Article contents
Cyber conflict and international humanitarian law
Published online by Cambridge University Press: 01 May 2013
Abstract
Conflict in cyberspace refers to actions taken by parties to a conflict to gain advantage over their adversaries in cyberspace by using various technological tools and people-based techniques. In principle, advantages can be obtained by damaging, destroying, disabling, or usurping an adversary's computer systems (‘cyber attack’) or by obtaining information that the adversary would prefer to keep secret (‘cyber espionage’ or ‘cyber exploitation’). A variety of actors have access to these tools and techniques, including nation-states, individuals, organized crime groups, and terrorist groups, and there is a wide variety of motivations for conducting cyber attacks and/or cyber espionage, including financial, military, political, and personal. Conflict in cyberspace is different from conflict in physical space in many dimensions, and attributing hostile cyber operations to a responsible party can be difficult. The problems of defending against and deterring hostile cyber operations remain intellectually unresolved. The UN Charter and the Geneva Conventions are relevant to cyber operations, but the specifics of such relevance are today unclear because cyberspace is new compared to these instruments.
- Type
- How are New Technologies Changing Modern Warfare?
- Information
- International Review of the Red Cross , Volume 94 , Issue 886: New Technologies and Warfare , June 2012 , pp. 515 - 531
- Copyright
- Copyright © International Committee of the Red Cross 2013
References
1 The intellectual content of this report is drawn primarily from National Research Council (NRC), Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, William Owens, Kenneth Dam, Herbert Lin (eds.), National Academies Press, Washington, DC, 2009, available at: http://www.nap.edu/catalog.php?record_id=12651. All internet references were accessed in August 2012, unless otherwise stated.
2 Department of Defense, ‘2006 National Military Strategy for Cyberspace Operations’, available at: http://www.dod.mil/pubs/foi/joint_staff/jointStaff_jointOperations/07-F-2105doc1.pdf.
3 This definition implies that ‘armed conflict’ or ‘military conflict’ are subsets – and only subsets – of the broader term ‘conflict’, which may entail a conflict over economic, cultural, diplomatic, and other interests as well as conflict involving military matters or the use of arms.
4 For a primer on Stuxnet, see ‘Cyberattacks on Iran – Stuxnet and Flame’, in The New York Times, 9 August 2012, available at: http://topics.nytimes.com/top/reference/timestopics/subjects/c/computer_malware/stuxnet/index.html?scp=1-spot&sq=stuxnet&st=cse.
5 See NRC, above note 1, box 3.4.
6 As this article goes to press, the American security firm Mandiant released on 19 February 2012, a detailed report concluding that a special unit of the Chinese People's Liberation Army is responsible for a large fraction of the cyber intrusions conducted against American corporations, organizations, and government agencies. See http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.
7 Jackson, William, ‘Cyberattacks in the present tense, Estonian says’, in Government Computing News, 28 November 2007Google Scholar, available at http://www.gcn.com/online/vol1_no1/45476-1.html.
8 Lynn, William, ‘Defending a new domain: the Pentagon's cyberstrategy’, in Foreign Affairs, Vol. 89, No. 5, September–October 2010Google Scholar, available at: http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain.
9 Henckaerts, Jean-Marie and Doswald-Beck, Louise (eds), Customary International Humanitarian Law, Volume I: Rules, ICRC/Cambridge University Press, Cambridge, 2005CrossRefGoogle Scholar, available at: http://www.icrc.org/eng/war-and-law/treaties-customary-law/customary-law/index.jsp.
10 See Cordula Droege, ‘Get off my cloud – Cyber warfare, international humanitarian law and the protection of civilians’ in this edition of the Review.
11 Additional Protocol I of 1977 (hereafter AP I), Art. 48; and see J.-M. Henckaerts and L. Doswald-Beck (eds), above note 9, rule 7.
12 AP I, Art. 52(2).
13 Communications facilities and power grids could be considered examples of dual-use entities. The legality of deliberately targeting dual-use entities is not explicitly addressed in the text of the Geneva Conventions or the Additional Protocols thereto. However, the ICRC Commentary of the Additional Protocols of 1977 (commentary of Art. 52(2)), para. 2023, suggests that attacks on such entities are permissible, although the proportionality test for an attack must be satisfied as well. Attacks on such entities conducted with the intention of injuring civilians or damaging civilian property would not be legitimate, but making that determination is difficult.
14 AP I, Art. 58. See also J.-M. Henckaerts and L. Doswald-Beck (eds), above note 9, rules 22–24.
15 As codified in AP I, Art. 51(5)(b) and Art. 57(2)(a)(iii); see also J.-M. Henckaerts and L. Doswald-Beck (eds), above note 9, rule 14.
16 AP I, Art. 51(5)(b).
17 AP I, Art. 51(3).
18 Woodard, Colin, ‘Estonia, where being wired is a human right’, in The Christian Science Monitor, 1 July 2003Google Scholar, available at: http://www.csmonitor.com/2003/0701/p07s01-woeu.html.
19 ‘Top French court declares internet access “basic human right”’, in FoxNews.com, 12 June 2009, available at: http://www.foxnews.com/story/0,2933,525993,00.html.
20 ‘Spain govt to guarantee legal right to broadband’, in Reuters, 17 November 2009, available at: http://www.reuters.com/article/2009/11/17/spain-telecoms-idUSLH61554320091117.
21 ‘1Mb Broadband access becomes legal right’, in Yle Uutiset, 14 October 2009, available at: http://yle.fi/uutiset/1mb_broadband_access_becomes_legal_right/1080940.
22 ICJ, Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, 8 July 1996, ICJ Reports 1996, para. 25; ICJ, Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 9 July 2004, ICJ Reports 2004, paras. 106–113; ICJ, Armed Activities on the Territory of the Congo (Democratic Republic of the Congo v. Uganda), Judgement, 19 December 2005, ICJ Reports 2005, para. 216.
23 UN Human Rights Committee, General Comment No. 31, CCPR/C/21/Rev.1/Add.13, 26 May 2004, para. 11.
24 RAND, Dangerous Thresholds: Managing Escalation in the 21st Century, 2008, available at: http://www.rand.org/pubs/monographs/2008/RAND_MG614.pdf.
25 Rattray, Gregory and Healey, Jason, ‘Categorizing and understanding offensive cyber capabilities and their use’, in NRC, Proceedings of a Workshop on Deterring Cyber Attacks: Informing Strategies and Developing Options for U.S. Policy, National Academies Press, Washington, D.C., 2010, pp. 77–98Google Scholar, available at: http://www.nap.edu/catalog/12997.html.
26 Lin, Herbert, ‘Responding to sub-threshold cyber intrusions: a fertile topic for research and discussion’, in Georgetown Journal of International Affairs, Special Issue, International Engagement on Cyber: Establishing International Norms and Improved Cybersecurity, 2011, pp. 127–135Google Scholar.
27 See NRC, above note 1.
28 See Idem., recommendations 2 and 3.
- 18
- Cited by