Law of Cyberwar: Understanding Cyberattacks and the Law

Understanding and Applying the Tallinn Manual

Created byVictoria Sutton

Last updated 10/2017

English

What you'll learn

Identify issues that trigger questions in cyberwar.
Analyze a cyber fact scenario to determine how the Tallinn Manual would apply.
Understand the challenges in analyzing cyber events in the context of the law of war.

Course content

5 sections • 16 lectures • 3h 28m total length

Introduction4:11
This video lecture will introduce you to the scope of the course in cyberwar and law, explain the structure of the course, what you will need and who should take this course.
Lecture 1 Quiz. Introduction
Cyberwar and U.S. Strategy12:07
This video lecture will introduce you to the short history of cyber attacks in the world, beginning with the Tallinn, Estonia attack by hacktivists from Russia objecting to Estonia's removal of a Russian statue. Two articles/excerpts present perspectives in the reading material that argue (1) that cyberwar is a threat and (2) the other argues cyberwar is something that will never happen. These ideas are explored in this video lecture.
Lecture 2 Quiz. Cyberwar and U.S. Strategy
Tallinn Manual-Introduction13:58
This video lecture introduces the Tallinn Manual, the basic text of the course. The Tallinn Manual is unique in that it is not a binding document, but is the interpretation given to international law and the law of war as it applies to cyberwar by a group of experts from around the world. This video lecture examines the introduction chapter of the Tallinn Manual.
Lecture 3 Quiz. Tallinn Manual - Introduction

Tallinn Manual-Rules 1-2, Sovereignty, Jurisdiction11:34
This video lecture looks at the Tallinn Manual, Rules 1 and 2, which lays out the legal understanding of sovereignty and jurisdiction, two essential legal concepts in international law and important to understand any other aspect of the Tallinn Manual.
Lecture 4 Quiz. Tallinn Manual-Rules 1, 2 -- Sovereignty, Jurisdiction
Tallinn Manual-Rules 10-17, Use of Force14:46
This video lecture focuses on Rules 10-17, defining the "use of force" which is a concept that is problematic for cyberwar, since the traditional notion of use of force does not fit well with the use of cyber attacks or hacking. This video lecture discusses how the "use of force" is defined by the experts in application to cyberwar.
Lecture 5 Quiz. Tallinn Manual-Rules 10-17, Use of Force
Tallinn Manual, Rules 20-24,Law of Armed Conflict19:26
This video lecture examines Tallinn Manual, Rules 20-24, the law of armed conflict. The application of the traditional international law meaning of "armed conflict" does not fit well in the context of cyberwar and this video lecture will look at the experts interpretation as "armed conflict" applies to cyberwar.
Lecture 6 Quiz. Tallinn Manual-Rules 20-24, Law of Armed Conflict
Applying the Tallinn Manual-US v. Agha and Dardar,13:18
In this video lecture, application of what has been covered so far in the course will be applied to the case of the Syrian Electronic Army in their cyberattacks against U.S. businesses and government cyber resources. This case study highlights how difficult it is to apply the law of war and international law to cyberattacks where attribution for the attack cannot be conclusively connected to a state-party.
For your reading assignment, read pp. 1-15, 15(H), 37-38 only of the Agha and Dardar complaint.
Lecture 7 Quiz. Applying the Tallinn Manual-U.S. v. Agha and Dardar

