Cyber defense
Download 2.54 Mb. View original pdf
|
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 88 The application of international law to cyberspace and cyber operations has been a matter of debate in the last decade and it continues to be so today. During this debate, two main positions have emerged, the Western and the Eastern. 627. The Western position, supported by the European Union and NATO nations, advocates that current international law is applicable in cases of cyber attacks and cybercrime, with the corresponding interpretation and consequently, the preparation of a specific international law for cyberspace matters is unnecessary. 628. The Eastern position, supported mainly by Russia and China, advocates that the development of a specific law for cyberspace issues is necessary and States must have sovereign control over their cyberspace. 629. Due to the cross-border nature of cyber attacks and cybercrime, the ability to prosecute offenders or cyber attackers in the national legal system is very limited and therefore it is very important to reach an international consensus. 630. Currently, there is majority support for the Western position, endorsed by the UN, NATO, the European Union and the countries participating in the Tallinn Manual, and it is considered that international law does apply to criminal and malicious actions in cyberspace, moving the debate to how international law applies in cyberspace. 631. Currently the debate is focused on the application of each of the most relevant aspects, using the topics and rules considered in the Tallinn Manual 2.0 as a basis general international law and cyberspace (sovereignty, due diligence, jurisdiction, law of international responsibility, cyber operations not per se regulated by international law, specialized regimes of international law and cyberspace (international human rights law, diplomatic and consular law, law of the sea, space law, international telecommunication law, international peace and security and cyber activities peaceful settlement, prohibition of intervention, the use of force, collective security) and the law of cyber armed conflicts (the law of armed conflict generally, conduct of hostilities, certain persons, objects, and activities, occupation, neutrality). 632. In some cases, consensus is widespread, as in the prohibition of intervention or the right to self-defense; in others, there is still a disparity of criteria as in sovereignty and due diligence. 633. There is still a division between NATO-EU nations and the SCO nations (The Shanghai Cooperation Organization China, Russia, Kazakhstan, Kyrgyzstan, Tajikistan, Uzbekistan, India and Pakistan) on whether existing treaties and customary law are suitable or not. While NATO/UE nations consider that the existing regulation is adequate, the SCO nations argue the opposite. 634. As cyberattacks from State-sponsored APTs become more frequent, States feel the need to face them through appropriate response or coercive measures in any field, technical, military, political, diplomatic, economic, or through any other State power. For this, an attribution (clear and undisputed) to a State is necessary. 635. Many States recognize that the proliferation of APT cyber attacks is largely due to the difficulty of achieving attribution according to traditional court evidentiary standards. Consequently, more States are progressively considering attribution in cyberspace apolitical decision based on technical and intelligence analysis of numerous facts that corroborate a specific authorship. 636. This new legal approach for attribution in cyberspace would empower States to defend themselves against cyber aggressions from other States and diminish their disadvantage where States are victims of cyber attacks due to a legal artifice. 637. Another problem that States face in responding to cyber aggressions from other States is that the aggressor triggers low-intensity long-lasting cyberattacks, in such away that, in the |