What are the rules of cyberwar?
- By John Breeden II, Susan M. Menke
- Feb 07, 2003
The internationally accepted rules of war, dating back to the Geneva Convention of 1864, limit attacks 'to combatants and military targets' and prohibit weapons that strike indiscriminately at civilian and military objects and people.
But how well can the Bush administration's rules of cyberwar, widely rumored this week to be in the drafting stage, correspond to the convention's principles?
How could U.S. cyberwarriors, for instance, estimate the collateral damage from malicious worms they release against a foreign target across the Internet? Could they tailor an attack precisely, or might civilian computers get caught in the crossfire? Could cyberwarriors, likely recruited from among the most daring hackers, be trusted with the power they wield?
The GCN Lab, having been on the receiving end of cyberattacks and being acquainted with people who are well-informed about hacking, suggests that three levels or protocols are likely in the U.S. rules of engagement:
'Level 1: Monitoring and spying. Worms could bore into the computer networks of enemy states to sniff out passwords, read e-mail and map out infrastructures. Time and stealth would be required to overcome internal defenses. Worms and Trojan horses used in this phase could have destructive triggers for activation later.
'Level 2: Attacking without permanent damage. Denial-of-service attacks against enemy command and control servers, for example, could overload them and prevent them from performing other tasks. Floods of spam e-mail to officers and government leaders could stop any useful electronic information exchange. Altering instruction manuals for weapons or distributing fake orders from leaders, using secret codes stolen during the first phase, can sow doubt and confusion. Enemy forces would soon come to distrust any electronic information and be driven to use older forms of communication.
'Level 3: Destructive attacks. Files could be purged, viruses implanted, and operating systems and applications corrupted on servers and client systems. Such attacks should target only military systems and not, for example, medical or food distribution networks.
Foreign-language skills would be essential to carry out an international attack.
And finally, a team of guards or observers, completely separate from the team conducting the offensive, should watch over domestic networks and make sure the cyberwarriors follow the rules.
John Breeden II is a freelance technology writer for GCN.