Published on April 22nd, 2018 | by Ido Kenan1
⚔️ Cyberwar and Cyberpeace: the Tallinn Manual 🎙️ Lex Cybernatica podcast
In the first episode of Lex Cybernetica, the Hebrew University of Jerusalem Cyber Security Research Center‘s podcast, we look into the Tallinn Manual with our guests, Adv. Deborah Housen-Couriel, who talks about her experience as a member of the Tallinn Manual 2 team; Prof. Yuval Shany and Adv. Dan Efrony, who talk about their co-written paper, “The Tallinn Manual on Cyber Operations and the Laws of War: Towards Customary International Law”; and Lex Cybernetica’s host, podcaster and digital culture blogger Ido Kenan (that’s me).
No paying of bills online. No appealing of fines. No reporting of hazards. No court sessions. No applying for municipal positions. No free WiFi for tourists at the airport. This is what it’s been like for Atlantans for over a week after a ransomware cyberattack was waged on the city government of the capital of Georgia, USA, on March 22nd, 2018. Cybersec experts hired by the city claim the attackers are SamSam hacking crew. And what did the initiators of what the New York Times called “one of the most sustained and consequential cyberattacks ever mounted against a major American city” ask for in return for the antidote? Six Bitcoin, at the time worth a measly $50-odd thousand. Similar yet smaller cyberattacks recently targeted Dallas, Texas, Birmingham, Ala., North Carolina, New Mexico and Colorado.
One cannot help speculating that a few grand aren’t really what’s behind similar cyberaggressions, but rather a red herring to cover the tracks of an offensive by a state actor. It’s not only that it’s hard to irrefutably attribute a cyberattack to a state that tried to hide behind hacker groups – usually attacked states prefer not to make such attributions publicly, so that they may retaliate more freely, not being bound to traditional confrontations and war rules, and themselves masking their identity.
11 years earlier, no one mistook a massive cyberattack on Tallinn, capital of Estonia, for a ransom operation. “If you have a missile attack against, let’s say, an airport, it is an act of war. If the same result is caused by computers, then how else do you describe that kind of attack?” Madis Mikko, a spokesman for the Estonian Defense Ministry, rhetorically asked at the time.
One of the most connected countries in the world, the attack threatened to take so called E-stonia back the stone age. Estonia didn’t hesitate to point digits towards Russia, who strongly advised against Estonia messing with the Bronze Soldier, a Soviet World War II memorial thorn at Tallinn’s side for 60 years, whose relocation ignited the attack.
As early as 2004, Estonia suggested NATO create a cyber defence center. But it took the massive cyberattack and another year for the establishment of the NATO Cooperative Cyber Defence Centre of Excellence, which soon commissioning an academic study on the application of international law on cyberwar, better known as The Tallinn Manual. In 2017, Tallinn Manual 2.0 came out, expanding the scope to examine cyberevents that do not amount to an act of war, but are nonetheless potentially provoking and damaging.