Computer and network attacks can be classified as armed offensives that trigger the right of self-defense, State Department legal advisor Harold Koh said at a conference this week.
His statements articulate the beginning of a legal framework that will underpin U.S. government policy in cyberspace as it accelerates its drive to develop and procure increasingly aggressive computer tools to play both offense and defense in the digital realm.
A cyber-operation that results in death, injury or significant destruction would likely be viewed as a use of force in violation of international law, Koh said. Hypothetical examples would include computer sabotage designed to cause nuclear plant meltdowns or paralyze air-traffic control systems. Koh made his statements at a conference hosted by U.S. Cyber Command at Fort Meade, Md.
The thinking behind Koh’s words has been brewing over the last two years. When Deputy Defense Secretary William J. Lynn III announced in 2010 that the Pentagon was ready to add cyberspace as a domain of warfare to sea, land, air and space, in conjunction with the creation of the U.S. Cyber Command, he was subtly signaling that the U.S. would be prepared to act in self-defense if its networks were attacked.
Koh added that the U.S. adopts the stance that international law applies in the digital realm and cyberspace is not a ‘law-free’ zone where anyone can conduct hostile activities without rules, the Post reported.