Tallinn Manual

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Tallinn Manual (Original title: Tallinn Manual on the International Law Applicable to Cyber Warfare) is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. The Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012. The Tallinn Manual was published in April 2013 by Cambridge University Press.

In late 2009, the NATO Cooperative Cyber Defence Centre of Excellence convened an international group of legal scholars and practitioners to draft a manual addressing the issue of how to interpret international law in the context of cyber operations and cyber warfare. As such, it was the first effort to comprehensively and authoritatively analyse this topic and to bring some degree of clarity to the associated complex legal issues.[1]

Process and authors[edit]

The authors of the Tallinn Manual, the so-called International Group of Experts, include highly respected legal scholars and legal practitioners with experience in cyber issues, who were throughout the duration of the project consulted by information technology specialists. The International Group of Experts was led by Professor Michael N Schmitt, Chairman of the International Law Department at the United States Naval War College, who also served as the Project Director. Other members of the International Group of Experts included Professor Wolff Heintschel von Heinegg from Viadrina European University, Air Commodore (ret.) William H. Boothby from the United Kingdom Royal Air Force, Professor Thomas C. Wingfield from the George C. Marshall European Center for Security Studies, Bruno Demeyere formerly from the Catholic University of Leuven, Professor Eric Talbot Jensen from Brigham Young University, Professor Sean Watts from Creighton University, Dr Louise Arimatsu from Chatham House, Captain (Navy) Geneviève Bernatchez from the Office of the Judge Advocate General of the Canadian Forces, Colonel Penny Cumming from the Australian Defence Force, Professor Robin Geiss from the University of Potsdam, Professor Terry D. Gill from the University of Amsterdam, Netherlands Defence Academy and Utrecht University, Professor Derek Jinks from the University of Texas, Professor Jann Kleffner from the Swedish National Defence College, Dr Nils Melzer from the Geneva Centre for Security Policy and Brigadier General (ret.) Kenneth Watkin from the Canadian Forces. Professor James Bret Michael from the United States Naval Postgraduate School and Dr Kenneth Geers and Dr Rain Ottis both previously from the NATO Cooperative Cyber Defence Centre of Excellence served as the technical advisors.

Three organisations were represented with observers throughout the drafting process: NATO through its Allied Command Transformation due to the relationship of the NATO Cooperative Cyber Defence Centre of Excellence with NATO,[2] the International Committee of the Red Cross because of its “guardian” role of international humanitarian law, and United States Cyber Command due to its ability to provide the perspective of an operationally mature entity.[3] To add to the Tallinn Manual’s academic credibility, prior to publication it was peer-reviewed by thirteen international legal scholars.[1]

When the pre-publication draft of the Tallinn Manual was posted on the website of the NATO Cooperative Cyber Defence Centre of Excellence,[4] it immediately drew the attention of the legal community[5] as well as online media outlets reporting mainly on technology questions.[6] Furthermore, after its official launch on March 15, 2013 at Chatham House, the issue of international law and how it governs cyber warfare, with references made to the Tallinn Manual, was widely discussed on the international media.[7][8][9]

Although frequently referred to as a NATO manual,[10][11] such claims are incorrect. The Tallinn Manual is an independent academic research representing only the views of its authors in their personal capacity. The manual does not represent the views of NATO or any other organisation or state, including those represented by the observers. However, being the first authoritative restatement of international law’s application and interpretation in the cyber context, it can be anticipated that the Tallinn Manual will have an effect on how states and organisations will formulate their approaches and positions in those matters.[12][13]


The practice of producing non-binding manuals on the application of international humanitarian law is not new. The Tallinn Manual followed in the footsteps of earlier similar efforts, such as the International Institute of Humanitarian Law’s San Remo Manual on International Law Applicable to Armed Conflicts at Sea and the Harvard Program on Humanitarian Policy and Conflict Research’s Manual on International Law Applicable to Air and Missile Warfare.

