ISIS sympathizers successfully hacked into the U.S. Central Command Twitter account on Monday — but ISIS is not the only organization that is hacking. Its actions come in the wake of similar attacks against the U.S. institutions, such as the infamous attack on Sony by North Korea and friends late last year.
Cyber-attacks are becoming more and more frequent as the days pass, with many different actors in the drama ranging from Chinese hackers attached to the People’s Liberation Army to “hacktivists” like Anonymous to cyber criminals after the financial and intellectual property held by institutions like banks and internet service providers.
Up until now, the U.S. has focused on “proportional” responses, starting with North Korea's attack on Sony, setting a standard of how it will respond in the event of future hacks. However, the use of proportional responses will hurt the U.S. the long run, especially because there is no guarantee that such responses are actually legal under international law.
The entire rationale for proportional responses comes from the language of international humanitarian law as part of the law of armed conflict, which requires that responses to attack fit within the categories of necessity (which means that one must ensure that an enemy combatant presents an imminent threat), proportionality (which refers to targeting only those who initiated an attack and that continue to attack) and distinction (which refers to correctly identifying those who initiated the attack).
The problem at the heart of this logic is that none of the attacks up to this point constitutes armed attack, leaving the U.S. on very shaky legal ground. Even President Obama has admitted that Sony’s actions don’t constitute an act of war.
Even if a proportional response in retaliation was strictly legal, it might set a dangerous precedent regarding future events that we will not want to face. Since the evidence that North Korea actually was responsible for the Sony hack is hotly debated, in the future, if a group were to hack into another country’s infrastructure from the U.S., they may justify retaliatory measures by using the example of the U.S. in this instance. This is why many countries have been reluctant to create specific rules outlining the parameters of engagement on many cyber issues in the first place.
Simple defense and security are not enough. The U.S. has been focusing on cybersecurity through the National Security Agency and the Department of Homeland Security since the opening stages of the War on Terror, so this is nothing new. The problem is that all systems are vulnerable all the time, and you can never 100 percent defend against the possibility of an attack, especially in the realm of cyberspace.
As of late, President Barack Obama has taken the right stance, pledging through multiple avenues to strengthen our cybersecurity capabilities rather than focusing on cyberattack, using the recent hacks as a justification for much wider action in this area. In fact, the President plans to address much of his cyber plan of action in his upcoming State of the Union address.
It is imperative that the Obama administration not only focuses on defense and security, but also follows up on its new-found toughness on the cyber issue with action very similar to its response to the ISIS threat. The Obama administration should form an international coalition dedicated to creating a body of international law on armed conflict specifically as it applies to cyber space.
The efforts of the coalition could be a comprehensive program to accept and extend the parameters set up by the Tallinn Manual, or it could be something entirely new and fresh. Whatever form it takes, it should be a all-out legal effort that regulates not only cyberattack and cyberwar, but also cyberpiracy, cybertheft and “hacktivism.”
Even if this wouldn’t stop all attacks, it would certainly decrease the current level of breaches, and would produce stringent penalties across the globe for those who participate in hacking or criminal and war-like behavior over the Internet. The U.S. needs to lead the way on cyberspace regulation before more attacks lead to war.
Reach the columnist at jbrunne2@asu.edu or follow @MrAmbassador4 on Twitter.
Editor’s note: The opinions presented in this column are the author’s and do not imply any endorsement from The State Press or its editors.
Want to join the conversation? Send an email to opiniondesk.statepress@gmail.com. Keep letters under 300 words and be sure to include your university affiliation. Anonymity will not be granted.
Like The State Press on Facebook and follow @statepress on Twitter.
