NATO's Tallinn Manual outlines rules for cyber-warfare

Posted by Shane McGlaun

A number of prominent military officials believe cyber warfare is one of biggest threats  the United States is facing today.

A lot of fingers have been pointed China over the last year for alleged high-profile hacking attacks that resulted in lost data and private information. In fact, the United States government recently (and publically) called on China to stop hacking.

Nevertheless, Beijing continues to maintain that its systems have also been hacked, while insisting it doesn't condone cyber warfare or hacking.

Interestingly, many legal and security experts have been pushing for some sort of cyber-warfare groundwork that outlines what's legal and what should be out of bounds. Clearly, it's difficult for a government to determine how to retaliate or if to retaliate when there is no groundwork determining what can or can't be done. 

Recently, NATO's Cooperative Cyber Defense Center of Excellence published a finished version of a non-binding guide on cyberwarfare. The guide - titled the "Tallinn Manual" - hopes to settle legal disputes stemming from the concept of cyber warfare. The crux of the manual is that there should be a one-to-one response, with governments seeking to minimize collateral damage.

The manual also lays down ground rules for digital retaliation as appropriate. However, if the state is a victim of a hacking attack, the manual states that military might with real-world weapons should only come into play if the virtual combat leads to actual human casualties. As noted above, the manual calls for cyber warfare to avoid civilians and stipulates that a it a target.

And last, but certainly not least, the manual states that there must be an "imminent" threat to justify a preemptive strike. It's probably worth pointing out that NATO hasn't formally adopted the manual, meaning policy and honoring the guidelines is currently up to individual partner nations.