Easier Said than Done: Legal Reviews of Cyber Weapons

Allegations that Stuxnet was part of a U.S. planned and led covert cyber operation and assertions that a nation-state used a cyber-attack in support of national security objectives reinvigorated the attention of cyber-law commentators. Military attorneys, however, must translate deeply theoretical discussions into concrete legal advice. This article concludes that treating all cyber techniques as weapons is impractical. Rather, an assessment focusing on how a capability will be used in context, especially of the primary purpose of the capability, is more effective and consonant with international law. This approach will more clearly delineate cyber attacks and permit a separate discussion of the great majority of cyber events—those that fall below the level of attack.

By Gary D. Brown

Col. Gary D. Brown (USAF, Ret.) is a former Senior Legal Advisor at US Cyber Command (2010-2012). He is now a professor of cybersecurity at Marine Corps University.

By Andrew O. Metcalf

Lt. Col. Andrew O. Metcalf (USMC) is Senior Legal Advisor to the US Marine Corps Forces Cyberspace Command.

Leave a comment

Your email address will not be published. Required fields are marked *