FORT WORTH, Texas (Sept. 28, 2016)



Electronics Technician 1st Class Chidubem Duke conducts maintenance on one of the thousands of circuit boards used at Naval Air Station Fort Worth Joint Reserve Base.  Navy Electronics Technicians (ETs) are specially trained in the electrical engineering, computer and aerospace fields.  U.S. Navy photo by Mass Communication Specialist Jason Howard (Released) 160928-N-XB816-016

Use of Force and Total War in Cyberspace: Part I

This is the first part of a paper I wrote for the Naval War College.  The contents of this paper reflect my own personal views and are not necessarily endorsed by the Naval War College or the Department of the Navy.  I am by no means an expert on the cyber realm.  This is a conceptual argument, nothing more.  And no, the professor hasn’t seen it yet, so please hold all critiques until after he gets done chewing me a new one…

Introduction

The specter of cyber warfare sits front and center in most homeland security and homeland defense discussions in the news today.  Constant tales of emails, personal identities, and trade secrets stolen combine with defaced government websites and stories of infiltration into our power grid by shadowy attackers to bombard us.  Governments and private entities argue about the correct response.  Should we counterattack?  At what level should we attack them?  Is it a criminal matter, or an act of war?

In this article, I will attempt to show that under specific circumstances cyber-attacks are a “use of force” under the charter of the United Nations, and that in cyberspace – more so than in the temporal realm – total war remains a real threat.

A Cybersecurity Expo, hosted by the U.S. Army Forces Command and U.S. Army Reserve Command headquarters, was held Oct. 3, 2016, at Fort Bragg, N.C. The expo was held to increase awareness of cybersecurity threats and how they impact day-to-day Army operations. (U.S. Army photo by Timothy L. Hale)(Released)
A Cybersecurity Expo, hosted by the U.S. Army Forces Command and U.S. Army Reserve Command headquarters, was held Oct. 3, 2016, at Fort Bragg, N.C. The expo was held to increase awareness of cybersecurity threats and how they impact day-to-day Army operations. (U.S. Army photo by Timothy L. Hale)(Released)

Background

Cyber-attacks are not a new phenomenon.  Though the media did not cover cyber events in the early stages of the

internet nearly as heavily as they do now, cyber-attacks occurred throughout the 1990s.  As the world became more dependent on the digital, the number of attacks and their associated media coverage has increased.

The cyber world is vast, and the realm of attacks equally so.  For the purposes of this discussion, we will confine ourselves to purely cyber warfare.  Cyber-attacks with the intent of preparing the battle space for follow-on kinetic engagement will be out of scope.  We will define what differentiates a criminal cyber-attack from a “use of force” cyber-attack and total war.  Finally, we will discuss the theoretical possibility of a “total war” fought solely in cyberspace.

Decisional Framework

Article 51 of the United Nations charter recognizes “the inherent right of individual or collective self-defence [sp] if an armed attack occurs against a Member of the United Nations…” (United Nations, 2016).  Article 2(4) states that “All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations” (United Nations, 2016).  Articles 39, 41, and 42 (taken together) allow the United Nations to take action using the four instruments of power against a “threat to the peace, breach of the peace, or act of aggression” short of a use of force or armed attack (United Nations, 2016).  Note that Articles 39, 41, and 42 refer to the United Nations as a whole, whereas Article 51 refers to individual members.  Because we are limited to the discussion of cyber warfare without a kinetic component, how do we determine if a cyber-attack rises to the level of an “armed attack,” or whether our cyber actions constitute a “use of force?”

FORT WORTH, Texas (Sept. 28, 2016) Electronics Technician 1st Class Chidubem Duke conducts maintenance on one of the thousands of circuit boards used at Naval Air Station Fort Worth Joint Reserve Base. Navy Electronics Technicians (ETs) are specially trained in the electrical engineering, computer and aerospace fields. U.S. Navy photo by Mass Communication Specialist Jason Howard (Released) 160928-N-XB816-016
FORT WORTH, Texas (Sept. 28, 2016)
Electronics Technician 1st Class Chidubem Duke conducts maintenance on one of the thousands of circuit boards used at Naval Air Station Fort Worth Joint Reserve Base. Navy Electronics Technicians (ETs) are specially trained in the electrical engineering, computer and aerospace fields. U.S. Navy photo by Mass Communication Specialist Jason Howard (Released) 160928-N-XB816-016

