Russian Cyber Operations. Scott Jasper
that uses cyber operations to influence events and gain advantage and, in some cases, test the thresholds of conflict, without fear of legal or military consequences.
The cyber operations against the energy distribution companies in Ukraine in 2015 demonstrated Russia’s willingness and capability to target critical infrastructure. The intrusion sent a message or a warning to influence and coerce the Ukrainian parliament. Ciaran Martin, the head of the National Cyber Security Centre, part of the Government Communications Headquarters in the United Kingdom, warned the UK parliament that in addition to “traditional” targets such as energy infrastructure, Moscow is deploying cyber technology “against the west as a whole” with a view to undermine “democratic institutions, media institutions and . . . free speech.”117 The next month, Deputy Attorney General Rod Rosenstein warned the Aspen Security Forum of the growing threat from Russian influence operations. He said Russian actions “are persistent, they’re pervasive, they are meant to undermine democracy on a daily basis.”118 However, these persistent actions appear designed to avoid designation as an armed attack. In the United States, cyber incidents are assessed on a “case-by-case basis.”119 US officials are hesitant to articulate red lines within cyberspace, since they provide “adversaries a defined line they can walk right up to without fear of reprisal,” which Russian cyber actors would certainly do.120 Instead, this book offers an analytical framework to analyze and evaluate Russian cyber operations, whether they rise to the level of armed conflict or function as a component of strategic competition.
Notes
1.Nicole Perlroth, “Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies,” New York Times, February 18, 2019.
2.DOD, Office of General Counsel, Law of War Manual (Washington, DC: Secretary of Defense, December 2016), 1013.
3.David A. Wheeler and Gregory N. Larsen, “Techniques for Cyber Attack Attribution,” Institute for Defense Analysis, November 11, 2013.
4.Aaron Franklin Brantly, The Decision to Attack (Athens: University of Georgia Press, 2016), 80.
5.Bryant Jordan, “US Still Has No Definition for Cyber Act of War,” Military.com, June 22, 2016.
6.Legal Information Institute, 18 US Code §2331: Definitions, Cornell Law School.
7.Saundra McDavid, “When Does a Cyber Attack Become an Act of War?,” InCyber-Defense, American Public University, July 31, 2017.
8.Ronald H. Spector, Eagle against the Sun: The American War with Japan (New York: Free Press, 1985), 1–8.
9.Blair Hanley Frank, “When Is a Cyber Attack an Act of War? We Don’t Know, Warns Ex-Obama Adviser,” VentureBeat, September 14, 2017.
10.Mike Rounds, “Cyber Act of War Act of 2016,” S. 2905, 114th Congress, 2nd Session, May 9, 2016.
11.Marcell Lettre, “Cybersecurity, Encryption and United States National Security Matters,” Hearing before the Committee on Armed Services, S. 114-671, 114th Congress, 2nd Session, September 12, 2016, 85.
12.Ellen Nakashima, “When Is a Cyberattack an Act of War?,” Washington Post, October 26, 2012.
13.Michael N. Schmitt and Liis Vihul, “The Nature of International Law Cyber Norms,” The Tallinn Papers, no. 5, special expanded issue (2014): 7.
14.Michael N. Schmitt, “Cyber Operations in International Law: The Use of Force, Collective Security, Self-Defense, and Armed Conflicts,” in Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (Washington, DC: National Academies Press, 2010), 152.
15.Schmitt, 152.
16.Schmitt, 152.
17.DOD, Law of War Manual, 82.
18.Michael N. Schmitt, “Classification of Cyber Conflict,” International Law Studies 89, no. 233 (2013): 240.
19.UN, Charter of the United Nations, Chapter I, Article 2(4), October 24, 1945.
20.Michael Schmitt, “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations: What It Is and Isn’t,” Just Security, February 9, 2017, https://www.justsecurity.org/37559/tallinn-manual-2-0-international-law-cyber-operations/.
21.Michael Schmitt, ed., Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, 2nd ed. (Cambridge: Cambridge University Press, 2017), 329.
22.Net Politics Program, “The Cyber Act of War Act: A Proposal for a Problem the Law Can’t Fix,” Council on Foreign Relations, May 12, 2016.
23.Rounds, “Cyber Act of War Act of 2016.”
24.Harold Hongju Koh, “International Law in Cyberspace: Remarks as Prepared for Delivery to the USCYBERCOM Inter-Agency Legal Conference,” September 18, 2012, reprinted in Harvard International Law Journal Online 54, nos. 3–4 (December 2012).
25.Koh.
26.DOD, Law of War Manual, 1015.
27.DOD, 1015.
28.DOD, 1016.
29.Schmitt, Tallinn Manual 2.0, 341.
30.Michael N. Schmitt, “Peacetime Cyber Responses and Wartime Cyber Operations: An Analytical Vade Mecum,” Harvard National Security Journal 8, no. 2 (2017): 245.
31.Schmitt, 245.