Jason Healey, senior fellow, Cyber Statecraft Initiative; Michael Schmitt, director of the Tallinn Manual process;  Megan Stifel, senior fellow Cyber Statecraft Initiative; and Rutger van Marissing, senior policy officer, Dutch Ministry of Foreign Affairs participate in a discussion about the Tallinn Manual 2.0 at the Atlantic Council on Feb. 8.


By Annabelle Zandbergen
Public Diplomacy, Press and Culture, Royal Netherlands Embassy
@NLintheUSA

When is a cyberattack an act of war? If a state is the target of a cyber-operation, what countermeasures can its government take?

The Tallinn Manual 2.0 International Law Applicable to Cyber Operations gives answers to these questions by addressing topics such as sovereignty, state responsibility, human rights and the law of air, space and the sea.

The manual was launched at the Atlantic Council in Washington, D.C. on February 8, and is an updated version of the first manual, established in 2013.

While the first manual focused on cybercrime during wartime, Tallinn Manual 2.0 focuses on cybercrime during times of peace. The manual is written by 19 international law experts and led by the NATO Cooperative Cyber Defence Centre of Excellence.

The Netherlands, as home of the Peace Palace in the Hague, offered its expertise to make the Tallinn Manual 2.0 a reality. The development of the manual was supported through a series of consultation meetings between the authors of the new manual and legal advisors from more than 50 states around the world.

The meetings aimed to reach a common understanding of how international law applies to cyber operations. Eventually, national governments are responsible for implementing international law.

During the launch at the Atlantic Council, Dutch Ambassador Henne Schuwer stressed the importance of governments participating in consultation meetings like these to underline the responsibility of the international community in ensuring peace, security, and stability.

He called the manual “a guide to travel through cyberspace.”

The launch at the Atlantic Council was the first of three. On February 13, the manual was presented in The Hague. On February 17, the NATO Cooperative Cyber Defence Centre of Excellence will introduce the manual in Estonia. The three launches indicate the great international interest for this manual.

Director of the Tallinn Manual process, Dr. Michael Schmitt of the US Naval War College and the University of Exeter, contributed to the discussion at the launch at the Atlantic Council. He explained how the manual adds legal analysis of the more common cyber incidents that states encounter daily and that fall below the thresholds of the use of force.

“It clarifies the grey areas of cyber operations,” Schmitt said. “Since it answers the question how governments can respond within the framework of international law.”

According to Schmitt, the hacking of emails within the Democratic National Committee falls within a “grey zone of international law.” Schmitt said the hack was an act of espionage, not an act of war, since they are “not an initiation of armed conflict.”

“The situation would not allow the US to respond in self-defense militarily,” he said. “But since Russia did interfere in a state’s internal affairs, it does provide the United States with grounds to undertake countermeasures that would otherwise be unlawful.”

Rutger van Marissing, senior policy officer at the Dutch Minister of Foreign Affairs, also participated in the panel discussion. He underlined the importance of the Netherlands participating in the creation of the manual to support the international framework of law.

“The Netherlands cannot rely on power since we are such a small country. We have to rely on international law,” he said.

According to Van Marissing, a security dilemma can only be avoided by working on long-term solutions, which are based on the common interpretation of the international law. ‘‘And therefore, we need to get everyone on the same page,” he said.

Although the Tallinn Manual 2.0 gives new insights, there are still grey areas that governments need to discuss. According to the experts, sovereignty will be the main point of discussion for the upcoming years, since it is often unclear how the concept of “sovereignty” holds in cyberspace.

The experts who participated in the Tallinn Manual process agree their work is not finished. According to Van Marissing, the Tallinn Manual 2.0 is not the end: “It is the start of the conversation.”