Friday, June 10, 2011

Do We Need Rules of Engagement in Cyber Conflicts?

Given the devastation and inconvenience of the cyber attacks directed at Estonia’s state internet infrastructure back in 2007 to the April 2011 hacking of Sony Playstation Network, do we need a legally binding rules of cyber conflicts?

By: Ringo Bones

During the 2011 Munich On-Line Security Conference, policymakers and powers-that-be had finally declared the internet or cyber space as the new battleground, but will it going to leave us mere civilians eventual road-kill in the information superhighway? Sadly, as the case maybe, there are yet no internationally binding agreements – similar to those of the Geneva and Hague Conventions – governing the rules of cyber conflicts and/ or cyber-warfare.

High-profile incidents of what could be described as cyber-warfare – i.e. got noted by the major news providers – already happened back in 2007 when a directed denial of service or DDOS attack directed at the state owned internet infrastructure of Estonia ground basic government services down to a halt. The alleged cyber-attack was primarily due to the removal of a Soviet-era World War II memorial without the consent of Kremlin – allegedly by Russian government sponsored computer hackers.

Sadly, there are still no legally binding agreements modeled after the Geneva and Hague Conventions governing the dos and don’ts of cyber-warfare. Could this mean that micro-finance groups of refugees or other ethnic minorities could have their financial databases declared as fair game during a cyber-attack? And does this also mean that databases of children’s hospitals could be fair game too during an all-out cyber-war making kids awaiting organ transplants to be not able to receive life-saving medical procedures in a timely fashion?

Do we really have to wait to hear of accounts of wanton incidents of cruelties of cyber-warfare and/or cyber-terrorism similar to that of “Un Souvenir de Solferino” / “A Souvenir of Solferino” as written by J. Henri Dunant back in 1862 that eventually became the basis of the establishment of the International Red Cross and the Geneva and Hague Conventions? Sadder still, even the ontological definition of what passes as cyber-attack and/or cyber-terrorism is still deemed “nebulous” by legal standards.
Various criminal organizations and rogue states around the world could still get away with launching audacious cyber-attacks even when the evidence is stacked against them – pricey lawyers or not – not only due to the lack of conventions governing it, but also primarily due to lack of enforcement in most territories around the world when it comes to cyber-terrorism prosecution. Cyber-warfare today is about as convention-free as the Crimean War.