when is a cyberconflict an armed conflict

Cyber Conflict Studies Association When is a Cyber Attack an “Armed Attack?” Legal Thresholds for Distinguishing Military Activities in Cyberspace1 Thomas C. Wingfield The Potomac Institute for Policy Studies twingfield@potomacinstitute.org (703) 525-0770 February 1, 2006 An earlier version of this article was prepared as a background paper for the International Expert Conference on Computer Network Attacks and the Applicability of International Humanitarian Law, hosted by the Swedish Foreign Ministry and the Swedish national Defense College in Stockholm in November, 2004. 1 [C]omputer network attack is evolving from a closely held, seldom-approved strategic capability to eventually becoming part of the tactical commander’s arsenal of weapons. The information warfare capability can drop far down the chain of command as long as it comes with the tools to understand what the effects will be. 2 Introduction 3 The jus ad bellum is that portion of international law that governs the lawful resort to force. It is articulated in the Charter of the United Nations, which frames this transition from peace to crisis to war in a series of thresholds. Intercourse between nation-states is divided by levels of coercion: normal peacetime relations may give way to threats to international peace and security, followed by uses of force, and ending in armed aggression. Each of these thresholds is surrounded by much of scholarship and much uncertainty, and is further complicated by the distinctly non-academic political appetites that must be satisfied in the course of any coercive event. The jus ad bellum must now be applied to the world of computer network attack, since nation states and non-state actors now have the capacity to use relatively inexpensive and widely available hardware, software, and expertise to launch “attacks” against their targets. The means and methods for such attacks are often complex, opaque, and anonymous; and individual attacks may be mounted across the world (and at 2 David A Fulghum, Network Wars, AV. W. & S. T, Oct. 25, 2004, at 90. Fulghum quotes John Osterholz: “What the tactical commanders want is the autonomy and timeline to be able to do something right now and not have to wait for somebody back in the U.S. to tell them it’s OK.” Id. The author is an attorney and research fellow at the Potomac Institute for Policy Studies in Arlington, Virginia. He holds a law degree (J.D.) and a Master of Laws degree (LL.M.) in international law from Georgetown University Law Center. Mr. Wingfield has served as the Chair of the ABA’s Committee on International Criminal Law and is a Lecturer in Law at the Columbus School of Law (Catholic University of America) and an Adjunct Professor at the Georgetown Public Policy Institute. Mr. Wingfield is the author of the THE LAW OF INFORMATION CONFLICT: NATIONAL SECURITY IN CYBERSPACE. He may be contacted at: twingfield@potomacinstitute.org. 3 2 numerous simultaneous locations) almost instantaneously. The rate of technological advancement in this area is so rapid that traditional forms of scholarship and diplomacy, geared to the more deliberate pace of kinetic warfare, are scarcely able to keep up with this virtually unprecedented rate of change. The challenge for decision makers and their legal advisers is threefold: to derive the core legal principles which govern any resort to force, to adapt these for the new world of computer network attack, and finally, to provide a means by which this analysis may be performed at a low enough level and at a high enough speed to be relevant to real world operations. 4 Elements of Information Operations Computer Network Attack (CNA)—also referred to as “cyber war”—is a type of Information Warfare (IW), 5 which is itself a subset of Information Operations (IO). 6 Information operations may be undertaken at any level of conflict (strategic, operational, or tactical) and at any time during the resort to force (peace, crisis, or war). Information warfare, on the other hand, includes only those operations conducted in crisis or There are numerous works, which provide excellent introductions to this area. The richest is MICHAEL N. SCHMITT AND BRIAN T. O’DONNELL, EDS., COMPUTER NETWORK ATTACK AND INTERNATIONAL LAW (2002), a volume in the Naval War College’s “Blue Book” series. It contains fine pieces by D’Amato, Silver, Dinstein, Doswald-Beck, Schmitt, Wedgewood, Walker, Dunlap, and others. See also LAWRENCE T. GREENBERG, ET AL., INFORMATION WARFARE AND INTERNATIONAL LAW (1997) and Richard W. Aldrich, How Do You Know You Are at War in the Information Age?, 22 HOUS. J. INT’L L. 223 (2000). 5 4 The United States defines information warfare as “information operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries.” JOINT CHIEFS OF STAFF, JOINT PUB. 1-02, DEPARTMENT OF DEFENSE DICTIONARY OF MILITARY AND RELATED TERMS 203 (12 Apr. 2001). 6 Information operations are those “actions taken to affect adversary information and information systems.” JOINT CHIEFS OF STAFF, JOINT PUB. 1-02, DEPARTMENT OF DEFENSE DICTIONARY OF MILITARY AND RELATED TERMS 203 (12 Apr. 2001). 3 wartime. 7 Information warfare may be further subdivided into defensive and offensive operations. Although there is some overlap in these mutually supporting operations, operations security (OPSEC), physical security, counterdeception, counterpropaganda, and counterintelligence are generally defensive, while psychological operations (PSYOPS), military deception, electronic warfare, Special Information Operations (SIO), and of course, physical destruction, are primarily offensive in nature. 