Latest in Aegis Paper Series
What are the origins and evolution of the institutional, policy and legal frameworks that have come to define both the defensive and offensive aspects of the U.K. and U.S. models?
Among the most discussed provisions of the Tallinn Manual 2.0 is Rule 4: “Violation of sovereignty.” Rule 4 provides: “A State must not conduct cyber operations that violate the sovereignty of another State.” Considered alone, Rule 4 is banal and unobjectionable, since there are many established sovereignty-based international-law rules that cyber operations might violate.
The US policy of “defend forward” and “persistent engagement” in cyberspace raises the stakes of this attribution question as a matter of both international and domestic law.
United States Cyber Command turned ten years old in 2020. It is a unique institution—a military command that operates globally against capable adversaries and yet never fires a shot—and its design has been a work in progress.
The United States has one of the world’s strongest and most sophisticated capabilities to launch cyberattacks against adversaries. How does the US Constitution allocate power to use that capability? And what does that allocation tell us about appropriate executive-legislative branch arrangements for setting and implementing cyber strategy?
As its name implies, the 2018 US Department of Defense Defend Forward strategy is principally reactive. The strategy assumes that the United States will continue to suffer harm from competitors and malign actors through cyberspace. Accordingly, it outlines US reactions in order to preempt threats, defeat ongoing harm, and deter future harm.
If information is power, then the corruption of information is the erosion, if not the outright usurpation, of power. This is especially true in the information age, where developments in the technological structure and global interconnectedness of information and telecommunications infrastructure have enabled states to engage in malicious influence campaigns at an unprecedented scope, scale, depth, and speed.
The Israeli equivalent to Defend Forward is far less regulated than its U.S. parallel, and that the Israeli version of Persistent Engagement at home allows domestic action and harnesses the private sector in ways that the U.S. approach does not contemplate.
When a state suffers an internationally wrongful act at the hands of another state, international law allows the injured state to respond in a variety of ways. Depending on the nature, scope, and severity of the initial wrongful act, lawful responses can range from a demand for reparations in response to a low-level violation to a forcible act of self-defense in response to an armed attack. Countermeasures offer an additional way for a state to respond to an internationally wrongful act.
With little fanfare and less public notice, Congress and the executive branch have cooperated effectively over the past decade to build a legal architecture for military cyber operations.