Cyberwar and the Rule of Law

October 15 -
 15, 2015

Co-sponsored By:

The Conference

Cyberweapons and cyberwarfare have become the most dangerous innovation of this century1 and are now considered by the FBI to be the number one threat to national security.2 Cyberweapons imperil economic, political, and military systems by a single, often minimal act, or by multifaceted orders of effect, creating a dreadful new potentiality in every dimension. Cyberattacks put immense pressure on conventional notions of sovereignty and the moral and legal doctrines that were developed to regulate them. Unlike past forms of warfare circumscribed by centuries of just war tradition and law of armed conflict prescriptions, cyberwarfare occupies a particularly ambiguous status in the traditions and conventions of the laws of war. Does prevention of a cyberattack, which knows no borders, involve violations of the sovereignty of independent nations? While the United States has shown a willingness to consider cyberattacks to be acts of war,3 on what grounds would this be justified? How should states handle cases when the threats stem from non-state actors acting independently of any state or organization?4 Does the prevention and defense against cyberattacks require invasion of privacy and an incursion into the domain traditionally reserved for law enforcement? As such, does it pose a threat to due process rights, or the moral equivalent of such rights in the international arena? These legal ambiguities, devoid of moral perspective, make adherence to the rule of law in cyberwafare more challenging than in any other domain of warfare.5

In the United States, cyberwarfare technology was originally developed by the Bush Administration and the Obama Administration has further expanded its use. While Secretary of State Clinton has claimed that such tactics are used against al Qaeda6, the use of advanced techniques in cyberwarfare is most evident in recent operations against Iran. The United States purportedly developed a data-mining virus called Flame, a reconnaissance virus named Duqu and a computer worm dubbed Stuxnet that interrupted Iran’s nuclear program by attacking industrial control systems and causing Iranian centrifuges to spin out of control. In doing so, the United States has for the first time used computer programs for purposes that until recently could only be achieved through bombs and other conventional weapons. These actions will not be the last cyberattacks by the United States as the Pentagon’s Defense Advanced Research Projects Agency (DARPA) has recently funded Plan X, which has the goal of not only protecting computer systems but developing the capabilities to disrupt or destroy enemy systems.

The United States and its allies are not the only world powers that have been developing a cyberwar capacity. In 2007, security firm McAfee estimated that 120 countries had already developed ways to use the Internet to target financial markets, government computer systems, and utilities. In 2008, the Russian government allegedly integrated cyber operations into its conflict with Georgia. According to these accusations, Russian cyber intelligence units conducted reconnaissance and infiltrated Georgian military and government networks. When the conventional fighting broke out, Russia used cyberweapons to attack Georgian government and military sites as well as communication installations. Foreign militaries, such as China’s, have conducted exercises in offensive cyber operations, both stealing information from other governments and simulating attacks on other countries command and control systems. In 2011, Iran boasted of having the world’s second-largest cyber army. With states around the globe improving their cyberwarfare capabilities, the world may experience a cyberarms race reminiscent of the Cold War’s nuclear arms race.

This conference will assist in proactively addressing the ethical and moral issues that surround cyberwarfare by considering, first, whether the Laws of Armed Conflict apply to cyberspace just as they do to traditional warfare, and second, the ethical posture of cyberwarfare against the background of our generally recognized moral traditions in international and domestic humanitarian practice. If cyberwar must be held to the standards of the laws and traditions of war, then multiple questions arise. Not only is it difficult to determine when a cyberattack amounts to an act of war, but other sources of ambiguity arise even if we are certain that a cyberattack does fall within the ambit of military action? Thus, for example, proportionality is a crucial question in military ethics, as well as in domestic criminal law. It requires that no more force be used than is necessary to repel an attack or meet other legitimate military objectives. But how does one determine a proportional response to a cyberattack?

In a similar vein, the U.N. Charter promises that members will not use the “threat or use of force against the territorial integrity or political independence of any state” (Article 2, Section 4). This provision, however, is likely inadequate with increasing use of cyberattacks. It leads to questions of whether problems of cyberwarfare require new treaties and legal definitions. For example, does the cyberweapons race require treaties similar to the Treaty on the Non-Proliferation of Nuclear Weapons? As the country that controls the internet infrastructure and had the highest percentage of internet business as a share of its economy, the United States is in a uniquely difficult negotiating position in developing any treaties. Furthermore, cyberattacks put immense pressure on conventional notions of sovereignty and the moral and legal doctrines that were developed to regulate them. In a world of attack and destruction without conventional military assets, do traditional notions of sovereignty based on geography and territorial integrity retain their relevance? To address such questions and more, this conference seeks to bring together leading authorities in the law, technology, and ethical philosophy. By better understanding these ethical issues now, we can be better prepared as cybersecurity becomes a more integral aspect of national security.

