The cybersecurity community considers Stuxnet to be “game-changing” malware because of its sophistication, purpose, and implications. As a political event, we are still debating Stuxnet’s significance. This presentation analyzes whether Stuxnet can be considered an act of war under international law. The analysis reveals tension between the application of international legal doctrine and state practice concerning the Stuxnet incident. This tension exposes possible cyber-specific shifts in important thresholds in international law between intervention, use of force, and armed attack. These shifts raise important and potentially worrying policy issues about state development and use of cyber technologies as part of geopolitical competition for influence and power.
David P. Fidler is the James Louis Calamaras Professor of Law at the Indiana University Maurer School of Law and is a Fellow at the Indiana University Center for Applied Cybersecurity Research. His research includes work on “non-lethal” weapons, including conventional, biological, chemical, and cyber technologies. His publications include the forthcoming “Inter Arma Silent Leges Redux? The Law of Armed Conflict and Cyber-Conflict,” in Cyber Challenges and National Security (Derek Reveron, ed.) (Georgetown University Press, 2012) and “Was Stuxnet an Act of War? Decoding a Cyberattack,” IEEE Security & Privacy (July/August 2011). He currently teaches Cybersecurity Law and Policy: Crime, Terrorism, Espionage, and War in Cyberspace and is developing a casebook on this topic.