Download this Paper Open PDF in Browser

Rethinking Computer Network 'Attack': Implications for Law and U.S. Doctrine

Journal of National Security Law & Policy, Forthcoming

56 Pages Posted: 10 Apr 2010  

Paul Walker

U.S. Navy Judge Advocate General's Corps

Date Written: March 12, 2010

Abstract

Because much of current legal scholarship uncritically accepts either popular, hacker-based notions of computer “attacks” or the definition of “computer network attack” used in United States military doctrine, a critical approach to what constitutes an "attack" under international humanitarian law is needed. First making the case that the definition of “attack” in Article 49 of Additional Protocol I is customary international law, the article examines a number of methodologies that can provide the appropriate determination that an “act of violence” involving computers, computer networks or information systems has occurred. Of the three methodologies examined, the consequence-based method is the most appropriate. This methodology is applied to two information-based capabilities, distributed denial-of-service (DDoS) actions and chip-level actions, to determine whether or not these types of actions are, in fact, “attacks” under IHL. The article concludes that DDoS actions-- despite widespread belief to the contrary-- do not rise to the level of an attack under IHL. Chip-level actions may constitute IHL attacks if the foreseeable consequences involve death, injury to personnel, or destruction of property, which is the case for some, but by no means all, chip-level (and malicious software) actions. In calling for a more rigorous adherence to well-defined legal standards and definitions in the area of information-based warfare, the article concludes with a call to revise the United States definition of “computer network attack” in order to more closely adhere to the definition of attack under IHL.

Keywords: computer network attack, international humanitarian law, law of war, article 49, attack

Suggested Citation

Walker, Paul, Rethinking Computer Network 'Attack': Implications for Law and U.S. Doctrine (March 12, 2010). Journal of National Security Law & Policy, Forthcoming. Available at SSRN: https://ssrn.com/abstract=1586504

Paul Walker (Contact Author)

U.S. Navy Judge Advocate General's Corps ( email )

United States

Paper statistics

Downloads
152
Rank
164,248
Abstract Views
2,132