In 2016, there will be a revamped Tallinn Manual to guide the hand of NATO Cyber Security. The Tallinn Manual began as a non-binding academic agreement and is an interesting case of how the academic community has an impact on the mandate of an important international Alliance. The focus of the original Tallinn Manual is on the most “disruptive and destructive” cyber operations, and determining if they qualify as ‘armed attacks.’ The purpose is to determine if nations could respond in self-defence, largely because the threat of cyber operations with such consequences is especially alarming.
The Tallinn Manual addresses cyber espionage and theft of intellectual property as a serious thr
eat to all nations and private actors, but does not seek to answer these questions. The original Tallinn Manual consisted of some Canadian content in the work of Geneviève Bernatchez from the Office of the Judge Advocate General of the Canadian Forces, and Brigadier General (ret.) Kenneth Watkin from the Canadian Forces.
Tallinn 2.0 is the follow-on project, designed to expand the scope of the original Tallinn Manual. Tallinn 2.0 explores how principles of international law, such as sovereignty, jurisdiction, due diligence and the prohibition of intervention, apply in the cyber context. There are some questions still as to whether or not this review will go far enough to tackle issues like criminality in cyberspace. This is the most important element of the new Tallinn Manual, and thus far a NATO binding agreement on cyber crime has yet to form.
The Canadian Cyber Security Strategy (CCSS) is quickly approaching the sixth year since its introduction, and similar to the Tallinn Manual is due for renewal in 2016. It offers a distinct focus on some of the elements that the Tallinn Manual neglected, namely the criminality of cyber activity. The CCSS identifies that “Cyber security affects us all, in part because even attackers with only basic skills have the potential to cause real harm.” The focus of the CCSS is to secure all Canadian networks, stating that,
“Cyber security is a shared responsibility, one in which Canadians, their governments, the private sector and our international partners all have a role to play. The Strategy reflects this shared responsibility. Implementation will be a collective effort. Its success will depend on our ability to work together.”
Both Canada and NATO have taken steps to be on the front of the cyber war and cyber crime wave. Proactive thinking is important because cyber challenges are so fluid, and rapidly evolving, we need comprehensive and cohesive policy solutions. The Tallinn Manual, CCSS and similar strategies need to be reviewed more often, and should include a wider focus.
One of the most important issues that the Tallinn Manual 2.0 and the future CCSS must address is the response to cyber conflict. Currently, Canada and NATO have no outlined response to cyber war in a similar fashion to that of a conventional attack. In the future, cyber weapons could be used more frequently. Therefore, this needs to be addressed in binding agreements in a similar fashion to that which is outlined for conventional conflict. As conflict has changed, so too must our laws that govern it.
Canada’s connection to the original Tallinn Manual, and NATO’s international leadership quality offer an opportunity to develop a comprehensive and binding cyber security strategy. This type of strategy begins with the Tallinn manual 2.0, and the use of effective national strategies like the CCSS. For successful cyber strategy, the public and private, the national and the international, all need to be on the same page. Global solutions are the only option. Canada and NATO have an important opportunity to develop the first truly comprehensive and binding regional agreement on cyberspace. This type of agreement could demonstrate NATO’s leadership, and be the model for future global policy goals surrounding cyberspace issues.