By: Siya U. Hedge
The massive data breach of 2013, which compromised millions of Target customers’ private information, resulted in a major class action lawsuit and triggered a nationwide panic. It stands as one of the more startling examples of private information compromise in recent history. Unfortunately, it has not been the only event of its kind.
The current landscape of cyberwarfare remains a hot, yet unresolved, topic in the domain of international law. On November 4, 2016, the North Carolina Journal of International Law hosted an array of authors and commenters whose significant contributions to the field at large made for some thought-provoking discussion. Among the authors who presented at this annual symposium were Dr. Scott Shackelford, Professor Nicolas Jupillat, Major General Charles J. Dunlap, and James Tucker ; although she was unable to attend, Dr. Susan Brenner was also recognized for her topic entitled, “Threat Morphing in Cyperspace?” UNC Law professors John Coyle, Mary-Rose Papandrea, and Arthur Mark Weisburd served as commenters who offered constructive feedback on the presenters’ written submissions. The following ideas come from a question and answer panel at the beginning of the symposium.
Generating intellectually engaging conversations about cyberwarfare is especially critical in today’s technologically advanced world. A better understanding of what cyberwarfare is can affect how we choose to operate as a society. It can influence our perceptions of “war” when diplomacy fails. It can also create a psychological impact on those of us who feel paralyzed when our communication devices are not at our fingertips.
Understanding what distinguishes cyberwarfare from cybercrime is just as critical an endeavor. Cyberwarfare does not rest exclusively within or outside the greater cyber domain. However, it stands as a public international issue that involves both state and non-state actors. Cybercrime, on the other hand, is trans-national in scope and focuses on the conflict of law as it solely involves non-state actors.
In spite of their notable differences, it is common to perceive cyberwarfare and cybercrime as opposite sides of the same coin. But where are the lines blurred, and at what point does cybercrime bleed into the realm of cyberwarfare?
Drawing these lines of distinction is so difficult to do, in part, because of their ambiguous terminologies. Most cybercrimes fall under the umbrella classification of cyberwarfare, but not all examples of cyberwarfare are cybercrimes. Generally speaking, there is also a lack of information on how data breaches exactly occur. Thus, without a proper understanding of what factors cause malicious cyber attacks, it becomes a greater challenge to design legal solutions and remedies in response to these wide-scale problems.
Nonetheless, knowing the magnitude of the danger associated with a potential cyberwarfare scenario will affect how the international community thinks and acts to prevent the issue as a whole. Nothing is secure in the cyber domain, and there is no such thing as absolute privacy of information. This reality plays out as being rather unproductive for a society that relies on the free exchange of ideas. It is also at odds with the social assumptions on how the legal system should be framed. That is, we cannot restructure our entire legal system thinking that private, privileged communications will be disclosed elsewhere.
So, what can we as individuals do to protect each other and ourselves against the dangers of cyberwarfare and cybercrime? Installing certain safeguards in a corporate policy will, for example, help ensure that a business will not be the victim of a cyber-attack. So too will developing a stronger knowledge base of information technology and data operating systems. Companies constantly need to be on the lookout for risk of their information being stolen. They need to continuously update their responses to potential threats and enforce best management practices. These starting points also apply to law firms, as they are especially prone to facing an increased liability towards the inadequate protection of their data reliability.
International law is about nation building. The symposium’s opening panel concluded with its thoughts on the future of cyber policy in the hands of a new American presidency. While the Obama administration has taken some active measures over the past eight years on the issue at large, there have been insufficient interagency developments and a lack of structure in the legal system responding to it. Intergovernmental coordination in direct response to cyber policy is key. The president-elect must abstain from vetoing any upcoming legislation on the subject of cyber security, and must attend to how government employees handle data transmission and policy developments. Most importantly, there must be a sustained executive focus on resiliency, re-constitution, and low-tech, cost-effective solutions in a world where the free dissemination of information may be unexpectedly compromised.
 Michael Riley et al., Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It, Bloomberg (Mar. 17, 2014, 10:31 AM EDT), http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data [https://perma.cc/8VSC-MT8D].
 Professor of Business Law and Ethics, Kelley School of Business at Indiana University
 Professor, Detroit Mercy School of Law
 Executive Director, Center on Law, Ethics, and National Security at Duke School of Law
 Chief, Cyber Special Programs Law, 24th Air Force, Joint Base San Antonio, Texas
 Samuel A. McCray Chair in Law, Dayton School of Law