Stuxnet, Schmitt Analysis, and the Cyber Use-of-Force Debate
Abstract
One of the many seemingly intractable legal issues surrounding cyberspace involves whether and when peacetime cyber operations constitute a prohibited use of force under Article 2(4) of the United Nations (UN) Charter. Notwithstanding a significant body of scholarly work on this topic and extensive real-world examples from which to draw, there is no internationally recognized definition of a use of force. Rather, what has emerged is a general consensus that some cyber operations will constitute a use of force, but that it may not be possible to identify in advance the specific criteria states will use in making such determinations. As discussed in this article, several analytic frameworks have been developed to help assess when cyber operations constitute a use of force. One conclusion these frameworks share is that cyber operations resulting in physical damage or injury will almost always be regarded as a use of force. When these frameworks were developed, however, there were few, if any, examples of peacetime, statesponsored cyber coercion. More importantly, the prospect of cyber attacks causing physical damage was largely theoretical.4 Beginning in 2007, however, a string of cyber operations including the 2007 Distributed Denial of Service (DDoS) attack on Estonia, the 2008 DDoS attack on Georgia, and the 2008 discovery that the U.S. Government s most sensitive networks had been compromised hinted at increased use of the cyber domain by states and their proxies for peacetime coercion.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2012
- Accession Number
- ADA618715
Entities
People
- Andrew C. Foltz
Organizations
- National Defense University