Recap and Podcast: 2022 US Cyber Command Legal Conference

Each year U.S. Cyber Command (USCYBERCOM) presents one of the world’s most important legal conferences about developments in cyber operations.  If you missed this year’s, I have good news for you: thanks to the efforts of Army Captain Jeremiah Cioffi, we not only have a recap of the event, we also have links so you can watch/listen to the full presentations.  I also want to thank Lt Col Kurt Sanger, USMC, the USCYBERCOM Deputy Staff Judge Advocate, for facilitating this effort. 

Finally, USCYBERCOM itself deserves kudos.  Not only is it demonstrating a remarkable amount of openness given the secretive nature of cyber operations, it is also affirmatively supporting the development of legal thinking in an area that will only become ever more important to the Nation’s – and, really, the world’s – security. 

Here’s CPT Cioffi’s recap (just click the headings bolded in blue to get to the videos):

2022 U.S. CYBERCOM Legal Conference

On 10 March 2022, the U.S. Cyber Command (USCYBERCOM) Office of the Staff Judge Advocate (OSJA) hosted its annual legal conference. As in 2021, it was held remotely. The conference included remarks from the USCYBERCOM Commander and Deputy Commander, and sessions on information warfare, China’s role in cyberspace, and current events in Ukraine.

Captain Jeremiah Cioffi, U.S. Army, National Security Law Attorney with the U.S. Army Criminal Investigation Division, developed an exceptional recap of the substantive sessions. What follows is a viewing aid that is not meant to comprehensively cover each session, nor does it reflect any position of the Department of Defense, U.S. Government, or any other organization. Similarly, the views expressed by the conference’s participants were solely their own unless stated otherwise. 

Opening remarks, USCYBERCOM Commander General Paul Nakasone (U.S. Army) 

General Paul Nakasone began the conference by discussing the highly-regulated cyberspace operations field and USCYBERCOM’s areas of interest and focus, including the 2020 SolarWinds breach, the upcoming mid-term elections, and the conflict in Ukraine. USCYBERCOM is also continuously addressing threats originating with China, Russia, North Korea, Iran, and non-state actors.

General Nakasone also mentioned two USCYBERCOM initiatives: partnerships with private sector actors pursuant to congressionally-granted authority and the academic engagement network. Finally, General Nakasone mentioned that cyber law is not one neat category; it encompasses areas of law from criminal law to contract law and everything in between.

Keynote Remarks, Professor Lucas Kello (Oxford University) 

Professor Lucas Kello discussed his recent paper titled Cyber legalism: why it fails and what to do about it (Journal of Cybersecurity, 2021). Professor Kello explained what he sees as the main challenge western cyberstrategy must address: reducing malign cyber actions to a tolerable level.

Professor Kello identified three western cyberstrategy weaknesses: (1) the West has failed to adapt to the changing tides of modern warfare, (2) the West assumes international law and norms appeal to all members of the international community and, (3) the West concludes that activity in cyberspace fits within the existing legal framework.

First, Professor Kello argued that, while the world has recently seen less armed conflict among large states compared to the twentieth century, this has not resulted in more peace among states. Malicious cyber activities have inflicted social, political, and economic damage, but their non-violent nature places them below the definitions of “war” and “armed conflict.” This has resulted in a time of “unpeace” that is damaging but difficult to respond to under traditional frameworks.

Second, Professor Kello argued that, while liberal states accept the “universal” international legal and normative framework, such acceptance is far from universal, as states with illiberal tendencies do not accept them. He further argued that the quest for consensus will fail if the West continues to push for universal acceptance among liberal and illiberal states.

Third, Professor Kello argued that even if the existing legal framework is universally applicable, and thus includes activity in cyberspace, the framework clearly does not regulate activity below the threshold of war. Since nearly all cyber activity falls below this threshold there is a punishment problem, since the existing framework does not provide meaningful actions for states to take in response to a below-threshold event.

Finally, Professor Kello proposed a way forward, arguing that “a consequentialist punishment strategy grounded in calculations of material interests could overcome existing policy shortcomings.” Professor Kello stated that cyber actors sowing “unpeace” are most likely to reduce their activity if the West responds by targeting such actors’ material interests.

He proposed an approach of “punctuated deterrence”: a strategy that seeks to address legal gaps by combining response options that address a series of adversary actions and their cumulative effects. The focus of this approach would be “punishing backwards” as opposed to defending forward. He broke the punctuated deterrence strategy down into four principles: (1) the “accretional principle,” (2) “virtual integrity,” (3) “linkage” and, (4) “declaratory credibility.”

Finally, Professor Kello’s main recommendation was to stop searching for ways to reduce cyberconflict in the legal rulebook. The enemy uses the rulebook to navigate around the West. The western focus should be on punishing backwards using punctuated deterrence.

Fireside Chat 1, Dr. Michael Sulmeyer (USCYBERCOM) and Dr. Adam Segal (Council on Foreign Relations) 

Dr. Michael Sulmeyer interviewed Dr. Adam Segal—who focuses his work at the CFR on China—asking a series of questions about China and technology. Dr. Segal explained that the explosion of technology in China occurred around the year 2000. Since then, China has worked to absorb technology from abroad and find ways to control the technology so that China is not dependent on outside actors.

