Skip to main content
SpringerLink
Log in

The Tallinn Manual and International Cyber Security Law

  • Chapter
  • First Online:
Yearbook of International Humanitarian Law Volume 15, 2012

Part of the book series: Yearbook of International Humanitarian Law ((YIHL,volume 15))

Abstract

The Tallinn Manual is a consensus academic work identifying the lex lata applicable to cyber warfare. It focuses on the jus ad bellum and on the jus in bello applicable to State conduct in and through cyberspace and, thus, constitutes a rather selective or sectorial approach to cyber security. Although cyber security is highly dependent upon a public-private cooperation and although it is predominantly challenged by cybercrime, the Tallinn Manual’s approach is justified by the fact that there is a genuinely military dimension of cyberspace. The Tallinn Manual is not an obstacle to a coherent approach to cyber security but rather an important first step in the development of international cyber security law as a distinct branch of international law.

The author is Charles H. Stockton Professor of International Law, U.S. Naval War College; Professor of International Law, Europa-Universität Viadrina, Frankfurt (Oder).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Schmitt 2013.

  2. 2.

    EU 2013, p. 2. See also U.S. President 2011, p. 3: “Digital infrastructure is increasingly the backbone of prosperous economies, vigorous research communities, strong militaries, transparent governments, and free societies.” Cyberspace has been defined as “the interdependent network of information technology infrastructures, [which] includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.” See National Security Presidential Directive 54/Homeland Security Directive 23 (NSPD-54/HSD-23).

  3. 3.

    DoD July 2011, p. 1: “U.S. and international businesses trade goods and services in cyberspace, moving assets across the globe in seconds. In addition to facilitating trade in other sectors, cyberspace itself is a key sector of the global economy. Cyberspace has become an incubator for new forms of entrepreneurship, advances in technology, the spread of free speech, and new social networks that drive our economy and reflect our principles.”

  4. 4.

    Cyberspace Policy Review 2009, p. iii.

  5. 5.

    EU 2013, p. 3. See also DoD July 2011, p. 4: “Cyber threats to U.S. national security go well beyond military targets and affect all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control critical civilian infrastructure. Given the integrated nature of cyberspace, computer-induced failures of power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption.”

  6. 6.

    ‘Cybercrime’ refers to “a broad range of different criminal activities where computers and information systems are involved either as a primary tool or as a primary target. Cybercrime comprises traditional offences (e.g. fraud, forgery, and identity theft), content-related offences (e.g. on-line distribution of child pornography or incitement to racial hatred) and offences unique to computers and information systems (e.g. attacks against information systems, denial of service and malware).” See EU 2013, p. 3.

  7. 7.

    See U.S. President 2011, p. 13: “In the case of criminals and other non-state actors who would threaten our national and economic security, domestic deterrence requires all states have processes that permit them to investigate, apprehend and prosecute those who intrude or disrupt networks at home or abroad. … all key tenets of the Budapest Convention on Cybercrime.” See also Cyberspace Policy Review 2009, p. 1.

  8. 8.

    U.S. President 2011, p. 5.

  9. 9.

    Ibid., p. 10.

  10. 10.

    Ibid., p. 17 et seq.

  11. 11.

    EU 2013, p. 2.

  12. 12.

    Ibid.

  13. 13.

    U.S. President 2011, p. 4.

  14. 14.

    Ibid., p. 9.

  15. 15.

    Cyberspace Policy Review 2009, p. iii.

  16. 16.

    White House 2012, p. 3.

  17. 17.

    Cyberspace Policy Review 2009, p. 2, referring to: Director of National Intelligence, Annual Threat Assessment of the Intelligence Community for the Senate Armed Services Committee, Statement for the Record, March 10, 2009, p. 39.

  18. 18.

    U.S. President 2011, p. 14.

  19. 19.

    DoD November 2011, p. 2. See also White House 2012, p. 4.

  20. 20.

    DoD November 2011, p. 3.

  21. 21.

    Ibid., p. 4.

  22. 22.

    EU 2013, p. 19. Interestingly, the Draft Strategy does not refer to Article 42(7) of the Treaty on European Union, although that would have benn the provision of first choice with regard to a “particularly serious cyber attack”.

  23. 23.

    DoD July 2011, p. 13. See also Lynn 2010, p. 101.

