Go to contents

The Tallinn manual

Posted April. 12, 2013 20:11,   


The South Korean government said North Korea’s military intelligence agency masterminded the cyber attack that paralyzed the IT networks of broadcasters and financial companies on March 20. As for the Stalinist regime’s missile launch, it said, “We will punish the origin of the attack, supporting and commanding forces more than 10 times what they does.” Whether Seoul will respond to the cyber attack or not remains to be seen. Some people say, “Since a cyber attack is combat, South Korea needs to punish North Korea." Nevertheless, it is not easy to do so under the international laws.

Is there any international law on cyber combat just like the Geneva Conventions that define the protection of civilians and POWs during a war? As of now, there exists only the "Tallinn Manual" created by the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE). In this manual, NATO defined cyber attacks as one of "armed conflicts." It has allowed mobilizing military power in case a cyber attack costs lives or damage properties; if subway trains collide due to a cyber attack and produce casualties, the country can launch a missile against the terrorist country. The manual, however, is not legally binding and a discussion on an international agreement is still in its infancy.

Tallinn, the capital of Estonia, had severe cyber attacks on the government, the parliament, the media, and banks for several weeks in 2007. Upon moving a statue of Soviet Union soldiers, a cyber attack started in Estonia. Russia was suspected for de facto power behind the attack, which it denied. But later, the European Union set up the NATO Cooperative Cyber Defence Centre of Excellence in the city and has since researched and held discussions on cyber warfare. Tallinn is also the origin of "non-blood revolution" that made three Baltic countries independent from the Soviet Union by creating the longest “human line” in the world.

Korea has a good Internet infrastructure but its private sector is too bulky to deal with cyber attacks. Cyber experts have advised the government to change the approach toward cyber security so as to encompass both defense and attack, from an ex-post-facto response. The U.S. government has accepted cyber troops as the fourth forces in addition to the Army, the Navy, and the Air Forces, declaring that it will develop cyber weapons. The Korean National Assembly has recently proposed a new “bill on preventing cyber attacks on the country level,” which sets the National Intelligence Agency as the control tower. For the sake of national security, discussions on relevant laws should be started as soon as possible.

Editorial Writer Shin Yeon-soo (ysshin@donga.com)