Friday, April 30, 2010

Applying International Law to Cyber Space

How well can existing international law map to cyber space? A recent article in The Legal Intelligencer looks at the legal concept of a "duty to assist" and how it might apply in cyberspace.
" law requires anyone receiving an SOS signal to "proceed with all possible speed" to render assistance. Today, similar legal duties abound -- what we might call "duties to assist" -- whether in response to a pilot's mayday call, distress signals, or emergency numbers."
However, this duty does not currently extend to the Internet. The article argues (rightly) that existing efforts (more technology and the militarization of cyber space) will not prevent large scale international cyber attacks:
"Technological prevention measures -- thicker security firewalls and better mechanisms to detect and repel attacks -- will undoubtedly be part of any effective counterattack strategy. Similar progress may come from efforts to reach agreement on how militaries should operate in cyberspace and increased transnational coordination among law enforcement agencies.

"But these measures will not be enough to solve the problem. Open networks will always be vulnerable to malicious attack as new security measures generate improved hacking techniques in an endless game of cat and mouse. The laws of war that govern military uses of force do not translate easily into cyberspace. Criminal laws, similarly, are a blunt instrument for protection. The difficulties inherent in trying to identify the precise location from which attacks arise and the identities of anonymous attackers stem from the basic structure of the global internet. Those difficulties make enforcement of criminal penalties (or the laws of war) difficult and at times impossible."
The authors give a brief description of how this duty might work to improve the situation:
"A duty to assist can work without identifying the attackers. It focuses instead on minimizing the attack's effects. A victim would send out a distress call... and all those in a position to provide assistance -- whether governments or private actors -- would have an obligation to respond. Help could come in many forms. If attackers denied service to a computer resource, internet service providers could provide additional bandwidth. If an attack crossed through a nation's territory, that nation's government would have to deny attackers further use of its information networks and help trace the attack to its true origins."

Do Cyber-Attacks Require a 'Duty to Assist'?


mysterchr said...

Personally I feel that Cyber Warfare should be treated the same as any other warfare. When another government authorizes a "cyber" attack it should be recgnized by the victom government as an ATTACK. Which should be retaliated in force. Not this "Oh that was a nice try getting into our systems, better luck next time" crap that seems to be going on. It seems to me that goverments in any hemisphere are not held accountable for what damage or attemtped damage they cause to another societies infrastructure.

Blackhawk said...

In my opinion cyber warfare effects are more as compared to the general war of humans. But yes i do agree with mysterchr that the government should not oppose for retaliation. Most of the countries are now having a separate cyber warfare intelligence department most of them are in the age groups of 20s. But again my question is Do we all need a war ???