Is there an international treaty against cyberwarfare?
Convention on Cybercrime (2001) Also known as the Budapest Convention, this is the first international agreement aimed at reducing computer-related crime by harmonizing national laws, improving investigative techniques, and increasing international cooperation.
The Intersection of International Law and Cyberwarfare
In recent years, the world has become increasingly reliant on digital technology for communications, commerce, and governance, making cyberspace a valuable target for nation-state actors. As a result, the international law governing cyber-operations has become increasingly important. Cyberwarfare has become an integral part of the strategic calculations of government decision makers, and the international laws that shape the conduct of state and non-state actors have to be updated to match the new form of warfare.
International law is designed to provide a framework for protecting individuals involved in conflict as well as the most fundamental rights of all individuals and states. This framework applies to cyber-operations as well, although there continues to be a lack of broad agreement concerning the definitions, policies and deployment of cyber-weapons. This lack of clarity has proven to be a challenge in creating a uniform global understanding of acceptable cyber-operational behavior.
The most recent articulation of principles governing the use of cyber-operations in international law is the Tallinn Manual 2.0. This set of legal rules are designed to provide guidance on how to interpret existing international laws, such as the UN Charter, with respect to cyberwarfare. The Tallinn Manual argues that the principle of proportionality applies to cyber-operations, meaning that any strikes must be guided by an understanding of the cost-benefit equation weighed against the potential risks. The manual also provides “rules of engagement,” providing guidance on how states should respond when subjected to a cyber-attack.
While the Tallinn Manual provides a guideline for the proper use of cyber-operations, it is ultimately up to the international community to provide a binding legal framework to govern this new form of warfare. This is necessary to ensure that any cyber-operations are conducted within the bounds of established international laws and do not cross the line from cyber-defense to cyber-aggression.
Fortunately, a number of countries have committed their governments to helping create a new international legal framework for cyberwarfare. This includes initiatives such as the International Telecommunication Union’s (ITU) cyber-security strategy and the Wassenaar Arrangement, a global agreement that requires signatories to establish export controls for cyberweapons.
Though it is clear that international laws regarding cyberwarfare must exist, the international community is still in the early stages of creating a comprehensive framework that can be applied to actual cyber-operations. Until there is a common understanding of these laws, conflicts in cyberspace will remain a risky practice. In the meantime, it is important for decision makers to stay informed about the latest legal developments in the field of cyberwarfare and understand how these rules may impact the broader international order.