Thursday, June 27, 2013

Academics: The challenge of reining in cyber attacks

Cyber security has been very much in the news of late, but as Harald Edinger (BC13/DC14) explains in an award-winning paper he wrote at SAIS Bologna this year, there are few international laws to control cyber attacks and a global treaty to do so looks unlikely.

Harald won a C. Grove Haines Award -- SAIS Bologna's highest academic achievement -- for his paper, "Stuxnet and the Treatment of Cyber Attacks under International Law". Below he explains how he choose the topic and what his main challenges were.

Q: How did you choose the topic? What are the main themes?
Harald Edinger
A: The course ‘Foundations of International Law’ equipped us with valuable tools to frame some of the most pressing issues in International Relations. Especially when there is armed conflict (and its possible justification), scholars often turn to international law for answers. As Professor Cesa commented so wittingly and poignantly during our end-of-the-year ceremony when discussing the concept of just war, he said he would “reluctantly take the side of the lawyers. Granted, lawyers may be as sinister and as threatening as the others (ecclesiastics and moralists), but at least their way of thinking, being rather logical, sounds plausible.”

While the course dealt mostly with legal regimes and precedents that were established to address more "conventional" hostilities as they arose in a historical context, working on the term paper gave me a chance to do research on a very slippery and new issue: Cyber warfare.

Legal scholars have taken up the new topic, and there are some opinions out there. My goal was to develop a good understanding of the different legal views on cyber warfare, and bring all those patches together to provide a comprehensive legal context for the most disruptive (certainly the most prominent) cyber attack of recent years -– the Stuxnet attack on the Iranian uranium enrichment facility at Natanz.

Q: What were the biggest challenges?
A: Before taking this course, I had had little exposure to legal matters. A main challenge in doing research for and writing this paper was therefore to familiarize myself and to be able to use the vernacular of international law.

Organizing my findings in a clear and succinct way was an issue too. As I mentioned, there is no single legal framework to apply to cyber warfare but rather many different views and components. What I hope to have done in the paper is bring existing opinions together and, by looking at Stuxnet, provide an analytical starting point for looking at these kinds of cyber attacks going forward.

No comments: