Tallinn Manual Research Articles

International Legal Guiding Principles for State Activity in Cyberspace

The rapid development of information technologies and the emergence of cyberspace as a new domain of state activity raises critical questions regarding the regulation of state actions within this space under international law. It is evident that international law applies to cyberspace; any contrary approach would create a legal vacuum, implying that states lack international legal obligations related to cyberspace and undermining state sovereignty in this new realm. Given that states are the primary subjects of international law, denying their applicability to cyberspace is existentially untenable. Despite the clear applicability of international legal principles to cyberspace, international law, like law in general, is often rigid and fails to keep pace with rapid technological advancements. Consequently, a key challenge in the international legal regulation of cyberspace is the specific application of international law in these contexts. This leads to several fundamental questions: How do the fundamental principles of international law apply to cyberspace? What is the effect of sovereignty in cyberspace? How are cyber operations attributed to the state? How is cyber-armed conflict regulated? This article addresses these fundamental issues of international legal regulation in cyberspace. Based on the findings of this research, draft guiding principles for state activity in cyberspace were proposed, which could serve as the foundation for an international methodological document, offering an alternative to the unrepresentative Tallinn Manual and potentially paving the way for a future universal international treaty in this area.

Violations of Sovereignty in “Cyberspace” Under the United Nations Charter

Affirming that violating State sovereignty through and against “cyber” infrastructure could be covered by the scope of Art. 2(4) and (7) of the United Nations Charter is one of the most pressing challenges that faces international law today. This article aims to address this issue by expanding on a general taxonomy outlined in the Tallinn Manual 2.0 on violations of sovereignty in “cyberspace”. These violations are categorised as conducts leading to either “infringement upon the target State’s territorial integrity” or “interference or usurpation of inherently governmental functions”. In order to map the taxonomy of the Tallinn Manual 2.0 onto Art. 2(4) and (7), it is necessary to highlight the convergence between territorial sovereignty and “cyberspace” that allows for extending the scope of application of Art. 2. Through recognising data as “assets” that can be subject to a functional sovereignty, that in turn could be subject to unlawful use of force in violation of the general ban codified in Art. 2(4) as an “infringement upon the target State’s territorial integrity”. Extending the scope of Art. 2(7) is contingent upon defining the concept of intervention as a conduct aiming to unlawfully assume an exclusive competence of a State by another State. Under this concept, intervention in “cyberspace” could be envisaged as attempts to gain control over the functionality of certain “cyberspace” infrastructure that is instrumental for the manifestation of State exclusive competences. A process that demands taking control of that entity to an extent impinging the regular functioning of the targeted entity beyond the mere manipulation of data. Under the proposed definition of intervention such conduct of “interference or usurpation of inherently governmental functions” can constitute a violation to the principle of non-intervention as codified by Art. 2(7).

International Research Cooperation in The Tallin Manual

Contemporary military strategy exhibits a growing dependence on operations conducted within the domain of cyberspace. These operations are increasingly capable of inflicting tangible harm in the physical world, degrading essential infrastructure, and inducing widespread disruption. Nevertheless, a debate persists regarding the applicability of established international legal frameworks governing armed conflict to cyberwarfare. The Tallinn Manual, a non-binding academic study exploring the intersection of international law and cyberwarfare, plays a pivotal role in disentangling this complex debate by bridging international law, professional military ethics, and technical disciplines. In addition to being an indispensable guide to the legality of cyberwarfare operations, this paper argues that the Tallinn Manual represents a successful example of interdisciplinary collaboration and international cooperation, which may serve as a model for addressing a myriad of challenging legal and moral realities.

