Paul Ney, General Counsel of the DoD addressed a large crowd of attendees at the 2020 U.S. Cyber Command Annual Conference and laid out the Defense department’s stance on international and domestic laws concerning cyberspace on March 2nd. His keynote address is the most important one on the subject of international law to date since it points out the overarching strategy of “Persistent Engagement”, which was adopted by the defense department in 2018.
A Change in Strategy
In recent years, the U.S adopted a more aggressive stance on its approach to cyber when it comes to international law. US Cyber Command has adapted its strategy accordingly in relation to the Trump administration’s directives in taking a pro-active approach in mitigating cyber risks to the United States and its interests.
During the Obama administration, the US approach to cyberspace has been predominantly defensive and reactive in nature. There were several key events that happened within the past several years have challenged this defensive strategy and the US’s ability to respond to these incidents, namely the interference of the 2016 presidential election by Russian operatives and the WannaCry malware attack against medical information systems worldwide, particularly the United Kingdom. The frequency and complexity of cyber incidents that have occurred in years past will continue to increase in scope as adversaries attempt to erode US advantages while bolstering their own in the cyber realm.
President Trump signed Executive Order 13800, Strengthening the Cyber Security of Federal Networks and Critical Infrastructure The cyber attack against Iran’s infrastructure demonstrates US resolve to deploy punitive measures for actors that attempt any malicious actions against government networks. The protection of data and networks remain a key priority of the White House.
U.S. Cyber Command’s vision statements does not annotate anything specific to international law. The National Security Council defines its positions based on international norms relative to national security, which is further elaborated via the DoD Cyber Strategy.
The NCS (National Cyber Strategy) serves as a guideline as to how U.S. Cyber Command and its subordinates will conduct themselves in accordance relative to cyber governance.
U.N. Charter Article 2(4) articulates the prohibition of the use of force. When force is applied by or against U.S. entities via cyberspace, litigators from DoD examine as to whether the force in question caused against injury or damage against an entity in the same capacity as kinetic assets such as bullets or explosives would. In 2019, both France and the Netherlands have taken positions that force in cyberspace does not need to be destructive in nature. Australia and the United Kingdom have also taken stances of disagreement on the U.S. position on when it is appropriate to apply force in reference to cyber operations.
Armed Conflict/Cyber Warfare
General Counsel Ney further elaborated on the Law of Armed Conflict’s applicability relative to cyber operations, of which there is universal consensus among other NATO nations. The principles of armed conflict is a constant that has been applied across all U.S. military operations, and is no different for cyber warfare.
The U.S. continues to adjust its tact. The classic phrase of “the best defense is offense” applies when it comes to Defending Forward and Persistent Engagement strategies. Mr. Ney’s address is not meant to address the DoD’s extensive position on the applications of international law to cyberspace. It is credited for contributing to the international dialogue on what should be the norms when it comes to the cyber realm.