Philip Smart | Adelaide
US Naval War College Professor Michael Schmitt believes nations must define and clarify their position on international cyber law to avoid hostile nations taking advantage of “grey areas” to mount cyber attacks without clear repercussions.
Presenting the James Crawford Oration on International Law at Adelaide University on Tuesday, Professor Schmitt said “grey zones” in the international law of cyberspace were giving hostile nations an opportunity to mount cyber attacks without attracting international condemnation.
“Because states want to maintain operational and strategic flexibility, unclear law on cyber space means that states can operate in cyber space, except in the most extreme instances, without risking universal condemnation,” Professor Schmitt told the Adelaide audience.
“Because states and international lawyers, the pundits, will all argue: Was that operation a violation of international law?
“Some states are taking advantage of these grey areas. And what they’re doing is a form of assymetrical warfare. And the reason is because the United States and Australia and other like minded countries are very concerned about ensuring our operations comply with international law, so when we see a grey area we hesitate, because we don’t want to be pegged as law breakers.”
Schmitt pointed to the recent hacking of the Democratic National Committee of the US, in which the hackers avoided a direct and obvious attack on the US elections, but compromised information that was important to the process.
“We had debates about whether that was a violation of US sovereignty, whether that was a prohibited intervention into our internal affairs, specifically elections,” he said. “You know, everyone agreed that it was a bad thing, but the debate was over whether it was lawful or not.”
He believes the best defence is to draw a clear line in the sand.
“I’m a big advocate for clarity in the law. I think states should start articulating where they believe the legal red lines are, because that will enhance deterrence. If a state clearly states what a red line is in cyber space, then the state wishing to conduct hostile cyber operations against them, well that state’s going to hesitate, because they’ll know they would have crossed the line.
“And the same is true with respect to responses. If we articulate what we believe our legal right is with regard to responding to hostile cyber operations, in that case the other side is going to hesitate because the risk has become much more certain for them.”
Professor Schmitt is the Charles H. Stockton Professor at the US Naval War College, and the Francis Lieber Distinguished Scholar at the US Military Academy, Professor of Public International Law at the University of Exeter and Fellow at Harvard Law School’s Program on International Law and Armed Conflict. He is the General Editor of the Tallinn Manual on the International Law Applicable to Cyber Warfare (2013) and Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (2017).