Distinguishes between two forms of “hostile action[s] against a computer system or network:” cyber-attack and cyberexploitation. Author Herbert Lin defines the former as a destructive and deliberate act performed to render an adversary’s computer system or network useless. Cyberexploitation is nondestructive, and refers to “clandestine” interventions that attempt to obtain confidential information without disrupting “normal functioning.” The article proceeds to compare the methods of access, payload, effects, and potential objectives of offensive cyber operations. Despite these differences, however, the ambiguity of cyber operations (i.e. issues of attribution, scope, and scale) can muddle cyber-attacks with cyberexploitation – with major consequences for the targeted party. The primary question follows: “what actions constitute demonstration of hostile intent?” The United Nations Charter prohibits the use of force between states, but inconsistencies in the definition of “force” may limit the ability to respond to potential provocations. Because of this, Lin suggests analysts and policy makers familiarize themselves with the existing legal landscape.
