Professor Michael Schmitt, Chairman of the International Law Department at the United States Naval War College and leader of the international team of legal experts that penned the 300 pages long manual, has commented that it was only intended as a starting point for further discussions about laws concerning cyber warfare.
Not to be considered an official document sponsored in any way by NATO or reflecting its doctrine, it contains only the personal opinions of the aforementioned legal experts.
"We wanted to create a product that would be useful to states to help them decide what their position is,” he commented for The Washington Times. “We were not making recommendations, we did not define best practice we did not want to get into policy."
Given the extent and the complexity of the issues it covers, it should not come as a surprise that it took them nearly three years to finish the manual and make it public.
Some say that it may be a little premature. James Lewis, Director and a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, says that the authors of the manual “are writing way ahead of practice.”
In his opinion, there have still not been enough cyber conflicts to enable countries to interpret existing international laws in order to address the issue adequately.
The authors said that they consider the Stuxnet attack was definitely an "act of force" (any cyber operation that caused harm to individuals or damage to objects) but not all agree on whether its severity was enough to make it an "armed attack" (a "grave" use of force).
If you have time on your hands are interested on what they had to say, I recommend the manual wholehartedly. If you are short of time, but would like to know the gist of it, you can always check out this short fact sheet that summarizes its most important points.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.