About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

4 J. Nat'l Sec. L. & Pol'y 63 (2010)
Offensive Cyber Operations and the Use of Force

handle is hein.journals/jnatselp4 and id is 65 raw text is: Offensive Cyber Operations and the Use of Force Herbert S. Lin INTRODUCTION Hostile actions against a computer system or network can take two forms.' One form - a cyber attack - is destructive in nature. An example of such a hostile action is erasure by a computer virus resident on the hard disk of any infected computer. In this article, cyber attack refers to the use of deliberate actions and operations - perhaps over an extended period of time - to alter, disrupt, deceive, degrade, or destroy adversary computer systems or networks or the information and (or) programs resident in or transiting these systems or networks. Such effects on adversary systems and networks may also have indirect effects on entities coupled to or reliant on them. A cyber attack seeks to cause the adversary's computer systems and networks to be unavailable or untrustworthy and therefore less useful to the adversary. The second form - cyberexploitation - is nondestructive. An example is a computer virus that searches the hard disk of any infected computer and emails to the hostile party all files containing a credit card number. Cyberexploitation refers to the use of actions and operations - perhaps over an extended period of time - to obtain information that would otherwise be kept confidential and is resident on or transiting through an adversary's computer systems or networks. Cyberexploitations are usually clandestine and conducted with the smallest possible intervention that still allows extraction of the information sought.' They do not seek to disturb * Chief Scientist, Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies. At the NRC, Dr. Herbert Lin has been study director of major projects on public policy and information technology. Prior to his NRC service, he was a staff member and scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. 1. This article is based almost entirely on material drawn from NATIONAL RESEARCH COUNCIL, TECHNOLOGY, POLICY, LAW, AND ETHICS REGARDING U.S. ACQUISITION AND USE OF CYBERATTACK CAPABILITIES (William A. Owens, Kenneth W. Dam & Herbert S. Lin eds., 2009) [hereinafter NRC Report]. The project was supported by the MacArthur Foundation and the Microsoft Corporation, although the views reflected in this article and in the NRC Report do not necessarily reflect the views of either of these sponsors. The NRC Report covers a host of issues concerning the Law of Armed Conflict (LOAC) that are not discussed in this article, most notably how cyber attack might be treated under jus in bello. 2. An adversary computer or network may not necessarily be owned and operated by the adversary - it may simply support or be used by the adversary. 3. If the requirement for stealth is met, the adversary is less likely to take countermeasures to negate the loss of the exfiltrated information. In addition, stealthiness enables penetration of an adversary's computer or network to result in multiple exfiltrations of intelligence information over the course of the entire operation. 63

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most