NATO Researchers: Stuxnet Attack On Iran Illegal, Violation Of Int'l Law

Tehran, March 27, IRNA -- A cyber attack that sabotaged Iran’s uranium enrichment program was an “act of force” and was likely illegal, according to research commissioned by NATO’s cyber warfare center. “Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by international legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia. Acts of force are prohibited under the United Nations charter, except when done in self-defense, said Michael Schmitt, professor of international law at the U.S. Naval War College in Rhode Island and lead author of the study. The 20 experts who produced the study were unanimous that Stuxnet was an act of force, but were less clear about whether the cyber sabotage against Iran’s nuclear program constituted an “armed attack,” which would entitle Iran to use counter-force in self-defense. An armed attack constitutes a start of international hostilities under which the Geneva Convention’s laws of war would apply. Stuxnet was launched in 2009 and 2010, and possibly 2008 as well, and targeted cascades and centrifuges at the Natanz uranium enrichment plant in Iran. The cyber weapon was reportedly designed by Israel and the U.S. in an effort to set back Iran’s ability to produce a nuclear weapon, though the U.S. has not officially acknowledged its role in the attack. Until the attacks occurred, intelligence agencies speculated that Iran would be able to produce a nuclear weapon by 2010. The 300-page NATO manual was produced by 20 researchers, including legal scholars and senior military lawyers from NATO countries, with assistance from cyber security analysts. “We wrote it as an aid to legal advisers to governments and militaries, almost a textbook,” Schmitt said. “We wanted to create a product that would be useful to states to help them decide what their position is. We were not making recommendations, we did not define best practice, we did not want to get into policy,” he said./end