Dr. Segal discussed the differences between Chinese and Russian cyber activities: China has focused its activities on intellectual property theft, preparation for cyber campaigns if certain circumstances become kinetic (e.g. Taiwan and the South China Sea), and shaping the information narrative at home and abroad to spread its influence and culture. Russia has focused on disrupting U.S. interests.

Dr. Segal then explained that U.S.-Chinese cyberconflict negotiations have been largely unsuccessful. While both sides seek to build trust in the cyber sphere, they have different ideas about how to build it.

Both sides agree in principle that international law applies in the context of cyber activities, but they diverge in what they are most interested in protecting and codifying: the United States is most concerned with self-defense norms while China is more concerned with sovereignty. China argues that the United States focus on self-defense indicates that it is trying to militarize cyberspace and contain China.

Meet the Cyber Press, Mari Dugas (USCYBERCOM), Ellen Nakashima (Washington Post), Dustin Volz (Wall Street Journal), Kim Zetter (Author, Countdown to Zero Day) 

Mari Dugas, third-year NYU law student and USCYBERCOM OSJA fellow, facilitated a discussion with cyber journalists. They began by discussing how the cyber field has dramatically changed over the past twenty years.

There has been a learning curve in the newsrooms themselves, with journalists learning a new vocabulary and parameters for what is newsworthy. The federal government has also changed dramatically: from the creation of USCYBERCOM to the government tweeting about cyber actions as they occur instead of keeping such actions shrouded in secrecy, the landscape is changing daily.

They discussed responsible reporting and the importance of balancing what is newsworthy with ensuring they use proper terminology. For instance, one journalist stated that the term “cyberwar” is often used incorrectly. This results in a confused readership that does not understand what to care about or how much to care about certain news. They also stated that there are no hard and fast industry rules about how to cover cyber operations: it differs from news outlet to news outlet and reporter to reporter.

Finally, while the government has been more open about cyber activities lately, the journalists would still like to see even more openness: specifically, they would like to know how the cyber tasks are delineated between USCYBERCOM, CIA, and NSA, and would also like to see USCYBERCOM terms more clearly defined.

Current Events Analysis, Professor Carrie Cordero (Center for a New American Security) & Professor Michael Schmitt (Lieber Institute Of The United States Military Academy) 

Professor Carrie Cordero began by discussing observed cyber activities in the Russia-Ukraine context. Officials have observed lower-impact malign activity such as website defacement, limited information operations, and engagement by non-state actors in cyberspace. Professor Cordero also noted that the Russian GRU undertook cyber actions against Ukrainian banks in February.

Professor Michael Schmitt then discussed the existing legal framework governing the cyber realm. He stated that international customary and treaty law govern cyber activities. The difficulty is not in determining what framework to use, but in determining what actions are armed attacks or uses of force, as defined by the existing law.

Multiple states have different opinions about what is considered an attack, and said states have not gotten together to collectively determine how to apply the law. In the absence of NATO consensus on law application, the rule for collective response is whatever the state with the most conservative opinion deems acceptable.

Professor Schmitt then argued that he believes a state does not become a party to an international armed conflict simply by providing intelligence to one of the belligerents. He believes that the state only becomes a party as a matter of law when it provides highly-specific information that leads to an operation and without which said operation would not be able to occur. He sees this as a high standard to meet.

Finally, Professor Schmitt discussed the importance of understanding the difference between the following terms: neutrality, co-belligerency (i.e. when a state becomes a party to a conflict such that LOAC applies), and use of force. Neutrality is governed by the 1907 Hague Conventions and became more complicated with the UN Charter’s entrance into force in 1945.

Neutrality differs from co-belligerency, because if a state violates neutrality it only means they are not neutral and does not necessarily mean that they are co-belligerents. The co-belligerency analysis includes determining how deeply and intricately involved a state is with a belligerent state. As for use of force, there is a general presumption against it in Article 2(4) of the UN Charter, but Ukraine is authorized to use force against Russia pursuant to the right of self-defense under Article 51 of the UN Charter.

Information Warfare Perspectives, Captain Maggie Smith (Army Cyber Institute) and panelists Dr. Thomas Mahnken (Center for Strategic and Budgetary Assessments), Lieutenant General Robert Schmidle (USMC, Ret., Arizona State University), and Dr. Jacquelyn Schneider (Stanford University) 

Captain Maggie Smith facilitated a discussion on information warfare. During the discussion, Lieutenant General (Ret.) Robert Schmidle served as the expert on the United States, Dr. Thomas Mahnken served as the expert on China, and Dr. Jacquelyn Schneider served as the expert on Russia. 

Lieutenant General Schmidle expressed his belief that the United States is comfortable with information operations at the tactical/contact level, but not as comfortable at the strategic level. He stated that information is unique because the context in which information is consumed determines how the information is received by a given individual. For instance, social media outlets curate environments to specific users, ensuring that they mostly see information that they are likely to agree with.

