The word “war” probably brings up images of a battlefront. Guns pointed at the ready. Men in uniform standing with grim expressions. Tanks. Bombs. Grenades. Covering fires. Firing. Trenches. Hiding. Escaping. Running. Some dead. Some alive. Some just barely around the corner.
While you’re thinking that this is perhaps the sole form of war that’s been ubiquitous throughout much of the world’s history, war has also evolved with technology. I don’t mean the on-field weaponry and artillery – but the very battlefield itself that has transformed into a bloodless, weapon-less hub of warfare: the Internet.
States in the world face a very real threat in this day and age in the form of cyber attacks. With the world becoming increasingly dependent on computers and computer networks at every level, and paperwork increasingly going digital, war has also made a shift to the realm of cyberspace. Hostile states, non-state actors and individuals have not only taken to the internet as a means of expressing themselves, but have also created a hotbed of conflict. These entities have taken to targeting computer systems and databases of their “enemy” countries, hacking into their information for whatever reason. Starting 2007, when Estonia faced an attack, with Georgia following suit the very next year, and most recently, in 2010, Iran, cyber attacks have definitely come to stay.
Cyber attacks are of many different kinds. While on the one hand, they can cause physical damage that can be likened to the damage emanating from conventional weapons, it can also destroy the operating systems of a state – right from causing aircraft and spacecraft crashes, to destroying the edifice of a nuclear power plant’s operating capacity. Cyber attacks can single-handedly stultify websites and the functioning capacities of databases – not to forget even manipulating the contents of the databases to the advantage of the attacker. They can destroy a nation’s financial system, and mess with a country’s military defence systems. Cyber attacks need not necessarily have physical effects, although physical effects can stem as a consequence to the attack itself.
As it stands now, Public International Law does not have any mechanism in place to handle cyber attacks. Save for Article 2(4) of the UN Charter and customary norms that prohibit the use of force, no legal rules prohibit anything besides armed force. Article 51 of the UN Charter allows self-defence only against an armed attack. Doubtless, therefore, cyber attacks fall out through the holes in the net – because no one uses arms in a cyber attack. (Physically destroying computers don’t count.)
With cyber attacks falling out of the ambit of Article 2(4) and Article 51 of the UN Charter, and allied norms of customary international law dealing with principles, the next branch that one can turn to is International Humanitarian Law.
Built on the principles of jus ad bellum, much of the contents of International Humanitarian Law deal with a time when the world was faced by a massive force comprising weapons and destructive anti-humanist policies. Consequently, the scope and ambit of International Humanitarian Law has been confined largely to grave armed attacks and the commission of what are now understood to be war crimes.
Cyber war can challenge significantly, many aspects of International Humanitarian Law – right from the question of distinction, proportionality, civilian protection, civilian objectives and the like. There is also an element of difficulty in estimating the very occurrence of “cyber war” in that there are huge differences in battlefield dynamics. Cyber war does not create refugees, nor are there civilians and health personnel on field that need to be segregated from armed or enemy combatants in the strictest sense of the term. The Geneva Conventions and their Additional Protocols do not mention anything about cyber warfare or computer network attacks, whatsoever. Nevertheless, one cannot dismiss International Humanitarian Law as totally inapplicable – in that they are not confined to situations that existed only when they were adopted.
When one peruses the contents of the entire universe of International Humanitarian Law, it does appear that it could have possibly evinced a world where technology would evolve enough to significantly alter the interface and realm of war. Cyber war has the potential to affect civilians and alter their lives by hitting their means of survival – and that outcome itself is enough to bridle it under International Humanitarian Law. The only difference lies in that cyber warfare is not kinetic warfare, physical warfare or simply overt warfare as conventional war is. But this alone is not enough to dismiss it as falling beyond the scope and ambit of International Humanitarian Law.
When computers and computer networks are deployed to extract, discover, alter, affect, disrupt or transfer data in any computer or database, through the manipulation of such system or network, a cyber attack is said to occur. The element of proportionality and distinction under International Humanitarian Law can, and do play a role in this. Under International Humanitarian Law, it is necessary to distinguish between military targets and civilians, and in doing so, to be proportionate in the use of force, and, to be justified by an acceptable military gain. Though the means differ in cyber war, they are capable of being subjected to these rules. The deployment of a cyber attack with a military objective is legal if it adheres to International Humanitarian Law.
But this is not to mean that this legal system suffices entirely. Computer networks can cause impacts that are intangible, difficult to understand and difficult to discern. One can, therefore, look at International Humanitarian Law as being useful in offering a beginning of sorts. The core value that civilians should be protected, and their livelihoods, environment and cultural property should not be targeted is a principle that is as applicable to cyber war, as it is to conventional war. Treating this as a basic level, or a beginning, it is important to start making inroads into understanding the difference between both kinds of warfare, and, to start making efforts to prune the law to address the specific challenges that cyber warfare can throw. When you have no means to tackle an issue under a given regime, it is a wise idea to stretch the extant principles to cover the issues as best as possible in the interim – rather than always. This is a first step of sorts, because evaluating International Humanitarian Law will help point in the direction of revealing the drawbacks in the present legal system, to make rectifications for the future.
About the Author: Kirthi Jayakumar is the Founding Editor of A38.