations and the Use of Force in International Law<\/em> should be part of the Cybersecurity Canon<\/strong> (as well as required reading for 1st<\/sup> year law students around the globe) as it will help cybersecurity practitioners understand what government\u2019s role is versus the private sector (and may even cause people to stop frivolously using the terms \u201ccyberwar\u201d and \u201ccyberattack\u201d). Appreciating that the focus is on military operations, it nonetheless enables us to place geopolitical\/global commerce matters (e.g.,<\/em> theft of intellectual property, interference in national elections, etc.) in context. I recommend both campaigns in the U.S. 2016 national election read it.<\/p>\n","protected":false},"excerpt":{"rendered":"

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting …<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[251,2663],"coauthors":[1364],"class_list":["post-19400","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-canon","tag-cybersecurity-canon","tag-marco-roscini"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=19400"}],"version-history":[{"count":5,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19400\/revisions"}],"predecessor-version":[{"id":109902,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/19400\/revisions\/109902"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=19400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=19400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=19400"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=19400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}