 Well, good morning everyone. Happy Monday. My name is Heather Conley. I'm Senior Fellow and Director of the Europe Program here at CSIS. We are delighted, every once in a while, our timing is perfect and our timing was perfect because we understand that the President, President Obama, will be giving a major address on Thursday at the National Defense University on the legal framework and policy for drone attacks as well as for Guantanamo Bay. So I couldn't think of a better timed event to help us tease out the most important issues and the important questions. And there is one international organization that is at the heart of the important parts of the speech that President Obama will give, and that is the International Committee for the Red Cross. We are delighted to welcome Vice President Christine Barely from the ICRC. Madame Barely was elected to the Upper House of the Swiss Parliament in 1991 and has served in leading roles in the Parliament from Chair of the Foreign Affairs Committee to serving on a variety of committees of important security policy, economic and legal issues. Since retiring from politics in 2003, Madame Barely has served as the head of Swiss Medic, the Swiss supervisory authority for therapeutic products and formerly Director of the School of Engineering and Information Technology at Baron University of Applied Sciences. So we bring the politics, the science and pull that all together and Madame Barely will provide us with her thoughts on the evolution of the battlefield. And after Madame Barely's remarks, we will turn the microphone over to our very own Jim Lewis who is the Senior Fellow and Director of the Technology and Public Policy Program here at CSIS or what I affectionately call Jim, our cyber guru. Jim is a former Foreign Service Officer, member of the Senior Executive Service and has held prominent positions at both the State Department and the Commerce Department. He is really the master of understanding the intersection of technology, innovation and national power. He has served in areas of distinction at the UN group of governmental experts on information security. He has run track to cyber security dialogues with the China Institute of Contemporary International Relations. So very well steeped to offer some reflections and commentary after Madame Barely's presentation. I have to say, as I was thinking about this morning in our discussion, I sort of thought what would Henri Dunant, the founder of the ICRC over 150 years ago, as he stumbled literally across a battlefield in Italy, the Battle of Sulferino, what if 150 years later he would have stumbled upon a village in Pakistan's federal administrative tribal areas, Fatah, after a drone attack where there was no one wearing uniforms. There was no, the civilians were harmed. What would he have made of that particular issue? And again, it points to how international humanitarian law changes and evolves to today's challenges. So that's a thought to think about. And maybe Christine, you can help us think through that a bit with your presentation. Again, welcome after both Christine and Jim provide their comments. We'll do a little moderated Q&A and then open the floor for your questions and comments. And again, welcome Christine. And thanks to the ICRC office for allowing us this special opportunity. Thank you. Thank you very much, Heather, for your warm welcome and for your ongoing support also for the ICRC. I'm indeed thrilled to be with you today here in Washington and to have the possibility to speak about the subject that Heather mentioned. And I thank also the SCIS for hosting this event today. The role the SCIS plays in promoting strategic insight and bipartisan policy solutions today is vitally important also for us and the discussion we have. Let me now say a few words about remotely piloted aircrafts, usually known as drones and also about cyber warfare. In its operational, legal and policy work, the ICRC is facing several challenges linked to the evolving nature of contemporary battlefields. This includes the development of remotely controlled aircrafts of drones and of course cyber warfare. A common feature of these technological developments is that they put a never expanding distance between operators and the traditional battlefield. The deep controversy around the use of combat drones has produced two opposing camps. Simply put, defenders of drones say their relative precision greatly minimizes the risk of collateral damage. Critics, on the other hand, say drone strikes can constitute extra judicial killing, especially outside conflict zones and that hundreds if not thousands of civilians have died in such strikes. Other points to the psychological effects of drones continuously hovering in the sky. The ICRC endeavors to assess drones effects and whether they might be the result of violations of IHL. I'm however not in a position to make a general assessment of whether drone strikes lead to more or less civilian casualties. Indeed, drones are typically used in remote terrain where staff security concerns hamper the ability to collect first hand information, including for the ICRC. There are also claims that drones technological features may increase opportunities to attack. There might be less hesitation, both at the political level and at the level of the operator to fire a drone strike than a cruise missile. It has also been alleged that an increase in the likelihood of attack may cause an associated rise in civilian exposure to harm. This is in my view an important question, but from a political perspective more than from one of IHL. Among the various issues raised by drones, I will focus on the lawfulness of extraterritorial use of force and the application to drones of the rules of IHL governing the conduct of hostilities. Most questions with regard to drone strikes have been raised about the lawfulness of the use of less force against individuals who were deemed to be participating in an ongoing NAIAC, Non-International Armed Conflict from the Territory of a Non-Balligerent State. Under one school of thought, a person directly participating in hostilities in relation to a specific ongoing NAIAC carries that armed conflict with him to another non-balligerent state and remains targetable under IHL. Pursuant to other views which the ICRC shares, the notion that a person carries a NAIAC with him to the territory of a non-balligerent state should not be accepted. The propositions that harm could lawfully be inflicted on civilians in the non-balligerent state in operation of the IHL principles of proportionality because an individual sought by another state is in their midst would in effect mean recognition of the concept of a global battlefield. And while one thinks essentially of the U.S. strikes against al-Qaeda, what would that mean for other NAIACs? People involved in NAIAC are perhaps more mobile, crossing borders more easily, finding refuge in other states. Would this not lead to recognize a multitude of global battlefields all over the globe? The ICRC does believe that the lawfulness of such use of force would be subject to assessment based on international human rights, law rules and law enforcement which do not preclude the resort to force, but foresee that force must be used as a measure of lost resort and only when strictly unavoidable to protect life. Given the strict limits posed by the law enforcement framework, it would appear that drone strikes could be relied on outside of armed conflict only in exceptional circumstances. Turning to what IHL says about the use of drones in armed conflict, the starting point is that it contains no specific rule on drones. There is no specific prohibition on their use as a weapon platform and the rules are thus no different from those that apply to manned aircraft. Drones as they exist today still require that human operators fire the weapon concerned. The responsibility for respecting IHL clearly belongs to the drone operators, their commanders and the relevant party to the conflict for all actors whose conduct is attributable to it, in particular its armed forces as well as other agencies or persons acting under its instructions, direction or control. It is a pivotal rule of IHL that parties to an armed conflict must at all times distinguish between civilians and combatants and that attacks may only be directed against combatants. Who is deemed to be a lawful target is the subject of much debate. In the ICC's view members of state armed forces as well as persons who perform a continuous combat function for an unstate party to the conflict are not civilians and are thus not protected against direct attack. All other persons are civilians. They become lawful target only for such times as they take a direct part in hostilities. In case of doubt a person must be presumed to be protected from attack. Thus the fact that the military age male happens to be in a strike zone without more information is not sufficient to conclude that he may therefore be lawfully targeted even an armed military aged male as in many cultures men routinely bear arms. IHL also requires that each party to a conflict takes all feasible precautions in the choice of means and methods of warfare with a view to avoiding or minimizing civilian casualties. Because drones possess sophisticated sensors and are able to conduct surveillance over a given area for extended period of time they have the potential to help direct attack more precisely against military objectives. They also provide their operators with more options with regards to the timing of the attack which again could help avoid civilian casualties. Drones therefore widen the range of precautionary measures that may be taken in advance of an attack. Whether the use of armed drones does indeed offer these advantages will will depend on the specific circumstances. This issue is the subject of an ongoing debate due among other things to lack of information on the effects of most drone strikes. Some have argued that abuses are more likely when a person is disconnected and at a distance from potential adversary but there is to our knowledge at present no evidence that this is true or more frequent in the particular case of drone operators. Also the fact that usually crews are physically on the territory of the state party to the conflict that operates the drone not where the strike occurs does not change the status of its crew members under IHL. They are not protected by IHL against direct attack if they are part of the state armed forces, have a continuous combat function or for such time as they directly participate in hostilities. Distance from the potential adversary is actually not entirely novel compared to other weapon systems that are also operated from a distance such as cruise missiles. In summary there is nothing specific to drone systems that would make them as such unable to implement the IHL rules on targeting. The lawfulness of particular operation is to be assessed on a case by case basis and will very much depend on the overall applicable legal framework information available to the operators and their willingness to apply the relevant law. Let me now turn to cyber warfare. Cyber has opened up a potentially new war fighting domain. The first manmade theater of war characterized by its interconnectivity. From a technological point of view cyber means and methods of warfare do not seem to be really comparable to any other existing means and methods of warfare. Let me first clarify what I'm talking about. A large proportion of operations colloquially termed cyber attacks are in fact network exploitation operations carried out for the purpose of illicit information gathering and occur outside the context of armed conflict. While such operations can have very important consequences for the targeted cooperation they are cyber security issues rather than cyber warfare. They are not governed by IHL but by notably telecommunication and intellectual property law. When I talk of cyber warfare or cyber attacks I do not mean such operations but rather means and methods of warfare that rely on information technology and are used in the context of armed conflict. While the military potential of cyberspace is not yet fully understood it appears that cyber attacks against transportation system electricity networks dams and chemical or nuclear plantations are technologically possible. Such attacks would have wide reaching consequences resulting in high number of civilian casualties and significant damage. It is thus our role to recall that in a non-conflict all feasible measures must be taken to spare civilians and civilian objects. Indeed means and methods of warfare which resort to cyber technology are subject to IHL just as any new weapons. There is no legal vacuum in cyberspace. Applying IHL to cyberspace however raises specific challenges. The main one being the interconnectedness of cyberspace. There is only one cyberspace and the same network routes and cables are shared by civilian and military users. When you are you or me stored data through cloud computing we don't know where these data are stored and what other data are stored there that might render the network used a military objective. That might make it impossible to distinguish between military and civilian computer systems when launching a cyber attack. Also a party about to launch a cyber attack must do everything feasible to assess whether the attack may be expected to cause incidental harm to civilians and civilian networks or objects which would be excessively in relation to the direct and concrete military advantage and in such case not conduct the attack. But in cyberspace is it possible to appropriately assess such incidental effects including and indirect ones? Like for drones development of cyber capabilities may also have positive effects in specific circumstances and if used in a law a bidding manner. For instance it might be less damaging to disrupt through a cyber operation certain services used for military and civilian purposes than to destroy such infrastructure completely through a bombardment. In such cases the principle of precaution arguably imposes an obligation on states to choose the less harmful means to achieve their military aim. This being said a holistic reflection is warrant to fully consider the risk in terms of the potentially devastating humanitarian consequences that cyber operations also entail that I mentioned earlier. These challenges underscore the importance that states that would develop or acquire means and methods of cyber warfare excess their lawfulness under IHL as for any weapons. That's indeed the only way to make sure that their armed forces will be able to abit by their obligation when resorting to such new cyber weapons or methods of warfare. Thank you very much and I'm looking forward to a lively discussion. Christine I'm sure we will Jim please. Thank you Heather. Although saying I'm well steeped in issues makes me sound like a teabag and I would like to start by thanking the ICRC. I always found them to be valuable companions in many of the conflict areas where you might happen to be working and so I've always felt sort of a soft spot for them. I'm not sure they always approved of what we were doing but you know still and that was a very clear statement. What I want you to think about is a continuum of weapons from edged weapons all the way to nuclear weapons right and so what we want to do is look at these new weapons and say where on this continuum from edged to nuclear do they fall and some of the things we might want to think about are lethality right how lethal are the weapons. Cyber and drones are very different range similar range is their cyber's longer range and precision so these are three criteria for thinking about weapons and how we would approach them from their use and how we would think about them from a legal perspective lethality range precision. The development of long range attack capabilities has been ongoing since at least World War I right with the invention of the aircraft and the new factor now might be the automation in some ways and this again is not new from the 1960s and 70s we can see weapons automated where the operator may after launch seed control to the actual device right so these are not new things either drones or cyber attack and this is again consistent with the pattern of using technology to improve weapons performance right. The question and I think that's why we're here today is how do we make these new weapons consistent in their use with international humanitarian law and in particular with the laws of armed conflict. Now I will say the US has for drones articulated a series of thresholds that would be used to justify an attack that there's the use of drones that there's imminent threat of a violent attack that capture is not possible and that the use of drones is consistent with the laws of armed conflict so if you think about these these three thresholds which I president may very well elaborate he'll probably also announce a movement of responsibility away from the CIA. If you think about these three thresholds though many of the more arcane scenarios that you've heard about tend to go away capture imminent threat consistent with low act right. An