Says Dr. Dov Housen-Khoriel, a researcher at the Yuval Na'aman workshop for science, technology and security, and a member of the Tallinn-2 guide team that will provide a legal basis for the fight against cyber attacks as part of the research seminar of the Blavatnik Multidisciplinary Center for Cyber Research in collaboration with the Yuval Na'aman workshop. According to her, international law is still lacking when it comes to dealing with a country's cyber vulnerability and the Sony case may speed up finding a solution
The attack on Sony is a legal "game-changer" in cyberspace. Says Dr. Dov Housen-Khoriel, a researcher at the Yuval Na'aman workshop for science, technology and security and a member of the Tallinn-2 guide team that will provide a legal basis for the fight against cyber attacks as part of the research seminar of the Blavatnik Multidisciplinary Center for Cyber Research in collaboration with the Yuval Na'aman workshop.
"When the Sony hacking affair broke out, when hackers started sending secret documents to employees and posting them online, and it was attributed to North Korea, due to a satirical film that dealt with the North Korean dictator, the American government showed distaste and some said that it was a war. A month later, at the beginning of January, the American president was already calmer and less determined: "This is not a war, but a cyber attack. We need to do a better job protecting our information. We believe in freedom of expression, and we will have to deal with such attacks in the future, including using international law."
It turns out that international law did not provide tools that would suit the cyber age. The conventional reasons for war - such as a direct hit with weapons or even sending spies, do not always exist in a cyber attack. It is often difficult to attribute the attack to one factor or another, but only to assume who benefits from it, which is not enough to go to war (for example Iran after being hit by the Stuxant virus).
"All countries should refrain from using force against the territorial integrity or political strength of any other country or in any other way that does not comply with the UN resolution," Curiel quotes a UN resolution. The question is whether these things necessarily exist in the case of a cyber attack is not a simple legal question.
According to Hausen-Khoriel, in recent years, about 20 jurists, who consulted with representatives of important countries, compiled a guide - known as the Tallinn Guide, which clarified the conditions under which the laws of war apply in cyber space and, when the answer is positive, how to establish red lines for the activities of countries in the space - is it permissible, for example Respond with a cyber attack?
According to Hausen, the main conclusion of the guide is that the declaration of a cyber attack as a pretext for war depends on the level of use of force and that the scope of the operation and the results of the operation will be equivalent to the results of war in the physical world.
However, the Tallinn Guide does not provide an answer to the Sony case because it did not include the theft of information as an illegal act that constitutes a cause for war. For example, if someone enters from North Korea and causes damage to remote computer files - for example, deletes them, replaces them, this does not constitute an act of war unless they cause physical damage to the computer.
In conclusion, Hausen-Choriel says that the White House adopted aggressive language and entered into what Tallinn Mar guides as a format of transition from peace to war. I initially thought that there would be a precedent for the action of a state in real time against a cyber attack according to the rules of the Tallinn Guide. I was disappointed that in the administration's announcement from January 2 on the subject, they lowered the level of treatment for the violation of human rights.
The Tallinn Agreement 2 is going to deal with these cases that are below the threshold of the use of force, and this time it will examine not only the validity of the laws of war but of the entire international law.
And a more important question - is it permissible to carry out a preemptive attack when you know about a planned attack from the other side (parallel to the case of the bombing of the reactor in Iraq by Israel in the physical world.)
Professor Yitzhak Ben Yisrael, head of the Labatnik Har Center for Cyber Research and head of the Yuval Na'man workshop, said in his response that one of the main problems with such attacks is to attribute them to one or another country and not, for example, to private individuals. "We all remember the "Saudi hacker" who turned out to be a private person living in Mexico. what should we do? Shall we bomb Mexico?"
The question of where the responsibility lies between the government and an attacked company is one of the issues that the cyber headquarters of the Ministry of Defense requests a solution to the researchers of the Multidisciplinary Center for Cyber Research at Tel Aviv University, which recently held its first conference.
In the same topic on the science website:
