By: Dan Efrony
By way of introduction, please tell me a little about your background and your career prior to joining the academia.
In a way, this is my third career. My first was with the Israel Defense Forces’ Intelligence Corps and my second was with the IDF Advocate General Corps. Altogether, I spent close to 40 years in uniform, most of which involved commanding troops and junior officers. In my last two roles as Deputy and then Military Advocate General (MAG), I was instrumental in establishing and overseeing the Israel Defense Forces’ positions on various international law matters during several armed conflicts, among many other issues. Additionally, I was at the center of our exploratory work conducting, studying, and contemplating various aspects relating to cyberspace and military activities in that domain.
How did you get into academia?
On my retirement at the end of 2015, I had to make one more personal and important decision: whether to take the same avenue as most of my predecessors had taken, i.e. to consider an appointment as a district judge or head of the Military Court of Appeals, or to choose a different avenue. I wanted to combine the pursuit of new knowledge and intellectual stimulation of exploring new legal horizons while teaching others and sharing with them some of my expertise and accumulated knowledge and thoughts. That combination is best accomplished in academia – and a wonderful opportunity presented itself to me in the form of a position with the Cyber Security Research Center and the Faculty of Law of the Hebrew University.
What is the subject of your research? Please give us an example or two.
It is a joint research with Prof. Yuval Shany. The research is about the extent to which the Tallinn Manuals’ premises and rules are accepted by the international community as reflecting the current international law (lex lata). We are currently endeavoring to identify which of the main proposed rules reflect or might reflect emerging state practice, and which should be reconsidered. At times, we seek to propose a different and more suitable interpretation of the current law to the situation in question. At times, through careful analysis, the situation is so complex that it could require a new international norm to be established in the future. An example of the former might be broadening the test of scale and effects set by the International Group of Experts in the Tallinn Manuals, relying on the Nicaragua Judgment, so that cyber operation would constitute an “armed attack” or “attack,” including in the event of severe damage to national data storage. An example of the latter could be the formulation of a “golden rule” or mechanism for attributing responsibility and enforcing the law in the complex cyber environment.
How did you select this subject? To what extent did your personal / professional background lead you to this subject? Have you had to deal with these matters during your military career?
To give credit where credit is due, Prof. Yuval Shany played an instrumental role in setting the course for this research, which we are pursuing jointly. This subject resonated powerfully with me, as it is paramount to the military sphere, which is increasingly being conducted and controlled in cyber.
The cyber sphere, which has been called the fifth domain, is a digital and virtual domain that extends all over the other domains: land, air, sea, and outer space. In recent years, it has become an indispensable component of any significant activity in any of these domains.
Unsurprisingly, cyber security and cyber operations have become a top priority, primarily in the national agenda. Thus, many nations have already taken important steps to confront the risks and challenges raised by this phenomenon. Israel is no exception, and in my capacity as the MAG, I was part of that process in the IDF.
Questions relating to the use of force and the laws of armed conflict are complex. In what ways does cyber space increase the complexity of these questions?
Territorial boundaries and the ability to identify perpetrators are fundamental concepts in establishing accountability according to International Law. Both are often absent in the cyber domain, undermining well-established principles such as sovereignty, nonintervention, due diligence, state responsibility, and so forth. Having said that, it the powerful nations in cyber seem to face a Catch-22 situation. On the one hand, they are interested in regulating this domain in order to avoid a Wild West-type scenario. On the other hand, setting tough restrictions on cyber capabilities and on its anonymous use, i.e. below the radar, would significantly reduce the power of these stronger nations and weaken their deterrence, with ramifications for all the players: states, non-state actors, and even common cyber criminals.
In your view, what is the appropriate solution to this complicated situation?
The best solution would seem to be new tailor-made regulation based on a multinational convention with a practical mechanism of enforcement, which would overwhelm the difficulty of attribution. A key component to reach such a solution is mutual trust, particularly among the superpowers in the international community.
Due to the global geopolitical situation and its adverse ramifications around the world, including the strategic balance of powers among the superpowers and their allies, this would seem to be an unrealistic solution, since mutual trust is beyond reach currently and for the foreseeable future. A simple and immediate example of this complex reality is the politically-motivated intrusion into the DNC’s server during the US elections and the official American response attributing the responsibility to the Russian political leadership. This interference ostensibly occurred despite a binding bilateral agreement from 2013 establishing a hotline between the American and the Russian leaderships, as well as other confidence-building measures to strengthen cyber security cooperation.
Thus, the international community headed by its superpowers – essentially the US, Russia, China, and the EU - should finally internalize the fact that international cooperation based on mutual trust, or at least an objective mechanism to impose it, is essential for the safety of mankind and of each nation. The sooner this happens, the better for all of us.
Until this dream comes true, every nation should contribute consistently to achieve it as soon as possible and, in the meantime, invest its best resources to assure full defense in its cyber security realm.
What are your personal/professional plans in the next stage?
I am still at an early stage and there is a lot to be done. The challenge at hand is both fascinating and daunting. At the research center, we are endeavoring to satisfy our intellectual curiosity, trying to explore the “known unknowns” in cyberlaw, and to maximize our contribution to the legal research and the legal international dialogue. In parallel to my academic work, I am working nowadays on an entrepreneurship business plan combining advance technology innovations. As this isn’t complete yet, I will leave it there.
And your message?
Every era is fascinating with its innovations. One thing that is the common ground of all eras is the ability of mankind to use or abuse new knowledge, for its benefit or its destruction. However, what differentiates our era from former eras is the power, volume, and speed with which technology is evolving, converting fiction into reality. Highly sophisticated technology is readily accessible to everyone, and the accompanying risks are enormous, immediate, and very tangible.
Since the mid-twentieth century, the international community has been wise enough to contain the risks reflected from its new developments such as in the nuclear, chemical, and biological realms. It has been achieved by multinational cooperation.
That wisdom is needed urgently for cyber weapons too.