Cyber Warfare

by

Marco Benatar

• LAST REVIEWED: 02 November 2017
• LAST MODIFIED: 27 March 2014
• DOI: 10.1093/obo/9780199796953-0087

Introduction

The advent of the Internet, and interconnected computer networks more generally, has impacted society in innumerable ways. Yet this new form of interconnectivity is a double-edged sword, turning dependency into vulnerability. As recent cyber attacks in past years have shown, the ability to cause havoc with far-reaching ramifications is a valid concern commanding worldwide attention. Countries from all regions have responded with increased development of their cyber capabilities, opening up a new military domain alongside land, sea, air, and space. Cyber warfare is not a legal term based on authoritative sources. Rather the concept is used loosely to describe an array of harmful actions carried out by states in cyberspace, through government instrumentalities or groups whose conduct can be attributed to said states, targeting computer networks in the context of an armed conflict or during peacetime. The latter term has also been employed to describe attacks by nonstate actors without state involvement. Cyber warfare should be distinguished from germane phenomena, namely, cyber crime, which constitutes domestic legislation prohibiting private persons from engaging in certain conduct and international tools outlining judicial cooperation, and cyber espionage, which may be state-sponsored activity but is centered on the gathering of sensitive information. Understood in this broad sense, cyber warfare can conceivably fall within the purview of several areas of international law. Determining the international legal implications of a computer network operation fundamentally rests on two preconditions: the first is whether an international obligation has been breached, for instance, the principle of nonintervention in the internal affairs of states; the second is whether the attack can be attributed to a state, which is difficult to prove because of the technical design of the Internet. Certain egregious cyber attacks can trigger the application of the law governing the use of force and/or the law of armed conflict. With respect to both normative frameworks, a lively debate is ongoing as to the relevant thresholds of harm to life and property and how to ensure respect for cardinal principles, such as distinction and proportionality. Other branches of international law have also been singled out either because they concurrently apply to cyber operations (e.g., telecommunications and space law) or because they have potential relevance as models for future cyber security norms (e.g., law of the sea, international environmental law, and international criminal law). Faced with lacunae in contemporary international law or unsatisfactory outcomes, the international community and jurists have voiced many proposals for reform ranging from treaties to soft law guidelines.

General Overviews

General in-depth examinations of cyber warfare from a legal perspective have grown in number since the proceedings of the first major conference on the topic—Schmitt and O’Donnell 2002—were published just over a decade ago. While some contributions offer a useful, succinct overview of the key legal issues, such as Woltag 2010, a small number of monographs have also been authored recently, including Harrison Dinniss 2012 and Kerschischnig 2012. Increased scholarly interest in computer network attacks and their regulation under international law has prompted the appearance of special editions of journals, for instance Air Force Law Review (Stevens 2009) and Journal of Conflict & Security Law (Buchan and Tsagourias 2012), that explore this theme. At least two major trends can be observed among general overviews. Whereas some publications focus on applying contemporary rules and principles of international law to the conduct of cyber military operations, such as Schmitt 2013, other contributions, such as Hathaway, et al. 2012 treat law reform, identifying shortcomings coupled with regulatory recommendations.

• Buchan, Russell, and Nicholas Tsagourias, eds. Special Issue: Cyber War and International Law. Journal of Conflict & Security Law 17.2 (2012).

  A special edition of the influential Journal of Conflict & Security Law featuring the outcome of a workshop held at the University of Glasgow in October 2011. A capita selecta of topics touching upon general international law, jus contra bellum, and jus in bello.

• Harrison Dinniss, Heather. Cyber Warfare and the Laws of War. Cambridge, UK: Cambridge University Press, 2012.

  DOI: 10.1017/CBO9780511894527

  A thoroughly researched monograph based on the author’s PhD dissertation that focuses on the use of force and the law of armed conflict. The book also serves as a useful source of information, thanks to a listing of significant computer network attacks spanning more than two decades and a sizable bibliography.

• Hathaway, Oona A., Rebecca Crootof, Philip Levitz, et al. “The Law of Cyber-attack.” California Law Review 100 (2012): 817–885.

  Presents a well-developed definition of the concept of “cyberattack,” which forms the cornerstone for legal analysis. Having found shortcomings in the current framework, the authors suggest a new regime based on domestic cybercrime statutes with increased extraterritorial application, multilateral agreements, and enhanced international cooperation.

• Kerschischnig, Georg. Cyberthreats and International Law. The Hague: Eleven International, 2012.

  Includes a helpful chapter on “cyber threats” that details the actors involved, categories of cyberattacks, and inherent weaknesses in critical infrastructure. The focal point is cyber warfare; however, attention is paid equally to cyber espionage, crime/terrorism, and human rights. The author formulates recommendations aimed at adequately managing dangers in cyberspace.

• Schmitt, Michael N., ed. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge, UK: Cambridge University Press, 2013.

  DOI: 10.1017/CBO9781139169288

  A large project carried out by an international group of experts at the invitation of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCE). Contains ninety-five black-letter rules on security law (general international law and use of force) and the law of armed conflict (writ large), referencing treaty law, customary rules, case law, and state practice.

• Schmitt, Michael N., and Brian T. O’Donnell, eds. “Computer Network Attack and International Law.” US Naval War College International Law Studies 76 (2002): 1–568.

  From the annual “Blue Book” series of the US Naval War College. A lengthy collection of articles addressing a rather wide range of legal questions relevant to the conduct of military operations in cyberspace. Noted for being one of the earliest in-depth treatments in the (then embryonic) field.

• Stevens, Graham E., ed. Special Issue: Cyberlaw Edition. Air Force Law Review 64 (2009).

  A special edition of the flagship journal of the US Air Force Judge Advocate General’s Corps, comprising contributions from military lawyers. The authors tackle not only problems of international law but also US criminal and administrative law.

• Woltag, Johann-Christoph. “Cyber Warfare.” In Max Planck Encyclopedia of Public International Law. Edited by Rüdiger Wolfrum. May 2010.

  A handy primer on the various legal problems to which cyber warfare may give rise. The section on defining and differentiating cyber warfare (vis-à-vis related notions) is particularly instructive.