8 A parallel term, Command and Control Warfare (C2W), further subsumes many of these categories.9 More recently, the term “network-centric warfare” has achieved widespread acceptance, and covers much the same ground. Amid this welter of overlapping terms and definitions, the phrase “computer network attack” remains useful shorthand for tactical operations in cyberspace. The U.N. Charter Paradigm The U.N. Charter is the acknowledged mechanism for determining the lawfulness of the resort to force by nations. There are two key provisions: Article 2(4), which 7 Michael N. Schmitt, The Sixteenth Waldemar A. Solf Lecture in International Law, 179 MIL. L. REV. 363 (2003) at 415. JOINT CHIEFS OF STAFF, JOINT DOCTRINE FOR INFORMATION OPERATIONS, JOINT PUB. 3-13, viii-ix (Oct. 1998). JOINT CHIEFS OF STAFF, JOINT DOCTRINE FOR INFORMATION OPERATIONS, JOINT PUB. 3-13, vi (Oct. 1998). This publication contains a concise description of each element of Command and Control Warfare (C2W): OPSEC denies critical information necessary for the adversary commander to estimate the military situation accurately; psychological operations are vital to a broad range of US political, military, economic, and informational activities . . .; military deception focuses on causing the adversary to estimate incorrectly the situation . . .; electronic warfare includes electronic warfare support, electronic attack, and electronic protection; and physical destruction includes in support of C2W refers to the use of “hard kill” weapons or other means, such as sabotage or covert actions, against designated targets. . . . 8 9 Id. 4 prohibits the threat or use of force against the territorial integrity or political independence of any state, 10 and Article 51, which recognizes each state’s inherent right of self-defense against armed attack. 11 These two will be discussed more fully below. A third provision, Article 39, permits the Security Council to identify and label an event as a “threat to the peace, breach of the peace, or act of aggression.” 12 Article 39 designations cover a broad qualitative array of threats, and a wide quantitative range of potential dangers. 13 Because of this variety, and the primarily political process by which Article 39 determinations are nominated, discussed, and decided, this article will focus on Articles 2(4) and 51, which share a rich academic pedigree. When does computer network attack rise to the level of a “use of force” under Article 2(4)? Article 2(4) of the United Nations Charter prohibits “the threat or use of force” in international relations. There are two exceptions in the Charter scheme: a use of force U.N. CHARTER art. 2(4). “All members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the “United Nations.” Id. 11 10 U.N. CHARTER art. 51. Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security. Measures taken by Members in the exercise of this right of self-defence shall be immediately reported to the Security council and shall not in any way affect the authority and responsibility of the Security council under the present Charter to take at any time such action as it deems necessary in order to maintain international peace and security. Id. U.N. CHARTER art. 39. “The Security Council shall determine the existence of any threat to peace, breach of the peace, or act of aggression and shall make recommendations, or decide what measures shall be taken in accordance with Articles 41 and 42, to maintain or restore international peace and security.” Id. Schmitt speaks for the majority of commentators when he writes: “It would seem that international peace and security is whatever the Council declares it to be.” Michael N. Schmitt, Preemptive Strategies in International Law, 24 MICH. J. INT’L L. 513 (2002) at 527. 13 12 5 pursuant to a mandate issued by the Security Council in accordance with Article 42; and self-defense consistent with Article 51. The prohibition necessitates defining use of force, about which there are three schools of thought. The first, common among military operators and decision makers, postulates that the use of force prohibition seeks to keep incidents that are below a certain threshold of violence from mushrooming into full-blown wars; it is not the means of attack that matters, it is the amount of damage done. It should be immaterial whether a power transmission sub-station is destroyed by a 2000-lb bomb or by a line of malicious code inserted into the sub-station’s master control program because the amount of damage is equivalent. The second, more popular in academic circles, takes the position that the Charter was meant to favor resolution of conflict by non-military means. Consistent with this approach, only an armed attack (a classic attack with traditional military forces) constitutes a use of force. Therefore, according to this definition, it is the means of attack that matters. The third, embraced by this author, urges a case-by-case analysis that considers both the qualitative and quantitative aspects of an operation. In this method, the following criteria (albeit not exclusive) act as indicators of the extent to which the international community is likely to judge an information operation a use of force: severity of consequences; immediacy; directness; invasiveness; measurability; presumptive legitimacy; and responsibility. 