Rules of Cyber Engagement

Article/Op-Ed in Slate
March 10, 2016

Robert Morgus wrote for Slate about the blurry, grey lines of war in the 21st Century: 

Sometime in late 2013 or early 2014, hackers infiltrated the business network of a German steel plant, disrupting critical systems and causing massive—albeit unspecified—damage by manipulating the control system of a blast furnace.

Then, in 2015, malicious code attacked the power grid in the Ivano-Frankivsk Oblast in Western Ukraine, shutting off power for several hours. At the time, Ukraine was embroiled in an armed conflict with Russian-backed rebels.

These were not isolated incidents. Conflicts in cyberspace and cybertactics used in conventional (that is, physical) conflicts are both happening, and with increasing frequency. According to data collected in an ongoing project at New America, where I work, there have been 61 cyberattacks conducted by states against other states during peacetime and an additional 24 during wartime since the late 1980s. (New America is a partner with Slate and Arizona State University in Future Tense.) But are there rules for cyber in war? And what about conflict in cyberspace? If so, what are they? Where have they come from?