International Law of Cyber Operations

The course provides an understanding of the legal framework in which cyber operations involving states occur during both peace- and war-time. Participants will learn to apply the legal principles and rules examined to real-world situations. This 4,5-day residential course begins with an optional ‘tech day’ by introducing the technology involved in cyber operations, including internet structure, defensive and offensive tools and techniques, as well as the feasibility of and challenges to technical attribution. Additionally, the introductory phase examines the role of cyber operations in the contemporary geopolitical environment.

Outline

The core of the course is divided into two blocks of study:

  • Peacetime international law governing cyber operations
  • International humanitarian law that applies during armed conflict involving cyber operations

Each 1½-day session concludes with a complex exercise that allows participants to apply the law addressed during lectures and discussion. The peacetime law session deals with issues like sovereignty, jurisdiction, due diligence, the law of state responsibility, the prohibition of intervention and self-defence, all in the cyberspace operations context. It will answer questions such as which cyber operations outside an armed conflict violate international law, when can states hack back, and when has a cyber armed attack occurred such that states may engage in self-defence. The second 1½-day session covers traditional international humanitarian law topics, such as classification of cyber conflict, the principle of distinction during cyber operations, and targetable and protected persons and objects in the cyber context. This session is taught from an operational legal advisor’s perspective, examining all necessary steps in a cyber targeting legal analysis.

The lectures will be given by noted scholars and practitioners, some of them members of the group of authors of the Tallinn Manual 2.0. Participants will also receive a complimentary copy of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.

Learning Objectives

  • Provide a practice-oriented survey of the international law applicable to cyber operations involving states that occur both in peacetime (Block 1) and armed conflict (Block 2)
  • Block 1 answers questions such as which cyber operations outside an armed conflict violate international law, when can states hack back, and when has a cyber armed attack occurred such that states may engage in self-defence
  • Block 2 covers traditional international humanitarian law topics, and is taught from an operational legal advisor’s perspective, examining all necessary steps in a cyber targeting legal analysis
  • The course begins with an optional ‘tech-day’

Target Audience

  • Military and civilian legal advisors to the armed forces
  • Intelligence community lawyers
  • Other civilian attorneys in the government agencies responsible for security issues
  • Policy specialists who advise on cyber issues and wish to acquire a basic understanding of the applicable legal regimes
  • Legal scholars and graduate students

Prerequisites

Prior knowledge of relevant international law is recommended, but not a prerequisite.

Pre-study e-Learning material

Cyber Awareness Course Tallinn Manual Module on the NATO e-Learning website

Registration

Registration opens on 2 September 2019. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact. An email confirming the participation will be sent only after the registration has closed.

If you have any questions or issues with registration, please contact [email protected]