On October 31, 1517, a remarkable event took place in the capital of Saxony, Wittenberg. Doctor of Divinity Martin Luther nailed to the doors of the Castle Church a document that went down in history as "95 Theses", or, quite briefly, XCV. A unique mixture of reflections on the deepest problems of theology and current political polemics. From that moment on, a process known as the Reformation began in the countries of Catholic Europe. Marked by many religious wars (the last of them, perhaps, the war of the Sonderbund, the union of clerical cantons, against the allied government of Switzerland in 1847 …). And - which led to a colossal acceleration of scientific and technological progress (including due to the fact that they stopped serving Christ-like vagabonds, and began to send them to workhouses, weave ropes for the Royal Navy, under the protection of which they are transported to the colonies, expanding markets for emerging industry …).
Well, on March 5, 2013, a book published by Cambridge University Press was presented to the world. It was written by an international group of experts led by Professor Michael N. Schmitt, head of the International Law Department at Naval War College, practically - the US Navy Academy. The book is called The Tallinn Manual on the International Law Applicable to Cyber Warfare, or, for short, the Tallinn Manual. A NATO dependent (NATO Cooperative Cyber Defense Center of Excellence and spawned this document) its full text can be found here.
And this book also contains ninety-five … But not theses, but the Rules. Cyber war rules! At first glance, the list of an international group of experts looks very noble - a professor from the Catholic (the oldest of all Catholic) University in Flemish Leuven (it is interesting that in the First World War the Kaiser's troops wiped this city off the face of the earth, and the future Nobel Prize winner Thomas Mann, in the company with Gerhard Hauptmann, who had already received the Nobel, the act was hotly justified - however, the Allies, in the spring of 1944, also bombed Leuven to glory, having once again incinerated the library). A German scientist from the University of Potsdam (well, this is a remake, sample of 1991 - sclerosis, I forgot what organization was there before, and what event took place in the quietest town in May 1945 …). A bunch of lawyers from the Law Schools of various states and Anglo-Saxon countries in the South Seas. And even a couple of persons from the International Committee of the Red Cross (not a single meanness can do without humanitarian bureaucrats on the planet …). But this motley company (especially encouraged by the presence of delegates to the three-time Nobel Peace Prize Red Cross) has been creating a comprehensive guide to cyber warfare for the North Atlantic Alliance. Cybernetic, as we will see later, is here rather as a characteristic of the stage of technological development at which this war will take place …
Why is this leadership Tallinn? Well, this is related to the events of April 27, 2007. Then, in the capital of Estonia, the police clashed with the defenders of the "Bronze Soldier", a monument on the mass grave of the Red Army soldiers who died during the liberation of the city from the Nazis. A few days later, Estonian government websites faced a cyber threat. It was a trivial DDoS attack. But - of great power. Richard A. Clarke, a former cybersecurity adviser to President George "Dubu" Bush, called it "the largest in history." Several botnets, up to a million computers, launched an attack on "the addresses of the servers that control the telephone network, the credit card verification system, and Internet resource directories." Estonia is a cybernated country, and has been written about its successes in informatization for a long time. And so she was vulnerable. “Hansapank, the largest bank in the country, could not resist. Trade and communications were disrupted throughout the territory. " (However, the Estonian hackers also frolicked, which KT talked about at one time …)
Estonians complained to NATO (this is about how, in the absence of hot water, not to go to the housing office, but write to the Ministry of Emergency Situations …). Experts who flew from all over the world found out "that the Cyrillic alphabet was used in the program code" - unexpectedly for a country where for about 30% of the population Russian is the native language. They also found traces leading to Russia (given the compatriots' love of pirates, in which bots were sometimes initially embedded, it is not surprising) - and here Clarke (we quoted the "Peter" translation of his book "The Third World War. What Will It Be?"): “Does the Russian state security have anything to do with the cyberattack in Estonia? It might be worth rephrasing the question. They offered to carry out the attack, facilitated it, refused to investigate the case and punish those responsible? But in the end, is this distinction so important if you are an Estonian citizen who cannot withdraw your money from the Hansapank card? " That's all … The traditions of jurisprudence, leading from Rome, with mandatory procedures for establishing the subject and intent, are declared null and void; the slogan of the Holy Roman Emperor Ferdinand I Pereat mundus et fiat justicia is replaced by expediency … "Is this distinction so important …"