important part of this is the combatant the target has to have combatant status and this of course is one of the arguments here when we talk about collateral damage right. I can see why insurgents aren't happy with the use of drones right because it denies them a sanctuary and so it would be natural if you were an insurgent to begin a political campaign to try and restrict the ability to penetrate your sanctuary and take advantage of it. When you're in a counter insurgency campaign you will find that successful insurgencies depend on having a sanctuary if you can reduce that sanctuary if you can make it difficult for them the chances of their success increase. So this makes drones very attractive in many scenarios but it also means there'll be the target of objections in their use. The idea that governments where drones operate haven't accepted their use is probably not correct. They may not publicly accept it. One of the benefits of WikiLeaks is we know that the Pakistani government at the time actually encouraged greater use of drones. It's possible that their behavior has changed but somehow I doubt it right. Now all this raises two very important issues both cyber and drone and this is where we want to think about. The issues are overflight and neutrality and overflight sounds like a funny term to use when it comes to networks but when let's say let's just pick a random example if the US were to do something against China it would have to transition networks in many cases through third countries. In fact it might choose to do that because of the benefits of perhaps disguising its tracks and so they're basically passing over a national network through a national territory to carry out an attack and that would seem to be overflight. Normally you would get permission the way the internet is structured now is it's a commercial agreement one carrier accepts carrier traffic from another carrier without looking at it right but that avoids the issue of do we need to think about overflight. There's also the issue of neutrality then what is the role of neutrals in this. If your attack traverses my network have I compromised my neutrality. If your attack affects me and this this has happened in the real world then how is my neutrality compromised what are your obligations to neutrals who may be attached. So these are difficult issues that will only be able to work through with more experience. The goal for the new weapons is to make them consistent with the laws of armed conflict and with international law and I'd like to call attention to four principles in particular attack should be proportional right. There has to be distinction among the targets and distinction is important because another way to think about distinction is its commander's discretion right. If there is overriding military necessity any target can be attacked and so you are supposed to under the third principle though discrimination avoid attacks that don't really have a military objective or would cause unwarranted harm to civilians or that are indiscriminate in their nature. I think in both the case of drones and cyber attack the ability to make these more precise to better discriminate among targets is one of their attractive features right. That's something we don't usually think about and finally there's the whole issue of self-defense and how that's interpreted. The use of these things has to be consistent with international law and particularly with the commitments under the UN Charter. So justifying any kind of attack as something under self-defense as a necessary for self-defense is important. I will say there is an emerging international consensus on the applicability of international law and sovereign responsibility particularly for cyberspace. When you see this consensus publicly enunciated will be a political issue. You need to find agreement among the Russians, the Chinese, the Americans and others before everyone will come out and say but the behavior you see now that people seem to be acting in accordance with is that international laws apply, the laws of armed conflict apply and sovereign responsibility applies. This will be probably if there's a remote chance we'll see some agreement on this announced publicly this summer perhaps in the fall but this is the course we're moving on and that is encouraging because it means that these new weapons will be able to be put into the larger context of international human rights. The one caveat I'd put to this pardon me international human rights and international law. One caveat I'd put to this is involves covert action. International law does not touch upon espionage, right? This is probably a good idea, right? States don't want international law touching on espionage, right? And the privilege of sovereigns in this area is something where there is tacit agreement among nations that we should respect. So covert action may occur outside the framework of international law. This is always an issue with it but it is not something that it can be forbidden, right? Sovereigns will not accept forbidding covert action and then we get into a discussion of when it makes sense from a policy perspective or a political perspective, how we limit its use. I will say that the new weapons in both cases create areas of ambiguity in how the laws of armed conflict should be applied, how the international humanitarian law should be implied. But the way that the laws, the Hague Convention, the Geneva Convention, the UN Charter, that the way they are written, they are flexible. They can accommodate new weapons. This was their intent. Some are more than a century old now and they have been successfully used to govern all the weapons that have been introduced since the Russo-Japanese war. So international law is flexible. It can accommodate the new weapons. We can think about how to improve this by finding ways to improve precision in their use to limit collateral damage. But at the end of the day, I think we will need more experience and more thinking on how exactly we take new ways of military conflict and put them in the existing framework of international law. So with that, why don't I stop? Tim, thank you. You brewed a very strong cup of tea for us so thank you very much. Keep our game going here. Two questions come to mind and again feel free to choose the question or to comment on both. Jim, I was struck by your comment and also, Christine, the target must have combatant status and the challenge I think within the U.S. government is to make that assessment the transparency by which we make that assessment. And I think, Jim, you reflected on perhaps hinting at some things that may come out in the president's feature and follow on actions about increasing that transparency and accountability moving and I would love your reflections on what is the right level of assessing that transparency making sure that the target does have that status but in a timely way and that the challenge there. And then I'd like to, Jim, your last comment provoked sort of we need to have more thinking, more experience in understanding the new technologies and allowing the flexibility and the accommodative process of IHL and others. What's the forum for that thinking? How do you bring and I know you've been tasked with this, how do you bring the countries together to think through this process where in some way some of the countries don't necessarily want to be a transparent thought process of how these work. So if you have any reflections and thoughts on how we can advance that thinking that would be great. Cristina and any reflections you may have on Jim's comments would be great. You really brewed a strong cup of tea, I must say. I think we have to take two things. We have and I use now a law expression. We have all the discussion about use at bellow. I mean we have to question ourselves are we working in a domain where the international humanitarian law is applicable because we have an armed conflict or are we outside a situation of an armed conflict? That's what I tried also to say in my exposé. If we are inside a situation of an armed conflict either an international armed conflict or a non-international armed conflict then the use of drones as a matter of fact follows the same rules as the use of any other arm. I mean you can use a plane or a missile or a drone and it has to respect the same rules if you are acting inside an international armed conflict or a non-international armed conflict an armed conflict. And there I think this is perhaps a little difference we have in our discussion if you are outside of such a context then you have domestic law applicable and