The Tallinn Manual on the International Law Applicable to Cyberspace provides us with important answers to this question.  Commissioned by the North Atlantic Treaty Organization, it states, “A cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force” (Schmitt, 2013).  In considering the scale and effects, the manual lists six criteria to determine whether an attack rises to the level of a use of force:

  1. Severity: how great is the threat of physical injury or destruction of property from the action?
  2. Immediacy: how quickly do the negative consequences of the action develop?
  3. Directness: how closely tied are the consequences to the action?
  4. Invasiveness: does the action causing the harm cross into the target state?
  5. Measurability: are the consequences of the action easy to ascertain?
  6. Presumptive legitimacy: was the action taken in accordance with international laws and norms?

Concerning an armed attack, the manual states: “A State that is the target of a cyber operation that rises to the level of an armed attack may exercise its inherent right of self-defence [sp].  Whether a cyber operation constitutes an armed attack depends on its scale and effects.” (Schmitt, 2013)

The scale and effects criteria separate nuisance or criminal cyber-attacks and cyber intelligence gathering from the level of attack that would constitute a use of force or armed attack.  As a matter of course, criminal cyber-attacks (including nuisance attacks) remain the realm of law enforcement for investigation and prosecution; intelligence briefs remain the realm of federal law enforcement or the applicable intelligence agency for prosecution, damage assessment, and remedy.  However, an attack against a nuclear power facility or hydro-electric dam that resulted in even the danger of a meltdown, release of materials, or deadly flooding could easily rise to the level of armed attack.

References:

Allison, G. (2015, September 24). The Thucydides Trap: Are the U.S. and China Headed for War. The Atlantic. Retrieved October 11, 2016, from http://www.theatlantic.com/international/archive/2015/09/united-states-china-war-thucydides-trap/406756/

Clausewitz, C. v. (1976). On War. (M. Howard, P. Paret, Eds., M. Howard, & P. Paret, Trans.) Princeton, New Jersey: Princeton University Press.

Janda, L. (1995, January). Shutting the Gates of Mercy: The American Origins of Total War, 1860-1880. The Journal of Military History, 59(1), 7-26. Retrieved from http://www.jstor.org/stable/2944362?origin=JSTOR-pdf

Schmitt, M. (Ed.). (2013). Tallinn Manual on the International Law Applicable to Cyberspace. Cambridge: Cambridge University Press. Retrieved from https://issuu.com/nato_ccd_coe/docs/tallinnmanual?e=0/1803379

Sheridan, P. H. (2004, June 7). The Memoirs of General P. H. Sheridan, Volume 1. Retrieved October 9, 2016, from Grant Under Fire: http://www.grantunderfire.com/civil-war-resources/various-memoirs/sheridans-memoirs-vol-2/

Tzu, S. (1963). The Art of War. (S. B. Griffith, Trans.) New York, New York: Oxford University Press.

United Nations. (2016, October 5). Charter of the United Nations: Chapter VII. Retrieved from United Nations Web Site: http://www.un.org/en/sections/un-charter/chapter-vii/index.html

United Nations. (2016, October 5). United Nations Charter: Chapter I. Retrieved from United Nations Web Site: http://www.un.org/en/sections/un-charter/chapter-i/index.html

About the author

Joel is an 12 year veteran of the US Coast Guard, where he has served at various units including the International Training Division and Maritime Security Response Team. He has held qualifications including Deployable Team Leader/Instructor, Direct Action Section Team Leader, and Precision Marksman – Observer. He has deployed/instructed on five continents and served in quick reaction force roles for multiple National Special Security Events in the US. He is the owner of Hybrid Defensive Strategies, LLC in Chesapeake, VA, and can be contacted on Facebook and Instagram. Any opinions expressed here are solely those of the author and do not necessarily reflect the opinions of the US Coast Guard or the US Government.

Leave a Reply

Your email address will not be published. Required fields are marked *

RE|Factor Tactical