A BRIEF STUDY OF INTERNATIONAL LAW IN THE AGE OF CYBERSECURITY

The rapid evolution of cyberspace has transformed the global landscape, giving rise to a complex and interconnected digital realm. As nations and individuals increasingly rely on digital technologies, the need to establish a robust framework for cybersecurity within the realm of international law has become paramount. This paper explores the evolving landscape of international law in the age of cybersecurity, focusing on key challenges, developments, and the imperative for international cooperation. The digital domain transcends geographical boundaries, making traditional notions of state sovereignty and jurisdiction inadequate for addressing cyber threats. This has necessitated the development of international norms and regulations to govern cyberspace. The paper delves into the prominent developments in international law, including the Tallinn Manual and the United Nations Group of Governmental Experts, which have sought to clarify the application of existing legal principles to cyberspace. Cybersecurity challenges such as state-sponsored cyberattacks, cyber espionage, and the weaponization of information have strained the existing framework of international law. The paper discusses the critical need for a consensus on defining cyberattacks and determining proportionate responses in accordance with the principles of self-defense and the law of armed conflict. Furthermore, this paper emphasizes the importance of international cooperation and the role of multilateral organizations in promoting cyber stability. It explores the potential for global cyber norms and confidence-building measures to enhance international security and reduce the risk of cyber conflict. However, as the digital age continues to reshape the global landscape, the adaptation and evolution of international law in response to cybersecurity challenges is imperative. The paper highlights the ongoing developments and challenges in this arena, underscoring the necessity for collaborative efforts among nations to establish a secure and stable digital environment for all. KEYWORDS: Cybersecurity, International Law, Cyberspace, Norms, Cooperation

When Can Cyberattack Constitute Use of Force: A Case Study of Cyberattack in the Russia-Ukraine Conflict

In todays international community, cyberattacks occur frequently, and cyberspace has become an important battlefield for political games among major powers. Under the push of cyberattacks, the tension between Russia and Ukraine has further escalated. However, due to the unique nature of cyberspace, the rules under the existing international law are difficult to directly apply to the field of cyberspace. This has allowed states and non-state actors to willfully disrupt the network systems and other infrastructure of other countries, causing damage to people or property. One major issue is when can a cyberattack constitute use of force under international law. Only by clarifying this issue can we further discuss the issues of cyber warfare and the exercise of self-defense right. This article will start with a cyberattack that occurred in the Russia-Ukraine conflict, explore the essence of use of force, discuss the three mainstream theories about when can cyberattack constitute use of force, and use the framework of the Tallinn Manual to analyze whether the aforementioned cyberattack falls under the use of force in cyberspace. Through this series of analysis, we can further clarify the meaning of use of force in cyberspace and promote the construction of a legal framework for international law in cyberspace.

Trends in and Contributions to Tallinn Manual Research: An Assessment of the Literature from 1998 to November 2022

Trends in and Contributions to Tallinn Manual Research: An Assessment of the Literature from 1998 to November 2022

How Does the Tallinn Manual 2.0 Shed Light on the Threat of Cyber Attacks against Taiwan?

This paper will identify possible unsettled issues when applying jus ad bellum and jus in bello to case scenarios based on China's cyber operations against Taiwan, pursuant to the rules of international law governing cyber or military operations attributable to States reflected in Tallinn Manual 2.0. This paper will argue that because of Taiwan’s legal international status as a sovereign State, the different responsive actions it may take, should it be faced with any such aggressive cyber or military attack, may be considered controversial. This paper will then identify the possible legal issues that may pertain under current international law, should any such armed conflict occur between China and Taiwan.

Election hacking, the rule of sovereignty, and deductive reasoning in customary international law

AbstractThis article considers the international laws applicable to irresponsible state behaviour in cyberspace through the lens of the problem of election hacking. The rule of sovereignty has taken centre stage in these discussions and is said to be preferred to the non-intervention rule because it evades the problem of coercion. Proponents of the cyber rule of sovereignty contend that there is such a rule; opponents reject the existence of the rule as a matter of existing law. The objective here is to explore the methodologies involved in the identification of the cyber rule of sovereignty under customary international law. The work first frames the debate in the language of regulative and constitutive rules, allowing us to show that a regulative rule of sovereignty can, logically, and necessarily, be deduced from the constitutive rule of sovereignty. The content of the regulative rule can also be deduced from the constitutive rule of sovereignty, but it has a more limited scope than claimed by the proponents of the rule, notably the Tallinn Manual 2.0. The rule of sovereignty prohibits state cyber operations carried out on the territory of the target state and remote cyber operations which involve the exercise of sovereign authority on that territory, e.g., police evidence-gathering operations. The rule of sovereignty does not, however, prohibit other remote, ex situ state cyber operations, even those targeting ICTs used for governmental functions, including the conduct of elections. The rule of sovereignty is not, then, the solution to the problem of election hacking.

