Tom Uren
When Do Cyber Campaigns Cross a Line?
A new paper from the Germany-based think tank Interface has attempted to define the threshold at which peacetime state cyber operations become irresponsible. The author thinks that more concrete definitions of responsible behavior would help guide states and prevent dangerous conduct. It's a commendable effort, but we don't think the architects of cyber operations really care about norms, and a German think tank writing down its preferred rules on a piece of paper won't make any difference to state behavior.
Governments do, however, care about potential political costs and the risk of retaliation. One of the paper's goals is to provide a framework that makes it easier for victim states to flag irresponsible operations and respond appropriately. The paper defines seven principles-based "red flags" and gives examples of some real-world cyber operations that might have raised these flags.
The first red flag, "causing physical harm, injury or death" is pretty straightforward. It's a threshold that states have observed, and the paper does not list any cyber operations that it thinks have crossed the line. The most interesting red flag is "lacking or losing operational control." The author argues that maintaining effective operational control "is essential," because risks increase when operations spiral out of control.
No comments:
Post a Comment