by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2013
May 15, 2013 FCW.COM 31 On what constitutes international armed con ict "International armed con ict exists whenever there are hostilities, which may include or be limited to cyber operations, occurring between two or more states. " From Rule 22, Sections 13 and 14, "Characterization as International Armed Con ict": "To be 'armed,' a con ict need not involve the employment of the armed forces. Nor is the involvement of the armed force determinative. For example, should entities such as civil- ian intelligence agencies engage in cyber operations otherwise meeting the armed criterion, an armed con ict may be triggered. " "Similarly, using the armed forces to conduct tasks that are normally the responsibility of non-military agen- cies does not alone initiate an armed con ict. For example, the fact that the armed forces undertake cyber espio- nage directed at another state does not in itself result in an armed con- ict, even if it is typically performed by civilian intelligence agencies. " "The 2010 Stuxnet operations against SCADA systems in Iran, as a result of which centrifuges at a nuclear fuel processing plant were physically damaged, illustrates the dif culty of making the armed deter- mination. The International Group of Experts was divided as to whether the damage suf ced to meet the armed criterion. Characterization was further complicated by the fact that questions remain as to whether the Stuxnet operation was conducted by a state or by individuals whose con- duct is attributable to a state for the purposes of nding an international armed con ict. " On what constitutes a cyberattack "A cyberattack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects. " From Rule 30, Sections 2-3: "The notion of an 'attack' is a concept that serves as the basis for a number of speci c limitations and prohibi- tions in the law of armed con ict. For instance, civilians and civilian objects may not be 'attacked' (Rule 32). This rule sets forth a de nition that draws on that found in Article 49(1) of Addi- tional Protocol 1: 'attacks means acts of violence against the adversary, whether in [offense or defense].' By this widely accepted de nition, it is the use of violence against a target that distinguishes attacks from other military operations. Non-violent operations, such as psychological cyber operations or cyber espionage, do not qualify as attacks. " "'Acts of violence' should not be understood as limited to activities that release kinetic force. This is well settled in the law of armed con ict. In this regard, note that chemical, biological or radiological attacks do not usually have a kinetic effect on their designated target, but it is uni- versally agreed that they constitute attacks as a matter of law. The crux of the notion lies in the effects that are caused. " On use of force against civilians participating in con ict Under traditional international laws and those set forth in the Tallinn Manual, civilians are generally pro- tected from attack. However, there are exceptions, including for civilians who participate in cyberattacks. From Rule 29, regarding civilians in the conduct of hostilities: "Civilians are not prohibited from directly participating in cyber opera- tions amounting to hostilities, but forfeit their protections from attacks for such time as they so operate. " From Rule 35, Sections 10-11, civilians as direct participants in hostilities: "A further issue regarding the period of direct participation, and thus sus- ceptibility to attack, involves a situa- tion in which an individual launches repeated cyber operations that qualify as direct participation. Such circumstances are highly likely to arise in the context of cyber opera- tions, for an individual may mount repeated separate operations over time. " The Tallinn Manual, verbatim "Acts of violence" should not be understood as limited to activities that release kinetic force.
April 30, 2013
May 30, 2013