Crossroads Blog | CYBER SECURITY LAW AND POLICY

Assignments, Current Affairs, cyber attack, international law, Stuxnet, warfare

More on Stuxnet

For background on this issue, please see my previous post.

The ubiquitous Professor Chesney, now writing at lawfareblog.com, has once again beaten me to the draw by a few hours.  I like him a lot, and he does us all a great service with his listserve and blogging, but I am suspicious that he doesn't sleep.  In any event, he correctly points out:

I’m in no position to judge whether all that is correct.  But from a classroom perspective, this is one heck of an interesting fact pattern.  First, it has obvious utility for the ongoing debate regarding the status of various kinds of computer network operations in relation to the laws of war… .  Does the deployment of Stuxnet constitute an armed attack, for example, bearing in mind the incipient nature of the threat it presents?  

The Stuxnet fact pattern is also fascinating, moreover, if we assume for the sake argument that it or something akin to it were to be deployed by the United States government.  In my national security law course, we spend a fair amount of time parsing the statutory framework relating to Congressional oversight of covert action, and we focus in particular on the exception to that framework associated with “traditional military activities” and the possible relationship of that phrase to other concepts (especially the idea of preparation of the battlefield).  It is my favorite example of the way in which legal frameworks tend to employ categorical distinctions that do not necessarily maintain separation from one another on close inspection…and it seems to me that the Stuxnet fact pattern will be a very useful way to help students understand just how difficult it can be to work with these particular categorical distinctions in the cyber arena.  One need only tweak the fact pattern a few times in sequence, positing various intended targets and, especially, various U.S. government entities as the sponsor of the operation.

Given that our assignment for Monday's seminar is the issue of when a cyber attack is to be considered an armed attack, I am adding the Stuxnet fact pattern (password protected) to the already 90+ page assignment (password protected) for Monday.  If that seems burdensome, you can contact Professor Chesney and thank him for his idea.  Or, I can deliver your views to him next Saturday when I hope to see him at a workshop in Washington, DC. [We'll save the Congressional oversight issues to be covered in Professor Banks's or Crane's National Security Law courses.]

3 Comments

  1. The previous post mentioned in the first sentence is largely a link to an article by The Economist. Just follow the link in the first sentence, or you can reach it at http://blog.cybersecuritylaw.us/2010/09/httpwwweconomistcomblogsbabbage201009stuxnet_worm.html
    If what you are looking for is the assignment that is linked to a password-protected library, then I am afraid that I can provide that to you only if for educational purposes and no further distribution. It is copyright protected, and I do not hold the copyright.

  2. Kim

    Hi
    I am a law student from Belgium, I am in my 4th year. I am also having an assignment about the issue of when a cyber attack is to be considered an armed attack and I was wondering of you could help me with some information? I read your article and I found it very interesting. Thank you in advance.
    Kind regards
    Kim Raets

  3. Kim

    Hi
    I am a law student from Belgium, I am in my 4th year. I am also having an assignment about the issue of when a cyber attack is to be considered an armed attack and I was wondering of you could help me with some information? I read your article and I found it very interesting. Thank you in advance.
    Kind regards
    Kim Raets

Leave a Reply