Tallinn Manual 2.0 clarifies cyber rules in peace, conflict short of war

The second version of the Tallinn Manual tackles the even thornier questions of how international law applies to cyber operations in peacetime or in conflicts short of war.

Authored by 19 international law experts, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations was published Thursday by the NATO Cooperative Cyber Defense Centre of Excellence in the Estonian capital that gives the tome its name.

The first volume became the definitive user’s guide to applying the laws of war in cyberspace. Now, the Tallinn Manual 2.0 tackles the even thornier questions of how international law applies to cyber operations in peacetime or in conflicts short of war. Version 2.0 adds “legal analysis of the more common cyber incidents that states encounter on a day-to-day basis and that fall below the thresholds of the use of force or armed conflict.”

The center says in a statement that the manual is an “updated and considerably expanded second edition of the 2013 Tallinn Manual on the International Law Applicable to Cyber Warfare.”

A U.N. experts’ group including Russia and China concluded in 2014 that the laws of war applied in cyberspace, but didn’t reach a consensus about other kinds of international law, such as those referenced in the new Tallinn Manual.


Michael N. Schmitt, the lead author of the manual, told a recent conference in Washington that the drafting was largely complete before the hacks into the Democratic National Committee that took aim at Democratic presidential nominee Hillary Clinton.

Schmidt dismissed it as “nonsense” that Russian interference in the election might constitute an act of war, or what international lawyers call an “armed attack.”

To cross such a threshold, he said, a cyberattack would have to produce an effect comparable to a physical attack.

But he said there was a vigorous debate among the scholars who worked on the manual about whether such interference constituted an “internationally wrongful act” — which would in turn open Russia up to the possibility of internationally legal U.S. countermeasures.

“Countermeasures is a legal term of art,” said Schmitt, designating a course of action that would be unlawful in itself, except when it’s a response to an internationally wrongful act.


“Clearly if the Russians had manipulated election returns …  that would have constituted an ‘internationally wrongful act,’ a violation of international law,” he said. But as it was, “On the question of whether the activity of releasing [stolen] information [from the Podesta and DNC emails] that was in fact truthful, was a violation of international law, the lawyers were bitterly divided,” he said.

The debate turned on whether the document dumps could be seen as “coercion,” he said.

The manual sets down the consensus understanding of the law, reached by the authors — many of whom have held positions as legal or military officials in NATO member states. But it does not represent the views of anyone except its authors in their personal capacities.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts