Rick Aldrich is the Senior Computer Network Operations Policy Analyst for the Information Assurance Technology Analysis Center and a Lead Associate for Booz Allen Hamilton. Prior to these positions he served as the Deputy Staff Judge Advocate for the Air Force Office of Special Investigations, specializing in the cybercrime and information operations portfolios. He has been awarded several grants by the Institute for National Security Studies to study the legal and policy implications of cybercrime and information warfare. He has multiple publications in this field, including a chapter on information warfare in the widely used textbook, National Security Law. He was a co-author of DoD’s award-winning CyberLaw 1 computer-based training product and the subsequent CyberLaw 2 product. He has presented at several national and international conferences including the High Technology Crime Investigation Association’s International Conference, SANSFire, the International Association of Privacy Professionals, a conference on Arms Control in Cyberspace (Berlin) and a Cyber Terrorism Conference (Bogota). He has also been an invited speaker at each of the military Service's Judge Advocate General's Schools, the National Defense University, the DoD Information Assurance Symposium and the DoD Cyber Crime Conference and was a participant in both the U.S. Attorney General’s Cybercrime Summit and the Hoover Institution's National Security Forum on International Cooperation to Combat Cyber Crime and Terrorism. He participated in an international forum on computer network defense in Canberra, Australia and one on law and computer forensics in Koblenz, Germany. He has a Bachelor of Science degree in Computer Science from the US Air Force Academy, a Juris Doctor from UCLA, and a Masters of Law in Intellectual Property Law from the University of Houston. He is also a CISSP.
Richard W. Aldrich
13200 Woodland Park Road, Suite 5139
Herndon, VA 20171
(703) 984-0785, fax: (703) 984-5817
Challenges in Applying the Law of Armed Conflict to Cyberspace
On June 17, 2010 a small antivirus company established in Belarus discovered the Stuxnet worm. Later research would reveal that an earlier variant of the worm existed at least a year earlier. Stuxnet reputedly caused the physical degradation of some 1000 centrifuges at the Natanz facility in Iran, based on data of the International Atomic Energy Agency (IAEA) . While the identity of the perpetrators is still unknown almost two years later, some have suggested nation-state involvement due to the sophistication of the malware. The heavily hardened Natanz facility was built to withstand “bunker buster” bomb attacks, but apparently not cyber-attacks. The incident, involving a sophisticated cyber “weapon,” has created new impetus for examining the law of armed conflict in cyberspace.
On the 5th of February of this year, several senior government officials, including Secretary of State Hillary Clinton, Prime Minister David Cameron, Chancellor Angela Merkel and others, participated in the 47th Munich Security Conference to address, among other issues, how the Geneva and Hague Conventions should be applied in cyberspace. A joint US-Russian bilateral document presented at the conference offered recommendations in five key areas:
1. Detangling Protected Entities in Cyberspace
2. Application of the Distinctive Geneva Emblem Concept in Cyberspace
3. Recognizing New Non-State Actor and Netizen Power Stature
4. Consideration of the Geneva Protocol Principles for Cyber Weaponry
5. Examination of a Third, ‘Other-Than-War’ Mode
This paper will examine the merits and challenges of each recommendation.
Additionally, the paper will address the overarching challenge of attribution in cyberspace. As long as nations believe they can act anonymously refined rules of behavior may have little practical effect. Yet currently nation states can quite easily create plausible deniability in cyberspace by a variety of means, including discretely delegating the dirty work to sophisticated cybercrime organizations or bot herders, employing anonymizers, spoofing, and/or by using a wide variety of other obfuscation techniques.
 David Albright, Paul Brannan, and Christina Walrond, “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Preliminary Assessment,” ISIS, Dec. 22, 2010 (available at http://www.isis-online.org/isis- reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant/).