14 Each of these factors merits closer analysis: These factors and the overall approach are described at length in Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUMBIA JOURNAL OF TRANSNATIONAL LAW 885, 900-923 (1999) [hereinafter Schmitt, CNA]. See also Michael N. Schmitt, The Sixteenth Waldemar A. Solf Lecture in International Law, 179 MIL. L. REV. 363 (2003) at 14 6 Severity: If people are killed or there is extensive property damage, the action is probably military; the less damage, the less likely the action is a “use of force.” Immediacy: When the effects are seen within seconds to minutes—such as when a bomb explodes—the operation is probably military; if the effects take weeks or months to appear, it is more likely diplomatic or economic. Directness: If the action taken is the sole cause of the result, it is more likely to be viewed as a use of force; as the link between cause and effect attenuates, so does the military nature of the act. Invasiveness: A violated border is still an indicator of military operations; actions that are mounted from outside a target nation’s borders are probably more diplomatic or economic. Measurability: If the effect can be quantified immediately—such as photographing a “smoking hole” where the target used to be—the operation has a strong military characteristic; the more subjective the process of evaluating the damage, the more diplomatic or economic. Presumptive Legitimacy: State actors have a monopoly on the legitimate use of kinetic force, while other non-kinetic actions—attacks through or in cyberspace— often are permissible in a wider set of circumstances; actions that have not been the sole province of nation-states are less likely to be viewed as military Responsibility: If a state takes visible responsibility for any destructive act, it is more likely to be categorized as a traditional military operation; ambiguous responsibility militates for a non-military label. Holistically considering such factors allows an estimate of whether the operation in question ⎯ whether kinetic, cyber, or hybrid ⎯ will be viewed as generally above or below the “use of force” threshold. Furthermore, the approach renders areas of disagreement more transparent, thereby allowing the sharpening of the norm. 15 417-18 [hereinafter Schmitt, Solf] and THOMAS C. WINGFIELD, THE LAW OF INFORMATION CONFLICT: NATIONAL SECURITY LAW IN CYBERSPACE (2000) at 115-127. Prof. Schmitt, the originator of the analysis, rightly cautions against a merely mechanical application of these standards. “Rather,” he writes, “the assessment is holistic. How many criteria are implicated? To what degree? In what geo-political context? And so forth. The goal is to anticipate the international community’s likely appraisal of a particular action.” Schmitt, Solf, at 417. But see Daniel B. Silver, Computer Network Attack as a Use of Force under Article 2(4) of the United Nations Charter, in MICHAEL N. SCHMITT AND BRIAN T. O’DONNELL, EDS., COMPUTER NETWORK ATTACK AND INTERNATIONAL LAW (2002) at 88-92. Silver believes only severity varies from one computer network attack to another, and that the remaining criteria inevitably reduce to a simple quantum-of-force analysis. In fact, plausible computer network attacks may be envisaged across the full spectrum of the Schmitt criteria. 15 7 When does computer network attack constitute “armed aggression” under Article 51, and activate the inherent right of self-defense? Article 51 permits States to engage in individual or collective self-defense in the face of an “armed attack.” Most international lawyers accept the International Court of Justice’s distinction in the Nicaragua case between a “use of force” under Article 2(4) (not always armed, e.g., equipping and training rebels) and an “armed attack” which activates the right of self-defense. 16 By this standard, an armed attack is a higher threshold, one that would typically require the direct causation of physical damage to property or injury to human beings. 17 This does not preclude States from responding to information operations that fall short of this level, but simply excludes the use of military force as a response option. Of course, those considering launching an information operation must understand that the meaning of “armed attack” will ultimately be determined by the target State. An attack against a “vital national interest,” for example, the national banking system, might well cross that State’s threshold even without causing direct damage or injury. In this sense, many of the same factors used to assess whether an operation is a “use of force” may also prove useful in estimating whether a particular operation will be characterized by the victim as a de facto armed attack. 18 Finally, a contentious international law issue pertains to acting in anticipation of an imminent attack. Using an information warfare operation to prepare the battlefield for Military and Paramilitary Activities (Nicar. v. U.S.), 1986 I.C.J. 14, 118-19, para. 228 (June 27) (Merits). See generally JOHN NORTON MOORE, THE SECRET WAR IN CENTRAL AMERICA (1987). 17 16 For an explanation of this analysis, see Schmitt, CNA, at 924-933. See generally Eric Talbot Jensen, Computer Attacks on Critical National Infrastructure: A Use of Force Invoking the Right of Self-Defense, 38 STANFORD JOURNAL OF INTERNATIONAL LAW 207, 215-231 (2002). 