U.S. President Barack Obama and his Chinese counterpart Xi Jinping try to find common ground. Source: Reuters
Throughout June, the leaders of China, the United States and Russia, in various formats, will discuss ways of fighting cyberterrorism in today's world.
President Barack Obama will first discuss this issue with Chinese leader Xi Jinping on June 7 and, 10 days later, with Russian President Vladimir Putin.
Shortly before then, in May of this year, NATO experts from the Cooperative Cyber Defense Center of Excellence (NATO CCD COE) published the Tallinn Manual: the first ever guidance on how to apply existing laws to cyber warfare.
The main problem in the fight against international cyberterrorism lies in the fact that it is impossible to establish the source of an attack promptly and accurately, thereby creating a large scope for mutual accusations and damage to countries' reputation.
This has more than once been stated by official representatives of the Chinese and Russian defense ministries, as well as by experts from the Kaspersky Lab Internet security company.
The Tallinn Manual
The full title of the document is "The Tallinn Manual on the International Law Applicable to Cyber Warfare." Tallinn is featured in the title because the CCD COE office, which opened in 2008, is based in the Estonian capital.
The purpose of the document is to prove that the existing norms of international law (primarily international humanitarian law) are applicable to cyberspace; and therefore, contrary to Russia's position that involves developing laws specifically to deal with cybercrime, there is no need for new laws.
Attacks carried out without a full-fledged war are described by the authors of the Manual as "unlawful actions." A state that has been damaged in an attack can respond to it either by bringing the aggressor to account or by resorting to "proportionate counter-measures."
The authors of the Manual stress that, depending on its scale and consequences (loss of life, damage to or destruction of facilities), a cyberattack in peace time can be considered equal to "use of force" or "an armed attack," which allows the state that has been attacked to resort to self-defense — including the use of conventional weapons.
The biggest section of the Manual is devoted to cyberattacks accompanying traditional armed conflicts. They, the authors believe, should be covered by all the norms of international humanitarian law — up to recognizing the participants and organizers of online attacks as combatants, who can be taken prisoner or eliminated.
Manual for war
Russian authorities — especially the military — have greeted the Tallinn Manual with considerable caution. Although the document is no more than an expert publication (an advisory rather than an official manual), Moscow has interpreted it as a step toward legitimizing the very notion of cyber warfare.
This position was clearly stated in April by Russian Defense Ministry official Konstantin Peschanenko: "The issue of cybersecurity is a most topical one at present. It is particularly important to prevent the militarization of the virtual space; whereas the Tallinn Manual is a step in exactly that direction. Its approach to the issue at hand is far from perfect. And the assessments made in it appear one-sided."
In the West however, the publication of the Tallinn Manual has received a warm welcome.
Professor Michael Schmitt from the International Law Department at the United States Naval War College, as well as several other experts, have pointed out that its key ideas are in line with Washington's position: There is no need to draft new laws for regulating cyberspace.
Platform for dialogue
At the same time, despite the fact that, on legal issues, the positions of China, Russia and the United States are very much divergent, they have, for the first time, come closer in practical terms.
Neither Russia nor China denies the need to develop norms of international law regulating cyberspace.
Chinese Foreign Ministry spokeswoman Hua Chunying said in March that Chinese authorities were ready to cooperate with the United States in maintaining Internet security and transparency.
An expert with the Russian Institute of Strategic Studies, Alexander Bedritskiy, pointed out that Moscow had initiated a broad international discussion of issues related to countries' confrontation in cyberspace. For instance, Russia already cooperates with IMPACT (International Multilateral Partnership Against Cyber Threats), a division of the United Nations' International Telecommunication Union, as well as with the OSCE's Action Against Terrorism Unit.
However, Russia has for a long time been confronted with the United States’ reluctance to engage in dialogue.
No one is above reproach
The United States has more than once branded China and Russia as the main source of cyber threats. In a report to the U.S. Congress in November 2011, the Office of the National Counterintelligence Executive said that hackers from those two countries were actively trying to break into secure servers storing economic and defense information.
In February, a U.S. Internet security company, Mandiant, accused a division of China's People's Liberation Army of staging over 140 hacker attacks, mainly aimed against U.S. companies engaged in military research.
China has repeatedly denied its involvement in any form of cyberspace action and, instead, accused the U.S. of cyber activity in the Chinese segment of the Internet.
After the February publication of a report called "Exposing One of China's Cyber Espionage Units," in which China was described as the main cyber threat, a spokesperson for the Chinese Foreign Ministry said: "Speculation and unfounded accusations like these seem to us unprofessional and irresponsible, and do not help to address the problem. China is a target for cyberattacks too."
While representatives of the Chinese Defense Ministry said that Americans launch up to 100,000 attacks on Chinese computers every month.