Recent Air Force Law Review discusses Cyberlaw

by Carl Bergquist
Air University Public Affairs

11/20/2009 - MAXWELL AIR FORCE BASE, Ala. -- Volume 64 of the Air Force Law Review is now available in hardcopy and online. Published this year, it is sub-titled the "Cyberlaw Edition."

Largely the result of a symposium held at the Judge Advocate General School at Maxwell Air Force Base, the edition addresses many of the issues involving the cyber domain.

"About a year ago, we held a symposium here [Maxwell], and cyberlaw was discussed," Capt. Scott Hodges, a JAG School Professional Outreach Division instructor, said. "It was decided during the symposium to do some research and write some literature on the subject."

The captain said a "big focus" of the symposium was Russia using cyber warfare against the nation of Georgia before actually attacking the country. The Cyberlaw Edition investigates that and many other issues involving cyberspace, such as when does a computer attack equate to an act of war?

In addressing that question, Air Force Maj. Graham Todd, one of the Cyberlaw Edition authors, said the European Union's Convention on Cybercrime is an international treaty intended to create consistency in criminal laws related to internet activity. Specifically, the convention provides that parties involved will adopt laws that criminalize cyberspace crimes such as unlawful access, unlawful interception and interfering with data or systems.

"The U.S. Department of Defense defines a computer network attack as, 'Actions taken through the use of computer networks to disrupt, deny, degrade or destroy information resident in computers and computer networks, or the computers and networks themselves," he said in Volume 64. "Whether a cyberspace crime or a cyberspace attack, the goal is to affect someone else's data, or use data to affect property."

Air Force Lt. Col. Joshua Kastenberg, another author for the Cyberlaw Edition, brought up the ramifications of private U.S. companies allowing the country of Georgia to use their systems to help keep the country's communications links open. Would this bring those companies into the conflict?

He said the owner of TSHost, or Tulip Systems, an Atlanta, Ga., based Web hosting company, offered the use of their systems to the government of Georgia, and Georgian officials transferred critical government internet services to Tulip servers in the United States.

"In an admission, the TSHost chief executive officer stated the company had volunteered its servers to 'protect' the nation of Georgia's internet sites from malicious traffic," he said in the report. "TSHost further revealed that after it relocated Georgian Web sites to the United States, attacks traced to Moscow and St. Petersburg ensued against TSHost servers."

A third author, Air Force Lt. Col. Patrick Franzese, maintains that cyberspace is not a common domain, and countries throughout the world can and should regulate the domain to prevent cyberspace attacks.

"The United States can choose to take the lead in recognizing and establishing state sovereignty in cyberspace," he stated. "By establishing state sovereignty in cyberspace, the United States, as well as other states, will develop the framework to consider other cyberspace issues."

Captain Hodges said one of the purposes of the articles in Volume 64 is to bring up issues for debate and thought, but he noted the articles don't always give answers to the issues addressed. He said copies of the report went to all law schools and all Air Force legal offices, and it is hoped Volume 64 will stimulate additional research and study on cyberlaw.

"As for us at the JAG School, we want people to be aware the Cyberlaw Edition is out there for their use," he said. "Volume 64 of the Law Review can be obtained by emailing me at, and can also be found on the Web at"