• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Intelligence
  • Laws and regulations
  • Security
  • Cyber warfare – Why we need to define a model of conflict?

Cyber warfare – Why we need to define a model of conflict?

Pierluigi Paganini December 06, 2013

Cyber warfare or information warfare is still a gray area of the military doctrine, it is necessary to define the “model of conflict” and rules for the actors.

Cyber war and cyber information warfare are two terms very inflated used to describe the current disputes within the cyberspace.  To explain the effect of acts of cyber war, security experts use to mention the cyber attack against the Estonia’s government networks in 2007, an offense occurred in a period of intense political contrasts with Russia.

But the recent years have been characterized by an intense activity of governments in the cyberspace considered the fifth domain of the warfare, we assisted to the mutual network intrusions of Korean cyber armies the disputes between US and Israel against countries like China, Iran and Syria.

Almost every government in investing to improve its cyber capabilities, New Zeland and Russia for example have started important initiatives recently, the definition and the implementation of an efficient cyber strategy is a must for everyone. In many cases we discussed about the repercussions of a cyber attack on the reality, Stuxnet is a good example of the potential effect of a cyber weapon, a malicious code could in fact be used to harm an industrial process and cause loss of human life.

The absence of global accepted rules in the cyberspace, let’s think the concept itself of cyber weapon is ambiguous, is causing a fragmentation of the power, information warfare is significantly influencing the defense strategies of every governments requesting a review of decisional processes.

It is mandatory to establish a global collaboration interstate to prevent the escalation of cyber conflicts, the cyber warfare scenario is rapidly evolving and governments must align their strategies working to the definition of a set of cyber rules globally recognized and accepted.

Early 2013 an International Group of Experts tried to define this set of rules, formalizing their effort in an handbook titled “The Tallinn Manual on the International Law Applicable to Cyber Warfare”, a document that provides a study on how extant international law norms could be applied to cyber warfare.

cyber warfare Tallinn_Manual

NATO Cooperative Cyber ​​Defense Center of Excellence has sustained the drafting of the document to clarify the rules of the governments in the cyberspace, and their conduct, defining jurisdiction, control and legal responsibilities.

«A State bears international legal responsibility for cyber operation attributable to it and which constitutes a breach of an international obligation.»

The experts provided a legal definition for a concept such as a cyber attack and a cyber weapon, following an abstract from the first draft release:

«A cyber attack is cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects»

The NATO group isn’t the unique one,  the EastWest Institute has created the Cyber 40, with delegates from 40 digitally advanced countries, the purpose is to involve government organizations, industry groups and think tanks to define practical “humanitarian agreements for cyber conflicts” in cyber warfare.

Within principal goals the definition of  the duty of care in case of cyber attacks against a country that have to define which targets have to be preserved due the possible damage on the population. Dam, dykes and Nuclear Electrical Generating Stations could not represent a primary target for a cyber attack, another question is to operate in a “context” that needs to preserve children, journalists, medical and religious personnel. In cyber warfare, the context is fundamental to introduce the concept of cyber weapons, and experts have approached it defining the ‘Means’ of cyber warfare that are cyber weapons and their associated cyber systems.

“Cyber weapons are cyber means of warfare that are by design, use, or intended use, capable of causing either injury to, or death of, persons. The ‘Methods’ of cyber warfare are the cyber tactics, techniques and procedures, by which hostilities are conducted.”

As highlighted by many cyber experts it is necessary to contextualize the principles proposed by the Geneva and Hague conventions, to the information warfare facing with difficulties specific in the use of cyber tools.

What could be considered an act of cyber war? Which are the rules of engages? When is a cyber attack justified? Which is the limitation of an “offensive” approach to cyber security?

These are just a few of questions to approach, it is necessary to define a “model of cyber conflict”, defining roles and responsibilities (e.g. Attackers, targets) .

Within the various urgencies there is the need to be able to distinguish humanitarian interests in cyberspace to avoid that a cyber attack could impact them, but it is a hard task.

Another serious issue to address is the attribution of responsibility for the cyber war acts, in the majority of cases it is quite impossible to discover the origin of the attack and to identify the attacker. The acceptance of a law framework could help to create a shared awareness of what is considerable “moral” and what is not accepted.

Information warfare is conducted through the cyberspace but we must keep in mind the possible consequences on the real world, the human component must be always preserved also in a scenario in which machine component is assuming a crucial rule, let’s think for example of the definition of a new generation of tools and systems able to take decision in real time in case of cyber attacks.

Cyber offensives are instantaneous events and in some cases to avoid the destruction of assets or to prevent the loss of human life it is necessary to take decisions in real time.

Are we really able to substitute human intervention in critical situation evaluating every possible consequences real time? Are we able to design systems that could not be deceived and that will be able to take the right decision in a timely way?

Until we have defined a model for cyber conflict and the rules for the involved actors the answer is no!

Pierluigi Paganini

(Security Affairs –  Cyber warfare, laws and regulations )

 


facebook linkedin twitter

China cyber war cyber warfare cyber weapon cyber-conflict defense strategies Hacking Iran Israel laws and regulations NATO Russia stuxnet Syria The Tallinn Manual

you might also like

Pierluigi Paganini July 30, 2025
PyPI maintainers alert users to email verification phishing attack
Read more
Pierluigi Paganini July 29, 2025
Orange reports major cyberattack, warns of service disruptions
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    PyPI maintainers alert users to email verification phishing attack

    Hacking / July 30, 2025

    FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

    Cyber Crime / July 30, 2025

    Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

    Malware / July 30, 2025

    Orange reports major cyberattack, warns of service disruptions

    Security / July 29, 2025

    Hackers leak images and comments from women dating safety app Tea

    Data Breach / July 29, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT