In September, Professor Mike Schmitt engaged three times with members of the armed forces on international security law issues. He first addressed military legal advisers from around the world attending the Legal Aspects of Maritime Security Operations Workshop that was sponsored by the Defense Institute of International Legal Studies (DIILS). Professor Schmitt spoke on remotely-conducted offensive cyber operations into other countries, focusing on the US cyber strategy of “Defending Forward.”  DIILS is the US government agency responsible for defence cooperation and education programs for foreign military lawyers.

Professor Schmitt next addressed US Naval War College (NWC) students on the international law governing targeting during armed conflict.  NWC is a post-graduate institution that hand-picked senior US and international military officers attend to study national security matters for a year. In 1996, while serving in the United States Air Force, Professor Schmitt graduated first in his class from the institution and before joining the University of Reading he was Chairman of the NWC’s Stockton Center for International Law. Finally, Professor Schmitt returned to the subject of cyber affairs when he served as the closing speaker for NATO officers attending the International Cyber Law Seminar at NATO’s Cooperative Cyber Defence Centre of Excellence, where he is presently a Senior Fellow. His topic was the future of international cyber law.

The School of Law took its Executive Course in International Cyber Law to Southeast Asia from 19-26 August. The six-day virtual course, which is co-directed by Professor Mike Schmitt and sponsored by the governments of Australia, the Netherlands, and Singapore, is the online version of an in-resident program that the Law School hopes to begin offering again throughout the world next year.

The Executive Courses address issues ranging from the protection of human rights online to the prohibitions on intervention and the use of force in international relations. The course is of particular importance at the present time as it deals with cyber operations by states or non-state groups that conduct cyber operations related to the COVID-19 pandemic, such as COVID-19 vaccine cyber espionage and cyber-attacks against the World Health Organization and other medical organizations and facilities.

The Executive Course is designed for government officials and sponsored by various nations. This iteration brought together officials with a cyber portfolio from Brunei, Indonesia, Laos, Malaysia, Myanmar, Singapore, Philippines, Thailand and Vietnam. It was sponsored by Australia, the Netherlands and Singapore.

Additionally, Professor Schmitt directed a one-day seminar on cyber law for Vietnamese officials on 27 August. Attended by 30 officials from throughout the government, the Netherlands and the European Union sponsored the event in collaboration with the Government of Vietnam.

Professor Mike Schmitt’s co-authored article with Professor Yuval Shany of Hebrew University entitled ‘An International Attribution Mechanism for Hostile Cyber Operations’; has been published by International Law Studies. The article is the result of an international research project organised by the Federmann Cyber Security Research Center at Hebrew University to consider the feasibility of establishing an international attribution mechanism for hostile cyber operations, as well as the usefulness of such a body. Mike and Yuval observe that, at present, states wielding significant cyber capability have little interest in creating such a mechanism. These states appear to be of the view that they can generate sufficient accountability and deterrence based on their independent technological capacity, access to expertise and to offensive (active defense) cyber tools, political clout, security alliances, and other policy tools, such as sanctions. However, countries with limited technological capacity and less ability to mobilize international support for collective attribution are more amenable to the prospect. To date, proposals to establish an international attribution mechanism have not acquired momentum. However, the article suggests that progress remains possible by focusing on the three logical constituencies for such a body—States with limited technological, intelligence, and diplomatic capacity; States interested in generating broad collective attribution of attacks perpetrated against them; and international and regional organizations operating a cyber-related sanctions regime. Such a focus, combined with greater granularity, would significantly improve the prospects for the establishment of an international attribution mechanism and its eventual utilization by the international community.

Professor Mike Schmitt’s article ‘Taming the Lawless Void: Tracking the Evolution of International Law Rules for Cyberspace’ has been published in the Summer edition of the Texas National Security Review. The online version is available here.

Professor Mike Schmitt spoke on ‘Global Internal Law Capacity Building’ on the 14^th of July at the ‘Closing the Gap’ virtual conference convened by the European Union Institute Security Studies.  A recording of the presentation can be found here.

From the 6^th to the 13^th of June, Professor Mike Schmitt co-directed a virtual workshop on International Cyber Law for officials from across the Indonesian government. The event, which was sponsored by Australia’s Department of Foreign Affairs and Trade, is part of a continuing cyber law capacity-building effort by numerous nations that the School of Law certifies as Executive Education.

On 13 June, Professor Schmitt conducted a virtual seminar on international cyber law for judge advocates (legal advisers) of the US Army Reserve Legal Command’s 10^th Legal Operations Detachment, which is composed of lawyers across the United States who deal with operational law issues.  The seminar focused on the development of the international law of cyberspace, the prospects for development of that body of law through treaty, and contentious issues, especially with regard to identifying those cyber operations that violate international law and the appropriate legal responses to them.

The seminar was part of an on-going University of Reading School of Law effort to work with legal and policy practitioners throughout the world who deal with international law issues, including, but not limited to, cyber operations.  As part of that effort, four US and British military officers are now enrolled as Reading Law postgraduates and the Law School conducts cyber law capacity-building Executive Courses for international officials. Next on the agenda for the latter program is a 3-day virtual workshop for “Women in International Security and Cyberspace” in early July. Over twenty countries will be represented in this workshop that is sponsored by the Australian Department of Foreign Affairs and Trade (DFAT). The same month, a six-day virtual course will be held for Indonesian officials with a cyber portfolio, again sponsored by DFAT.

On 11 June, Professor Mike Schmitt delivered the third and final international cyber law webinar for attorneys and other policy personnel from throughout the Australian government who deal with cyber matters. The half-day virtual session dealt with the prohibition on cyber uses of force, self-defence in cyberspace and cyber operations during an armed conflict. Earlier sessions dealt with such topics as sovereignty and intervention in cyberspace, as well as the legal responsibility of states for cyber operations conducted by non-state actors. The Australian Department of Foreign Affairs and Trade (DFAT) sponsored the professional development webinars. DFAT is a major sponsor of cyber capacity-building throughout the Asia-Pacific region and the University of Reading School of Law certifies its legal workshops, which Professor Schmitt directs, as Executive Education Courses.