Cyber Warfare

Abstract

The advent of the Internet, and interconnected computer networks more generally, has impacted society in innumerable ways. Yet this new form of interconnectivity is a double-edged sword, turning dependency into vulnerability. As recent cyber attacks in past years have shown, the ability to cause havoc with far-reaching ramifications is a valid concern commanding worldwide attention. Countries from all regions have responded with increased development of their cyber capabilities, opening up a new military domain alongside land, sea, air, and space. Cyber warfare is not a legal term based on authoritative sources. Rather the concept is used loosely to describe an array of harmful actions carried out by states in cyberspace, through government instrumentalities or groups whose conduct can be attributed to said states, targeting computer networks in the context of an armed conflict or during peacetime. The latter term has also been employed to describe attacks by nonstate actors without state involvement. Cyber warfare should be distinguished from germane phenomena, namely, cyber crime, which constitutes domestic legislation prohibiting private persons from engaging in certain conduct and international tools outlining judicial cooperation, and cyber espionage, which may be state-sponsored activity but is centered on the gathering of sensitive information. Understood in this broad sense, cyber warfare can conceivably fall within the purview of several areas of international law. Determining the international legal implications of a computer network operation fundamentally rests on two preconditions: the first is whether an international obligation has been breached, for instance, the principle of nonintervention in the internal affairs of states; the second is whether the attack can be attributed to a state, which is difficult to prove because of the technical design of the Internet. Certain egregious cyber attacks can trigger the application of the law governing the use of force and/or the law of armed conflict. With respect to both normative frameworks, a lively debate is ongoing as to the relevant thresholds of harm to life and property and how to ensure respect for cardinal principles, such as distinction and proportionality. Other branches of international law have also been singled out either because they concurrently apply to cyber operations (e.g., telecommunications and space law) or because they have potential relevance as models for future cyber security norms (e.g., law of the sea, international environmental law, and international criminal law). Faced with lacunae in contemporary international law or unsatisfactory outcomes, the international community and jurists have voiced many proposals for reform ranging from treaties to soft law guidelines.