Cyberspace

Submarine cables and pipelines are vulnerable assets in the global commons.¹⁸² Their protection from undersea attack is a real prescriptive and enforcement challenge because of our extreme reliance on this critical infrastructure; its multi-jurisdictional span beyond territorial seas; the availability of precise locational coordinates; the opaque environment below the waterline; and the accessibility to commercial-grade vehicles that can exploit this environment and inflict disproportionate harm.

The opaque environment and the accessibility to UUVs set this challenge apart from challenges above the water's surface to flagged vessels and platforms. As with cyber threats, this necessitates an effective deterrence policy to compensate for an inability to pinpoint suspected culprits. Not only do legal shortcomings in jurisdiction and security enforcement float above the surface, but arguably more sinister shortcomings lurk below. These threats also require an even more delicate balance between disclosure and secrecy, and between freedom ofnavigation and reasonable restraints for collective security.

In the end, whatever vigor is applied towards cyber security, and whatever balance is struck for internet freedoms should be matched by securing the very cables that transport this life-blood of commerce. Likewise, investment in energy independence should correspond to the security of the very arteries that enable and spur offshore energy exploration.

If members of the international community were able to develop a convention structured after UNCLOS, mandating international cooperation on cybersecurity and applying universal jurisdiction to acts of cyberaggression, the benefits would be palpable. One such benefit would be an opportunity to create a U.N. agency comparable to the International Maritime Organization (IMO) ²¹⁰ whose purpose would be to ensure the safety and security of the Internet.

The IMO was created pursuant to the adoption of the Convention on the International Maritime Organization,²¹¹ which entered into force in 1958. The purpose of the IMO as stated in Article 1(a) of the Convention is to facilitate cooperation among governments in order to ensure that the "highest practicable standards in matters concerning maritime safety" are in place. The IMO also maintains detailed records of all incidents of piracy,²¹³ which supports the IMO's policy recommendations and efforts to develop new law when the need arises.²¹⁴ One such legal instrument is Resolution A.738(18), which was intended to facilitate States' duties to cooperate in the repression of piracy under Article 100 of UNCLOS.²¹⁵ Generally, Resolution A.738(18) encouraged intergovernmental cooperation in all aspects of piracy prevention and solidified the IMO's antipiracy strategy. The IMO's "strategy consist[s] of compilation and distribution of periodical statistical reports, piracy seminars and field assessment missions to regions affected by piracy and the preparation of a code of practice for the investigation and prosecution of the crime of piracy."²¹⁶

An agency similar in function to the IMO dedicated to tracking incidents of cyberaggression and fostering cooperation between member nations would help to consolidate the international effort to monitor and deter cyberaggression. Moreover, such an agency would help to legitimize the international legal regime that created it, and would provide sound policy rooted in empirical evidence.

Although international maritime law has not established an international tribunal to prosecute acts of piracy, some experts believe that creating such a tribunal would provide a long-term solution to combating piracy.²¹⁷ Employing an international tribunal with respect to acts of cyberaggression would ensure that offenses are not treated differently across jurisdictional lines. At the very least, the existence of an international tribunal with universal jurisdiction over acts of cyberaggression would deter such acts and provide a venue for prosecution where nations otherwise often refuse to prosecute such acts. As with piracy, it may be difficult to compel nations to prosecute acts of cyberaggression in the absence of an international tribunal, where the concept of universal jurisdiction confers a right but does not impose an obligation to prosecute such crimes.²¹⁸ It has been suggested that "while every state should retain the right to redress piracy, the United Nations could create an ad hoc tribunal to have the obligationto redress piracy."²¹⁹ As has been suggested for handling the prosecution of piracy under UNCLOS, an international agreement addressing acts of cyberaggression could allow nations to retain the right to redress cybercrime, while creating an international tribunal that has an obligation to prosecute cybercrime. This type of tribunal would help to preserve national autonomy, while providing nations and private actors with an international forum for redressing their grievances. Since cybercrime, like piracy, has a large impact on private actors who are often the victims of these types of crimes, allowing private actors to pursue justice via access to an international tribunal would encourage nations to bring domestic policies in line with international standards.²²⁰ The availability of an international cybercrime tribunal could also lessen nationalistic resistance to international standards by empowering private actors with the ability to seek international redress for economic injury inflicted by acts of cybercrime.

When navigating Cyberspace international straits, users behave much like ships and aircraft engaged in transit passage: they proceed without delay, in the normal mode of continuous and expeditious transit, and refrain from any threat or use of force against the national Cyberspace through which their communication is routed. The nature of telecommunications means Cyber Forces transit Cyberspace almost instantaneously and without delay except as limited by system bandwidth during periods of peak demand. The high speed of transmission is valuable to the commander as well as the State through which the Cyber Force is transmitted. The combination of speed and volume of Internet traffic means most States have limited capability to intercept and monitor Cyberspace communications. This limited ability to intercept and monitor traffic through Cyberspace is important to maintaining the neutrality of states that are mere intermediaries in information warfare, as in our opening scenario, because the transited State is unlikely to be aware of the transmission.

In summary, transit passage provides the commander two major advantages over innocent passage: forces may transit in their normal mode of operation⁴² and bordering States may not suspend the right of transit passage through international straits. When applied to Cyberspace the proscription against suspending transit passage is a strong argument for applying the UNCLOS III by analogy to Cyberspace. While governments, corporations and private organizations may choose to suspend access to their internal Cyberspace for various reasons, as global economies become more dependent on the international telecommunications infrastructure it is unlikely that States could or would entirely close national Cyberspace. Even if a State tried to close national Cyberspace it would have little effect on the ability to transfer CNA packets through international Cyberspace because if intermediate routers are not available the packet will be automatically rerouted. Finally, if a belligerent State, like State A in the opening scenario, were to specifically route a CNA through the Cyberspace of a neutral intermediate state that act alone would be insufficient to violate the neutrality of the transited State if the Cyberspace transit passage analogy is used.