helicopters hummed along the broken Pakistani terrain, their mission
accomplished. Osama Bin Laden was dead and the entire SEAL
Team Six crew was safe. In three and a half hours the team had
entered Pakistani airspace, assaulted the compound in Abbottabad, and returned
to Afghanistan, all before the Pakistani government was ever aware of the
incursion. The Pakistani air defense never detected the
helicopters in its airspace. Some speculated it was this inability to
detect U.S. forces that most damaged U.S.-Pakistani relations, more than the
actual invasion of Pakistani territory. “Never had the [Pakistani] military, the
strongest institution in the country, been so humiliated since it lost three
wars to India.” Programmers and hackers stationed at U.S.
Cyber Command in Ft. Meade, Maryland, could have contributed to the undetected
incursion, using cyber technologies to infiltrate and turn off Pakistan’s air
defense system simultaneous to the U.S.’s physical assault.
would not be the first such cyber attack. In 2007, Israeli bombers flew undetected into Syria, blowing up what was
later determined to be a partially completed, North Korean-built nuclear
enrichment facility. The bombers flew undetected not due to some
new radar-absorbing technology, but because
Israel used a complex cyber attack to mask its entry. Israeli programmers manipulated Syria’s air
defense so that it
would fail to report anything on the radar. Israel
and the U.S. often share new technologies as part of their strong relationship
in developing cyber weapons. In 2007, both nations joined together to
initiate “Olympic Games”– in part an effort to “cripple, at least for a while,
Iran’s nuclear progress” through the use of their combined cyber capabilities. Olympic Games used a series of computer worms
to progressively infiltrate and seize control of computers in the highly
secretive Natanz nuclear enrichment facility in Iran. Eventually, the worm was used to physically
alter critical components within the nuclear facility. To purify uranium into a usable energy source
for nuclear power, and potentially nuclear weapons, rotors within centrifuges
must spin the uranium at the speed of sound. The
surreptitious worm was engineered to spin the delicate centrifuges too fast or
too slow, ultimately causing them to break apart. The worm reportedly caused nearly a thousand
centrifuges to fail, greatly
delaying Iranian efforts to enrich uranium. If
the U.S. used such cyber attacks against Pakistan during the Bin Laden raid, as
developed in conjunction with Israel, what are the international
implications? What would limit the U.S.
or any other country from using these technologies solely for such a unique
scenario? What would keep them from
using it to mask planes flying over Iran? What if another country, perhaps China, developed such a capability and
used it to hide a Pearl-Harbor level initial strike against a smaller national
entity, like Taiwan?
attacks have already occurred. In 2008,
a seven-day conflict between Russia and Georgia witnessed the widespread use of
cyber attacks by “hacktivists” in Russia, which brought Georgian governmental
websites offline. What limits cyber attacks to military
targets? Estonia, a highly technological
country, was brought to its knees by a series of attacks in 2007 that initiated
in Russia and greatly disrupted Estonia’s banking systems. Similarly, during the 2008 Georgia-Russian conflict, cyber attacks were
used to shut down Georgia’s banking and mobile phone systems. What limits cyber attacks to state
actors? What is the appropriate response
if groups such as Al Qaeda or Anonymous initiate cyber
attacks against a state or international organization?
are only a few of the issues impacting the international community as it comes
to terms with the growing technological dependency of states and the resulting
dramatic impact of cyber attacks. This
note is organized into four parts, resulting in the suggestion of an initial
framework for an international treaty governing cyber attacks. Part I develops the basic questions
surrounding an international cyber treaty, demonstrating several potential
benefits of an international accord. Part II discusses customary international law that implicates cyber
attacks. It focuses on both jus ad bellum, the international legal
framework that governs the escalation to and initiation of war, and jus in bello, the international legal
framework that governs once war has begun. Part III addresses the major concerns of an international treaty. It discusses in turn definitional issues,
attribution, self-defense, and enforcement. Part IV highlights the feasibility of an international treaty, focusing
on varying national perspectives, interests, and potential complications.
The full article will be available soon at Stephen Moore: 39 N.C. J. Int'l L. & Comm. Reg. 223 (forthcoming Fall 2013).
 See David E. Sanger, Confront and Conceal: Obama’s Secret
Wars and Surprising Use of American Power 97 (2012).
 Id. at 103.
 Id. at 103. (“‘We [do not] think the
Paks saw us until we were over the border again,’ one American official told
[Sanger]. The whole process—in and out
of country—had lasted about three and a half hours, and the Pakistanis had
still not scrambled any forces.”). Ultimately, two MH-60 Black Hawk helicopters and two MH-47 Chinooks
entered Pakistan air, all undetected by Pakistani air defense. Id. at 97-103.