you have the applicability of human rights law. And there you are in a situation of law enforcement and I think this is quite the difference and that's perhaps the first exercise we have to do when we discuss we have to take these two things and to separate them. If we are in a situation afterwards of an armed conflict either an international or a non-international then we discuss all the things James mentioned proportionality distinction discrimination but we are still in the IHL applicability and then we have to look if the person who is targeted is directly participating in the conflict either it is a member of the armed forces or it is a member of a non-governmental armed group and or it is a civilian who is not normally a member of an armed group but is in this moment directly participating in hostility in hostilities then it is targetable and it can be targeted either by a drone or by another weapon. I think these are the main differences we have to make and we look at the situation if we speak of a non-conflict in a case-by-case basis every time you have a situation in a country or in different countries you have to reevaluate the situation and you have to come to the decision if you can speak of a non-conflict or not you cannot just make one size fits all and say globally it is over the whole word like this you have to look at it very specifically in each situation especially though perhaps to this first there there are a number of difficult issues here the first is you might remember Mao Tse-tung said that the objective of the insurgent or the guerrilla was to swim like a fish in the sea of the civilian population right and so distinguishing between the innocent civilian population and the legitimate target has always been a problem for insurgencies and there's a number of strategies for doing it all of them involve some unpleasantness so it's difficult to deal with this problem of how do you target the legitimate combatant who may not be in uniform and in many cases will not be in uniform without while avoiding the civilian target a problem that probably goes back to the bow or war at least and perhaps even much further that's where i think the point about precision is important and one of the things that may emerge as we gain more experience with these weapons is a better ability to judge when it's appropriate to use them if you read accounts of drone strikes there's that crucial moment where the the decision maker really isn't the operator who pulls the trigger decision maker is the intelligence analysts who are looking at the sensor inputs and deciding when the targets are combatants when they're not and so that's and when you've seen some of the errors the more uh horrible errors that have occurred it's been because of these problems with intelligence analysis so maybe there's some way to improve that the second issue and i think this is the one christine raised is when is it appropriate to use law enforcement techniques rather than military techniques and in lots of ways there's a benefit to approaching terrorism as a law enforcement problem you don't give them the legitimacy of being in a conflict you don't give them some of the legal protections they get as combatants there's a benefit to approaching this as a law enforcement issue but we know that in some cases this isn't possible so these are some of the issues you want to think about is how do we distinguish the sharks from the fish when do we decide that it's better to have the police rather than the military and those are almost always those are hard in every single war you can think about like this on the forum for new thinking on the drone side there isn't very much right in part because right now only one nation is using them in conflict there might be some side discussions but compared to cyber there's very little discussion of drone on cyber there's an immense amount of discussion it's not public and that's a puzzling thing but there's at least four different international fora that have been discussing the rules of cyber warfare for more than three years you have the un with the group of government experts now in its third round right second round was successful first was not there's other discussions in the disarmament part of the un you have this thing called the london process which talks about responsible state behavior first two meetings a little tricky third meeting coming up in korea in the fall but you'll see discussion of what is responsible state behavior you had a long and very fruitful discussion in the organization for security cooperation in europe the osce that led to a draft of very useful norms and confidence building measures for cyber security it's really regrettable that the osce was unable to agree on these and that was at the very last minute where a bilateral problem between the u.s. and russia derailed what would have otherwise been a very positive effort finally you have the the ozion regional forum beginning to engage on this right and there are others the oas is doing this the the organization of african states is doing this there's there's a wide discussion of how to treat cyber warfare cyber conflict what are the norms that's been ongoing for a few years and we don't see that matched on the drone site so it's interesting and that makes you wonder that the cyber discussion the the driver there is the fear the concern the nations have about what is a new source of instability in the international system and cyber is kind of unbounded for many countries it's easy to exaggerate the effect i don't think it's easy to get very dramatic effects out of a cyber attack but countries don't know and so it's unbounded risk and that's why they've all focused on it you don't see the same thing with drones and it would be interesting to try perhaps to figure out why our next csis project let me open the floor for discussion and comment if you could raise your hand please and identify yourself and your affiliation we have some colleagues with microphones and we'll take a few questions and begin the discussion i see a question right over here man the microphone's coming towards you i'm gali chen from john talking science trying to study this i've two questions here one is uh i understand both of you were talking about international armed conflicts my first question is uh well we we heard lots of accusations china have stolen maybe billions of dollars of economic intelligence from the u.s companies or military if we take that acquisition as a fact that to me is could cause more um you know risks to the u.s than some military attacks so given that as a fact how how could the u.s do the calculation and jump from you know taking this kind of attacks or risks to an offensive cyber operation so in i wonder whether both of you can comment on that what's the conditions what kind of forms the u.s could do in terms of offensive cyber operation my second question is it's aspiring to hear both of you agree that the new weapons could be taken under the existing international law framework um my question is how what's your thinking about the arms control regime for the new weapons thank you um what i try to say also is when spying is not forbidden as a matter of fact it's not it's not under i h l and it's not criminalized and um when i'm speaking of a cyber attack in this sense we speak of an attack by cyber means in the context of an armed conflict where you have a physical destruction of something because otherwise it goes much too far if you would give the right to a counter-attack attack also when we are speaking of spying and of economical damage then we would really go very far and that's why i tried to to make very clear that when we are speaking of cyber attacks it's where you have a very direct harm in attacking whatever a nuclear plant or or an electrical grade or something where you really have the danger that persons would be hurt and that you could have really victims in in this sense and this would be then a cyber attack in in a context of a non-conflict one of the puzzling things for me when i started looking at this a few years ago was that um it appeared and i don't know if this is implicit or explicit or i think it's explicit it appeared that nations were careful to stay below the threshold of what an armed attack would be in their use of cyber techniques and so when you think about it there's been perhaps only three cyber attacks since the dawn of the internet three real attacks and the thresholds are um as as christine said there has to be physical damage and there has to be death or casualties if it doesn't cross that threshold it's not an attack espionage and crime are not attacks we call everything an attack but they're not right and that limits the ability of a nation to respond right that means that this espionage is and cyber crime are really diplomatic problems problems in the relations between states and the solutions have to be diplomatic rather than military there is this argument about death by a thousand cuts oh you know oh i hate it and um maybe maybe what else oh that we want to lower the threshold the the some nations that have been the victims of denial of service attacks wanted to lower threshold for a forceful response um probably probably a bad idea across the board and the issue here the fellow that um i think he might have been at the icrc pigtay a swiss jurist worth looking at and he had a couple sets of thresholds about scope duration intensity these apply to cyber attacks so while there are areas of ambiguity you know they can be resolved i think using pigtay's remarks and by applying existing international law so i see this as a diplomatic problem and there's a rain we've done this before with the chinese and others there's a range of diplomatic techniques you can use right on arms control i know that when you talk to american officials they become very excited when you say arms control and you're not actually supposed to say it right and i think one of the reasons for that is that russians proposed in 1998 a a very um uh what's a polite word here a very unusual treaty uh for controlling cyber war that was unacceptable because it rewrote international law in some ways right so there's a reluctance to perceive this as a traditional arms control problem i will note that in most of the discussions that occur the arms controllers have an advantage over the technical people so there's a sense that perhaps non-proliferation perhaps the development of norms perhaps this is a useful useful path to think about but that's different from formal treaties uh you know formal agreements that we're very far away from them just perhaps if i can just um add i i mean i hl in in all these domains of new weapons and it's also in in the cyber war question like this it follows state practice and one of the big problems in this discussion about cyber war is that the state practice is is very clandestine as a matter of fact you you don't really know what states are doing and states do not want you to know what they are doing and that's why it's extremely difficult to to to have some state practice and also to get to a discussion and to get to some rules of law well and i i what i was going to say i'm just press you a little bit so um in a conflict scenario uh and i'm going to use the example of 2008 and the russian-georgian conflict um does that a place where cyber cyber issues came into play how does that work and then when you have um nato looking at cyber issues and and things like that and trying to understand as you said both state practice but as multinational practice if you will how do we how do we think that through a bit and in that particular applied situation if you take the 2008 georgian um example i i think there you can speak of of a cyber attack but still there and the traceability is extremely difficult this is one of the big questions i mean you see that something happens you see that there is an attack and you see also that there is harm but afterwards it's extremely difficult to know from where it came and uh if you do not know from where it came it it's also extremely difficult to react so i think that the traceability is is one of the very huge problems in this domain and then you have for instance also the dystonian case and a year before the the georgian case and there it was more like a denial of service attack and it and also there the traceability was extremely difficult you did not know it came from a lot of different people and um so the reaction was was not really possible either and and you it could never been said exactly from from where it came and this is one of the huge problems in these cases well it's interesting that if you look at uh russian doctrine for the use of cyber techniques they have an element that is a little bit different or at least express differently than our doctrine and that is the idea of what we can call a political shaping both before and during the conflict to shape the political opinions of third parties right and also to affect the uh uh morale of the target of the of the of the opponent right so that russians um consciously intend to use cyber techniques as they did in georgia for uh this political effect and that's different from the kinetic effect we always think about kinetic effect with cyber we think about intelligence we think about kinetic it's it's useful to think about how at least in this case you have a opponent who's very skillful at using it to shape the politics of these things um the the issue i'd put before you is uh the the problem of attribution right and attribution is getting easier right and the ability to attribute is improving and currently a few nations have a very high ability to attribute this is how we know it's china right but that will become more common in the future so what will that mean for how we think about these conflicts when it is much more easy to attribute the source of attack the one benefit i'd say right off the bat is it will make it easier to fit this into the context of international law i mean the the biggest cyber attack probably we had to what we heard of is Stuxnet and and um this is was for sure a cyber attack but they're also the attribution is is quite often discussed and we have read a lot of things in the media but it's not it's not very clear as a matter of fact but but this was quite quite a strong cyber attack also the Aramco attack in 2012 on the the Saudi oil company but they're also with them the chasability is very difficult i am Mike Jeffers from the National Intelligence Council i think it's interesting to have these two subjects discussed at the same time from the same podium i think it's what what it illustrates for example is if you accept but i'm barely's point that i think identification of exactly who it is that's engaged in arm conflict is a key point and i think that is a key point when you discuss it in that context in the context of uavs you have one kind of discussion and then when you discuss it in the context of cyber as mr. Lewis did where you know things aren't really attacks unless they actually result in damage uh then you you have a different kind of conversation because it seems to me that that the uh the point about defining what it is what what a combatant is is very important i mean if you i think in some ways your your point about uh mouth's a tongue you know shark swimming in there the insurgent swimming in the sea of the people you got to pick out do better job with intelligence analysis to pick out the sharks from the fish in some ways that kind of obscures the problem in a way because you know the u.s. government for example didn't seem to have any problem designating and more alalaki as a as a combatant even though there's no evidence that he actually engaged in physical arm combat he was not that person uh so i guess i would look for your reactions as to how this definition crosses the boundary between different kinds of conflict and weaponry because it seems to me that the definition of this armed combatant or participating in arm conflict is really a key point and how you apply that consistently and use it for international law um is a is a big challenge it strikes me i think you really have a point i mean and and it's it's um in every case where you have to take a decision i think extremely difficult because you have to do like two um definitions you have first to look are we in a situation of a non-conflict or not and if you say yes we are in a situation of a non-conflict you have to look if the targeted person is participating at the the conflict and is really in this sense targetable and i'm i'm fully aware that um it is much easier to speak about things like this when you are on a podium or you are somewhere and have a nice discussion between between friends and then when you are behind the the button where you have to decide if you have to shoot or not to shoot i'm fully aware of this but still i think um to think it through in in in theory is is extremely important and gives you also the strengths after it to decide when when you have to decide if you you have a clear idea in your head when it is possible to do something then also when you are under stress you you probably take a better decision um so the example i think many people use is uh supposer was a german-american working at penamon developing the v2 right and um he had not uh actually engaged in combat right uh would he have been a legitimate target and the answer is clearly yes right uh so the alawaki case is perhaps the most difficult case we have and it raises many difficult issues there's areas of ambiguity it makes everyone uncomfortable but at the end of the day i think you can make a justification for it right that's not popular but you it could be the same way that the german american working at penamon on the v2 could be a legitimate target so could this person there are a lot of great areas here i'm reluctant to take anything off the table uh while we are in a position where we still face significant threats and while we're in a position where there has not been the kind of public discussion and thinking we need about these issues you can go back and forth on alawaki it's probably not something you'd want to do very often but in you could explain why it was justified in view of the risk so i think this is one where you do need more analysis more discussion and the touchstone for me and the reason i think we have both drones and cyber up here we could probably tag in other weapons you know you're going to see robotic weapons you may see other kinds of weapons um the touchstone here is how do you take the new military developments and put them into the context of existing international law are there places where international law needs to be modified the russians and the chinese used to argue they've stopped the information was a weapon and i always said to them sure i got it you dropped the sunday times from a tall building and let someone that's a weapon but otherwise it's not it's a it's a distortion of international law to say information as a weapon and they had clearly a political goal but there are places where there will be ambiguities and working through that will have to be something we'll need to do both at a national level and an international level i'm just reluctant to say we should not do something against a target that you could define as legitimate i'm struck as we're talking about the attribution on the cyber issue and i participated in some gaming exercises and things like that that in some ways policymakers and analysts they in some ways they have to practice this and practice the decision making challenges that in the moment as you're you know quick quick quick paced to feel more comfortable both with uncertainty which is very uncomfortable in this when you have this much at stake how do you practice how do you get policymakers and and i would take this on a again a multinational stage and thinking of nato and others where you have to practice that attribution question and how it works how do you do that or is there a place that you can practice it obviously nations can practice that and their own institutions but how do you develop that expertise i don't know jim or christine if you have any comments um as a matter of fact i do not really know how they do it i have some experiences where i see that um policymakers discuss this really um very deeply and i know also that the militaries do it on the militaries have also a lot of discussions with their lawyers as a matter of fact when you when you are discussing with them so they very often tell you that this was one of the biggest changes they lived through in the last um 20 30 years now um behind every commander you have his lawyer and this was not like this probably in the second world war so um these are things which happen and and i'm very aware that in the most of cases people really try to take very um very thought through decisions because um i am also sure that people do not want to do mostly do not want to do something illegal and it's extremely it's extremely difficult to to be in such a situation i'm to decide and that's why it's extremely important also what you are saying that you um exercise those things before you have to to to do it in in in combat i mean that's that's extremely important some of you probably heard this but it about a year ago when the Sanger article on Stuxnet came out i was talking to some Chinese colleagues and i said to them hey were you know are you surprised by the article and they said no we always knew it was you and i said oh yeah how do you know that and they said well first of all whoever designed Stuxnet had had so many lawyers involved there's only one country that has that many lawyers involved so i said to them well what about you don't you have to deal with lawyers and they said uh not yet but it's increasing so it's enjoy it while it lasts right so but this is one of these things where we do and the pace here is what's difficult in some ways is you do how do you come up with common understandings on the use of new weapons right and some of that has to be through bodies like the UN some of it has to be through bodies like the RCRC there's other international fora like this london process um and then there's bilateral discussion so a lot of the bilateral discussion i believe with the chinese for example has been on you know potential military use so i think this is just one of these things where we're going to have to talk our way through and where we want to bear in mind that unsurprisingly there will be political agendas right that try and shape the debate and some of those agendas are not in our national interest so we have to take i think a strong position of what best serves the united states and can be consistent with international law my name is ron seamen i'm from ron seamen ministries and what my concern is we can see all of the cyber attacks that take down power plants or grids or banks insurance companies but what i'm concerned about is the unspoken which is the the manipulation of hundreds of thousands of social media accounts through automation and controlling the politics and controlling the impact on the ground and i was just wondering if that just falls under the covert laws and so it's just ignored i give you and then you can you can give the right answer um no it's it's uh so i uh i last summer i learned that you could you could buy twitter followers right which i really i thought about doing it and um you know boost your numbers yeah i mean so when you read that some i didn't get that far uh when you read that some rapper has four million followers the actual number might be this was from a friend who worked at a uh one of these hip hop newsletters their actual number might be like 1.5 so it's it's easier to manipulate the social media than we think and the same is true for facebook and linkedin it's easier to use the data from them for data mining um i talked to one of the big data miners and they use feeds from social media as predictive that's i think there's been stuff in the paper you can predict disease unemployment car purchases you can predict all sorts of things from being able to to harvest this data um because people can't resist putting things on social networks you think like why why do i care i'm now covered with red dots right it's like so what but people do that enough that you can predict disease outbreaks and governments have not been slow to recognize the utility of social networks first for intelligence purposes uh you can uh mine social networks you can create false identities you could use it for targeting um most large intelligence agencies i think it's safe to say outside the u.s um exploit social media the notion of shaping opinion though is is a difficult one and i think it depends largely on national law so i don't see um some countries uh put a lot more effort into this than you might think so the chinese have um bloggers who they hire uh i think they call them the 50 cent army maybe it's the 10 cent like it depends on the value of uana in a given day who purposely enter positive things about the chinese government the russians of course i mentioned earlier have a doctrine that focuses on political shaping so it's an area where the one of these areas of ambiguity what are the rules for this this is where transparency would help i myself don't believe anything i read on the internet unless i can confirm it somewhere else but i don't think it's an issue for laws of armed conflict no it's not an issue um for the icrc as a matter of fact but i could give you perhaps an answer as as a person i just um was in a in a management seminar as a matter of fact last week and when we saw there how um these means can really also be used as as a means of attacks against whoever you want i mean um you can attack um a corporation you can attack a person