4 J. Nat'l Sec. L. & Pol'y 63 (2010)
Offensive Cyber Operations and the Use of Force

handle is hein.journals/jnatselp4 and id is 65 raw text is: Offensive Cyber Operations and the Use of Force
Herbert S. Lin
INTRODUCTION
Hostile actions against a computer system or network can take two
forms.' One form - a cyber attack - is destructive in nature. An example
of such a hostile action is erasure by a computer virus resident on the hard
disk of any infected computer. In this article, cyber attack refers to the
use of deliberate actions and operations - perhaps over an extended period
of time - to alter, disrupt, deceive, degrade, or destroy adversary computer
systems or networks or the information and (or) programs resident in or
transiting these systems or networks. Such effects on adversary systems
and networks may also have indirect effects on entities coupled to or reliant
on them. A cyber attack seeks to cause the adversary's computer systems
and networks to be unavailable or untrustworthy and therefore less useful to
the adversary.
The second form - cyberexploitation - is nondestructive. An example
is a computer virus that searches the hard disk of any infected computer and
emails to the hostile party all files containing a credit card number.
Cyberexploitation refers to the use of actions and operations - perhaps
over an extended period of time - to obtain information that would
otherwise be kept confidential and is resident on or transiting through an
adversary's computer systems or networks. Cyberexploitations are usually
clandestine and conducted with the smallest possible intervention that still
allows extraction of the information sought.' They do not seek to disturb
* Chief Scientist, Computer Science and Telecommunications Board, National
Research Council (NRC) of the National Academies. At the NRC, Dr. Herbert Lin has been
study director of major projects on public policy and information technology. Prior to his
NRC service, he was a staff member and scientist for the House Armed Services Committee
(1986-1990), where his portfolio included defense policy and arms control issues.
1. This article is based almost entirely on material drawn from NATIONAL RESEARCH
COUNCIL, TECHNOLOGY, POLICY, LAW, AND ETHICS REGARDING U.S. ACQUISITION AND USE
OF CYBERATTACK CAPABILITIES (William A. Owens, Kenneth W. Dam & Herbert S. Lin
eds., 2009) [hereinafter NRC Report]. The project was supported by the MacArthur
Foundation and the Microsoft Corporation, although the views reflected in this article and in
the NRC Report do not necessarily reflect the views of either of these sponsors. The NRC
Report covers a host of issues concerning the Law of Armed Conflict (LOAC) that are not
discussed in this article, most notably how cyber attack might be treated under jus in bello.
2. An adversary computer or network may not necessarily be owned and operated by
the adversary - it may simply support or be used by the adversary.
3. If the requirement for stealth is met, the adversary is less likely to take
countermeasures to negate the loss of the exfiltrated information. In addition, stealthiness
enables penetration of an adversary's computer or network to result in multiple exfiltrations
of intelligence information over the course of the entire operation.

63

What Is HeinOnline?

HeinOnline is a subscription-based resource containing nearly 2,700 academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline with pricing starting as low as $29.95

Access to this content requires a subscription. Please visit the following page to request a quote or trial:

Already a HeinOnline Subscriber?