Monday, May 3, 2010

The Law of Armed Conflict in Cyberspace

Last week I spent three days with a group of law experts, who are trying to figure out how to interpret the current laws of armed conflict (LOAC) for cyberspace. The group is headed by Mike Schmitt, and includes many other heavyweights like Derek Jinks, Ken Watkins, Tom Wingfield and Bill Boothby, just to name a few.

This work is very important, as there are no laws specifically drafted for conflicts in cyberspace or suitable court cases to analyze (to my knowledge). To bridge the gap between the laws written in the (arguably) pre-cyber era and the events that we witness and theorize about today, one needs to make good use of one's imagination. This was my role, I guess - I was one of the "cyber experts" who was tasked to come up with examples and analogies on the spot, while explaining some basic concepts from computer science, informatics, physics, etc. to a crowd who normally deal with the legal issues in the realm of things that kill people and blow stuff up.

I must say it was a wonderful learning experience and I look forward to the next meeting. It also clearly identified some issues that I have not seen discussed (recognized?) by us theoretical/conceptual researchers, who approach the cyber conflict from the de-facto viewpoint (what the technology allows to do and what is actually being done in cyberspace). While we may say that the de-jure viewpoint is outdated and not realistic, we cannot argue that it is, in fact, the law.

Some issues that I personally found interesting (contrasted with the cyber-centric viewpoint) were:
  • the legal concepts of armed attack, use of (armed) force and armed conflict in cyberspace, and
  • the legal status of non-military personnel, who perform cyber attacks during wartime.
While this work is still in its infancy, I hope the resulting manual will settle some of the speculative cyber warfare discussions of today.


  1. A very interesting post. I suppose it depends upon what you consider to be an act of war in the cyber realm, how you attribute an attack. what the thresholds or war are. What constitute moving up the DEFCON levels (moving from peace, skirmish, cold war hot war etc) What is the role of none uniformed personnel.

    I would be interested in hearing more about these discussions.

  2. Thanks for the feedback. I will keep posting updates here as the project progresses.

  3. Have you made any progress on this LOAC & Cyber Space work?

  4. The work is progressing nicely - we expect a published result in the second half of 2012. More information is available at: