communications and safety services; (2) domestic cyber law, such as in the context of copyright infringement; (3) Articles 19 and 113 of UNCLOS if the defender nation were a coastal state; (4) applicable MALT, extradition treaties, and SOFAs; and (5) the potential for Chapter VII United Nations Security Council resolutions. But this regime is imperfect. The main failing of these existing international treaties that relate to cyber law are that most do not specify how the frameworks are morphed or fall away entirely during an armed attack. Many critically also do not include enforcement mechanisms such as mandatory reparations in the event of breach. Nevertheless, regardless of whether or not cyber attacks fall below the threshold of an armed attack these bodies of law have a role to play in forming an appropriate regime. The cyber attack on Estonia in March, 2007 will be used by way of a case study throughout.
Defining Information Warfare and the Threat of Cyber Attacks
The recent cyber attack on Estonia has fed the already significant international concern that hostile foreign governments could preemptively launch computer-based attacks on critical national or regional systems such as those supporting energy distribution, telecommunications, and financial services. As seen in Estonia, even small scale exercises of IW have the potential to “severely damage or disrupt national defense or other vital social services and result in serious harm to the public welfare.”16 When and if a modern state’s networked information infrastructure crashes, an Information Age society could be paralyzed or even crash. The pervasively destructive potential of cyber-based IW presents new international military implications and invites new analytical considerations of where IW fits into the larger body of contemporary international legal
16 Joyner, supra note 15 at 858.