This course navigates international law and the law of war as it applies to the notion of cyberwar. Using and applying select rules of the Tallinn Manual, which is an expert analysis of law applicable to cyberwar, you will be able to understand and analyze the challenges of using law to address cyberattacks, cyberthreats and cyberwar. With this knowledge, the course will progress to applying the law to two case studies: the Sony Entertainment cyberattack and a less well known attack where a group of hackers in Iran attacked a dam in the United States. Finally, a look toward the future possibility of a cyberwar and the rule of law concludes this course.
This video lecture will introduce you to the scope of the course in cyberwar and law, explain the structure of the course, what you will need and who should take this course.
This video lecture will introduce you to the short history of cyber attacks in the world, beginning with the Tallinn, Estonia attack by hacktivists from Russia objecting to Estonia's removal of a Russian statue. Two articles/excerpts present perspectives in the reading material that argue (1) that cyberwar is a threat and (2) the other argues cyberwar is something that will never happen. These ideas are explored in this video lecture.
This video lecture introduces the Tallinn Manual, the basic text of the course. The Tallinn Manual is unique in that it is not a binding document, but is the interpretation given to international law and the law of war as it applies to cyberwar by a group of experts from around the world. This video lecture examines the introduction chapter of the Tallinn Manual.
This video lecture looks at the Tallinn Manual, Rules 1 and 2, which lays out the legal understanding of sovereignty and jurisdiction, two essential legal concepts in international law and important to understand any other aspect of the Tallinn Manual.
This video lecture focuses on Rules 10-17, defining the "use of force" which is a concept that is problematic for cyberwar, since the traditional notion of use of force does not fit well with the use of cyber attacks or hacking. This video lecture discusses how the "use of force" is defined by the experts in application to cyberwar.
This video lecture examines Tallinn Manual, Rules 20-24, the law of armed conflict. The application of the traditional international law meaning of "armed conflict" does not fit well in the context of cyberwar and this video lecture will look at the experts interpretation as "armed conflict" applies to cyberwar.
In this video lecture, application of what has been covered so far in the course will be applied to the case of the Syrian Electronic Army in their cyberattacks against U.S. businesses and government cyber resources. This case study highlights how difficult it is to apply the law of war and international law to cyberattacks where attribution for the attack cannot be conclusively connected to a state-party.
For your reading assignment, read pp. 1-15, 15(H), 37-38 only of the Agha and Dardar complaint.
This video lecture examines the Tallinn Manual, Rules 25-31, on the legal meaning of "participation" and "attacks". Military participation in the traditional sense does not fit well with an army of hackers which may work in ways not well defined by traditional international law, yet be engaged in meaningful "participation". The legal meaning of "attack" is one of the foundation legal principles that is important to understanding the rest of the Tallinn Manual in the context of what is a cyber attack.
This video lecture on the Tallinn Manual, Rules 37-40, examines the legal meaning of "attacks against persons" and the implications for this meaning in international law and the law of war.
This video lecture applies the rules covered so far in the course as they apply to a well known cyberattack case against Sony Entertainment, believed to be attacked by North Korea and/or individuals in North Korea. Attribution for the attack is an issue in identifying a state-party. Criteria for an "attack" are also the focus of this case study and the damage done to Sony Entertainment.
This video lecture continues the examination of the case study of the cyber attack against an American company, Sony Entertainment, applying the Tallinn Manual Rules 20-40. The application of Rules 37-40 are covered in the next section, but this serves as a case study for those rules as well.
This video lecture examines the concept of "attacks against objects" , Rules 37-40, as interpreted by the Tallinn Manual. The law of war and international law makes distinctions in what objects are legally targetable. These Rules 37-40, provide examples and interpretation of attacks against objects in the context of cyberwar .
This video lecture examines Tallinn Manual Rules 40-49, the means and methods of cyberwar. The traditional means and methods of war do not translate easily to cyberwar means and methods and this section examines the expert interpretation of how international law and the law of war apply to understanding means and methods that are acceptable.
This video lecture revisits the case study of Sony Entertainment and how the U.S. may or may not have a legal right of self defense under Rule 13. The restrictions on self-defense under the interpretation of international law and the law of war are examined.
This video lecture is a case study of what reads like an attack of a state-party against the United States, another state-party. However, a closer look at the facts in the Iranian hackers case where their attacks resulting in penetrating the software of a dam in Rye, NY, and could have caused serious damage or death had the dame not been under repair at the time of the hacking. This video lecture explores how these cases are treated in a practical sense as well as how the Tallinn Manual interpretation is applied to this case.
This short summary concludes the course with some observations about cyberwar.
Victoria Sutton, MPA, PhD, JD is a distinguished law professor at Texas Tech University School of Law and is author of eight law books and numerous law articles, and winner of several book awards. She is also a filmmaker. She teaches courses in emerging technologies law, nanotechnology law, biosecurity law, space law, environmental law and cybersecurity law. She has also served as an advisor on cybersecurity and biosecurity for government agencies.