The Tallinn Manual, originally entitled, Tallinn Manual on the International Law Applicable to Cyber Warfare, is an academic, non-binding study on how international law, especially jus ad bellum and international humanitarian law, applies to cyber conflicts and cyber warfare. Between 2009 and 2012, the Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts. In April 2013, the manual was published by Cambridge University Press.
In late 2009, the Cooperative Cyber Defence Centre of Excellence convened an international group of legal scholars and practitioners to draft a manual addressing the issue of how to interpret international law in the context of cyber operations and cyber warfare. As such, it was the first effort to analyse this topic comprehensively and authoritatively and to bring some degree of clarity to the associated complex legal issues. [1]
Collectively calling themselves the International Group of Experts, the authors of the Tallinn Manual include highly respected legal scholars and legal practitioners with experience in cyber issues who were consulted throughout the duration of the project by information technology specialists. The group was led by Professor Michael N. Schmitt, chairman of the international law department at the United States Naval War College, who also served as the project director. Other members of the group included:
Three organisations were represented by observers throughout the drafting process: NATO through its Allied Command Transformation due to the relationship of the NATO Cooperative Cyber Defence Centre of Excellence with NATO, [2] the International Committee of the Red Cross because of its “guardian” role of international humanitarian law, and United States Cyber Command due to its ability to provide the perspective of an operationally mature entity. [3] To add to the academic credibility of the Tallinn Manual, prior to publication it was peer-reviewed by thirteen international legal scholars. [1]
When a draft of the Tallinn Manual was posted on the web site of the NATO Cooperative Cyber Defence Centre of Excellence, [4] it immediately drew the attention of the legal community [5] as well as online media outlets reporting mainly on technology questions. [6] Furthermore, after its official publication on March 15, 2013 at Chatham House, the issue of international law and how that governs cyber warfare was discussed widely among international media with references to the manual. [7] [8] [9]
Although frequently referred to as a NATO manual, [10] [11] this is incorrect. The Tallinn Manual is an independent academic research product representing only the views of its authors in their personal capacity. The manual does not represent the views of NATO nor any other organisation or state, including those represented by the observers. Being the first authoritative restatement of the application and interpretation of international law in the cyber context, however, it may be anticipated that the manual will have an effect on how states and organisations will formulate their approaches and positions in those matters. [12] [13]
The practice of producing non-binding manuals on the application of international humanitarian law is not new. The Tallinn Manual followed in the footsteps of similar efforts, such as the International Institute of Humanitarian Law’s San Remo Manual on International Law Applicable to Armed Conflicts at Sea and the Harvard Program on Humanitarian Policy and Conflict Research’s Manual on International Law Applicable to Air and Missile Warfare .
The manual is divided into sections referred to as “black letter rules” and their accompanying commentary. Essentially, the rules are restatements of international law in the cyber context, as understood and agreed to, by all of the authors. Since the adoption of any rule required consensus among the authors (not including the observers) the commentary attached to each rule serves a critical purpose of outlining differences of opinion as to the precise application of the rule. The commentary also identifies the legal basis of the rules, explains their normative content, and addresses practical implications in the cyber context. [1]
Updates to the Tallinn Manual are conducted on an as-needed basis, reflecting the dynamic nature of cyber operations and the corresponding international legal landscape.
Tallinn 2.0, which followed the original manual, was designed to expand the scope of the Tallinn Manual. Tallinn 2.0 was released in February 2017 and published by Cambridge University Press in the form of a book. [14] [15]
The focus of the original Tallinn Manual is on the most disruptive and destructive cyber operations—those that qualify as ‘armed attacks’ and therefore allowing states to respond in self-defense—and those taking place during armed conflict. Since the threat of cyber operations with such consequences is especially alarming to states, most academic research has focused on these issues. Tallinn 2.0 refers to cyber "operations" as opposed to cyber "conflict" from the original Tallinn Manual. [15]
States are challenged daily, however, by malevolent cyber operations that do not rise to the aforementioned level. The Tallinn 2.0 project examines the international legal framework that applies to such cyber operations. The relevant legal regimes include the law of state responsibility, the law of the sea, international telecommunications law, space law, diplomatic and consular law, and, with respect to individuals, human rights law. Tallinn 2.0 also explores how the general principles of international law, such as sovereignty, jurisdiction, due diligence, and the prohibition of intervention, apply in the cyber context.
A senior fellow at the centre, Professor Michael Schmitt from the United States Naval War College and the University of Exeter, directed the Tallinn 2.0 project. Ms. Liis Vihul of the centre served as its project manager. A team of legal and IT experts from the centre supported the effort. Similarly to its predecessor, the expanded edition of the Tallinn Manual represented only the views of the International Group of Experts, but not of NATO, the NATO CCD COE, its sponsoring nations, nor any other state or organization. [16]
The latest update initiative, known as Tallinn Manual 3.0, was inaugurated in 2021 and is set to span five years. The project seeks to revise the existing content in response to new developments as well as introduce discussions on emerging topics pertinent to state activities in cyberspace. The update process engages a wide spectrum of international law experts, including Professor Michael N. Schmitt whom will serve as the project director, joined as Co-General Editors by Ms. Liis Vihul and Professor Marko Milanović. [17]
Allied Command Transformation (ACT) is a military command of the North Atlantic Treaty Organization (NATO), formed in 2003 after restructuring.
Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page.
Proactive cyber defense, means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defense can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence.
NATO CCD COE, officially the NATO Cooperative Cyber Defence Centre of Excellence, is one of NATO Centres of Excellence, located in Tallinn, Estonia. The centre was established on 14 May 2008, it received full accreditation by NATO and attained the status of International Military Organisation on 28 October 2008. NATO Cooperative Cyber Defence Centre of Excellence is an international military organisation with a mission to enhance the capability, cooperation and information sharing among NATO, its member nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation.
The International Institute of Humanitarian Law (IIHL) is an independent, “non-profit, humanitarian association having social values as its objectives”, founded in 1970 in Sanremo, Italy. Its headquarters are situated in Villa Ormond, while a liaison office of the Institute is established in Geneva, Switzerland.
The HPCR Manual on International Law Applicable to Air and Missile Warfare was formulated by a multi-year project that was set up to restate the existing international laws applicable to air and missile warfare. The project was created in 2003 by the Program on Humanitarian Policy and Conflict Research at Harvard University (HPCR) after consulting with scholars and governmental experts.
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.
Nils Melzer is a Swiss academic, author, and practitioner in the field of international law. From 2016 until 2022, Melzer was the United Nations Special Rapporteur on Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment. He is a professor of international law at the University of Glasgow. From 2011-2013, he was Swiss Chair of International Humanitarian Law at the Geneva Academy of International Humanitarian Law and Human Rights. Melzer has criticised the governments of the U.S., the U.K., Ecuador and Sweden over their treatment of Julian Assange.
Michael N. Schmitt is an American international law scholar specializing in international humanitarian law, use of force issues, and the international law applicable to cyberspace. He is Professor of Public International Law at the University of Reading, the G. Norman Lieber Distinguished Scholar at the Lieber Institute of the United States Military Academy at West Point, and the Charles H. Stockton Distinguished Scholar in Residence at the US Naval War College.
Schmitt analysis is a legal framework developed in 1999 by Michael N. Schmitt, leading author of the Tallinn Manual, for deciding if a state's involvement in a cyber-attack constitutes a use of force. Such a framework is important as part of international law's adaptation process to the growing threat of cyber-warfare. The characteristics of a cyber-attack can determine which legal regime will govern state behavior, and the Schmitt analysis is one of the most commonly used ways of analyzing those characteristics. It can also be used as a basis for training professionals in the legal field to deal with cyberwarfare.
Mariarosaria Taddeo is an Italian philosopher working on the ethics of digital technologies. She is Professor of Digital Ethics and Defence Technologies at the Oxford Internet Institute, University of Oxford and Dslt Ethics Fellow at the Alan Turing Institute, London.
Lt. Col. Richard Brennan is a Barrister-at-Law in the Legal Service of the Irish Defence Forces (IDF) and former National Legal Advisor to the IDF during United Nations peacekeeping operations as a United Nations Military Observer. He is a legal scholar on international humanitarian law and the legal basis of peacekeeping missions.
Colonel Gary D. Brown is an American lawyer and former officer in the United States Air Force. He was the official U.S. observer to the drafting of the Tallinn Manual on the International Law Applicable to Cyber Warfare (2013) and is a member of the International Group of Experts that authored Tallinn Manual 2.0 (2017). Professor Brown also appeared as the legal expert in the documentary film Zero Days (2016).
Robin Geiss is a German academic specializing in public international law. In 2021, he was appointed by United Nations Secretary-General António Guterres as Director of the United Nations Institute for Disarmament Research. Prior to this, Geiss held various academic appointments including as Swiss Chair of International Humanitarian Law at the Geneva Academy of International Humanitarian Law and Human Rights and Director of the Glasgow Centre for International Law and Security at the University of Glasgow.
The NATO Military Engineering Centre of Excellence is an International Military Organization (IMO) as designated by the Paris Protocol of 28 August 1952. The organization is a part of the NATO Centre of Excellence. Sponsored by fourteen European Union Member States, the United Kingdom, Turkey, Canada, and the United States, the Centre belongs to a wider framework that supports NATO’s transformation process. The organization's objective is to assist NATO member countries, nonmember countries, and international organizations in enhancing military engineering capabilities. MILENG COE is co-located in the German Army Military Engineer School in Ingolstadt, Germany. A sister-project is the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).
Gerard Van Caelenberge is a Belgian Air Force general. He was Air Component Commander from 2006 to 2008 and Chief of Defence of the Kingdom of Belgium in March 2012 until he retired in July 2016. He was an expertise and member of the NATO Cooperative Cyber Defence Centre of Excellence.
Marko Milanović is Professor of Public International Law at the School of Law of the University of Reading. He is an editor of the European Journal of International Law and its blog, EJIL: Talk!.
Since Estonia joined NATO in 2004, Estonia has participated in many joint military operations using its Estonian Defence Forces. Estonia has also participated in NATO-led military and peacekeeping operations before 2004.
Locked Shields is an annual cyber defence exercise organised by NATO's Cooperative Cyber Defence Centre of Excellence in Tallinn since 2010. The format is usually that a red team simulates a hostile attack while blue teams from the participating nations simulate their coordination and defence against this.
{{cite journal}}
: Cite journal requires |journal=
(help){{cite journal}}
: Cite journal requires |journal=
(help)