Image
Air Force Cyber Security Room

International legal reform of cyber attacks.

A New Era of Accountability

April 2011, Number 02.02

“The poor quality of security services offered by providers of information and communication technology, or ICT, complicates, even stymies, domestic and international efforts to discourage and lawfully respond to criminal activity, acts of terrorism and armed aggression in cyberspace. As a result, cyberspace has become a parallel universe in which the criminal, terrorist and unlawful combatant can operate with a high degree of impunity. Adding to the challenge, the privacy services provided in the form of user anonymity and data encryption make it difficult for law enforcement, intelligence organizations and militaries to attribute actions, whether lawful or not, to specific individuals or state actors.

An example is the widely reported Stuxnet worm — an integrated set of malware tools used to target a particular type of industrial control system.1 Stuxnet takes advantage of gaping holes in the specification, implementation and assurance of security policy. The users of Stuxnet were able to exploit these failings to command and control the malware anonymously and to do their bidding remotely. There are few clues as to who developed or used Stuxnet...”

Excerpt from Bret Michael and Thomas Wingfield, “A New Era of Accountability,” per Concordiam: Journal of European Security Defense Issues 2, No. 2, 2011: 38-41.

Dr. Bret Michael is a professor of computer science and electrical engineering at the U.S. Naval Postgraduate School, having previously served in research positions at the University of California at Berkeley, Argonne National Laboratory and Institute for Defense Analyses. As an expert in distributed and high-assurance systems who is also interested in law and policy, he serves as a technical advisor to the group of experts drafting the Tallinn Manual on International Law Applicable to Cyber Conflict. He served three years as an associate editor-in-chief of IEEE Security & Privacy magazine and holds a doctorate in information technology from George Mason University in Virginia.

Prof. Thomas Wingfield is a professor of international law at the Marshall Center. He served as the civilian rule of law advisor to COMISAF’s Counterinsurgency Advisory and Assistance Team in Afghanistan in 2009 and 2010. He is a former naval officer who has worked in the private sector, think tanks and academia, most recently at the U.S. Army Command and General Staff College. He is a former chairman of the American Bar Association’s Committee on International Criminal Law and the author of The Law of Information Conflict: National Security Law in Cyberspace. He holds doctorate and master’s degrees in international and comparative law from Georgetown University Law Center in Washington.

This article reflects the views of the author and are not necessarily the official policy of the United States, Germany, or any other governments.