 Id. at 97. It is reported that Pakistan merely had its
radar turned off. Id. at 97 (“‘It was a little like us on Pearl Harbor Day – they had
their radar off,’ one of Obama’s aides told me later. ‘It was the first of several examples of
incompetence that broke our way.’”).
 Id. at 105. “With every new detail [of the
raid]—how long the SEALs were inside Pakistan, how they refueled on Pakistani
territory without being detected—the television commentators in Islamabad
stoked the public anger.” Sanger, supra note 2, at 107. Ultimately, the leaders of the Pakistani military and intelligence
service were subjected to eleven hours of hearings before the Pakistani
parliament, resulting in “a resolution condemning the Abbottabad raid as a
violation of sovereignty and a demand for a review of the partnership with the
United States ‘with a view to ensuring Pakistan’s national interests were fully
respected.’” Id. at107-08.
 See id. at 105-06.
 See generally Sanger, supra note 1, at 263-64 (explaining U.S. Cyber Command).
 See Richard A. Clarke & Robert K. Knake, Cyber War 2-4 (2010).
 See id. at 5 (“Those aircraft, designed
and first built in the 1970s, were far from stealthy. Their steel and titanium airframes, their
sharp edges and corners, the bombs and missiles hanging on their wings, should
have lit up the Syrian radars like the Christmas tree illuminating New York’s
Rockefeller Plaza in December. But they
 Id. at 5-8.
 Syria’s air defense, notably, was Russian-built. Id. at 5.
 Id. at 5-8.
 See id. at 8 (“Whatever method the
Israelis used to trick the Syrian air defense network, it was probably taken
from a playbook they borrowed from the U.S.”); see also Sanger, supra note 1, at 195 (“Soon the American
and Israeli intelligence partnership kicked into high gear. Olympic Games became part of the weekly
conversation between security officials from the two countries, conducted over
secure video lines and with visits to Washington and Jerusalem.”).
 See Sanger, supra note 1, at 190.
 See id. at 188-89.
 See id. at 188-89.
 See id. at 188-89 (“It was particularly
difficult to manufacture the delicate rotors at the center of the
machines. The rotors are the most vital
single part: they spin at terrifying speeds, and each rotation of each
centrifuge creates a slightly more purified version of Uranium-235.”).
 See id. at 189 (“[Rotors] are very
temperamental. Spin them up too quickly
and they can blow apart. Put on the
brakes too fast and they get unbalanced. When that happens, the rotors act like a metallic tornado, ripping apart
anything in its way.”).
 See id. at 206 (“In Natanz, 984
centrifuges came to a screeching halt.”).
 See Sanger, supra note 1, at 189.
 See Clarke
& Knake, supra note 8, at
20; see, e.g.,Mark Clancy, Arm Yourself
for Cyber War–Are You Next?, 2012
Sibos Conference Panel (DTCC, New York, N.Y.), (addressing the term “hacktivists”
and their role in cyber warfare).
 Clarke & Knake, supra note 8, at 12-16 (“Estonians could not use their online
banking, their newspapers’ websites, or their government’s electronic services.”). See
also Michael N. Schmitt, Cyber
Operations in International Law: The Use of Force, Collective Security,
Self-Defense, and Armed Conflicts, in Proceedings of a Workshop on Deterring
Cyberattacks: Informing Strategies and Developing Options for U.S. Policy
151, (Committee on Deterring Cyberattacks: Informing Strategies and Developing
Options for U.S. Policy et al. eds., 2010) (“The impact of the cyber assault
proved dramatic; government activities such as the provision of State benefits
and the collection of taxes ground to a halt, private and public communications
were disrupted and confidence in the economy plummeted.”).
 See Clarke
& Knake, supra note 8, at 20
(“The attacks triggered an automated response at most of the foreign banks,
which shut down connections to the Georgian banking sector. Without access to European settlement
systems, Georgia’s banking operations were paralyzed. Credit card systems went down as well,
followed soon after by the mobile phone system.”).
is not a group, but rather an Internet gathering.” ANON
OPS: A Press Release Dec. 10, 2010, AnonNews
(Dec. 10, 2010), http://anonnews.org/?p=press&a=item&i=31. “Anonymous is not a group of hackers. We are average Internet Citizens ourselves
and our motivation is a collective sense of being fed up with all the minor and
major injustices we witness every day.” Id.
Posted by Stephen A. Moore on Wed. October 30, 2013 8:00 AM
Anonymous, Customary International Law, Cyberwarfare, Osama Bin Laden, Pakistan