politically and i think there we we are really um in a sphere where we have also to look if in a certain way freedom is not just them killing itself i mean it's really sometimes quite difficult if you overflow um the somebody with with information and there i think it's it's like you you have we have to be extremely critical and just be very very aware what we are believing and what we are not believing and look that we are not based just on one one information because it's it's it's in politics i think it can be quite dangerous i think i'm really from taking for this conversation the power of shaping the political agenda in some ways is a is uh more powerful than i had anticipated we had a question right here thanks i'm hillary lewis i'm actually with the george washington university executive mba program we have a focus on cyber security so i thank you for having the event it's been wonderful i have a question that's going to kind of weave a couple of things together um in the context of cyber attacks happening as a component of an overall kinetic attack which is frequently how they're conceived of in military operations how does the idea that you need uh in in order to have a legitimate target you need that individual to be involved in a would it be continuous combat combatant function when you consider a cyber attack as an element of an overall ongoing kinetic or international armed conflict how do you how can you target someone whose element is only it's intransigent it's something where maybe you set up a distributed denial of services then you sit back and that attack is ongoing but there's no individual managing it thanks to botnets so how do you how does the idea of a legitimate target must be someone who's currently engaged how does that marry with this idea that cyber allows people to be disengaged i'll go first um one of the things that i hope doesn't get eroded uh is the notion that uh under current international law uh any target can be legitimate if there's overriding military necessity right so for me i think that's really important and when you think about the history of warfare uh targets that we would this sorry targets that we would regard as civilian uh critical infrastructure um are routinely attacked and they're routinely attacked both in insurgencies and in conventional warfare and this goes back to um probably at least world war two maybe i don't think it was that would be the best one to look at and that one's always my favorite because at uh the beginning of the war franklin rosevelt sent a letter to um hitler and to churchill right saying that air warfare was so terrible that could they both agree not to attack civilian targets and amazingly they both agreed that they wouldn't attack civilian targets right i forget how many days the agreement lasted so civilian targets are legitimate right and then we have to think under what conditions are they legitimate right and that would be one of these problems that we haven't worked through i mean that's what you said before if you discuss under the condition that you are really in a situation of armed conflict um i think that the the attack can be done but you have to respect the principles you also mentioned before i mean the proportionality is a distinction all the the big principles of ihl are applicable also in this case that has to have to be respected i mean it's andrew you from doricabank um i have a question about what is the appropriate uh doctrine of deterrence when it comes to cyber attacks because because it seems that cyber attacks have a huge potential for destruction um and yet it doesn't seem possible in all circumstances to uh draw an analogy direct analogy between say uh nuclear deterrence because of the question of attribution um yet at the same time you can't necessarily draw a direct analogy between say a counter insurgency because the the destructive effects of a counter insurgency may not be the same as that for uh as the the damage that can be affected by um by a cyber attack so i was wondering what what what your thoughts are on that okay um well one of the things i like about cyber is you can put the word cyber in front of anything right and so that's really great like i you know i'm surprised we haven't talked about cyber drones today really we deserve some credit for avoiding temptation um and cyber deterrence is uh one of those places where it's inappropriate in my view to put the word in front and this might be a larger problem with strategic thinking in the u.s we keep harkening back to the eisenhower administration and how do we get a grand strategy and how do we come up with deterrence i actually don't believe there is such a thing as cyber deterrence and i say that for two reasons uh first instead of a single opponent who is a peer and mere images us um we have multiple classes of opponents with very different tolerance for risk right and very different abilities to calculate risk right uh second it's easy to make a credible threat uh with a nuclear weapon and to be a credible deterrent threat the threat has to pose existential damage right existential existential damage to the state now i get to be an arms controller right and so a cyber attack it's really not going to be that destructive right um we could talk about how destructive but it's not going to create existential risk right outside of military conflict it will not threaten the political independence or the territorial integrity of the nation which are the criteria in the un chartered right so if you can't make a credible threat and the opponents have different ways of calculating risk you're not going to be able to deter deter them right general deterrence still works russia and china are deterred from attacking the u.s right but they're not deterred from cyber actions in part because of the threshold issues espionage doesn't justify military a military response crime doesn't justify a military response so we cannot deter them and so i see people always trying to resuscitate deterrence along with other cold war ideas someone was asking me about collective defense the other day and just gave me a headache right um so i'm not not a big fan perhaps just one um addition i mean the strengths or the weakness of cyber can also be its strengths because the whole cyber world is so um diversified and is mainly private and because it's mainly private it's also um very difficult to attack as a whole so it's it's very if you attack someplace there will be in on another place again a private initiative coming up and so i think this is in a certain way also deterrence that it is so diversified and very private on stanley cobert the subject of sanctuaries came up that was also the case in vietnam okay we bombed and bombed north vietnam and the ended did not work we left and then they didn't just bomb and bomb they invaded south vietnam and took it over boots on the ground and then when they had problems with the chmer Rouge they didn't just bomb they sent in their army and cleaned out the chmer Rouge the way a dentist cleans out an infection in a root canal they just cleaned them out chmer Rouge have not been heard from again that's war okay my father was in poland in 1939 when the war started and once he referred to the start of the war in 1941 and i gently corrected him and he turned and looked at me scornfully and said that was no war by discussing cyber and drones are we in effect admitting that we are no longer capable of war that's a really good question and you know i i would rephrase a little differently which is are we capable of winning wars right so we can engage in armed conflict but can they be one and you know clearly then you'd want to sort of review the record where have we been able to actually win i do think that it is fair to say that in most cases when you look at successful counterinsurgencies they have physically occupied the sanctuary right and that's been necessary in this particular case i'd say the goal here is more to disrupt planning and organizations that might be plotting attacks against the u.s rather than the kind of counterinsurgent goals but that's an open point so i think the larger question there's a fair question to say can anyone can you still win a war and this is if you remember uh bernard brody wrote in the fifties that the purpose of militaries had changed where previously they had been created to win wars and now they would their main mission would be to exist and thus prevent wars and brody's point is still valid i don't think it's perfectly accurate anymore but that's that's the question we want to ask is it's easy to start a war it's really hard to win one hi uh marco bulma from the joint center versus sims technology and recent experience in nato headquarters um i've heard something a little bit different to what i was thinking i was coming to today um i'm intrigued by your title battlefield those of us operating within these sorts of spaces are really thinking battle space more than battlefield so i was intrigued as to why you might have chosen battlefield for the topic today and the two things that you've chosen here cyber and drones um they are part of a continuum i would certainly go along with that but i think what they've highlighted for us sort of trying to work within those spaces is um we are often having to operate over significant distances and as a result of that we're operating at different speeds and part of that is just pure physics we're operating halfway around the world and the other obviously is biological the thinking piece here both of those technologies allow more information to be put forward and they've really changed where we think of tactical situations and strategic situations and it's really quite revolutionary what's gone on um so i think my question is this given that a drone operator is capable of seeing more and is able with higher resolution to better discriminate and to get to all those things that we've been wanting to get to uh in terms of proportionality distinction discrimination we're getting there but we're now introducing more people into this going to christine what we continually need is access to the law and and what is written and how it's written and i guess my question for both of you is do you think that the way that the law is currently presented is adequately fit for purpose and fit for role for those people who are having to operate within these spaces and make these decisions thank you i mean this is a very interesting um question and i think we have to think about this all the time and and we we try also because the law um can for sure not be just taken and applied um like it is because it's it's extremely complicated it's very abstract and it has to be put in in rules where you can um see it much more concrete and you can use it in the situation where you are put and where you have to decide to decide on the spot and that's why we try also to have a very in-depth going discussion with with military personnel and we try to bring the rules of law into their rules of command finally and and really to to bring them the ideas which are put in in the international humanitarian law very close so that they can apply them in the situation where they stand and i have um had the possibility to to take part at quite a lot of those seminaries where we speak also with really commanding officers and ask them what do you need because it's not it's not us as lawyers who know exactly what they need in the moment where they have to decide and that's why i think it's extremely important that we have a very close dialogue with those people that we can bring them really the the means they need to take rational and good decisions um some of what we want to look for in the future is um the automation of decision support right so there's floods of data there's more data than anyone can possibly digest and so you have to develop techniques machines that programs that will do it for you and that means you need to think what are the rules that you will build into those programs and the example i always use is it may not be a good one um wall street where automated trading is fairly routine traders get delivered to their desktop information they can use to make decisions so part of it is looking to ways to automate decision support which is a little different from weapons now let me i'm going to do this because we're coming towards the end so and you've been a very patient audience are there any former marines in the in the audience good so um good so what is the marine word for helicopter uh right and i say that because uh one of the decisions the us has made is to treat cyber in particular as another source of fire right so it's just another weapon system it's like a rifle or a or an artillery round or it's it's a shaping you know it's a support weapon it shapes the battlefield so far um but making it simple in some ways for combatants to understand is is one of the crucial points right not to not to denigrate their intelligence but if you're under tremendous stress you you're going to make decisions based on um relatively simple concepts and so when i think about this the laws of arm conflict the international military law seemed to me to be perfectly appropriate but we need to translate them into doctrine for the use of both all the new weapons right and the doctrine then has to be translated into rules of engagement you know when what a commander has to think about um when they actually make want to combatant has to think about when they go to use the weapon and then finally that has to be incorporated into training and so very few countries are very far along this path of going from doctrine down to training and how to use i will say it in the u.s probably this is a bit of a surprise because of the lack of clarity over rules of engagement over doctrine which is changing there's been a real reluctance a real caution to use some of these techniques hard to believe i know but when you talk to the military commanders that say the the oh six the one star the three star level they um they express a degree of caution until they get a clear understanding of the rules of engagement how the laws of arm conflict apply perhaps just i i still think that it's extremely important that that's why i i told before or i said that we should have this um relationship with with the commanders i think decisions are are still to be made by men and we have to we have to have the connection and we have to explain to them how the rules work and how they can be applicable in the moment in the moment where it's crucial if we have too much trust in in in machines or computers just because you mentioned the one of wall street i mean if you have seen how the stock markets went down two weeks ago i think when just discussed it for the round that there was a shooting in washington just one going down going up again so i i i don't have such a lot of trust in in in in machines and in computer programs so i think it's still better if if weapons are commanded by men and not by computer programs well just on a footnote on that though when you look at the the patriot or the phalanx two air defense systems that are uh programmed to take action automatically and when you look at their initial deployments there was a high rate of error right and so the phalanx used to you know seagulls that were too close and performed with the phalanx would engage um which was bad right but over time i think you can refine the programs the automation so that the weapon will be able to there will ultimately at the end be a human making a decision but that decision may involve general parameters which are then delegated to the machine i think we have to move that way do you think that you can put the rules of international humanitarian law into the computer that he acts after us as if he would respect this uh yeah i think so right i think you would have the fundamental decision would be um when do i turn it on right and then you would want to make a decision of am i turning it on in a context that is consistent with international law right where there are combatants that i can identify and that we are in a conflict situation if you can't say those things then no don't turn it on right but i think yes at the end of the day you still have a human making a decision about is are the laws of armed conflict applicable i feel another csis seminar coming on um uh we're at our time jim i just want to remind you that there may not be former marines or former marines in the room but they may be watching us on video so if you get a couple of emails i just wanted to to warn you um thank you all so much uh i learned a great deal i learned from our audience which i always learn from our audience but christine and jim thank you so much it's these types of events that we can both understand icrc's critical role that we can have a debate uh respectful debate and uh and still at the end of this i think we have more questions than answers which means we need to dig into this more and i feel smarter when i read the president's speech on thursday i'm going to look for a couple of things uh based on this conversation so again please join me in thanking christine and jim for a great piece in place thank you for joining us have a great day