And the “Tallinn Leadership” is already a full-fledged guide for waging wars in the information age. Approximately the same as for the industrial era Triandafillov's "The nature of operations of modern armies", "Achtung - Panzer!" Guderian, Il Dominio dell'Aria by Douai. Precisely for waging wars, not for limiting them. The restrictions on cyber operations that destroy nuclear power plants, dams and dams established by Rule 80 should not mislead anyone. After all, what is a Clausewitz war? Continuation of the policy by other, violent, methods. And what can real politics be aimed at? Yes, to capture - either markets or resources. And the territory, contaminated or flooded, is a so-so market … And it is inconvenient to take resources from it. This is where the limitation comes from! The 617th squadron RAF bombed dams and dams in Germany ("Flood Germany" by Paul Brickhill and films - "The Dam Busters" of the mid-50s plus one of the episodes of the modern "Foyle's War"). For a very simple reason - Germany had yet to become a market for the Anglo-Saxons, and now we live in a global economy, as in 1913 …
And other rules should not be misled - from the initial ones, which speak of Sovereignty and Jurisdiction, to the final ones, dedicated to Neutrality in the actions of the Security Council. The words, like Civilians, Mercenaries, Protecting Children and Protecting Journalists, do not have the usual meaning here. As well as the prohibition of collective punishment under Rule 85. The document only has a legal, although not binding for any country in the world, form. In fact, he is very pragmatic. Recommendations to avoid human sacrifice are only recommendations. And at the forefront is the assessment of the achieved effect in the event of its own operation or potential damage in the event of an enemy operation. And the enemy can be not only a military man, dressed in uniform, wearing clearly visible insignia, a hacker. The adversary can be anyone whose activities are deemed threatening. Member of some hacker organization. Or just a loner. And all of them, if necessary, can be killed or maimed (kill and injure). No no. There is a reason to kill and maim. They will first need to be caught in the fact that they themselves carried out or planned something deadly, as well as developed malicious software that could lead to dire consequences. In other words, a “license to kill” an offshore programmer was practically issued, who accepted an order through the Internet for the development of something that could harm someone. Not nullify his credit card, but kill him.
The following situation is simulated offhand. The terrorist registers an industrial security firm. Then he recruits (through the Network) specialists (from Bangalore to Khabarovsk), whom he sets the task of checking the safety of a chemical plant, hydroelectric power station or something like that, to analyze their computer systems. Analyze, having come up with a way to disrupt their functioning. The task is routine. And quite legal. And if the police catch such a developer, the court will acquit him, because there is no intent to commit an atrocity (and the law prohibiting writing programs, unlike laws prohibiting weapons and ammunition to get along without licenses, seems to be nowhere …). But if such a geek gets caught in the sight of cyber warriors - that's it, he turns into a legitimate target. As a result of a cyberattack (for which his product can potentially be used), people can actually die. And therefore, jamebonds with a pair of zeros can catch the poor fellow in Turkey on the beach, and even drown him. Or slaughter in your own entrance. And in the future - when drones become smaller and cheaper - send a drone to visit him, as is now done with those suspected of having links with al-Qaeda.
That is, international law is a flair, a disguise. The essence of the matter is that humanity is busily mastering a new space for war, kindly provided by technology. The massive armies and deep operations of Triandafillov, the air supremacy of Douai, the armored vehicles of Guderian … Now it was the turn of cyberspace. And the interest of the military in it is directly proportional to the role it plays in the global economy, how fast IT is progressing. And this role is extremely important - and this is what the emergence of 95 rules indicates!