18 8 a conventional attack that has been irrevocably decided upon (e.g., bringing down an air defense network) may be sufficient to merit a kinetic response. However, beyond such obvious examples, the lack of a precise practical standard looms large. Efficacy of the Charter Paradigm Having examined the various portions of the Charter, which bear on the jus ad bellum, it is important to set the preceding discussion in the context of current state practice. Michael Glennon represents a minority opinion that questions the continued viability of the Charter framework: Massive violation of a treaty by numerous states over a prolonged period can be seen as casting that treaty into desuetude—that is, reducing it to a paper rule that is no longer binding. The violations can also be regarded as subsequent custom that creates new law, supplanting old treaty norms and permitting conduct that was once a violation. Finally, contrary state practice can also be considered to have created a non liquet, to have thrown the law into a state of confusion such that legal rules are no longer clear and no authoritative answer is possible. . . . “If you want to know whether a man is religious, “Wittgenstein said, “don’t ask him, observe him.” And so it is if you want to know what law a state accepts. 19 Despite being a strong advocate of Charter norms, Prof. Sean Murphy echoes Glennon’s thoughts in his comments on the resort to the use of force in Kosovo: [A]s much as I may see no clear rationale for NATO’s intervention, most of the global community seems to have sanctioned it. To claim that it was unlawful rings hollow given the global reaction, and those who persist in calling it unlawful risk becoming irrelevant voices in the wilderness. The original meaning of the U.N. Charter can change in light of widespread state practice; the expansion of the meaning of “threats to the peace” in Chapter VII is one example, and there are others. One can debate how uniform the practice was in the case of Kosovo, and to what extent there must be uniformity among the key actors involved in maintenance of international peace and security, but there is now a sound basis for arguing that law is being shaped. 20 19 Michael J. Glennon, Why the Security Council Failed, FOR. AFF. (May/June 2003) at 23-24. Sean D. Murphy, Humanitarian Armed Intervention: A Look at Kosovo, Presentation before the American Branch of the International Law Association International Law Weekend (Nov. 5, 1999) at 7. 20 9 Neither Glennon nor Murphy need be understood as advocating a departure from the substance of the Charter. Unless either of two extreme positions is chosen—that no subsequent state practice of any kind could have any effect on any portion of the Charter, or that the Charter, and the customary international law that it subsumes and explicates, represent a meaningless academic exercise divorced from the practical realities of international coercion—then the true challenge is determine the degree to which divergent state practice has altered our understanding of the Charter. An academically rigorous, non-politicized approach to this question will allow almost all of the reasonable concerns of state actors to be harmonized with almost all of the legally sound aspects of the jus ad bellum, and the larger Charter structure. 21 Conclusion The crucial issues of the jus ad bellum in cyberspace may be viewed through the lens of three thresholds established by the U.N. Charter. Under Article 39, the Security Prof. Dinstein, while makes a strong argument, by analogy, in favor of the continued viability of Article 2(4): “The criminal codes of all States are constantly trampled underfoot by countless criminals, yet the unimpaired legal validity of these codes is universally concede.” YORAM DINSTEIN, WAR, AGGRESSION, AND SELF-DEFENCE, 3 ED. (2001) at 88 [hereinafter DINSTEIN]. He continues: “[I]n spite of the frequent roar of guns . . . States involved in armed conflicts uniformly profess their fidelity to Article 2(4).” Id. He cites the Nicaragua opinion: If a State acts in a way prima facie incompatible with a recognized rule, but defends is conduct by appealing to exceptions or exceptions contained within the rule itself, then whether or not the State’s conduct is in fact justifiable on that basis, the significance of that attitude is to confirm rather than to weaken the rule. 21 Case Concerning Military and Paramilitary Activities in and against Nicaragua (Merits) (1986) I.C.J. REP 14 at 100, quoted in DINSTEIN, at 89. Still, Dinstein acknowledges, “[i]t seems logical to believe that an eventual dissonance between Article 2(4) and customary international law can be anticipated.” DINSTEIN, at 89. See also A. Cassese, Ex Iniuria Ius Oritur: Are We Moving Towards International Legitimation of Forcible Humanitarian Countermeasures in the World Community?, 10 EJIL (1999) 30: “[I]t is not an exceptional occurrence that new standards emerge as a result of a breach of lex lata.” Id. 10 Council has labeled a wide variety of situations as “threats to international peace and security,” with little consistent reference to external, objective standards. Most important in the process have been the Permanent Five members; only those situations not drawing a veto (cast on their own behalf or on behalf of an ally or client) will receive this largely political designation. In the context