Stuxnet, Schmitt Analysis, and The Cyber Use of Force Debate
Air War College Maxwell Air Force Base United States
Pagination or Media Count:
One of the many vexing issues surrounding cyberspace involves whether peacetime cyber operations can constitute a prohibited use of force under Article 24 of the U.N. Charter. Among the analytic frameworks developed to address this issue, one of the most enduring is the so-called Schmitt Analysis. It is also the only model that purports to adhere to preexisting legal norms, including Article 24. The framework consists of seven factors that states are likely to consider when characterizing cyber attacksseverity, immediacy, directness, invasiveness, measurability, presumptive legitimacy, and responsibility. When the framework first debuted in 1999, however, there were few clear examples of state cyber coercion and the prospect of cyber-induced physical damage was largely theoretical. In light of several recent instances of suspected state cyber coercionculminating in damage to Iranian nuclear facilities by the Stuxnet wormit is now worth evaluating the frameworks continued utility.