The definition of armed conflict in cyberspace

The information technologies development affects all spheres of human activity, including the military activities of States. The level of military information technologies development allows us to talk about a new theatre of military operations — the cyberspace. The likelihood of an armed conflict in cyberspace is also confirmed by the Tallinn Manual, developed in 2013 and updated in 2017 by experts from the NATO States with the participation of the International Committee of the Red Cross. In the context of the high probability of military action in cyberspace, the starting point for applying international humanitarian law to such situations is the definition of a cyber armed conflict. The research of this topical issue of modern international law of armed conflicts is the subject of this article. The author pays attention to the legal definition of cyberspace in general, and to related problems. In the absence of an international treaty regulating this area, it was suggested that such treaty should be developed and adopted. Because there is no definition of “classic” armed conflict in international humanitarian law, this article offers the author’s definition of “classic” armed conflict based on the analysis of the law of armed conflicts, relevant practice and international legal doctrine. Based on this definition, on detailed analysis of the relevant norms of international law, including the norms proposed by the Tallinn Manual on International Law Applicable to Cyber Operations, on the doctrine of international law, and taking into account the specifics of cyberspace, the author gives a comprehensive definition of armed conflict in cyberspace. The author substantiates the need to use the concept of cyber armed conflict, and not the terms “cyberwar” or “information war”. This article focuses on and evaluates the relevant provisions of the Tallinn Manual. The author also made suggestions on possible solutions to the problems discussed in this article.

Cyber Operations against Critical Financial Infrastructure: a Non-Destructive Armed Attack?

Summary The article is devoted to the issue of the use of force in self-defense against cyber operations aimed at financial and banking infrastructure that cause only economic (non-material) damage. The article deals with the relationship between the described type of cyber operation and economic coercion, presenting the conclusion that these are different acts, which are subject to a different regime of international law regulation. Attention is also paid to the analytical approaches that can be used to bring cyber operations under the regime of the regulation of the use of force. The main contribution of the article is to capture the evolution of the scholarly debate and state practice in relation to non-destructive cyber operations in the period after the publication of Tallinn Manual 2.0 (post-2017), concluding that even non-destructive cyber operations (including cyber operations against critical financial infrastructure) can fulfil the characteristics of both use of force and armed attack, based on newly available sources, in particular official national positions on the application of international law in cyberspace published by states.

Navigating the Gray Area: A Comprehensive Analysis of Cyber Warfare and its Relationship to the Law of Armed Conflict

This scholarly research delves into the interplay between the realms of cyber hostilities and the norms governing the law of armed conflict. It commences by meticulously defining cyber warfare and expounding upon its multiple forms, including incursions into vital infrastructure, cyber espionage operations, and the deployment of malicious software. Subsequently, the study scrutinizes the legal paradigm that regulates the deployment of military force in the realm of cyberspace, encompassing the United Nations Charter and the Tallinn Manual. Additionally, the paper conducts a thorough examination of the difficulties encountered in the application of the law of armed conflict to the realm of cyber warfare, such as the complicated nature of attributing cyber-attacks and the absence of precise regulations for proportionality. Lastly, the paper proffers constructive recommendations aimed at resolving these challenges and identifies avenues for future research. In sum, the paper endeavors to furnish a comprehensive comprehension of the legal quandaries associated with cyber warfare and possible methods to address them.

Informal international law-making: A way around the deadlock of international humanitarian law?

