LONDON (AP) — Even cyberwar has rules, and one group of experts is putting out a manual to prove it.
Their handbook, due to be published later this week, applies the practice of international law to the world of electronic warfare in an effort to show how hospitals, civilians and neutral nations can be protected in an information-age fight.
"Everyone was seeing the Internet as the 'Wild, Wild West,'" U.S. Naval War College Professor Michael Schmitt, the manual's editor, said in an interview before its official release. "What they had forgotten is that international law applies to cyberweapons like it applies to any other weapons."
The Tallinn Manual — named for the Estonian capital where it was compiled — was created at the behest of the NATO Cooperative Cyber Defense Center of Excellence, a NATO think tank. It takes existing rules on battlefield behavior, such as the 1868 St. Petersburg Declaration and the 1949 Geneva Convention, to the Internet, occasionally in unexpected ways.
Marco Roscini, who teaches international law at London's University of Westminster, described the manual as a first-of-its-kind attempt to show that the laws of war — some of which date back to the 19th century — were flexible enough to accommodate the new realities of online conflict.
The 282-page handbook has no official standing, but Roscini predicted that it would be an important reference as military lawyers across the world increasingly grapple with what to do about electronic attacks.
"I'm sure it will be quite influential," he said.
The manual's central premise is that war doesn't stop being war just because it happens online. Hacking a dam's controls to release its reservoir into a river valley can have the same effect as breaching it with explosives, its authors argue.
Legally speaking, a cyberattack that sparks a fire at a military base is indistinguishable from an attack that uses an incendiary shell.
The humanitarian protections don't disappear online either. Medical computers get the same protection that brick-and-mortar hospitals do. The personal data related to prisoners of war has to be kept safe in the same way that the prisoners themselves are — for example by having the information stored separately from military servers that might be subject to attack.