Wednesday, March 30, 2016

Law and Diplomacy in the South China Sea

We tend to distinguish, at least for analytical purposes, law, diplomacy, and the use of force as tools for the conduct of foreign policy. Each typically gets a separate chapter in the international relations textbooks and a separate week on the syllabus of the typical introductory IR course. But, as a story by Helene Cooper in today's New York Times illustrates, this can be misleading. In reality, the military may provide the means by which legal claims are asserted, naval officers may be required to engage in diplomacy while on alert, and a ruling by an international arbitration panel may nudge the world toward war.

Cooper's reporting from on board the U.S.S. Chancellorsville (CG 62), a U.S. Navy guided-missile cruiser, recounts the ship's participation in a freedom of navigation (FON) exercise in the South China Sea. Her story, which includes conversations between the Chancellorsville's officers and those on a Chinese ship tailing the Chancellorsville, provides a glimpse of the legal/diplomatic/military confrontations that are taking place with increasing frequency as China attempts to establish a claim to sovereignty over much of the South China Sea even as the United States attempts to rebut that claim.

Today U.S. Deputy Secretary of Defense Robert Work told reporters that the U.S. has told China it will not recognize an air defense identification zone (ADIZ) in the South China Sea should one be declared there. "We have spoken quite plainly to our Chinese counterparts and said that we think an ADIZ would be destabilizing. We would prefer that all of the claims in the South China Sea be handled through mediation and not force or coercion," Work said. Transits through the South China Sea like the one conducted by the Chancellorsville are how the United States backs up its verbal representations to the Chinese.

Thursday, March 24, 2016

Lawfare in Cyberspace

Attorney General Loretta Lynch today announced a federal indictment against seven Iranians believed to be responsible for distributed denial of service (DDOS) attacks against several large American financial institutions. The attacks began in December 2011 but became much more intense in December 2012. The indictment also accuses one of the Iranians of hacking into the control system of Bowman Dam in Rye, New York in August and September of 2013, a more worrisome attack because of its potential to threaten lives.

While the indictment does not specifically accuse the Iranian government of being behind the attacks, it does note that the accused "were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Iranian Revolutionary Guard Corps." At the time of the attacks, computer security experts speculated that Iran was retaliating for a series of sophisticated cyberattacks (beginning with Stuxnet but also including Duqu and Flame) most likely engineered by the U.S. and Israeli governments. Those attacks destroyed centrifuges being used to enrich uranium for Iran's nuclear weapons program.

The indictment was brought some time ago by a grand jury in the Southern District of New York but only unsealed today. It is possible the indictment was sealed in order to avoid complicating the negotiations that resulted in the Joint Comprehensive Plan of Action last July by which Iran agreed to halt efforts to develop nuclear weapons. January 16, 2016, marked "Implementation Day" when, having verified Iran's compliance with the JCPOA, the other parties to the agreement (the United States and other UN Security Council and European Union states) lifted a variety of sanctions against Iran.

Today's announcement suggests that the United States intends to continue to use legal means to address cyberattacks emanating from state or state-sponsored actors. It follows on an indictment announced in May 2014 of five Chinese military officers affiliated with the 61398 hacker group, a unit of China's People's Liberation Army. Similar uses of the law in conflicts are addressed in a recently published book by Orde F. Kittrie entitled Lawfare: Law as a Weapon of War (Oxford University Press, 2016).

For more on the indictment unsealed today, see this story in the New York Times by David Sanger.

Tuesday, March 22, 2016

Fair Warning

Donald Trump and Ted Cruz have suggested that torture works. If by "works" they mean that it dehumanizes both the tortured and the torturers, they're right. That, at least, is the conclusion that Eric Fair, who worked as an interrogator for the U.S. Government in Iraq, draws in this op-ed piece published in the New York Times.

Friday, March 04, 2016

Berta Cáceres (1973-2016)

Ilisu (Turkey) . . . Three Gorges (China) . . . Glen Canyon (United States) . . . Itaipu (Brazil/Paraguay) . . . Sardar Sarovar (India). These are some of modern history's most controversial dam projects. Each one promised electrical power, flood control, water for irrigation, and more. But each one also threatened to destroy human communities, wildlife habitats, cultural artifacts, and more.

Add to the list Agua Zarca (Honduras), a planned series of four large dams on the Río Gualcarque. On Thursday the river lost one of its most determined defenders, Berta Cáceres. In a town called "Hope" (La Esperanza), Ms. Cáceres was assassinated by armed men who invaded her home as she slept.

Cáceres was the co-founder of an organization called the Council of Indigenous Peoples of Honduras (Copinh). A member of the Lenca ethnic group--the largest in Honduras--Cáceres led Copinh through years of protests against the plan to dam a river the Lenca deemed sacred. At times, Copinh filed legal challenges and lobbied the government to try to prevent the dams from being built. At other times, protesters physically blocked construction crews from gaining access to work sites. The efforts Cáceres made to try to stop the project gained international recognition last year when she was awarded the prestigious Goldman Environmental Prize

Ms. Cáceres, who was 44 at the time of her death, had four children. She had been threatened with rape and death, she had been followed, and several of her supporters had been killed. No suspects had ever been arrested for the killings or for the threats. After a visit in December 2013, the Inter-American Commission on Human Rights noted "a complete absence of the most basic measures to address reports of grave human rights violations in the region." As in Nigeria, Ecuador, Sudan, and Myanmar where oil interests colluded with corrupt governments to violate the rights of indigenous peoples, those supporting the Agua Zarca project in Honduras appear to have turned the government against its own people. Regardless of who actually killed Berta Cáceres, the Honduran government bears responsibility for its failure to protect her and for its failure to pursue justice in the cases of the other peaceful protesters who have been murdered.

For more on the work done by Cáceres and Copinh in an effort to stop the construction of dams on the Río Gualcarque, watch this brief video portrait from the page dedicated to Cáceres on the Goldman Environmental Prize website.

Tuesday, March 01, 2016

Power Outage

The power is out on my street today. The outage was announced well in advance and the reason for the outage is clear: a Southern California Edison crew is replacing a transformer in a vault beneath the street. But even as Edison upgrades the local network's hardware, the Department of Homeland Security is again warning U.S. power companies about software vulnerabilities.

A cyberattack--as yet unattributed, although Russia is clearly the primary suspect--caused the power outage that affected 225,000 people in Ukraine on December 23, according to investigators in the United States. Hackers stole the credentials of system operators and used their access to the industrial control systems of three regional energy distribution companies to flip breakers and shut off the flow of power. A denial-of-service attack simultaneously blocked phone calls into energy distribution centers (to keep operators from knowing the extent of the outage) and malware prevented those centers from switching to backup power supplies.

The basic design of the attack on Ukraine's power grid, which involved infiltrating a network, mapping it, and gaining control of a supervisory control and data acquisition (SCADA) system, resembles the Stuxnet attack that damaged centrifuges being used in Iran's nuclear weapons program in 2010. Stuxnet is widely believed to have been the work of the U.S. and Israeli governments, although neither has acknowledged responsibility.

The warning distributed by Homeland Security's Industrial Control Systems-Cyber Emergency Response Team follows similar warnings issued by analysts in the private sector. The possibility of taking down a power grid via a cyberattack has long been theorized. Last year, a study co-produced by the University of Cambridge Centre for Risk Studies and insurance giant Lloyd's calculated that a cyberattack on the power grid in the northeastern United States could result in financial losses of a trillion dollars or more. It is worth noting, however, that the attack in Ukraine in December is the first actually to cause a power outage.

No one thinks it will be the last.