What makes a cyberattack? Experts lobby to restrict the term

Michael Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, poses for a picture at the Victory Services Club, in London, Friday, March 24, 2017. Schmitt is one of a disparate group of experts campaigning against the layperson definition of “cyberattack” that they argue can lead to dangerous diplomatic missteps. (AP Photo/Tim Ireland)

Policymakers have sometimes struggled to distinguish this-means-war cyberattacks from more mundane forms of electronic subterfuge

LONDON — When U.S. senator John McCain told Ukrainian television that the allegedly Russian-backed breach of the Democratic National Committee's server was "an act of war," Michael Schmitt cringed.

Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, has spent years trying to defuse talk of cyberattacks, an expression used to describe everything from remotely disabling a city's power grid to stealing a Facebook password. The concern, for Schmitt and others, is that overheated rhetoric could prompt dangerous diplomatic missteps.

"We're very nervous when people say 'cyberattack,' because a 'cyberattack' opens the door to a state responding at very highest level of severity," Schmitt said in a recent interview. "If there's any area where we need to be careful, it's this."

Schmitt is one of a group of academics campaigning to change the language around electronic subterfuge. Their work on a recently published handbook, the Tallinn Manual 2.0 , is meant to help policymakers to distinguish serious attacks from minor incidents. Other experts are directly lobbying journalists and politicians to moderate their tone.

"Words matter," said Thomas Rid, who teaches at the Department of War Studies at King's College London. "Words affect intelligence operations; words affect military operations; words affect the behavior of allies and enemies. And of course words shape what lawmakers think and what laws are made. So if we're not precise, we're literally escalating a problem."

Professionals are trying to knock back talk of cyberattacks, too. When Oklahoma Senator Jim Inhofe described the massive data breach at the U.S. Office of Personnel Management as one of America's "most damaging cyberattacks," one of America's top spymasters corrected him.

"I would say that this was espionage," then-Director of National Intelligence James Clapper said . "I think there is a difference between an act of espionage, which we conduct as well, and other nations do, versus an attack."

The indiscriminate use of the word "cyberattack" can also tip the scales of justice, said attorney Jay Leiderman, who has represented a Who's Who of American hackers . Two of the cases Leiderman has been involved in, activist Jeremy Hammond and gonzo journalist Barrett Brown, have featured stiff sentences meted out over alleged "cyber attacks."

"It affects the ability to get a fair trial," said Leiderman. "The person who screws around a little bit is getting the same type of charges and the same kind of media coverage as a state-sponsored actor."

Some don't think it's necessary to crack down on the term.

Dieter Fleck, the honorary president of the International Society for Military Law, said it was generally fine to use the word "cyberattack" so long as it wasn't confused with the much more serious category of intrusions formally known as "armed attacks."

But Jake Davis, the ex-spokesman for the Lulz Security group of hackers, said journalists needed to articulate what was happening online without resorting to the word "cyberattack," a verbal crutch which he said came "from a place of laziness."

The Associated Press Stylebook is defining a cyberattack narrowly as something that causes "physical damage or significant and wide-ranging disruption." The malicious code that allegedly wrecked Iran's centrifuges would qualify. The daily drumbeat of leaks and breaches wouldn't.

The Stylebook definition, announced Friday , was welcomed by Schmitt, who called it a "monumental step forward."

Even those who worry that the misuse of the word "cyberattack" is too widespread to stop backed the move.

"It may be too late," said Josephine Wolff, an associate of the Harvard Berkman Center for Internet & Society. "But I do think that there's value in helping people making the distinction."

___

An earlier version of this story misspelled the name of journalist Barrett Brown. His name is Barrett, not Barret.

___

Online:

Thoughts on cyberattacks? Raphael Satter is reachable on: http://raphaelsatter.com

Related News

Apple boss Tim Cook optimistic about UK's future...

Feb 9, 2017

Apple CEO Tim Cook says the company the technology giant is committed to Britain's future outside...

Apple's Tim Cook: Fake news is 'killing people's...

Feb 11, 2017

Apple chief executive Tim Cook says fake news is "killing minds," and governments and tech firms...

Yahoo issues another warning in fallout from...

Feb 15, 2017

Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016

Epic 'Planet Earth II' offers creatures'-eye view...

Feb 16, 2017

From jungles to deserts to mountains, the BBC's epic nature series "Planet Earth II" takes viewers...

Uber to investigate sexual harassment claim by...

Feb 20, 2017

Uber's CEO has ordered an investigation into a sexual harassment claim made by a female engineer...

The dirty dozen: UN issues list of 12 most...

Feb 27, 2017

The World Health Organization has issued a list of the top dozen bacteria most dangerous to humans,...

Peaple also read these

UK judge says Tunisia police 'shambolic' during...

Feb 28, 2017

The Tunisian police response to a deadly gun attack on a popular beach resort was "at best...

French shares outperform as polls show narrow...

Apr 20, 2017

France's main stock market outperformed its counterparts in Europe on Thursday as traders priced in...

Fox harassment claims create clouds around Sky...

May 9, 2017

A U.K. scandal torpedoed Rupert Murdoch's first attempt to take control of Britain's Sky TV

The Latest: 29,000 Chinese institutions hit by...

May 15, 2017

Chinese state media say more than 29,000 institutions across China have been infected by the global...

Billion dollar race to break 2-hour marathon mark...

May 17, 2017

Nike, Adidas and Vodafone are all backing separate plans to break a key barrier in athletics: a...

Sign up now!