About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

22 ILSA Quart. 21 (2013-2014)
Cyberattacks, the Laws of War, and the Crime of Aggression

handle is hein.jessup/ilsaqrtly0022 and id is 23 raw text is: Cyberattacks, the Laws of War, and the Crime of Aggression by Kevin Miller C ategorizing state-sponsored cyberat- tacks using classical descriptions of war and weaponry has proven chal- lenging for the international commu- nity. How is a cyber-weapon classified when it has no physical manifestation other than incon- venience? How is data loss quantified? When a nation uses a computer virus to attack another na- tion's infrastructure, is the attacker breaking any laws? Is the victim state justified in responding in self-defense? Assuming a nation has the right [I]nterpretati to counterattack, how do plan- laws of war ners evaluate the proportionality Manual- may I of their response, especially if on curbing cyl the counterattack includes tra- the ICC cn ditional munitions? International law is far from settled in this area. This article will examine both the traditional laws of war and the newly- drafted ICC crime of aggression in the context of state-sponsored cyberattacks. I. STUXNET On June 17, 2010, a Belarusian antivirus company reported the existence of a new kind of computer virus it had discovered on the computers of an Iranian customer. The new virus was unusual be- cause it had the feel of professional software: it was much larger and more complex than typi- cal malware, and it was digitally signed to look like trusted, legitimate software to the operating system. Most malware steals data, destroys data, or seizes control of the host computer to enlist it in an alter- ons -li have er- ne o nate purpose, such as sending spam emails. As experts began to dissect the complex code of this new virus, it became clear that its ultimate target was the programmable logic controllers which run industrial automation processes. The new virus was dubbed Stuxnet. Since the vast majority of machines infected were Iranian, experts deduced that the target was Iran's Natanz nuclear facility, which enriches uranium for use in power plants and, possibly, atomic bomb- making. Stuxnet's attempt to targeted at the damage physical infrastructure ke the Tallinn made it a new, and terrifying, e a larger impact form of cyberattack. aggression than The function of Stuxnet was to if aggression, instruct the centrifuges to spin at higher than normal speed, then decelerate rapidly, caus- ing them to become unbal- anced and destroy themselves. Its secondary function was to disguise the changes in speed by playing back normal readings to plant operators while the attack was occurring. This kept plant op- erators from understanding the failure and inter- vening to shut down the centrifuges before they could be destroyed. Stuxnet largely achieved its goals, destroying 1,000 centrifuges completely and taking thou- sands out of operation; the total impact was to set back the Iranian nuclear program 12-18 months. Over the next two years, culminating in mid-2012, it became clear that Stuxnet was created through a joint effort of the United States government and Israel's Mossad, codenamed Operation Olympic Games'! While the U.S. government has never ILSA Quarterly )) volume 22 ) issue 1) October 2013

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most