Peacetime Cyber Responses and Wartime Cyber Operations Under International Law: An Analytical Vade Mecum
Harvard National Security Journal
Harvard University, Harvard Law School
Reason for embargo
This is the author accepted manuscript. It is currently under an indefinite embargo pending publication by Harvard Law School
Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations examines the application of extant international law principles and rules to cyber activities occurring during both peacetime and armed conflict. It was intended by the two International Groups of Experts that drafted it to be a useful tool for analysis of cyber operations. The manual comprises 154 Rules, together with commentary explaining the source and application of the Rules. However, as a compendium of rules and commentary, the manual merely sets forth the law. In this article, the director of the Tallinn Manual Project offers a roadmap for thinking through cyber operations from the perspective of international law. Two flowcharts are provided, one addressing state responses to peacetime cyber operations, the other analyzing cyber attacks that take place during armed conflicts. The text explains each step in the analytical process. Together, they serve as a vade mecum designed to guide government legal advisers and others through the analytical process that applies in these two situations, which tend to be the focus of great state concern. Readers are cautioned that the article represents but a skeleton of the requisite analysis and therefore should be used in conjunction with the more robust and granular examination of the subjects set forth in Tallinn Manual 2.0.