Writing the Rules of Cyberwar Karl Rauscher IEEE Spectrum December 2013 IS 376 November 11, 2014

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 2 Just War Doctrine Jus Ad Bellum - The Right To Go To War One of the first recorded discussions of the concept of a “just war” was in the Mahabharata, the Indian epic narrative of the mythological Kurukshetra War. There must be a just cause for declaring war There must be comparative justice on the declarer’s side There must be a just cause for declaring war There must be comparative justice on the declarer’s side Only a competent authority may wage war (no dictators) There must be a just cause for declaring war There must be comparative justice on the declarer’s side Only a competent authority may wage war (no dictators) Force may be used only with right intention (w/o ulterior motivations) There must be a just cause for declaring war There must be comparative justice on the declarer’s side Only a competent authority may wage war (no dictators) Force may be used only with right intention (w/o ulterior motivations) The probability of success must be reasonably high There must be a just cause for declaring war There must be comparative justice on the declarer’s side Only a competent authority may wage war (no dictators) Force may be used only with right intention (w/o ulterior motivations) The probability of success must be reasonably high War is a last resort after peaceful options are exhausted There must be a just cause for declaring war There must be comparative justice on the declarer’s side Only a competent authority may wage war (no dictators) Force may be used only with right intention (w/o ulterior motivations) The probability of success must be reasonably high War is a last resort after peaceful options are exhausted There must be proportionality between benefits and harms

There is a distinction between combatants and non-combatants who are caught in circumstances they did not create There should be proportionality between the damage caused by an attack and the advantage anticipated as a result of the attack There is a distinction between combatants and non-combatants who are caught in circumstances they did not create There should be proportionality between the damage caused by an attack and the advantage anticipated as a result of the attack Attacks should only occur out of military necessity, limiting excessive destruction There is a distinction between combatants and non-combatants who are caught in circumstances they did not create There should be proportionality between the damage caused by an attack and the advantage anticipated as a result of the attack Attacks should only occur out of military necessity, limiting excessive destruction Prisoners of war no longer posing threats should receive fair treatment There is a distinction between combatants and non-combatants who are caught in circumstances they did not create There should be proportionality between the damage caused by an attack and the advantage anticipated as a result of the attack Attacks should only occur out of military necessity, limiting excessive destruction Prisoners of war no longer posing threats should receive fair treatment Inherently evil means of warfare (e.g., mass rape, using weapons whose effects are uncontrollable, forcing prisoners to fight against their own side) are forbidden Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 3 Just War Doctrine Jus In Bello – Right Conduct In War

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 4 The Geneva Conventions After witnessing the horrors of war, the Swiss businessman Henry Dunant ( ), proposed: The establishment of a permanent relief agency for humanitarian aid in times of war, and An international treaty recognizing the agency’s neutrality and letting it provide aid in a war zone The former led to the establishment of the Red Cross, while the latter led to the Geneva Conventions The Geneva Convention for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field 1906 The Geneva Convention for the Amelioration of the Condition of the Wounded, Sick, and Shipwrecked Members of Armed Forces at Sea 1929 The Geneva Convention relative to the Treatment of Prisoners of War 1949 The Geneva Convention relative to the Protection of Civilian Persons in Time of War 1899 The Hague Convention for the Pacific Settlement of International Disputes and with respect to the Laws and Customs of War on Land 1907 The Hague Convention regarding the Rights and Duties of Neutral Powers During War, Prohibiting the Discharge of Projectiles and Explosives from Balloons, Etc. Dunant was awarded the first Nobel Peace Prize in 1901.

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 5 Cyberwar

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 6 Stuxnet – Invasion! Stuxnet enters a system via a USB stick and proceeds to infect all machines running Windows. By using a phony digital certificate that seems to indicate it came from a legitimate source, the worm is able to circumvent automated defense systems. Stuxnet then checks whether a given machine is part of the target industrial control system made by Siemens. Such systems are used in Iran to run high-speed centrifuges for nuclear fuel enrichment. If it is a target machine, Stuxnet tries to access the Internet and download the latest version of itself. Otherwise, it does nothing.

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 7 Stuxnet – Sabotage! The worm compromises the target systems logic controllers. It exploits software weaknesses that have never been identified by security experts. At first, Stuxnet spies on the operation of the targeted system Later, it uses the gathered information to take control of the centrifuges and make them spin themselves to failure. False feedback is provided to outside controllers This ensures that they won’t know that something is wrong until it’s too late.

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 8 Quantum Dawn 2 In July 2013, numerous financial institutions and associations worked with various federal contributors (DoT, SEC, DoHS, FBI) to conduct a simulated cyber-attack on the financial sector. 1.Creation of an automatic sell-off in target stocks by using stolen administrator accounts 2.Introduction of malicious counterfeit telecommunication equipment to divert attention and slow the investigation into the automatic sell-off 3.Substantiation of the price drop by issuing fraudulent press releases on target stocks 4.Disruption of governmental websites and services through a distributed denial of service (“DDOS”) attack 5.Corruption of the source code of a financial application widely used in the equities market 6.Degradation of the credibility of an industry group by sending a phishing to harvest user names and passwords and submitting false information on the attack 7.Disruption of technology service by unleashing a custom virus with the goal of degrading post-trade processing Resulting Recommendations Better sharing of information between industry and government Clearer decision-making process on when to open and close markets

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 9 Dragonfly Of particular concern is the potential for cyberattacks against the energy grid, as demonstrated in June 2014, when DoHS issued an alert concerning Dragonfly, a group of attackers whose campaign against American and European energy firms included... Sending malware in spear-phishing s to personnel in target firms. Watering hole attacks compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit that delivered malware to the victim’s computer. Trojanizing legitimate software bundles belonging to three different industrial control system (ICS) equipment manufacturers. Evidence suggests that Dragonfly is state-sponsored, originating from Eastern Europe, most likely from Russia.

Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 10 Tallinn Manual In 2009, NATO commissioned an international panel of legal scholars to interpret international law in the context of cyberwarfare.