of computer network attack, the intrinsically clandestine nature of actions in cyberspace drastically reduces the likelihood that such an action could be identified at all, much less distinguished from parallel actions converging on the same goal. The second threshold is set by Article 2(4). Whether an action is considered a threat or use of force also contains a strong political component, but may be at least partially addressed from an intellectually coherent academic perspective. They key here is to reconcile the quantitative approach of most operators and decision makers (that a certain quantum of force, whether initiated cybernetically or kinetically, will result in a use of force under international law) with the qualitative approach of the U.N. Charter and the academics who interpret it (that most, if not all, military actions will rise to the level of a use of force, but that few, if any, diplomatic or economic actions will). The most promising avenue for such a reconciliation is the Schmitt Analysis. The Schmitt Analysis proposes assessing any given action in the framework of the seven aspects distinguishing military force from other types of coercion, and then holistically viewing the result for a principled determination of the action’s military or non-military nature. The former is usually characterized as a use of force, and the latter usually not. The unforeseen and often unforeseeable nature of weapons, techniques, and targets in 11 computer network attack militate for a return to first principles to formulate a prospective rule of law, rather than a retrospective evaluation of conforming precedent. The third and final threshold is that of armed attack, established in Article 51. Absent Security Council authorization to use force, Article 51’s recognition of the inherent right of individual and collective self-defense is the sole lawful basis for the use of force under international law. As with the Articles 39 and 2(4) thresholds, there is a strong, results-driven political component that lessens but does not eliminate the value of academic standards in defining “armed attack.” Under the jus ad bellum, there are three criteria for lawful self-defense: necessity (exhausting all reasonable peaceful alternatives before resorting to force), 22 proportionality (using only that amount of force required to end the immediate threat), 23 and imminency (acting only when the aggressor has irrevocably committed itself to attack). 24 Each of these standards is subject to a variety of academic formulations in theory and widely differing applications in practice. In summary, then, the three goals stated at the beginning of this paper are in varying stages of accomplishment. The first, limning the principles which apply to all uses of force, is relatively mature. A common framework for discussion and research exists, broad areas of consensus have been reached, and remaining areas of debate and Schmitt, Preemptive Strategies, at 530-31. Schmitt, echoing Dinstein, sets a high “beyond a reasonable doubt” standard for necessity. Id. at 530. Id. at 532-33. “[C]ompliance is to be judged solely against the force necessary to defeat or preempt the underlying strike that justifies the right to self-defense.” Id. at 533. 24 23 22 Id. at 533-36. Schmitt summarizes: [I]t is appropriate and legal to employ force preemptively when the potential victim must act immediately to defend itself in a meaningful way and the potential aggressor has irrevocably committed itself to attack. This standard combines an exhaustion of remedies component with a requirement for a very high reasonable expectation of future attacks—an expectation that is much more than merely speculative. Id. at 535. 12 disagreement have been identified and sharply drawn. The second goal, of applying these rules of law to the emergent world of computer network attack, is still in its infancy. It is not an overstatement to say that this conference, and the process which will follow, will be one of the leading efforts in this field, if not the leading effort. The third and final goal is identifying and employing means by which the law governing the resort to “force” in cyberspace may be made available widely enough to “front line” tactical commanders and their legal advisers. Rendering in a form that may be accessed rapidly enough to keep up with the pace of operations in cyberspace will present a true challenge, requiring that subtle, complex thought be distilled with a minimal loss of fidelity and clarity. It is in this final arena that the undoubted intellectual success of the Stockholm Process will find its most useful expression on the cyber battlefield of the very near future. 13 Appendix: Schmitt Analysis Criteria Severity Armed attacks threaten physical injury or destruction of property to a much greater extent than other forms of coercion. Physical well-being usually occupies the [lowest, most basic level] of the human hierarchy of need.† People Killed; People Killed; Severe Property Severe Property Damage Damage How many people were killed? How large an area was attacked? (Scope) How much damage was done within this area? (Intensity) People Injured; Moderate Property Damage People Unaffected; No Discernable Property Damage † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . Immediacy The negative consequences of armed coercion, or threat thereof, usually occur with great immediacy, while those of other forms of coercion develop more slowly. Thus, the opportunity for the target state or the international community to seek peaceful accommodation is hampered in the former case.