10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 281 This event is remembered in history as the debut of cyber warfare, although it was not formally recognized as an act of war (i.e., there was no military retaliation against Russia). Another important event in the history of nation state cyber conflict occurred around the same time. In 2010 a highly sophisticated cyber weapon was discovered and dubbed Stuxnet (the name was derived from two of the filenames found in its code). It is one of the most famous and complex pieces of malware ever discovered, leveraging multiple zero-days. Based on its extreme level of sophistication and its highly targeted nature (it would disable itself on machines that did not match specific rules), it was clearly the work of nation state actors that were concerned about collateral damage and legal issues surrounding cyber conflict. The cyber weapon was targeted at industrial control systems used at an Iranian nuclear enrichment plant in Natanz. It was allegedly introduced into the heavily secured and air-gapped facility via a USB stick. Once inside the network, the malware remained undetected while autonomously pivoting to the industrial control systems controlling the operation of the nuclear centrifuges. The malware was a rootkit. It caused the centrifuge software to report that they were functioning normally when in fact the malware made them spin outside of their acceptable operating conditions, causing them to break down. The Iranians did not know why their centrifuges were breaking at a rate far surpassing normal wear and tear, and they suspected sabotage, but they could not determine the source. It is widely believed that Stuxnet was a joint operation between the United States and Israel to sabotage Iran’s nuclear weapons program, but neither nation has formally admitted they were involved. It was likely successful in setting the Iranians back multiple years. Some believe it also ushered in a new era in cyber conflict creating a precedent in cyberspace for nation states to conduct covert sabotage operations against other nation states. Despite the destructive nature of the attack, it did not trigger a military response from Iran perhaps because of its clandestine nature. 10.3.3.2 Jus ad bellum Jus ad bellum addresses the question of when war is just. The United Nations Charter is an international treaty signed in 1945 right after WWII. In its preamble, it states that its purpose is to “save succeeding generations from the scourge of war.” Article 2(4) states that, “All Members [of the United Nations] shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State.” The key term in this sentence is use of force because when this threshold is reached, it can trigger a justified retaliatory response. Cyber operations are sophisticated cyber attacks that involve significant planning and resources. Nation states engage in cyber operations to accomplish strategic ends. Cyber operations waged against the United States have never risen to the level of a use of force. However, the way these terms apply to cyberspace is not well-understood. The Tallinn
RkJQdWJsaXNoZXIy MTM4ODY=