ISIS Europe attended the event entitled “International Regulation of Cyber-Warfare.” The speakers were Lieutenant Colonel Jan Stinissen, Senior Analyst at the Legal & Policy Branch of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, and Dr. Stefano Mele, expert in cyber-security, cyber-intelligence, cyber-warfare and cyber-terrorism and ‘Of Counsel’ to Carnelutti Law Firm in Italy.
In his presentation, Lieutenant Colonel Stinissen mentioned some reasons why the current framework of international law, which is silent on the concept of cyber warfare, might be able to regulate this phenomenon. For instance, he believes that until today, there has not been any specific regulation on aerial warfare but the law of armed conflict is frequently applied to aerial operations. Therefore, analogical interpretation is the key legal tool also in the case of cyber warfare.
However, as Lieutenant Colonel Stinissen has pointed out, the main question is how the law should apply to cyber operations. In the second part of his presentation, he partly answered this question by referring to the ‘Tallinn Manual’ created by the International Group of Experts, which aim is to explain how the international law applies to cyberspace. Among other things, the International Group of Experts defined several factors that play an important role in classifying an attack as cyber attack (these are: severity, immediacy, directness, etc.).
Concluding Lieutenant Colonel Stinissen presented a number of difficulties which can arise from the application of international law to cyber warfare. For instance, discrimination between civilians and combatants might be problematic because this would require the attack to be directed against a specific group of IP addresses. Moreover, he also talked about the requirement of article 4(2)(b) of the III. Geneva Convetion according to which, combatants should wear ‘a fixed distinctive sign recognizable at a distance’ being difficult to meet.
Dr. Mele started his presentation by stating that in his opinion, cyberspace is a real threat to international security, not only because the number of cyber attacks is increasing but also because of the multiplication and dissemination of actors (i.e. the attacks are not only carried out by hackers but also by states, spies or companies).
Dr. Mele talked about his extensive research of ‘Stuxnet’, a malware discovered in June 2010 which allegedly attacked the nuclear facilities of Iran. Moreover, he presented some strategic aspects of ‘Stuxnet’ and cyber weapons in general, which are encompassed in his paper ‘Strategic and Legal Aspects of Cyber Weapon.’ He believes that the most important strategic aspect is that the cyber attack are conducted by groups of cybercriminals, who are the main beneficiaries of the governments who subcontract them. Interestingly, Dr. Mele derived his definition of a cyber weapon from the study of characteristics of ‘Stuxnet’ as well as circumstances surrounding its deployment.
He has emphasized that in the case of cyber weapons, it is important to keep in mind three elements: 1) they must be deployed within the context of a cyber-warfare act, 2) the purpose of attack must be a physical damage caused directly or indirectly by the attack, 3) the means to achieve these purposes has to involve the use of technological information systems. In the end of his presentation, Dr. Mele revealed his definition of a cyber weapon: “A part of equipment, a device or any set of computer instructions used in a conflict among actors, both national and non-national, with the purpose of causing, even indirectly, a physical damage to equipment or people, or rather of sabotaging or damaging in a direct way the information systems of a sensitive target of the attacked subject.”
The event included both a very clear summary of the legal aspects surrounding cyber warfare made by Lieutenant Colonel Stinissen and a creative approach of Dr. Mele stemming from his thorough research. The presentations were followed by interesting comments of both legal and non-legal nature, which highlighted the interest of the diverse audience in the matter discussed as well as its appreciation of the speakers’ expertise.
 International Committee of the Red Cross (ICRC), Geneva Convention Relative to the Treatment of Prisoners of War (Third Geneva Convention), 12 August 1949, 75 UNTS 135, art. 4(2)(b).
 Stefano Mele, “Cyber Weapons: legal and Strategic Aspects”, Instituto Italiano di Studi Strategici, June 2013, http://www.strategicstudies.it/wp-content/uploads/2013/07/Machiavelli-Editions-Cyber-Weapons-Legal-and-Strategic-Aspects-V2.0.pdf