In light of the recent Sony incident, it would be hard to overestimate the relevance and importance of the Tallinn Manual Process, sponsored by the NATO Cooperative Cyber Defence Centre of Excellence, writes Professor Michael Schmitt, Tallinn Manual program director.
“The incident raised a number of key issues that were addressed in the Tallinn Manual on the International Law of Armed Conflict, which was published last year by Cambridge University Press. For example, if the malicious operations were conducted by North Korea, did they violate the international law prohibition on the use of force found in the UN Charter and customary law? If so, were they at a level of severity that would allow the United States to respond forcefully by kinetic or cyber means and could it seek the assistance of other States, like China? Did the incident initiate a “war” (armed conflict in legal terms) between North Korea and the United States? The Manual examines the law governing these and related issues related to cyber conflict in great depth.
The follow-on “Tallinn 2.0” project explores the law governing cyber operations that are not at the level of severity of those addressed in the original Tallinn Manual. This work bears directly on the Sony incident and most other malicious cyber operations mounted by states as well as non-state groups. The project asks when cyber operations may be attributed to a state as a matter of law and what measures may victim states take to respond to them. May other States assist in such responses and, if so, under what circumstances. Does it matter if the operation in question targets government or private cyber activities? What responsibility do States have to control cyber activities by non-State actors on their territory that run the risk of harming other States? Does it matter if the harmful operations are launched from a State’s territory or merely pass through it? May privates companies engage in active defence when targeted? In addition to issues such as these raised by the Sony incident, the Tallinn 2.0 project will analyse how space law, the law of the sea, diplomatic law, human rights law, international telecommunications law, and other bodies of law govern cyber operations.
In addition to the two research projects, the Tallinn Manual Process includes a week long in-residence course held semi-annually in Tallinn, as well as a mobile course designed for delivery on request at other locations.”
Professor Michael Schmitt directs the Tallinn Manual Process. He is also the Charles H. Stockton Professor and Director at the Stockton Centre of U.S. Naval War College as well as Professor of Public International Law, Exeter University (UK) and Fellow at the Harvard Law School Program on International Law and Armed Conflict.