USA’s Cyber Defense Strategies from the View of International Law

Abstract

This paper is about the legal status of USA’s “active cyber defense” and “defend forward” concepts according to the international law.

Keywords: Active cyber defense, defend forward

1. Introduction:

As the number of users of internet increases, like any environment consists of human, cyber space requires some basic regulations and laws. For now, there is no special law for cyber space, but there are some approaches to apply the international laws already to cyber space. Countries have their own strategies in cyber space as physical world. Since the regulations, definition of cyber space concepts, such as cyber attack and cyber war and the identity of attackers are unclear, the offensive and defensive strategies of countries are controversial. One of the super power of physical world and cyber world is US. The USA has 2 main approaches to defend the military, industry and citizens; “Active cyber defense” and “defend forward”. Are the strategies appropriate for international laws?

2. the Legal Status of “Avtive Cyber Defense” and “Defend Forward” Strategies

While the law of war is comprised of well-known and widely accepted principles, applying these principles to cyber attacks is a difficult task.(Carr, 2011) Since to determine the source, scope and severity of a cyber attack is difficult, states are reluctant to response to cyber attacks for fear of violating the international law of war. For this reason, states usually prefer passive defense tehniques instead of active-defense. Let a state use passive defense by using layered defense of passive alone. What if an attacker overlap the layers?

2.1. Active Cyber Defense

Since no common international defense law, the state must make a choice. If a missile of a country flies another country’s airspace, according to UN Charter Article 51, the country have right to destroy the missile because of self defense right. However, since the attack is not a missile and the impact is not the same as the possible impact of the missile, it is controversial to use of force for self-defense. Active defenses are a form of electonic force, it confines state computer defenses to passive defenses alone, which weakens state defense posture. Also, it forces states to rely on domestic criminal laws to deter cyber attacks, which are ineffective because several major states are unwilling to extradite or prosecute their attackers.(Carr, 2011). Although passive defenses reduces the effect of cyber attacks, it is not enough for deterrence. Most of time, it is not possible to determine where the attack comes from. Thus to judge and punish the attacker is hard. Even if one determine the identity of attacker, it is hard, since the attacker is non-state most of time. For example, for America, one of the most dangerous enemy is Al Qaeda. How US block the attacks and propagation of Al Qaeda. This case gives us a significant example of active defense. In 2006, US attack against Al Qaeda network of jihadist websites. To prevent a propagation of a terrorist group, active defense can be used according to UN Charter Article 39. Of course, this strategy is a little bit risky, since it is difficult to identify who are the attackers. To find evidence is hard, so when the suspicious side is a country such as China or Russia, US can bot use Articles 39 or 51 if the effects are not devastating. For Al-Qaeda, ISIS or non-state groups, US can use active self defense, but for big balls it is not appropriate for international laws usually. Thus US adopt a new approach “Defend Forward” in 2018.

2.2. Defend Forward

The aggressive and populist behavior of Trump administration shows itself in cyber space. The cyber defense strategy changes from active cyber defense into defend forward in 2018 radically. John Bolton, the former national security advisor of the US, express the change in his book as:”Obama’s strategy rested on the fallacy that cyberspace was relatively benign, even unspoiled, and that the best approach was to smooth over the problems and not risk making things worse. I didnt understand why cyberspace should be materially different from the rest of human experience: initially a state of anarchy from which strength and resolve, baked by substantial offensive weaponry, could create structures of detererence aganst potential adversariesthat would eventually bring peace. If, as we knew with increasing certainty, Russia, China, North Korea, Iran and others were contesting us in cyberspace, it was time ti fight back.” (Bolton, 2020). The explanation above is important because it shows the differences of previous approach and defend forward and the legitimite base of the new approach. As the effect of the attacks increases, and the enemy role shifts from terror groups to China, Russia, North Korea and Iran, the defense approach became more strict. To understand the legal status of defend forward, lets look at Bolton’s perspective on China. According to Bolton, China’s espionage and reverse engineering acts harm to US military and economy. There is no way to show the espionage actions of China,so passive cyber defense is not enough already, and active cyber defense isnt also. Active defense works against terror groups and some non-state groups, but for more serious actions more rigit precations are needed. These explanations looks reasonably. However, we come again the same place; there is no way to say that the attack comes from that country. Thus UN Charter 51 can not be applied most of time. For example, one can claim that Huawei or Tictoc do espionage activites and work for Chinese government. However, it can not be proven. Just a few months ago, Trump announced that Tictoc is blocked in US because of espionage activities. However, Tictoc rejected that they give the user’s information to Chinese government. Thus this decision couldnt be applied. The difficulty of determining identity of attacker is again prevent to apply physical world laws into cyber world. For now, since the Trump administration changed, most probably the approach of defend forward will turn into previous approach

N. Conclusion

As there are different strategies of states in physical world, there are also in cyber space. Some states adopted more passive techniques and take little risks according to their politic situations while some adopted more active and agressive approaches. USA adopt mainly two approaches: “active cyber defense” and “defend forward”. Before 2018, the USA adopt active cyber defense since passive cyber defense is not enough to protect military, industry and citizens. Active cyber defense strategy was applied according to international laws most of time. The laws are UN Charter articles 39 and 51. For terrosist groups, active cyber defense strategy can be applied easily in article 39. For non state hackers and hacker groups, the attacks can be stopped by the principle of self defense and article 51. However for more advanced attacks done by states, active cyber defense is not enough. Thus defend forward is a needed approach for this type of attacks according to Bolton. Despite Bolton said that a more aggressive approach is needed, to build a legal base is hard. Thus, the new approach is seems to accepted in a long time, may be never even. However, of course if you are boss, then any action from you is legal. You can say that we suspect that the country has mass destruction weapons, and invade that country. After invasion, you say that we made a mistake, the country has no mass destruction weapon. As time passes and forensic science in cyber space is developing, defend forward approach can be used legally.

REFERENCES

Carr, J.(2012). “Mapping the Cyber Underworld-Inside the Cyber Warfare”, 2nd ed.

US DoD (2018). “DoD Cyber Strategy”.

Charter of the UN(2013).”CHAPTER 1: PURPOSES AND PRINCIPLES”, http://www.un.org/en/documents/charter/chapter1.shtml

Bolton,J.(2020). “The Room Where It Happened-A White House Memoir”. Simon&Schuster.