Cyber 9/12 Strategy Challenge WEEK 3: “An attack, or not an attack: that is the question” – Cyber Incidents and international law

go to 9/12 home page

 

In this unit students will be introduced to one of the most complex areas of cyber security: its relationship with international law, specifically the International Laws of Armed Conflict and International Humanitarian Law. 

 

Many major cyber incidents, such as Stuxnet, do not explicitly, categorically or obviously breach international law. Making a case is problematic and requires careful consideration and argument. In this unit, students will receive an introduction to international law, how it can be applied to major cyber incidents, and what states can do should they experience one.  

 

In all of the above, the key skill participants will gain is arguing for and making a case for a particular view, even when there is no clear-cut right or wrong answer. The key skill is creating and presenting a particular case to decision-makers. 

 

One of the critical areas to be covered in this section is the complex relationship between reserved and devolved responsibilities when responding to cyber incidents. While these policy areas are clearly separated between the UK Government (which retains cyber security policy) and the Scottish Government (which is concerned about the impact of a cyber incident on Scotland and its people), the nature of cyber incidents is such that the distinction between devolved and reserved areas is blurred. How policy- and decision-makers navigate these complexities is increasingly important in today’s digitalized world. 

Learning outcomes

By the end of Week 3, students will have:

 

  1. Explored the Laws of Armed Conflict (LOAC) and International Humanitarian Law (IHL) and set out basic foundations for these bodies of law to increase awareness of these legal instruments.
  2. Explored the complex natured relationship cyber security and resilience has with IHL and LOAC by examining a major cyber incident (Stuxnet) the legal position.
  3. Discussed and explained with increased confidence how cyber incidents relate to international law, acknowledging the complex nature of that relationship and the fact that the students are not trained lawyers.

1. Watch this video

YouTube player

2. Read these

 

 

Prof M Schmitt, “Attack” as a term of art in International Law: the cyber operations context 

Jansons Janis, Was Stuxnet an act of war? 

An academic login may be required to access these.

3. Group activities

In your groups, discuss how, or if, international law can be applied to cyber incidents.

 

In your groups, prepare a 10minute presentation addressing the unit’s four questions:

  1. In your opinion, can major cyber incidents breach International Law? Explain your answer using Stuxnet as an example.
  2. What elements of International Law are relevant to the discussion of major cyber incidents such as Stuxnet?
  3. Who or what policies and enforces the international laws relevant to your answers to Questions 1 and 2?
  4. Which policy areas that are devolved to Scotland could be impacted by a cyber incident?
4. Assessment

10-minute oral presentation and feedback from module leader