The book is divided into so-called “black letter rules” and accompanying commentary. The rules are essentially restatements of international law in the cyber context, as understood and agreed by all the authors. Since the adoption of any rule required consensus among the authors, not including the observers, the commentary attached to each rule serves a critical purpose of outlining differences of opinion as to the precise application of the rules. The commentary also identifies the rules’ legal basis, explains their normative content, and addresses practical implications in the cyber context.[1]

International Acceptance And Applicability[edit]

Tallinn Manual cannot have legal effect until it is recognized internationally. However, international legal issues of cyber attacks [14] are very complicated in nature due to conflict of laws in cyberspace.[15] There is no universally applicable cyber security treaty and many legal experts believe that an international cyber security treaty is urgently required.[16] They believe that cyber security collaboration must be an international issue.[17]

For instance, the Tallinn Manual cannot be relied upon for resolving international cyber warfare attacks and defence related issues.[18] These issues can be resolved only when there is a truly effective international solution for the same. Since cyber attacks are global in nature with an inconclusive authorship attribution,[19] it is really difficult to attribute a cyber attack to a particular country.

Few questions that must be addressed in these circumstances are how NATO or those related to this Manual would “enforce” it, why should it be considered to be “binding and enforceable” at the international level, what if people, institutions and states “defy” this Manual, etc. Use of physical force may not be the best solution in those circumstances. Further, counterstrike through aggressive defence against cyber attacks is also not a viable option and is full of legal consequences.[20] NATO’s policy that a significant cyber attack on any member of the alliance could be viewed as an attack on all is also fallacious and practically non implementable.


  1. ^ a b c Schmitt, Michael N (Gen. ed.) (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. New York, United States of America: Cambridge University Press.
  2. ^ "NATO - Topic: Centres of Excellence". Nato.int. 2012-07-30. Retrieved 2013-04-20. 
  3. ^ "News Release: Cyber Command Achieves Full Operational Capability". Defense.gov. Retrieved 2013-04-20. 
  4. ^ "CCD COE - The Tallinn Manual". Ccdcoe.org. Retrieved 2013-04-20. 
  5. ^ Boyle, Ashley (2012-09-24). "International law takes on cyber: significant challenges ahead - The Hill's Congress Blog". Thehill.com. Retrieved 2013-04-20. 
  6. ^ "Security Think Tank Analyzes How International Law Applies to Cyber War". SecurityWeek.Com. 2012-09-04. Retrieved 2013-04-20. 
  7. ^ "Politics". Mother Jones. Retrieved 2013-04-20. 
  8. ^ Nakashima, Ellen (2013-03-10). "In cyberwarfare, rules of engagement still hard to define - Washington Post". Articles.washingtonpost.com. Retrieved 2013-04-20. 
  9. ^ Posted: Mar 21, 2013 5:31 AM ET (2013-03-21). "Are there international rules for cyberwarfare? - World - CBC News". Cbc.ca. Retrieved 2013-04-20. 
  10. ^ Owen Bowcott, legal affairs correspondent (2013-03-18). "Rules of cyberwar: don't target nuclear plants or hospitals, says Nato manual | World news". London: The Guardian. Retrieved 2013-04-20. 
  11. ^ Technology (2013-03-19). "Rules of cyberwar set out for first time in Nato manual". London: Telegraph. Retrieved 2013-04-20. 
  12. ^ Koh, Harold Hongju. "International Law in Cyberspace: Remarks of Harold Koh". 54 Harv. Int'l L.J. Online 1 (2012). Retrieved 2013-04-20. 
  13. ^ Schmitt, Michael N. "International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed". 54 Harv. Int'l L.J. Online 1 (2012). Retrieved 2013-04-20. 
  14. ^ "International Legal Issues Of Cyber Attacks, Cyber Terrorism, Cyber Espionage, Cyber Warfare And Cyber Crimes". International And Indian Legal Issues Of Cyber Security. 11 March 2013. Retrieved 12 September 2014. 
  15. ^ "Conflict Of Laws In Cyberspace, Internet And Computer Era". Private International Law, Cyberspace, Internet And Cross Border Jurisdictional Issues. 9 October 2013. Retrieved 12 September 2014. 
  16. ^ "International Cyber Security Treaty Is Required". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 9 January 2014. Retrieved 12 September 2014. 
  17. ^ "Cyber Security Must Be An International Issue". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 8 January 2014. Retrieved 12 September 2014. 
  18. ^ "Is The Tallinn Manual On The International Law Applicable To International Cyber Warfare Attacks And Defence". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 22 March 2013. Retrieved 12 September 2014. 
  19. ^ "Cross Border Cyber Attacks, Authorship Attribution And Cyber Crimes Convictions". Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI). 29 March 2013. Retrieved 12 September 2014. 
  20. ^ "Cybercrime and cyberterrorism: Preventive defense for cyberspace violations". Computer Crime Research Center. 10 March 2006. Retrieved 12 September 2014. 

External links[edit]