Connect with us

Hi, what are you looking for?



‘Tallinn Manual 2.0’ – the Rulebook for Cyberwar

Tallinn – With ransomware like “WannaCry” sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world’s only book laying down the law in cyberspace could not be more timely.

Tallinn – With ransomware like “WannaCry” sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world’s only book laying down the law in cyberspace could not be more timely.

The Tallinn Manual 2.0 is a unique collection of law on cyber-conflict, says Professor Michael Schmitt from the UK’s University of Exeter, who led work on the tome.

Tallinn Manual 2.0 Cover

Published by Cambridge University Press and first compiled by a team of 19 experts in 2013, the latest updated edition aims to pin down the rules that governments should follow when doing battle in virtual reality.

The manual was among the hot topics this week as over 500 IT security experts from across the globe gathered at NATO’s Cycon cyber security conference in Tallinn.

Launched in 2009, the annual event is organised by NATO’s Cooperative Cyber Defence Centre of Excellence based in the Estonian capital.

In 2007, Estonia was among the first countries to suffer a massive cyber attack, with authorities in Tallinn blaming the Baltic state’s Soviet-era master Russia.

“The very next year, in the war between Russia and Georgia, again we saw a lot of cyber activity,” said Schmitt, speaking to AFP at Cycon. Estonia was targeted just three years after it joined NATO and the EU in 2004.

Advertisement. Scroll to continue reading.

The attack raised a slew serious questions about how to apply and enforce NATO’s Article 5 collective defence guarantee in cyberspace, said Schmitt, who also chairs the Stockton Center for the Study of International Law at the United States Naval War College.

He said that NATO allies faced an unprecedented dilemma: did the attack “mean that NATO states had to somehow come to the rescue of Estonia or not?”

Was it “an attack on the civilian population, a violation of international humanitarian law or not? No one had the answers,” he added.

“Because of that (attack) the international community started looking at cyber, going: ‘Oh my God, I can’t answer any question!’ That’s why this manual was started.”

– ‘Digital wild west’ –

Schmitt says his team’s work is intended to tame the “digital wild west” that emerged with the advent of cyberspace.

But the virtually limitless range of possibilities in cyber-conflict raises a long laundry list of legal questions and dilemmas and the Tallinn Manual certainly cannot answer them all.

The legal experts, mostly professors of international law, filled its 642 pages with existing jurisprudence applying to cyberspace from across the globe, and did not shy away from laying out conflicting views on certain issues.

For example: should cyber-espionage be subject to the same laws as conventional spying? Can a state obtain the online IDs and passwords of prisoners of war and use them?

Does a cyberattack trigger a legitimate right to self-defence? Can you retaliate? What kind of status do victims have? What can you do when there is no evidence to prove guilt when attackers can easily cover their tracks?

“This book is intended to be a secondary source of law: it explains the law, but it doesn’t create it. States make law,” Schmitt told AFP.

“My goal is that this books sits on the desk of every legal advisor for defence and foreign ministers, the intelligence services, so that legal advisors can sit with policy makers and say: in this situation, we can do this, or the law is not clear, you need to make a political decision here.

“But at least the discussion is mature. It’s not ‘oh my God, what’s happening to us?’.”

Related ReadingNATO Publishes Tallinn Manual 2.0 on International Law Applicable to Cyber Ops

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.