A group from the United Nations is currently working to update the Geneva Conventions in regard to laws concerning cyber activity. The process is being undertaken by experts in international law. The effort is being supported by a think tank conducted by NATO in Estonia.
The update is being referred to as the Tallinn Manual 2.0. It is expected to be published in the second half of next year. Legal experts are meeting in Estonia this week to develop a draft. The updates will be applied to the original manual, which has already been released.
The original manual provided an outline on how the principles of international law might be applied to conflicts in cyberspace. Military strategists often consider cyberspace to be the fifth dimension of warfare, after land, air, sea and space.
The current manual states that cyber attacks, such as the Stuxnet worm that was used against Iran, can be considered an armed attack. Victims of such attacks are legally permitted by the laws of war to retaliate in proportion to the attack’s immediate aftermath, as per the international rules of self-defense.
Additionally, hackers who join a war effort after two or more countries have become engaged in combat are also considered as combatants. Hackers that have been hired in the same way that mercenaries are hired are not granted the same immunities as legal combatants, and they cannot receive prisoner of war status.
The updated version of the Tallinn Manual plans to increase the scope of the original edition by incorporating the principles of peacetime international law which addresses incidents that take place during times of non-war. It will determine whether or not international human rights apply to activities including the collection of metadata by intelligence agencies. If they do, then it must be determined when a state is allowed to engage in those activities.
Additionally, the latest draft will determine what organizations are responsible for laws regarding cyberspace.
The process of updating the Tallinn Manual is being funded, hosted and facilitated by the NATO Cooperative Cyber Defense Center of Excellence. The final meeting to work on the update is scheduled for March of 2016.