If the US and Israel were patting themselves on the backs in the first round of
cyber warfare, putting off questions about clear rules of engagement and
grappling with possible international law limits, the party is over.
US President Barack Obama in the neighborhood and several recent more
defensive-minded moves being taken by Israel, it is worth noting a recent major
leaked-announcement the US made about its cyber warfare rules of engagement,
which will restrict its attack posture – and possibly Israel’s – in the future,
if it hasn’t already.
Before jumping into the maze of cyber warfare law,
it is important to state that how and to what extent the law of armed conflict
applies and what rules there should be for cyber warfare is highly
In this vacuum, the US and Israel have launched highly
aggressive and successful cyber warfare attacks on Iran, which have been largely
credited for slowing down the country’s believed clandestine nuclear weapons
program significantly and buying more time for sanctions and diplomacy to handle
That is why Obama’s new potential rules of restraint with
cyber warfare are surprising and may significantly impact Israel’s ability to
act aggressively in the future.
Unnamed senior US officials involved in
developing the first set of US cyber warfare rules of engagement (essentially
self-enforced legal limitations) leaked aspects of the new rules to The New York
A few of the rules were highly significant because
they impose restrictions not required by the laws of armed
First, the new rules of engagement state that almost no cyber
attack can be carried out without presidential approval – though the law of
armed conflict does not stipulate when approval for use of a particular weapon
must be made by the head of state.
There are some very limited
exceptions, such as shutting off an adversary’s air-defense network prior to an
attack on that adversary, but the rule appears to be pretty
Limiting the use of cyber warfare to presidential approval is an
extremely restrictive approach, normally limited only to use of nuclear weapons,
as getting presidential approval takes time – something that can have a serious
cost in warfare.
It also sets a tone of taking a more conservative and
defensive approach, sending the message to US cyber operatives that
aggressiveness and results may not be as appreciated and may not even be
supported if procedures are not carefully followed.
In addition to the
more general rule, the US has specifically ruled out automatic counterattacks
pending US efforts to more carefully determine where the attack emanated
Again, this restraint is not required per se by the law of armed
conflict, which limits how aggressive US cyber warfare operatives can be and
sends a message to adversaries of US restraint.
To the extent that
experts are trying to decide how to apply the law of armed conflict to cyber
warfare, attempts which have been hotly debated, the more careful “wait and see”
approach of the new US rules seems to show a desire to find ways to employ the
rule of proportionality.
The slower and less rushed the response is to an
attack, the more likely it can be proportional.
Why does this more
conservative approach matter to Israel? First, in most areas where Israel has
received tolerant and patient legal reactions to more controversial warfare
tactics, it has been where these tactics overlapped with newly aggressive
In other words, few are ready to try to sanction or
boycott the US and, when the US is fighting asymmetrical warfare in Afghanistan and Iraq using aggressive methods and
interpretations of the laws of armed conflict, the pressure on Israel is also
Similarly, Israel might or might not have engaged in
aggressive and offensive cyber warfare tactics against Iran without US cover,
but US cover again certainly blunts criticism of such preemptive covert methods
as violating international law.
But all of this can work against Israel
if the US acts more conservatively.
Despite the success of the cyber
warfare attacks on Iran, the US appears to be signaling a strategic retreat in
offensive cyber warfare to a more defensive posture.
Now, if Israel goes
it alone in a cyber warfare attack, it may have significantly less cover from
This is a problem because, while there is no accepted
set of rules for cyber warfare law aside from the attempt to apply general rules
of armed conflict like necessity and proportionality, any time that a state
takes any preemptive action, whether using its air force, drones or cyber
warfare, there is significant legal controversy.
This does not mean that
Israel will not go it alone, but the likelihood of such offensive uses of cyber
warfare – whether against Iran or others – is reduced, as there is always a
diplomatic price and, with the International Criminal Court up and running,
possibly a concrete legal price as well.
There are signs that Israel is
following the US’s lead, with several recent statements by Israeli officials
emphasizing its defensive cyber warfare capabilities instead of the offensive
capabilities it was emphasizing not long ago.
In mid-February, The
reported that the IDF has introduced its cyber defense control
center into service. Staffed by 20 soldiers and operating 24/7, the center was
put forth as a nerve center for defense, command and coordination abilities
against cyber warfare attacks.
Then, last week, the Defense Ministry
announced that it was setting up a new cyber body to support Israeli defense
industries in coping with cyber threats, focusing on vulnerabilities from data
storage, laptops and from use of Windows’s operating system, since many
components are made abroad and can be tampered with.
What is the purpose
of announcements of defensive cyber warfare capabilities, as opposed to the IDF
and former defense minister Ehud Barak emphasizing offensive capabilities in
June 2012 and after US-Israeli cyber success against Iran? It seems that the US,
and possibly Israel as well, is trying to signal to China, Iran, North Korea and
other possible attackers that they are willing to take their hand off the
offensive cyber trigger and that their increased defensive capabilities may
render attacks on the US and Israel less likely to succeed and not worth the
cost and time investment.
International relations experts emphasize the
importance of conveying a message convincingly to deter an adversary from
attacking, such as the US’s public threats against the Soviet Union during the
Cuban Missile Crisis.
Here, the US’s leaked announcement of its new
restrictive cyber warfare rules of engagement, which appear in some areas to be
even stricter than what the laws of armed conflict would require, may suggest a
different tactic: alleviating adversaries’ insecurity about being attacked while
changing the cost/benefit analysis of adversaries’ attacking.
the US, and possibly Israel, decided to go more defensive? Put simply, the US
and Israel, with their hyper hotwired economies and societies, have far more
vulnerabilities and far more to lose than their adversaries do.
Wednesday, the world took note of what appeared to be a North Korean cyber
attack on hotwired South Korea.
In mid-February China was accused of
hitting the US with cyber attacks, and both Israel and the US claim to have been
victims recently – in Israel there are also allegations that many banks,
telecoms and others have been hit but kept it quiet – with a noticeable increase
after the attacks on Iran.
So one explanation may be that, with weak
international law norms, a low probability of a multi-lateral treaty on reducing
cyber attacks in sight and an increase in attacks on the US, the US is trying to
unilaterally create new standards in the hope that its adversaries will
The timing of the announcement would support this theory,
as, allegedly, the “top secret” rules of engagement have been discussed secretly
for two years only to recently be partially leaked after a wave of
It may or may not be in Israel’s interest to do the same, but
Israel has been emphasizing its defensive capabilities more and US military
approaches have a way of impacting Israeli military behavior, sometimes whether
it is desired or not.
Relevant to your professional network? Please share on Linkedin