AbstractOver the last two decades, international humanitarian law (IHL) has seen a stalling with regard to States’ willingness to adopt treaties or to be formally involved in the development of IHL. This raises the question of whether holding on to the doctrine of sources as laid down in Article 38 of the Statute of the International Court of Justice is the only way to meaningfully further develop IHL. Indeed, in recent years IHL instruments have often dispensed with certain formalities that are traditionally linked to (the formal sources of) international law; this phenomenon is also called “informal international law-making” (IIL). The present contribution will analyze IIL as an alternative way forward in light of the current “deadlock” caused by States’ unwillingness to conclude new IHL treaties or to recognize customary IHL. In this article, we will investigate and assess the opportunities, shortcomings and pitfalls offered by informality by looking into examples of IIL within IHL. More concretely, we will look into State practice in relation to (1) the Safe Schools Declaration, (2) the Tallinn Manual and Tallinn Manual 2.0, and (3) the Montreux Document. Most importantly, our findings will assess whether IIL can overcome one of its alleged main disadvantages: its lack of effectiveness.

Cyberspace in a State of Flux: Regulating cyberspace through International Law

Cyberspace continues to become increasingly integral to our way of life. It has brought with it many benefits but has recently become a domain used for misdeed, as was evident from the recent WannaCry ransomware, the Stuxnet virus issue, and the much-publicized US 2016 Election hacking. These incidents have caused the issue of cyberspace to be on the international agenda, but there is a lack of consensus among the various nations on how cyberspace should be regulated. The article analyzes the legal status of cyberspace by first embarking on a discussion on what is cyberspace, followed by a discussion on recent notable cyberattacks. It is against this backdrop that: (1) the legal status of cyberspace in domestic law is analyzed; (2) the application of the existing rules of international law to cyberspace are considered; (3) the problems with the Budapest Convention on Cybercrime are discussed; and (4) proposals for a new Convention on cybersecurity at the UN level in light of the Tallinn Manual, and the Budapest Convention of Cybercrime are made.

Release the bots of war: social media and Artificial Intelligence as international cyber attack

The possibility of conducting attacks on critical infrastructure of States prompted a re-evaluation of the jus ad bellum in cyberspace and the drafting of the Tallinn Manual at the behest of the NATO Cooperative Cyber Defence Centre of Excellence. Artificial intelligence combined with the use of social media platforms that have access to large audience has opened a new avenue of international dynamics, posing a potential threat to the political independence of states. This article presents the analogy in the use of algorithmic targeting misinformation and influence campaigns and cyber attacks, as well as examines the roles of the various actors in the international sphere with a view on understanding what actions, if any, nations can undertake to counter these threats to their political independence under international law.

ATTRIBUTION OF CYBERATTACKS AS A PREREQUISITE FOR ENSURING RESPONSIBLE BEHAVIOR IN CYBERSPACE

Growing impunity in cyberspace is cause by the lack of responsibility for the most serious cyberoperations that present a threat to both state and non-state actors. The only possible solution is to trace such cyberoperations to those who stand behind them. Since the seriousness of consequences increases in case of state-committed cyberattacks, the article deals with the issue of attribution of cyberattacks to states with the aim of ensuring responsible behavior of all states in cyberspace. The existing practice of public attribution and features of cyberoperations, as a rule, requires not only performing legal attribution, but also technical and public (political) attribution. Author thus starts with analyzing the current state of affairs – public attribution of cyberattack, its effectiveness and the role of private sector in attribution (decentralized attribution to support or deny government`s finding). The article also examines the customary basis for attributing state-related cyberattacks contained in the Articles on State Responsibility for Internationally Wrongful Acts and Tallinn Manual 2.0 on the Application of International Law to Cyberoperations. Although public attribution is, indeed, a step towards responsible behavior in cyberspace, legal attribution may contribute even more. In this article increased attention is paid to the test of effective control, which is used to attribute internationally wrongful acts to states committed by non-state actors acting under its control or direction. Finally, it concludes that global efforts are needed to ensure responsible behavior in cyberspace, especially in the context of international security. For this, states should get into partnership with private sector in performing attribution of cyberoperations and apply to international bodies, which have jurisdiction over state claims and are able to perform legal attribution for the purpose of establishing state responsibility. Only in this way it will be possible to guarantee responsible behavior of states in cyberspace, and create a common understanding and approach against cyberoperations committed by non-state cyber actors.

Problems of Typology of Armed Conflicts in Cyberspace

The development of information technologies in the modern world affects all spheres of human activity, including the sphere of military activities of states. The current level of development of military information technologies allows us to talk about a new fifth possible theatre of military operations, namely, cyberspace. The Tallinn Manual on International Law Applicable to Cyber Operations, developed in 2013 and updated in 2017 by experts from the NATO States, also confirms the likelihood of armed conflict in cyberspace. It is indisputable fact that cyber operations committed in the context of an armed conflict will be subject to the same rules of International Humanitarian Law that apply to such armed conflict. However, many cyber operations that can be classified as military operations may be committed in peacetime and are common cybercrimes. In such circumstances, it is imperative to distinguish between such cybercrimes and situations of armed conflict in cyberspace. Due to the fact, that there are only two types of armed conflict — international and non-international, this problem of differentiation raises the question of the typology of armed conflicts in relation to cyberspace. The main questions within the typology of cyber armed conflicts are: whether an international armed conflict can start solely as a result of a cyber-attack in the absence of the use of traditional armed force; and how to distinguish between ordinary criminal behaviour of individuals in cyberspace and non-international armed conflict in cyberspace? The purpose of this article is to provide answers to these urgent questions. The author analyses the following criteria that play a role in solving the above problems: criteria for assigning a cyber attack to a state and equating such a cyber-attack with an act of using armed force in a cyber armed conflict of an international character; and criteria for the organization of parties and the intensity of military actions in a non-international cyber armed conflict. Based on the results of this analysis, the author gives relevant suggestions for solving the above issues.

International humanitarian law in cyberspace: Ratione materiae, ratione temporis and problem of cyber-attack qualification

The purpose of the article is to analyse problems arising from applying the rules of International Humanitarian Law in cyberspace, particularly the problems of ratione materiae and ratione temporis of this branch of Public International Law in cyberspace. The rapid development of cyber technologies that can be used within an armed conflict affirm the applicability of this research. The existence of “The Tallinn Manual 2.0” on International Law Applicable to Cyber Operations also confirms the impact of this topic on the modern world. The fact that parties in armed conflicts use new technologies in cyberspace does not affect the applicability of IHL rules to such military actions. In the context of this issue, a key question which instigates scientific discussion is that of which cyber operations are subject to the regulation of the law of cyber armed conflicts. The urgent need to study this problem stems from the fact that cyberspace is not an ordinary theatre of war, with the means and methods of warfare used in it being in no way related to the traditional use of armed force; given this quality of cyber operations, it is essential to understand which areas may be subject to IHL. The article analyses two main doctrinal points of view in relation to this problem; as this doctrine (in the context of this issue) also addresses the legal qualification of cyber-attacks, the article also raises this topical issue. Based on the results of this analysis, the author concludes that, despite all the evidence of theoretical conclusions regarding the problems under analysis, they still do not seem comprehensive due to the lack of relevant state practice, which needs to be developed.

CYBER-ATTACK IN ESTONIA: A NEW CHALLENGE IN THE APPLICABILITY OF INTERNATIONAL HUMANITARIAN LAW

<em>This article aimed to analyze the classification of armed conflict in Estonia's cyber-attack and how the existing IHL are answering this problem, and whether those regulations are enough for future cases of cyber-attack. This article uses the normative method by comparing the Geneva Convention 1949 and Additional Protocol I 1977 with Rule 30 Tallinn Manual 1.0 and some relevant literary works, using a descriptive-analytic to explain the object comprehensively. The result shows that Estonia's cyber-attack could be classified as an International Armed Conflict, which first started as a Non-International Armed Conflict by proving attribution from Russia to Nashi Youth Group following the Overall Control in Tadic Case. The distinction between information warfare and cyber-attack is related to the physical impact, which a threshold of a cyber-attack under Tallinn Manual 1.0. It means Rule 30 of Tallinn Manual 1.0 also answered Jus ad Bellum's threshold and Jus in Bello in terms of cyber-attack. Although, this article needs some improvements regarding the limitation of this issue only focused on the Material Scope of IHL. In addition, Rule 30 of Tallinn Manual 1.0 is not legally binding because it is not one source of international law. However, it is possible for the Rule 30 Tallinn Manual 1.0 to be a new norm and becoming customary international law in the future.</em>