  1. Beverly Head, World teeters on cyber-war, May 22, 2012
  2. See, e.g., FBI: Cyber attacks – America’s top terror, March 2, 2012, and, J. Nicholas Hoover, Cyber Attacks Becoming Top Terror Threat, FBI, Feb. 1, 2012
  3. David Sanger and Elisabeth Bulmiller, “Pentagon to Consider Cyberattacks acts of war” New York Times, May 31st, 2012
  4. Stewart A. Baker and Charles J. Dunlap Jr., What Is the Role of Lawyers in Cyberwarfare?, ABA, May 1, 2012,
  5. Id.
  6. Hillary Clinton boasts of US cyberwar against al-Qaeda” The Telegraph, 24 May 2012


8:30 – 9:00Breakfast – Great Hall, University of Pennsylvania Law School
9:00 – 10:15Session 1 – Status of Cyberwar in the Law of Armed Conflict
Moderator: Kevin Govern, Ave Marie School of Law
Shuster Court Room, S-147
Oona A. Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue, Julia Spiegel, The Law Of Cyber-Attack California Law Review, Forthcoming 2012           
David Turns, Cyber Warfare and the Notion of Direct Participation in Hostilities” Journal of Conflict & Security Law, Summer 2012           
Sean Watts, Combatant Status and Computer Network Attacks” From the Selected Works of Sean Watts, February 2010
10:45 – 12:00Session 2 – Are Offensive Uses of Cyberweapons Justified for National Security
Moderator: John Dehn, West Point Center for the Rule of Law
Shuster Court Room, S-147
Harold Koh, “International Law in Cyberspace” State Department           
David Sanger, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, Chapter 8 “Olympic Games”           
Randall R. Dipert, The Ethics of Cyberwarfare Ethics and Emerging Military Technologies, December 16, 2010           
James Cook, Cyberation and Just War Doctrine: A Response to Randall Dipert Journal of Military Ethics, 2010           
Strategy for Operating in Cyberspace, Department of Defense, July 2011
12:00 – 1:30Lunch and Keynote Address: General (Ret.) James CartwrightPenn Law Courtyard
1:30 – 2:45Session 3 – Cybersecurity, Privacy and Police Powers
Moderator: Anita Allen, Penn Law
Shuster Court Room, S-147
Nicole Perlroth, Software Meant to fight Crime is Used to Spy on DissidentsNew York Times
Kerry L. Childe, Cybersecurity and Privacy: Three Federal Proposals SciTech Lawyer
Anita L. Allen, The Virtuous Spy: Privacy as an Ethical Limit The Monist, 2008
3:15 – 4:30Session 4 – Cyberwar and International Humanitarian Law
Moderator: Jens Ohlin, Cornell Law
Shuster Court Room, S-147
Patrick Lin, Fritz Allhoff, and Neil Rowe, Is It Possible to Wage a Just CyberwarThe Atlantic, June 5, 2012           
Roger Crisp, Cyberwarfare: No new Ethics Needed” Practical Ethics, June 19, 2012           
Jeffrey T.G. Kelsey, Hacking into International Humanitarian Law: The Principles of Distinction and Neutrality in the Age of Cyber WarfareLt. Col. Patrick Franzese. “SOVEREIGNTY IN CYBERSPACE: Can it exist?” Air Force Law Review 64 (2009):1-42           
Michael N. Schmitt, “Attack” as a Term of Art in International Law: The Cyber Operations Context
Daniel Rosenfield, “Rethinking Cyberwar” Critical Review: A Journal of Politics and Society
5:00 – 6:15Session 5 – Cybersecurity and the Private Sector
Moderator: Derek Jinks, Penn Law Visitor
Shuster Court Room, S-147
Mary Ellen O’Connell, Cyber Security without Cyber War Journal of Conflict & Security Law, 2012           
Susan W. Brenner with Leo L. Clarke, Civilians in Cyberwarfare: Conscripts Vanderbilt Journal of Transnational Law
Amitai Etzioni, Cybersecurity and the Private Sector Issues in Science and Technology
Eric A. Fischer, Federal laws Relating to Cybersecurity: Discussion of Proposed Revisions Congressional Research Service, April 23, 2012           
Tim Maurer, Breaking Bad: How America’s Biggest Corporation Became Cyber Vigilantes Foreign Policy Magazine, September 10th, 2012
6:15 – 7:15Cocktails – POD restaurant (3636 Sansom Street)
7:15 – 8:45Dinner and Keynote Address: Major General John Davis


Professor Anita Allen

Henry R. Silverman Professor of Law and Professor of Philosophy

General James Cartwright

Retired Vice Chairman JCS

Colonel James Cook

United States Air Force Academy, Dept of Philosophy

Mr. William Craven

Chairman of Federal Systems

Ambassador Dell Dailey

President Dell Dailey and Family

General John  Davis

Major General – U.S. Army

Mr. John Dehn

West Point’s Center for the Rule of Law

Professor Randall Dipert

University of Buffalo

Professor Kevin Govern

Ave Maria School of Law

Dean Duncan Hollis

Temple Law

LTC Leonard Jones

U.S. Army Reserve

Professor Derek Jinks

Penn Law, Visitor

Mr. A. Edward Major

New York lawyer

Professor Larry May


Mr. Christopher Melenovsky

Penn Philosophy

Professor Jens Ohlin

Cornell Law School

Ms. Michelle Richardson

ACLU Washington office

Dr. Harvey Rubin

University of Pennsylvania

Mr. Lee Tien

Electronic Frontier Foundation

Mr. Neal Ungerleider

Independent journalist and contributing writer to Fast Company

Mr. Raha Wala

Human Rights First

Mr. Jules Zacher


Background Readings


  • Mark Clayto, Cyberwar timeline
  • K. Saalbach, Methods and Practice
  • Kenneth Geer, Strategic Cyber Security
  • United States Government Accountability Office, Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities









Contact us

For any questions regarding the conference or registration, please contact: Jennifer Cohen at

Share Cyberwar and the Rule of Law on:

Cyberwar and the Rule of Law