† People Seconds toKilled; Minutes Severe Property Damage Over how long a period did the action take place? (Duration) How soon were its effects felt? Hours to Days How soon until its effects abate? Weeks to Months † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . 14 Directness The consequences of armed coercion are more directly tied to the actus reus than in other forms of coercion, which often depend on numerous contributory factors to operate. Thus, the prohibition on force precludes negative consequences with greater certainty.† Action SoleKilled; of People Cause Result Severe Property Damage Was the action distinctly identifiable from parallel or competing actions? Was the action the proximate cause of the effects? Action Identifiable as One Cause of Result, and to an Indefinite Degree Action Played No Identifiable Role in Result † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . Invasiveness In armed coercion, the act causing the harm usually crosses into the target state, whereas in economic warfare the acts generally occur beyond the target’s borders. As a result, even though armed and economic acts may have roughly similar consequences, the former represents a greater intrusion on the rights of the target state and, therefore, is more likely to disrupt international stability.† Border Physically People Killed; Crossed; Action Has Severe Property Damage Point Locus Did the action involve physically crossing the target country’s borders? Was the locus of the action within the target country? Border Electronically Crossed; Action Occurs Over Diffuse Area Border Not Crossed; Action Has No Identifiable Locus in Target Country † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . 15 Measurability While the consequences of armed coercion are usually easy to ascertain (e.g., a certain level of destruction), the actual negative consequences of other forms of coercion are harder to measure. This fact renders the appropriateness of community condemnation, and the degree of vehemence contained therein, less suspect in the case of armed force.† Effects Can Be Quantified Immediately People Killed; by Transitional Damage Severe Property Means (BDA, etc.) with High Degree of Certainty Effects Can Be Estimated by Rough Order of Magnitude with Moderate Certainty Effects Cannot be Separated from Those of Other Actions; Overall Certainty is Low How can the effects of the action be quantified? Are the effects of the action distinct from the results of parallel or competing actions? What was the level of certainty? † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . Presumptive Legitimacy In most cases, whether under domestic or international law, the application of violence is deemed illegitimate absent some specific exception such as self-defense. The cognitive approach is prohibitory. By contrast, most other forms of coercion—again in the domestic and international sphere—are presumptively lawful, absent a prohibition to the contrary. The cognitive approach is permissive. Thus, the consequences of armed coercion are presumptively impermissible, whereas those of other coercive acts are not (as a very generalized rule).† Action Accomplished People Killed; by Means of Kinetic Severe Property Damage Attack Action Accomplished in Cyberspace but Manifested by a “Smoking Hole” in Physical Space Action Accomplished in Cyberspace and Effects Not Apparent in Physical World Has this type of action achieved a customary acceptance within the international community? Is the means qualitatively similar to others presumed legitimate under international law? † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . 16 Armed coercion is the exclusive province of states; only they may generally engage in uses of force across borders, and in most cases only they have the ability to do so with any meaningful impact. By contrast, non-governmental entities are often capable of engaging in other forms of coercion (propaganda, boycotts, etc.). Therefore with armed coercion the likelihood of blurring the relative responsibility of the State, a traditional object of international prescription, and private entities, usually only the object of international administration, narrows. In sum, the consequences of armed coercion are more susceptible to being charged to the State actor than in the case of other forms of coercion.† Responsibility Responsibility for People Killed; Action Acknowledged Severe Property Degree by Acting State;Damage of Involvement Large Target State Government Aware of Acting State’s Responsibility; Public Role Unacknowledged; Degree of Involvement Low Action Unattributable to Acting State; Degree of Involvement Low Is the action directly or indirectly attributable to the acting state? But for the acting state’s sake, would the action have occurred? † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . Overall Analysis Use People Killed; of Force Under Article 2(4) Severe Property Damage Have enough of the qualities of a use of force been identified to characterize the information operation as a use of force? Arguably Use of Force or Not Not a Use of Force Under Article 2(4) † Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, 37 COLUM. J. TRANSNAT’L L. 887 (1999) at 914-15 . 17