Scholars involved in a project sponsored by NATO’s Cooperative Cyber Defence Centre of Excellence in Tallinn will meet in February to consider what options governments have, under international law, to respond to cyberattacks from other countries. The project will not look at national laws.

The project, called the Tallinn Manual 2.0, is due to be published in 2016 and is a follow-up to the Tallinn Manual, which was published in 2013. The Tallinn Manual looks at cyberattacks against a country that are physically disruptive or injure people, and responses via the use of force under the UN charter and military rules on the cyber battlefield.

“This doesn’t happen so often though,” said project director Michael Schmitt, chairman of the US Naval War College’s International Law Department, professor of Public International Law at the University of Exeter School of Law and a senior fellow at NATO’s Cooperative Cyber Defence Centre of Excellence. . . .

“There are regular attempts to intrude into military systems,” Schmitt says. Possible scenarios include hackers trying to put malware into a country’s military command-and-control systems that could then be activated if that country gets into a conflict, or mapping air defense systems of a country so that a potential enemy could be in a position to attack it.

“At a conservative estimate, there are thousands of attacks on ministries of defense on a daily basis. Some are easily handled with anti-virus software but some are very complex. A key question is how countries should respond legally if this happens,” he says.

Image: NATO's Cooperative Cyber Defense Center of Excellence (photo: CCDCOE)