
Stuxnet Likely Constituted Illegal Act of Force, Study Says - techinsidr
http://www.securityweek.com/stuxnet-likely-constituted-illegal-act-force-study-says
======
DanielBMarkham
You guys know me. I'm the first to run around with their hair on fire when
we're talking about illegal or dangerous use of technology by the state.

But there are a couple of things to consider here.

1) " a team of international law practitioners and scholars" -- International
Law is an attempt to use treaties and legal customs to resolve disputes among
international actors. I won't say that it's a fiction, but states have a
tendency to interpret these things in the way that suits them.

2) While I have no doubt that these scholars did a bang-up job inside their
own discipline, the field of unconventional internet warfare (which I suppose
differs from "regular" internet warfare) is really, really new. The big boys
are going to decide how this plays out, not the lawyers

3) Even assuming that the scholars have it right, and that the field is mature
enough for their opinions to be useful and/or valid, states do things all the
time that are illegal. The problem here is that they got caught.

I have no idea where this is headed. I'm guessing this low-level stuff will
morph into large numbers of civilians being killed at some point. Only then
will the players decide if and how to ratchet it down a couple of notches.

(I am reminded by this story that WWII was highly illegal.
<http://en.wikipedia.org/wiki/Kellogg%E2%80%93Briand_Pact>)

~~~
gadders
That is the elephant in the room - that whole "no such thing as international
law" concept that people find hard to grasp.

~~~
kyllo
International law is a thing now, but it won't be respected until there are
teeth behind it. And there won't be teeth behind it until there is actually a
functioning world government with military and police power. Most currently
powerful countries are too self-interested and enjoy their freedom and
autonomy too much to actually want such a thing to exist. The UN is an attempt
at it, but it is not powerful enough because the powerful member states
undermine its authority by vetoing everything that goes against their
individual interests. So it gets used as a mere tool for powerful countries to
police weak countries' internal and neighborly disputes.

~~~
lmickh
The UN fails at it because that is not what it is designed to do. It is
supposed to be an organization to drive international cooperation. Any attempt
or hope to make the UN anything else is a waste of time. It is not a
government body with its own legitimacy. It never will be without radical
reform.

~~~
kyllo
Fair enough; then the point stands that declaring an action "illegal" under
international law is meaningless because no party has a legitimate mandate to
enforce international law.

------
anvandare
Words, words, words...

It's only illegal if you lose the war.

------
lutorm
If the roles were reversed, it would not even have been up for debate...

~~~
jbooth
Yeah, but we've known that since Thucydides

------
AnIrishDuck
Reading the report summary [1], I was especially struck by this line:

> the State itself will be responsible under international law for any actions
> of individuals or groups who act under its direction. For instance, a State
> that calls on hacktivists to conduct cyber operations against other States
> will be responsible for those actions as if it had conducted them itself.

This seems to be an indirect dig at the Comment Crew and other similar groups
that many security professionals believe to be indirectly associated with the
PLA in China [2].

1\. <http://www.acus.org/files/tallinn_fact_sheet_20130322.pdf> 2\.
[http://arstechnica.com/security/2013/02/unusually-
detailed-r...](http://arstechnica.com/security/2013/02/unusually-detailed-
report-links-chinese-military-to-hacks-against-us/)

~~~
mpyne
Comment Crew might be today's example of that, but the general policy of
having States be responsible for the actions they direct of contractors has
always been in effect in international law, even back to the days of sail when
privateers roamed the seas carrying Letters of Marque authorizing them to act
for the State.

------
grabeh
Very interesting analysis. The central legal principle that we are talking
about here is under the UN Charter which of course all members of the UN agree
to abide by.

Article 2(4) provides that all members will refrain from the use of force
against the territorial integrity of any state.

I think the question narrowly put is whether the cyber attack is equivalent to
a physical attack. In this case, I think you could argue that the Stuxnet
worm, at least to my knowledge, had an effect broadly equivalent to a physical
attack, say by planes akin to the previous Israeli sortie against Iraq's
reactor.

Anticipatory self-defence is a developing topic but I don't think in this
case, and borrowing from general self-defence principles, I don't think the
threat was imminent enough, particularly in light of Iranian hyperbole.

Of course, the reality of what would actually happen in the case of a breach
would still be subject to the desires of individual countries, particularly on
the UN Security Council, but for me it is still interesting to assess whether
a cyber-attack would constitute a breach of Art 2(4).

------
jug6ernaut
When did the USA come out and say they made Stuxnet?

~~~
JonnieCache
Last june.

[http://www.nytimes.com/2012/06/01/world/middleeast/obama-
ord...](http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-
of-cyberattacks-against-iran.html?pagewanted=all&_r=0)

~~~
jug6ernaut
Im looking for more of an official document/announcement. I wasn't able to
find anything of the sort in the provided link.

~~~
ryusage
As far as I know, the US has not publicly admitted it created Stuxnet. But at
this point both security researchers and journalists have concluded that it
was created by the US and Israel, so it's essentially a well known non-secret.

~~~
jug6ernaut
The only reason i ask is because publically concluded and legal fact are far
from the same.

For NATO to come out and accuse the US of illegal acts you would think they
would need more then hearsay to stand on.

~~~
lmickh
Oddly enough, in international law you normally accuse them if you only have
hearsay. If you have proof, then normally you are beyond any sort of
international intervention either because you will let it slide anyway or you
already plan to strike back regardless of international favor.

------
tkahn6
> The argument has been made that Stuxnet was self-defense, but anticipatory
> self-defense, which makes it a valid use of force. But that is open to
> debate, because depending on stance made, Stuxnet’s usage could be seen as
> justifiable defense given Iran’s statements of hostility, or as an act of
> war against Iran itself.

So... basically Stuxnet is an illegal act of force iff this argument is
unsound? Isn't that the case with any use of force?