  24. 24.

    DoD July 2011, p. 1.

  25. 25.

    Ibid., p. 2. See also White House 2012, p. 5: “Modern armed forces cannot conduct high-tempo, effective operations without reliable information and communication networks and assured access to cyberspace and space.”

  26. 26.

    White House, 2012.

  27. 27.

    DoD July 2011, p. 5: “…treating cyberspace as a domain is a critical organizing concept for DoD’s national security missions. … DoD must ensure that it has the necessary capabilities to operate effectively in all domains—air, land, maritime, space, and cyberspace.” See also White House 2012, p. 8, stressing the determination “to ensure the United States, its allies, and partners are capable of operating in A2/AD, cyber, and other contested operating environments.” ‘A2/AD’ stands for Anti-Access Area-Denial (A2AD) in military domains and in cyberspace.

  28. 28.

    DoD July 2011, p. 6 et seq.

  29. 29.

    Ibid., p. 5.

  30. 30.

    DoD November 2011a, b, p. 5.

  31. 31.

    Wingfield 2000, p. 17.

  32. 32.

    EU 2013, p. 3.

  33. 33.

    U.S. President 2011, p. 9. See also EU 2013, p. 15: “The EU does not call for the creation of new international legal instruments for cyber issues.”

  34. 34.

    International Court of Justice, Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, I.C.J. Rep., 226 (July 8, 1996).

  35. 35.

    Ibid., para 39.

  36. 36.

    Ibid., paras 74 et seq.

  37. 37.

    DoD November 2011, p. 5: If directed by the President, DoD will conduct offensive cyber operations in a manner consistent with the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict.” EU 2013, p. 16: “If armed conflicts extend to cyberspace, International Humanitarian Law and, as appropriate, Human Rights law will apply to the case at hand.” See also: DoD November 2011, p. 1: “[C]yberspace operations are … governed by all applicable domestic and international legal frameworks, including the protection of civil liberties and the law of armed conflict.”

  38. 38.

    Pellet 2006, p. 792 (MN 323).

  39. 39.

    In the Lotus Case, the Permanent Court of International Justice seems to have had doubts “as to what their value may be from the point of view of establishing the existence of a rule of customary law”. The SS Lotus, PCIJ, Ser. A, No. 10, p. 26.

  40. 40.

    Doswald-Beck 1995.

  41. 41.

    HPCR 2009.

  42. 42.

    DoD November 2011, p. 8.

  43. 43.

    Ibid., p. 9.

  44. 44.

    EU 2013, p. 3, fn 4.

  45. 45.

    Cyberspace Policy Review 2009, p. 2.

  46. 46.

    Ducheine et al. 2012, p. 110 et seq.

  47. 47.

    Interference with foreign service providers may violate obligations under the GATS.

  48. 48.

    See also EU 2013, p. 3: “The same laws and norms that apply in other areas of our day-to-day lives apply also in the cyber domain.” See also Ducheine et al. 2012, p. 111 et seq.

  49. 49.

    DoD July 2011, p. 2.

  50. 50.

    U.S. President 2011, p. 9.

  51. 51.

    DoD July 2011, p. 1.

  52. 52.

    EU 2013, p. 3.

  53. 53.

    For some of the issues of the fragmentation of international law see International Law Commission, Report on the 57th session (2 May–3 June and 11 July–5 August 2005), Chapter XI, UNGA, Official Records, Sixtieth Session, Supplement No. 10 (UN Doc. A/60/10).

  54. 54.

    U.S. President 2011, p. 9.

  55. 55.

    DoD November 2011, p. 5 et seq.

  56. 56.

    U.S. President 2011, p. 9.

  57. 57.

    Clausewitz 1832/34.

  58. 58.

    For the legality or illegality of humanitarian intervention see Byers and Chesterman 2003, pp. 177–203; Franck 2003, pp. 204–231. See also the statements on the Kosovo Campaign by Henkin et al. 1999, pp. 824–862.

References

  • Byers M, Chesterman S (2003) Changing the Rules about Rules? Unilateral Humanitarian Intervention and the Future of International Law. In: Holzgrefe J, Keohane R (eds.) (2003) Humanitarian Intervention, Cambridge University Press, Cambridge, pp 177–203.

