Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Video

Kurt Sanger on Using Laws and Norms to Govern Cyber Conflict

Defense Expert: Why International Law Doesn't Effectively Deter Cyberattacks in War
Kurt Sanger, former deputy general counsel, U.S. Cyber Command

Applying international laws used for armed conflicts to the cyber domain remains elusive because of a lack of precedent and poor visibility in cyberspace, according to a top defense expert.

See Also: Accelerate Your Mission with Elastic as a Global Data Mesh

Uncertainty about covert cyber operations and a failure to establish rules of the road mean cyber law hasn't grown as other legal fields have, says Kurt Sanger, former deputy general counsel at U.S. Cyber Command. The international community instead relies on working groups to establish cyber norms, but it's hard to change behaviors when there are no consequences for violating norms. The Russia-Ukraine war and spillover attacks in other countries are raising new questions about these legal issues (see: Calling Cyber-Experienced Attorneys: Uncle Sam Needs You).

"If you destroyed a system with a missile or something kinetic, then definitely the law of armed conflict would apply," Sanger says. "If you merely brick a device, some would say the fact that you can't operate that device anymore should be considered an armed attack, but others say that the absence of forceful impact keeps it below that threshold."

In this video interview with Information Security Media Group, Sanger discusses:

  • Why it's so difficult to apply international law to cyber conflict;
  • Complications related to prosecuting foreign interference in elections;
  • Top emerging legal issues for the government in the cybersecurity space.

Sanger, who was assigned to U.S. Cyber Command from 2017 to 2022, served as chief judge advocate for plans, policy, partnerships and legislative affairs, and then as chief judge advocate for national security law before serving as deputy general counsel. Sanger has served as a military justice defense counsel and prosecutor, legal adviser to the Afghan National Army general staff, an instructor in operations and international law at Marine Corps University, and planning officer with U.S. Central Command. Sanger previously served as staff judge advocate for U.S. Marine Corps Forces Cyberspace Command. He retired from the Marine Corps this summer as a lieutenant colonel.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.