When discussing how the information space impacts the U.S. military, Lieutenant General Schmidle argued that it certainly impacts readiness, and he cited vaccine misinformation in the information space and alluded to service members making the decision not to get vaccinated because of that misinformation. Captain Smith asked how the military can use the information space to shape the narrative around joining the military. Lieutenant General Schmidle responded that the actions of the military and U.S. policy speak loudest and have the greatest impact on recruiting.

Dr. Mahnken explained that China has immense control over what information its population consumes, and that it views information through a political warfare lens. China’s goal is to perpetuate the rule of the Chinese Communist Party and its information-space activity supports this goal. China also uses the information space to ensure loyalty domestically and amongst the Chinese diaspora. It accomplishes this by closely monitoring and tailoring the information space; it uses firewalls to block certain foreign content and also monitors and censors the accessible information that remains.

There is lively debate in the accessible Chinese information space, but it is noteworthy that this largely creates the illusion of free thought while in actuality it is a curated space that presents information confirming China’s place in the world. Dr. Mahnken argued that in order to address the Chinese information space issues, the West must recognize China’s goals and act congruently to them while pursuing western interests.

Dr. Schneider discussed Russia’s approach to the information space and contrasted it with China’s approach. Whereas China focuses most of its efforts on protecting the CCP, Russia focuses its information space efforts on sowing disorder, chaos, and uncertainty. Dr. Schneider cited the GRU’s DNC hack as an attempt to shape public opinion and the IRA creating distrust and uncertainty around the 2016 U.S. election.

Dr. Schneider noted that Russia struggles with incorporating information operations into a larger strategic campaign, citing the failure to win the information space in the current war with Ukraine. Dr. Schneider posited that Russia exploited the United States’ open democracy with its information operations.

Dr. Schneider also noted that as the populous becomes less trustful of information, Russia’s attempts to sow distrust become less effective. This is on display in Ukraine, where the charisma and use of social media by Ukrainian President Volodymyr Zelensky are successfully countering Russian information activity. Finally, Dr. Schneider argued that the U.S. executive must craft the narrative of the United States as a city on a hill and should simultaneously “defend forward” by countering cyberoperations with cyberoperations and increasing coordination with U.S. Social Media outlets.

The panelists then discussed the role of the U.S. military in ensuring that the information domain is secure. They generally agreed that the military should play a minor role in the information space. Dr. Schneider argued that the State Department and intelligence community should have lead. Dr. Mahnken had a slightly different take, arguing that while today the military’s role should be small, a Hurricane Katrina-type event in cyberspace could lead to military involvement. Lieutenant General Schmidle argued that if national security is at stake, there could be a role for the military. All agreed that the military’s expertise should be tapped into when determining how best to keep the information space safe.

Fireside Chat 2, USCYBERCOM Deputy Commander Lieutenant General Charles Moore (U.S. Air Force) and Captain Peter Pascucci (U.S. Navy)

Captain Peter Pascucci asked Lieutenant General Charles Moore a series of questions about USCYBERCOM’s past, present, and future. Lieutenant General Moore discussed the arc of USCYBERCOM. He explained that at its inception, USCYBERCOM did not have the legal authority to act on its own in a day-to-day capacity.

The 2018 mid-term elections—and the government-wide focus on ensuring their security and integrity—helped drive an evolved policy framework that enabled USCYBERCOM to operate on a day-to-day basis. Since the adoption of this framework—and Congress recognizing that cyberspace operations are a legitimate and necessary aspect of the military—USCYBERCOM has been building capacity and fostering relationships with other federal entities, specifically the Department of Homeland Security and the Federal Bureau of Investigation. Moving forward, Lieutenant General Moore stressed that the military’s cyber capabilities need to be further incorporated into the larger national security strategy.—-

The conference also included the following sessions:

About the Author

Captain Jeremiah Cioffi is an active duty Judge Advocate in the U.S. Army’s Judge Advocate General’s Corps, currently serving as a National Security Law Attorney with the U.S. Army Criminal Investigation Division.

His previous assignments include Scout Platoon Leader, Assistant Squadron Intelligence Officer, and Squadron Personnel Officer, all with the 1st Squadron, 7th U.S. Cavalry Regiment, Fort Hood, TX, 2012–2015; Funded Legal Education Program Participant, 2015–2018; Senior Special Victims’ Counsel and Chief of Legal Assistance, Fires Center of Excellence and Fort Sill, OK, 2018–2020; and Military Justice Advisor, 75th Field Artillery Brigade, Fort Sill, OK, 2020–2021.

Jeremiah is a member of the D.C. and Vermont bars and holds a B.A. (History) from Boston University and a J.D. from Vanderbilt Law School.


The views and opinions expressed are the author’s and do not necessarily reflect reflect any position of the Department of Defense, U.S. Government, or any other organization. Similarly, the views expressed by the conference’s participants were solely their own unless stated otherwise.

The views and opinion expressed also do not necessarily reflect the views of the Center on Law, Ethics and National Security, or Duke University.

Remember what we like to say on Lawfire®: gather the facts, examine the law, evaluate the arguments – and then decide for yourself!


You may also like...