A conversation about cybersecurity issues

Khatuna Burkadze

Khatuna Burkadze
Burkadze has been a visiting researcher at Columbia University, Bard College and the Fletcher School of Law and Diplomacy. Burkadze is an alumnus of the US Department of State’s Program on American Foreign Policy as well as the author of dozens of articles and book chapters. She has lectured on public international law and cyber law. She is a graduate of the Fletcher School of Law and Diplomacy, Tufts University.

May 31, 2018

Khatuna Burkadze has been a Fulbright scholar at the MIT Center for International Studies (CIS) for the past academic year. While at MIT, she implemented a project on cybersecurity issues and shares about her work in the following interview. Burkadze expresses gratitude and appreciation to both the US Embassy in Georgia and CIS for supporting her research during her Fulbright fellowship.

What was the main goal of your research on cybersecurity?

The main goal of the research project was to explore international legal aspects of cyberspace. Particularly, the analytical framework of the paper included the following components: parameters of armed attacks based on Article 51 of the UN Charter and Article 5 of the North Atlantic Treaty; reinterpretation of the definition of an armed attack in the digital era; consequences which can clarify when a cyberattack rises to the level of an armed attack; criteria for using individual or collective defense against cyberattacks and cyber warfare.

When does a cyberattack rise to the level of an armed attack?

To answer the above-mentioned and other questions related to cyberspace, I explored the Tallinn Manual 1.0 and Tallinn Manual 2.0 which provide with the International Group of Experts’ analysis how existing international law applies to cyber warfare and cyber operations. Technological advances are important to a societal development. However, it may have a disruptive effect as computers can be instrumental in carrying out new forms of war. Particularly, according to the Tallinn Manual 1.0, if a cyberattack causes “injury or death to persons or damage or destruction to objects”, it can rise to the level of an armed attack. Therefore, the “scale and effects” criteria can be used for clarifying when a cyberattack reaches the threshold of the “gravest form of use of force.”

Do we need amendments in the UN Charter and the North Atlantic Treaty to define what constitutes a cyberattack whether it rises to the level of an armed attack?

The UN Charter and the North Atlantic Treaty (the founding treaty of NATO) were adopted in 1945 and 1949 when the potential power of cyberspace could not even begin to be conceptualized. Regardless of the absence of appropriate international legal regulations on cyberattacks and cyber warfare, amendments in the UN Charter and the North Atlantic Treaty would not be a real solution due to the following reasons: (1) The UN Charter has been amended five times since 1945. They are mostly procedural changes. Moreover, it is hard to reach an agreement on amendments due to the veto power of the permanent members of the UN Security Council. (2) As for the North Atlantic Treaty, despite the changing security environment, the Washington Treaty has never had to be modified. Nevertheless, based on the analysis of the Tallinn Manuals, we can say that the legal language of both treaties gives states possibility to use individual or collective defense in case of cyberattack. Overall, the interpretation of Article 51 of the UN Charter and Article 5 of the North Atlantic Treaty has been expanded to include cyberattacks as armed attacks. Moreover, the exact definition of an armed attack is not given in these articles. Therefore, due to the nature of cyberattacks in the digital era, we can use a broader interpretation of an armed attack. A cyberattack would be a contemporary form of an armed attack.

How can we protect cyberspace in the future?

One of the ways for the protection of cyberspace is to intensify dialogue among different players of cyberspace. The ultimate purpose of such dialogue would be to promote a comprehensive understanding of a future cybersecurity agenda with clarifications of the following significant aspects: (1) The definitions of cyberspace, cyberattacks, cyber warfare and critical infrastructures; (2) Characteristics of types of cyberattacks; (3) Criteria for carrying out defensive measures in cases of cyberattacks and cyber warfare. Within the context of intensifying dialogue among actors of cyberspace, NATO can play an important role in this process. Particularly, NATO, as the strongest political-military alliance in the history, can facilitate to intensify dialogues among various players of cyberspace for several reasons. Based on the assessment of the Alliance’s cyber activities, it is clear NATO has a good understanding on international legal aspects of cyberspace; the Tallinn Manuals are the result of the Allies’ efforts. NATO has also achieved consensus among the Allies on key aspects of cyberspace. Lastly, the Alliance has the best practice on how to develop cybersecurity capacity through multinational exercises, training, projects and other activities.