Tallinn manual: Cyber warfare in Indonesian regulation

Advances in communication information technology have made various infrastructures dependent on cybernetics technology. However, there are threats to the system. One of the threats discussed in the context of the study of international humanitarian law is cybernetics war, which is carried out by high entities such as the state. The threat is coordinated with the armed forces or military in order to gain an advantage over the opponent. Recognizing that there are ever-evolving and very dynamic threats to the sovereignty of the state and nation, in this case by considering advances in internet technology, the government has formulated regulations regarding cyber defence as an effort to overcome cyberattacks that cause disruption to the implementation of national defence, so that it can realized cyber defence (cyber defence). In general, there have been a number of national laws and regulations governing matters relating to activities in cyberspace. The research method of the paper used normative legal research to collect and analyse legal material regarding two main concepts, namely: cyber warfare regulations and information regulations. The nature of legal research was to provide prescription on legal concept or legal phenomenon. The paper finds out that Tallinn Manual is a legal concept that give an instruction to respond cyber-attack, in which the concept can be adopted. In the meantime, in legal vacuum of cyber warfare regulation, the concept inside Tallinn Manual can be interpret to the existing law in Indonesia. Findings in the paper indicates that cyber-attack according to existing regulation can be classified into three categories, namely: ordinary attack, middle attack or terrorism, and massif attack or cyber warfare.

The Problem of Cyber Espionage in the International Humanitarian Law

INTRODUCTION. The article analyses the problem of cyber espionage in the context of armed conflict in cyberspace. The relevance of this research, as part of the problem of international humanitarian law applying in cyberspace, is confirmed by the rapid development of cyber technologies that can be used during armed conflict, as well as the availability of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.MATERIALS AND METHODS. The main sources of this research are the provisions of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, the rules of Additional Protocol I of June 08, 1977 to the Geneva Convention of August 12, 1949, the rules of the Hague Regulations on the Laws and Customs of War on Land of 1907, and the rules of custom- ary international humanitarian law. The methodology consists of the principles used in legal research, as well as general scientific and special methods of legal research (system and formal legal methods).RESEARCH RESULTS. The provisions of the Tallinn Manual on cyber espionage were examined for compliance with the relevant provisions of Additional Protocol I of June 08, 1977 to the Geneva Convention of August 12, 1949, the Hague Regulations on the Laws and Customs of War on Land of 1907, and the rules of customary international humanitarian law, as well as the problems that may arise in the process of possible practical application of this provision of the Tallinn Manual.DISCUSSION AND CONCLUSIONS. It is noted that the provisions of the Tallinn Manual 2.0 on cyber espionage are based on the relevant rules of international law. In fact, the relevant provision of the Tallinn Manual is completely copied from the relevant rules of IHL. However, based on the results of this research, the author comes to the conclusion that such blind copying does not take into account the specifics of cyberspace and leads to the following problems in the possible practical application of this provision of the Tallinn Manual: firstly, due to the anonymity of users, it will be difficult to distinguish between a cyber intelligence officer and a cyber spy in practice. Secondly, due to the difficulties in establishing clear state borders in cyberspace, including due to the use of blockchain and VPN technologies, in practice it is impossible to reliably establish whether secret information was collected on the territory of the enemy, which, in turn, leads to difficulties in qualifying such an act as cyber espionage. Finally, in the context of modern armed conflicts, espionage has ceased to be a phenomenon exclusively of international armed conflicts, and therefore it is likely that cyber espionage can be carried out not only in the context of an international armed conflict, but also in the context of a non-international armed conflict. Based on the results of this research, suggestions were made to develop state practice on this issue. It is desirable that States raise the discussion of the above issues at the UN General Assembly, which would help to identify the main trends in the development of such practices. Only And only after the practice of States on this issue becomes more obvious, the question of developing an appropriate international treaty, preferably within the UN, can be raised.