'Tallinn Manual 2.0'—the rulebook for cyberwar

June 3, 2017 by Michel Moutot
The Tallinn Manual was among the hot topics this week as over 500 IT security experts from across the globe gathered at NATO's Cycon cyber security conference in the Estonian capital

With ransomware like "WannaCry" sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world's only book laying down the law in cyberspace could not be more timely.

The Tallinn Manual 2.0 is a unique collection of law on cyber-conflict, says Professor Michael Schmitt from the UK's University of Exeter, who led work on the tome.

Published by Cambridge University Press and first compiled by a team of 19 experts in 2013, the latest updated edition aims to pin down the rules that governments should follow when doing battle in virtual reality.

The manual was among the hot topics this week as over 500 IT security experts from across the globe gathered at NATO's Cycon cyber security conference in Tallinn.

Launched in 2009, the annual event is organised by NATO's Cooperative Cyber Defence Centre of Excellence based in the Estonian capital.

In 2007, Estonia was among the first countries to suffer a massive cyber attack, with authorities in Tallinn blaming the Baltic state's Soviet-era master Russia.

"The very next year, in the war between Russia and Georgia, again we saw a lot of cyber activity," said Schmitt, speaking to AFP at Cycon.

Estonia was targeted just three years after it joined NATO and the EU in 2004.

The attack raised a slew serious questions about how to apply and enforce NATO's Article 5 collective defence guarantee in cyberspace, said Schmitt, who also chairs the Stockton Center for the Study of International Law at the United States Naval War College.

He said that NATO allies faced an unprecedented dilemma: did the attack "mean that NATO states had to somehow come to the rescue of Estonia or not?"

Was it "an attack on the civilian population, a violation of international humanitarian law or not? No one had the answers," he added.

"Because of that (attack) the international community started looking at cyber, going: 'Oh my God, I can't answer any question!' That's why this manual was started."

'Digital wild west'

Schmitt says his team's work is intended to tame the "digital wild west" that emerged with the advent of cyberspace.

But the virtually limitless range of possibilities in cyber-conflict raises a long laundry list of legal questions and dilemmas and the Tallinn Manual certainly cannot answer them all.

The legal experts, mostly professors of , filled its 642 pages with existing jurisprudence applying to cyberspace from across the globe, and did not shy away from laying out conflicting views on certain issues.

For example: should cyber-espionage be subject to the same laws as conventional spying? Can a state obtain the online IDs and passwords of prisoners of war and use them?

Does a cyberattack trigger a legitimate right to self-defence? Can you retaliate? What kind of status do victims have? What can you do when there is no evidence to prove guilt when attackers can easily cover their tracks?

"This book is intended to be a secondary source of law: it explains the law, but it doesn't create it. States make law," Schmitt told AFP.

"My goal is that this books sits on the desk of every legal advisor for defence and foreign ministers, the intelligence services, so that legal advisors can sit with policy makers and say: in this situation, we can do this, or the law is not clear, you need to make a political decision here.

"But at least the discussion is mature. It's not 'oh my God, what's happening to us?'."

Explore further: NATO launches exercise to beef up cyber defence

Related Stories

NATO launches exercise to beef up cyber defence

March 26, 2012

NATO's Tallinn-based cyber defence centre on Monday launched a three-day exercise involving European IT and legal experts in a bid to beef up cyber defence skills through gaming.

NATO tackles cyber security at Tallinn meet

June 7, 2011

Three hundred global cyber experts gathered in Tallinn Tuesday for a NATO Cyber Conflict conference focused on the legal and political aspects of national and global Internet security amid a rise in attacks.

Russian election hacks exploited legal grey zone: lawyers

February 9, 2017

Russia's alleged computer hacking to interfere in US elections was no act of war, but exploited a legal grey zone that makes justifying retaliation hard, international lawyers specializing in cyber issues said Wednesday.

NATO plans force to respond to cyber attacks

June 8, 2011

NATO wants to beef up its cyber defence capabilities with the creation of a special task force to detect and respond to Internet attacks, an alliance expert said Wednesday at a conference on cyber security here.

Recommended for you

How social networking sites may discriminate against women

April 20, 2018

Social media and the sharing economy have created new opportunities by leveraging online networks to build trust and remove marketplace barriers. But a growing body of research suggests that old gender and racial biases persist, ...

Virtually modelling the human brain in a computer

April 19, 2018

Neurons that remain active even after the triggering stimulus has been silenced form the basis of short-term memory. The brain uses rhythmically active neurons to combine larger groups of neurons into functional units. Until ...

'Poker face' stripped away by new-age tech

April 14, 2018

Dolby Laboratories chief scientist Poppy Crum tells of a fast-coming time when technology will see right through people no matter how hard they try to hide their feelings.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.