Tallinn Manual, Rules 32-36, Attacks against persons12:47
This video lecture examines the Tallinn Manual, Rules 25-31, on the legal meaning of "participation" and "attacks". Military participation in the traditional sense does not fit well with an army of hackers which may work in ways not well defined by traditional international law, yet be engaged in meaningful "participation". The legal meaning of "attack" is one of the foundation legal principles that is important to understanding the rest of the Tallinn Manual in the context of what is a cyber attack.
Lecture 9 Quiz. Tallinn Manual-Rules 32-36, Attacks against persons
Tallinn Manual, Rules 37-40, Attacks against objects19:26
This video lecture on the Tallinn Manual, Rules 37-40, examines the legal meaning of "attacks against persons" and the implications for this meaning in international law and the law of war.
Lecture 12 Quiz. Tallinn Manual-Rules 37-40, Attacks against objects
Applying the Tallinn Manual – Sony case15:14
This video lecture applies the rules covered so far in the course as they apply to a well known cyberattack case against Sony Entertainment, believed to be attacked by North Korea and/or individuals in North Korea. Attribution for the attack is an issue in identifying a state-party. Criteria for an "attack" are also the focus of this case study and the damage done to Sony Entertainment.
Lecture 10 Quiz. Applying the Tallinn Manual-Sony case-Rules 1, et al
Applying the Tallinn Manual – Sony case-Rules 20-408:50
This video lecture continues the examination of the case study of the cyber attack against an American company, Sony Entertainment, applying the Tallinn Manual Rules 20-40. The application of Rules 37-40 are covered in the next section, but this serves as a case study for those rules as well.
Lecture 11 Quiz. Applying Tallinn Manual-Sony case

Tallinn Manual, Rules 37-40, Attacks against objects DUPLICATE19:22
This video lecture examines the concept of "attacks against objects" , Rules 37-40, as interpreted by the Tallinn Manual. The law of war and international law makes distinctions in what objects are legally targetable. These Rules 37-40, provide examples and interpretation of attacks against objects in the context of cyberwar .
Tallinn Manual, Rules 41-48, Means and Methods14:57
This video lecture examines Tallinn Manual Rules 40-49, the means and methods of cyberwar. The traditional means and methods of war do not translate easily to cyberwar means and methods and this section examines the expert interpretation of how international law and the law of war apply to understanding means and methods that are acceptable.
Lecture 13 Quiz. Tallinn Manual-Rules 41-48, Means and methods
Applying the Tallinn Manual –Sony case, Rules 20-409:33
This video lecture revisits the case study of Sony Entertainment and how the U.S. may or may not have a legal right of self defense under Rule 13. The restrictions on self-defense under the interpretation of international law and the law of war are examined.
Lecture 14 Quiz. Tallinn Manual-Sony case, Rules 20-40

Applying the Tallinn Manual - Iranian hackers case on critical infra18:02
This video lecture is a case study of what reads like an attack of a state-party against the United States, another state-party. However, a closer look at the facts in the Iranian hackers case where their attacks resulting in penetrating the software of a dam in Rye, NY, and could have caused serious damage or death had the dame not been under repair at the time of the hacking. This video lecture explores how these cases are treated in a practical sense as well as how the Tallinn Manual interpretation is applied to this case.
Lecture 15 Quiz. Applying the Tallinn Manual-Iranian hackers case
Summary and Conclusion1:00
This short summary concludes the course with some observations about cyberwar.

Requirements

Software to watch videos via the internet through the Udemy platform. Adobe reader software.

Description

This course navigates international law and the law of war as it applies to the notion of cyberwar. Using and applying select rules of the Tallinn Manual, which is an expert analysis of law applicable to cyberwar, you will be able to understand and analyze the challenges of using law to address cyberattacks, cyberthreats and cyberwar. With this knowledge, the course will progress to applying the law to two case studies: the Sony Entertainment cyberattack and a less well known attack where a group of hackers in Iran attacked a dam in the United States. Finally, a look toward the future possibility of a cyberwar and the rule of law concludes this course.

Who this course is for:

Lawyers who work in national security law, might want to have a closer look at the application of the Tallinn Manual
Military personnel and veterans who have experienced kinetic war, will find this of interest
Students exploring career choices can also explore their potential career interests
Anyone who is interested in the questions about cyberwar, the law of war and understanding the Tallinn Manual

Law of Cyberwar: Understanding Cyberattacks and the Law

What you'll learn

Explore related topics

Course content

Introduction to Cyberwar and the Tallin Manual3 lectures • 30min

The law of the use of force and armed conflict applied to the cyber domain4 lectures • 59min

What is a cyber attack against persons?4 lectures • 56min

What is a cyberattack against objects? Cyber means & methods in the law of war?3 lectures • 44min

Analyzing the Iranian hackers case2 lectures • 19min

Requirements

Description

Who this course is for: