The Law of Cyber Warfare: Can The Current Legal Regime Hack It?

WCL logo


Presented by the American University International Law Review and National Security Law Brief

November 8, 2012 10:30 am – 2:30 pm American University Washington College of Law

Although cross-border attacks on computers and information systems do not involve a physical invasion of sovereign space, incursions such as the Stuxnet virus increasingly seem to serve a similar purpose. The symposium will examine whether cross-border cyberattacks qualify as acts of war under international law, whether the difficulties of distinguishing civilian and military targets require a special legal regime to govern cyber warfare, and how legislation that has been passed or is currently being considered by the U.S. Congress will affect the international context of such attacks. Are the current legal conventions sufficient to regulate this new kind of warfare? If not, then how should international law account for changing technological capacities? How effective are domestic legislative efforts in addressing the burgeoning foreign threats critical infrastructure institutions in the United States face?

10:00 am  Registration

10:30 am  When is a Virus a War Crime? Targetability and Collateral Damage Under the Law of Armed Conflict:

As cyber attacks have become an increasingly integral tactic for military strategists, they have raised questions for the international legal regime on the conduct of war. Cyber warfare is particularly challenging because cyber attacks designed to disrupt, deny, or degrade enemy military capabilities may simultaneously damage civilian computer systems. Does the law of armed conflict provide sufficient guidance for establishing targetability? Can the destruction of power grids and other critical infrastructure be counted as collateral damage or could they be considered war crimes? Is international humanitarian law capable of governing rapidly developing technology? If not, can it be amended, or is a new legal regime needed?


Paul Rosenzweig, Professorial Lecturer in Law, George Washington University

Charles L. Barry, Senior Research Fellow, Center for Technology and National Security Policy, National Defense University

John C. Dehn, Senior Fellow, Rule of Law Center, West Point

Gregory S. McNeal, Associate Professor of Law, Pepperdine University

Moderator: Professor Daniel Schneider, American University School of International Service; Director, Center on Non-traditional Threats and Corruption (CONTAC)

1:15 pm Is Domestic Legislation Sufficient Tool to Battle Foreign Attacks? An Analysis of the Efficacy of Domestic Cyber Security Legislation

In an increasingly interconnected world, critical infrastructure in the United States faces foreign cyber threats at an increasing rate, emphasizing possible vulnerabilities in current security systems. Foreign attacks are particularly concerning because accessibility to critical infrastructure systems puts both the United States government and the civilian population at great risk. Is legislation like the Cyber Intelligence Sharing Protection Act or the cyber security bills being considered by the U.S. Congress effective in targeting the risk of foreign attack on critical infrastructure institutions, such as power grids, gas pipelines, and the banking sector, which are prime targets for cyber attacks? If not, should more regulatory efforts be considered or are companies in the business of managing critical infrastructure capable of maintaining their own standards that are effective in combating foreign attacks?


Michelle Richardson, Legislative Counsel, American Civil Liberties Union, Washington Legislative Office

Jamil Jaffer, Senior Counsel, House Permanent Select Committee on Intelligence

Catherine Lotrionte, Director, Institute for International Law, Science and Global Security

Moderator: Professor Melanie Teplinsky, American University Washington College of Law

Better laws needed to counter cyber attacks

Better laws needed to counter cyber attacks: U.S. | Reuters: “Cyber criminals are outwitting national and international legal systems that fail to embrace technological advances, a top U.S. official said on Friday, demanding a cross-border campaign to combat the security threat.

“Most countries don’t even have a legal framework that really governs cyber. It is such a new phenomenon in that regard so the legal systems — both domestic and international — have not kept pace with the technological advances we have seen,” U.S. Secretary of Homeland Security Janet Napolitano said.

Senator Collins on Cyberattack in Mass.

A company that provides computer security to the private sector and the U.S. government — RSA, the security division of EMC Corporation based in Hopkinton, Mass. — announced tonight it was hit by “an extremely sophisticated cyber attack”.  Senator Susan Collins, Ranking Member of the Homeland Security and Governmental Affairs Committee, released the following statement.

“The cyber attack revealed by RSA today underscores the serious and sophisticated cyber threat we face.  The threat of a catastrophic cyber attack is real.  Attacks are happening now.   The Senate’s Sergeant at Arms has reported that the computer systems of the Executive Branch agencies and the Congress are probed or attacked an average of 1.8 billion times per month.   Cyber crime costs our national economy $8 billion annually.  Congress needs to fundamentally reshape how the federal government works collaboratively with the private sector to address all cyber threats, from espionage and cyber crime to attacks on the most critical infrastructure.  The need to pass comprehensive cyber security legislation is more urgent than ever.”

Senator Collins, along with Senators Joe Lieberman and Tom Carper, recently introduced a bill that would secure the nation’s most sensitive and critical cyber infrastructure and protect Internet freedom.