    Google Scholar 

  • Clausewitz C (1832/34) Vom Kriege, Book I, Section 24.

    Google Scholar 

  • Cyberspace Policy Review (2009) Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf. Accessed 22 May 2013.

  • DoD (Department of Defense U.S) (July 2011) Strategy for Operating in Cyberspace http://www.defense.gov/news/d20110714cyber.pdf. Accessed 22 May 2013.

  • DoD (Department of Defense U.S) (November 2011) Cyberspace Policy Report - A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2011, Section 934 http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf. Accessed 22 May 2013.

  • Doswald-Beck L (ed.) (1995) San Remo Manual on International Law Applicable to Armed Conflicts at Sea. Cambridge University Press, Cambridge.

    Google Scholar 

  • Ducheine P, Voetelink J, Stinissen J, Gill T (2012) Towards a Legal Framework for Military Cyber Operations. In: Ducheine P, Osinga F, Soeters J (ed) (2012) Cyber Warfare: Critical Perspectives. T.M.C. Asser Press, The Hague, pp 101–128.

    Google Scholar 

  • EU (2013) Draft Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace. Brussels.

    Google Scholar 

  • Franck T (2003) Interpretation and Change in the Law of Humanitarian Intervention. In: Holzgrefe J, Keohane R (eds.) (2003) Humanitarian Intervention. Cambridge University Press, Cambridge pp 204–231.

    Google Scholar 

  • HPCR (Harvard Program on Humanitarian Policy and Conflict Research) (2009) Manual on International Law Applicable to Air and Missile Warfare. Bern.

    Google Scholar 

  • Henkin L, Wedgwood R, Charney J, Chinkin C, Falk R, Franck T, Reisman W (1999) 93 AJIL, pp 824–862.

    Google Scholar 

  • Lynn W (2010) Defending an New Domain. 89 Foreign Affairs, pp 97–108.

    Google Scholar 

  • Pellet A (2006) Article 38. In: Zimmermann A, Tomuschat C, Öllers-Frahm K (ed) The Statute of the International Court of Justice—A Commentary, Oxford University Press, pp 677–792 http://www.alainpellet.eu/Documents/PELLET%20%202006%20%20Article%2038%20of%20the%20Statute%20of%20the%20ICJ.pdf. Accessed 22 May 2013.

  • Schmitt M (2013) Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge University Press, New York.

    Google Scholar 

  • U.S. President (2011) International Strategy for Cyberspace. Washington, D.C.

    Google Scholar 

  • White House (2012) Sustaining U.S. Global Leadership: Priorities for 21st Century Defense. http://www.defense.gov/news/defense_strategic_guidance.pdf. Accessed 22 May 2013.

  • Wingfield T (2000) The Law of Information Conflict: National Security Law in Cyberspace. Aegis Research Corp, Falls Church.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. U.S. Naval War College, Newport, RI, USA

    Wolff Heintschel von Heinegg

Authors
  1. Wolff Heintschel von Heinegg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wolff Heintschel von Heinegg .

Editor information

Editors and Affiliations

  1. Criminal Law, Section Military Law, University of Amsterdam and Netherlands Defence Academy, Amsterdam/Breda, The Netherlands

    Terry D. Gill

  2. School of Law, University of Glasgow, Glasgow, United Kingdom

    Robin Geiß

  3. University of Leiden Kamerlingh Onnes Gebouw, Leiden, The Netherlands

    Robert Heinsch

  4. Melbourne Law School, Carlton, Victoria, Australia

    Tim McCormack

  5. T.M.C. Asser Instituut, The Hague, The Netherlands

    Christophe Paulussen

  6. T.M.C. Asser Instituut, The Hague, The Netherlands

    Jessica Dorsey

Rights and permissions

Reprints and permissions

Copyright information

© 2014 T.M.C. ASSER PRESS, The Hague, The Netherlands, and the author(s)

About this chapter

Cite this chapter

von Heinegg, W.H. (2014). The Tallinn Manual and International Cyber Security Law. In: Gill, T., Geiß, R., Heinsch, R., McCormack, T., Paulussen, C., Dorsey, J. (eds) Yearbook of International Humanitarian Law Volume 15, 2012. Yearbook of International Humanitarian Law, vol 15. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-90-6704-924-5_1

Download citation

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation