22 June 2022, NIICE Commentary 8103
Poulomi Chatterjee
With the invention of the Internet, one only expected to learn, express, and connect. However, almost 40 years after Tim Burners Lee introduced the World Wide Web, people all across the world now depend on the Internet not only to learn, express, and connect, but also take advantage of the resource for illegal means. One of the uncertain aspects about the Internet that has come forth recently is one which may be defined as a battleground for cyberwar. However, the instrument of this potential cyberwar is nothing as ‘ordinary’ as Lee’s introduction to the Internet or Babbage’s introduction to digital computers. In fact, the main ingredient possibly aiding means to ignite a cyberwar is a technology known as ‘Quantum Computers.’
After the unforeseen cyberattack on Estonia in 2007, countries all across the globe have their hearts on their mouths after they realised the law could not aid the situation of Estonia for twenty-two days, until the attack ended. Fearing for their uncertain future, a group of experts came together to form a non-binding manual on international laws governing cyber warfare respectively, which later came to be known as the ‘Tallinn Manual 1.0.’ As more time passed by, experts from the NATO established the Cooperative Cyber Defence Centre of Excellence of Tallinn in Estonia and started raising queries in regards to the existing set of international laws not being enough to be able to battle the upcoming drastic cyberwars. This is because since the digital space has become extremely ubiquitous and connected with nodes across a large territory of the country, a state becomes extremely vulnerable to ‘accidents’ and cyber-attacks.
Hence, the Tallinn Manual which has been prepared by the International Group of Experts (IGE) provides the concerned laymen with a careful analysis of how jus ad bellum and jus ad bello are able to collaborate together in a cyberspace. The Tallinn Manual, however, is simply that, i.e., a manual for the government to refer to when facing a dilemma in regards to encroaching cyber issues. Thus, the Tallinn Manual is non-binding and cannot be enforced, despite the sponsorship of the NATO Cooperative Cyber Defence Centre of Excellence.
It is believed that the Russian inspiration under the Estonian cyber-attacks of 2007 is modelled out of a greater conflict that existed between the two territories over the Soviet heritage in Tallinn, which was built in 1947 to commemorate the martyrs of World War II after driving the Nazis away. Viewing the heritage as a cherished symbol, the removal of the monument by the Estonians angered Russians, after which a Kremlin-youth movement decided to attack the Estonian embassy. Although the battle with the embassy was lost, the Internet war has only begun. The start of the war was marked with the 2007 attack on Estonia which shook the country’s ground hard enough to knock them out in the backstage of fear and uncertainty.
As was previously quoted, in 2007, an anti-fascist Russian student run group allegedly cyber attacked the Estonian territory, which lasted for about twenty-two days. During this downtime, Estonia realised the biggest shortcoming all nations have right now, i.e., a weak and easily hackable cyber interface. As of today, Estonia has developed the strongest yet cyber interface, leading its nickname to be e-Stonia. After analysing the then geopolitical tensions between the two countries, it was ruled out by scholars in the technologically driven field working towards the appropriate use of the developed means of technology, that Estonia had suffered a type of “Distributed Denial of Service,” i.e., DDoS.
The Dilemma of a Tech-Driven World
One of the largest issues lawyers and experts in law and technology are facing nowadays is the fact that they will have to address the morality of war-like situations without the actual presence of any kinds of arms, all through the notion of cyberwarfare and hijacking one’s cyberspace. What makes this a larger issue of concern is that these lawyers and experts will have to formulate a proper solution in the next 30-50 years, a time wherein quantum computers may actually exist. Since the potential of a ‘cyberwar’ has not been discussed anywhere but the Tallinn Manual, that too, in a very small degree, the Tallinn Manual is the only reference left with the lawyers and experts looking to solve this issue in hand. However, another big factor of concern is that when it comes to the Tallinn Manual, it has been noticed by a large group of scholars that it too fails to encapsulate the concept of quantum computing and thus, ultimately creates a void for future ports of attack.
An attack originating from a quantum force is one which has the capability of destroying, stealing, as well as altering the information and data pertaining to that country. The notion of quantum computing has the capability of increasing the potential of possible cyber-attacks that may occur in the future. Due to these reasons, along with an amalgamation of other issues that are concerned with the instant school of thought, the international law needs to quickly address the notion of quantum computing in its books. As of today, the international law does not address the possibility of a ‘cyberwar’ towards any other country. This developing technological world hence poses as a threat to the developing economic world, instead of aiding it in intellectual terms for the betterment of the society.
If the notion of quantum computing had been applied in Estonia in 2007, the twenty-two days long cyber-attack would have been more catastrophic, with worse effects than was seen previously. As of today, since the computer systems across the World Wide Web are connected with each other, it becomes even more difficult to assess the effect a quantum computer attack may have on the targeted subjects. Thus, it is high time for the international community to recognize the existence of the instant issue which will further be able to assist targeted countries in need, like that of Estonia.
This is because in the absence of appropriate laws, countries like that of Russia who are looking to expand their legacy end up breaking these moral and ethical standards which have not been defined anywhere. This creates a moral situation for the international community which needs to be addressed as quickly as possible in order to avoid the situation of a Third World War. In this context, the appropriate authorities have attempted to define these ‘cyber attacks’ within the scope of armed conflict. Even so, since ‘cyber-attacks’ have not been explicitly classified as an act of war, it has become difficult for countries to differentiate between cyber operations from civilian espionage and military cyber espionage.
Conclusion
Although the quantum future is not far from today, the international community fails to grapple with these issues which signifies a lagging international cooperation on cyber governance, which is mainly due to each nations’ reluctance towards restricting their sovereign control over the notion of cyberspace.
Although not binding, the Tallinn Manual defines a ‘cyber-attack’ as an “[o]peration, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.” However, the definition fails to address the potential effects a nation might have to suffer in case of a cyber-attack. In case we take a look at the binding forms of documents which have the capability to enforce sanctions, such as the European Council’s Convention on Cybercrime, a wide variety of cyber activities like system and data interception and interference is banned, however, fails to address the possibility of a cyberwar.
It is also interestingly observed that one of the most shocking truths about the convention is that the structure of it does not exactly enforce the protocols which further does not provide a deterrent of adhering to the law. The whole international conundrum, in short, is the reluctance of nations to enter into a binding international agreement which limits their cyber capacities that further prevents them from entering into cyber-warfare, aside from the lack of a proper recognition of the idea of cyberwars between nations in the international law community. Taking this loophole in the international law as an advantage, the world’s powerful military rivals like the United States, Russia, China, etc. are constantly on the quest to expand their geopolitical power through the dilemma of a tech-driven world.
Poulomi Chatterjee is Research Intern at NIICE.
