MIT white logo

Global CyberPolitics

Complexity of International Law for Cyber Operations

A test case for applications of analytics for cybersecurity of complex cyber-physical systems developed for POLICY ANALYTICS—focuses on Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Schmitt 2017)—is undertaken through the lens of computational logic informed by complexity theory.

The case is undertaken through the lens of computational logic informed by complexity theory. Tallinn Manual 2.0, a seminal work, of nearly 600 pages (Figure below), can best be seen as an interpretation of international law. At this point, however, it is viewed as a set of norms. If these norms become widely accepted, they will assume the status of international law.

Tallinn Manual 2.0 overview.

OVERVIEW OF TALLINN MANUAL 2.0
Source: Choucri, N. (2019, July 9–10). Analytics for Cybersecurity of CPS–Overview and Year 1 Report. [Conference session]. Summer 2019 Quarterly Science of Security and Privacy Lablet Meeting, Lawrence, Kansas, United States.
Note: Based on Schmitt, M. N. (Ed.). (2017). Tallinn manual 2.0 on the international law applicable to cyber operations. Cambridge University Press.

Tallinn Manual 2.0 extends and supersedes the legal principals put forth in Tallinn Manual on the International Law Applicable to Cyber Warfare (Schmitt 2013) to include public international law operations in times of peace.

Framed by a group of experts convened by the NATO Cooperative Cyber Defense Center of Excellence, Tallinn reflects the state of law at the point of its publication.

Analytics & Method Simplified

This research Project illustrates the value-added of complexity coupled with computation—generic in frame and in form— that enables researchers to:

  • Generate new ways of analyzing policy texts;
  • Create transparency in the system, for the “whole” and for its “parts”;
  • Extend conventional views of the policy system; and
  • explore contingencies such as, “what if…?”

The text of Tallinn Manual 2.0 serves as the “raw data” for these investigations. In a document of nearly 600 pages, text-as-conduit imposes a form of sequential logic in an otherwise complex and interconnected set of directives. To simplify, a chain of computational moves enable the transformation of text into metrics for statistical analysis of the legal corpus and its properties. To simplify, the moves are as follows:

  • From Policy Text to System Structure;
  • From System Structure to Base Metrics;
  • From Base Metrics to Summed Frequency;
  • From Frequencies to Reference Network Model;
  • From Reference Model to Policy Transparency;

The following section highlights some notable results for the Tallinn Manual 2.0 in its network form.

Select Results – Network Views

The results are presented here in the form of system network views. Two different system displays are shown below.

ONE is the system reference model or base case, with the Rules (nodes) and connections(interface) that show both structure and organization of the document. The display in the Figure below does not rely on statistical properties. It is strictly a relational model.

Network model of Tallinn Manual 2.0—reference case.
NETWORK MODEL OF TALLINN MANUAL 2.0–BASE CASE.
Source: Choucri N., and G. Agarwal. 2021 “Complexity of International Law for Cyber Operations“, 2021 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1-7.
Note: Each node represents an individual Rule (with rule number), identified by Part.

TWO is the network model with direct feedback between articles. The model shows the concentration of salient rules and the connectivity among Parts I, II, and III (on the left side of the network view in Figure below); these are in contrast to network segmentation and relative isolation of Part IV (on the right side). This result signals a somewhat bifurcated system.

Rules-salience (eigenvalue centrality) of the reference case for Tallinn Manual 2.0.

RULES-SALIENCE (EIGENVALUE CENTRALITY) OF THE REFERENCE CASE FOR TALLINN MANUAL 2.0.
Source: Choucri N., and G. Agarwal. 2021 “Complexity of International Law for Cyber Operations“, 2021 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1-7.
Note: Each node represents an individual Rule (with rule number), identified by Part. Node size represents eigenvalue centrality score. Arrow width indicates the frequency with which the source Rule (node) refers to the target Rule (node) at the head of the arrow.

Inferences & Conclusions

The logic of Tallinn Manual 2.0 assumes the absence of any significant difference between the structure of the international system and its legal principles on the one hand, and the networked system of cyberspace and its operational principles, on the other.

In retrospect, it is clear that until very recently cyberspace has been a matter of low politics for the state system as a whole. Now that cyberspace has been catapulted to the highest levels of high politics, the international community faces a common dilemma: how to manage the cyber domain in a world where state sovereignty is no longer the sole operating authority system.

Then, by definition, legal systems are structured to resist pressures for rapid change. Equally, by definition, all matters “cyber” transcend any efforts to limit the rates of change for any aspect thereof.

Clearly, it is evident that Tallinn Manual 2.0 was not designed to “fit” the characteristic features of cyberspace. Its purpose was to develop the legal bases managing relations between states—during war and during peace.

While states are increasingly able to control Internet access and content transmission, the principle of sovereignty is yet to be aligned effectively with the extent to which global communication networks and cross-border information flows are managed by non-state entities.

Reference: