We need new laws to govern cyberwarfare

Aug 21, 2014 by Bela Bonita Chatterjee
Mouses not guns, a future view of the battlefield. Carrie Kessler/USAF

President Bush is reported to have said: "When I take action, I'm not going to fire a US$2m missile at a US$10 empty tent and hit a camel in the butt. It's going to be decisive." As the quote suggests, when it comes to national defence, enemies are unlikely to be deterred by an army of three, a leaky canoe and a fleet of second-hand microlights. In times of war we usually expect a powerful, graphic display of military might.

Nations may feel reassured that the sheer scale and sophistication of their armed forces will be enough to deter any potential threat, with would-be attackers put off by the mere prospect of retaliation. But what if decisive action can be conducted without , without firing a single bullet, but by simply pressing "enter"?

This is the promise of cyber-warfare, where the hostile use of software against a state's critical infrastructure such as energy and transport networks, financial markets, hospitals, can have immediate and devastating effects. The tools of cyber-warfare could be acquired with relative ease by new belligerent nations who were hitherto considered unthreatening by virtue of their lack of conventional forces. Belligerents may not even be nations, but unaffiliated hackers driven by a common political, religious or economic ideology, who can quickly form, strike and disperse using the anonymity of the internet to hide their tracks.

Nations have had to take the threat of cyber-warfare seriously. Several significant military powers have now publicly declared policies on cyber-warfare, and the topic has dominated diplomatic exchanges at the highest level. Perhaps the most poignant acknowledgement of cyber-warfare as a serious issue comes from its inclusion as a topic of importance in the 2011 Report of the International Red Cross on International Humanitarian Law and the challenges of contemporary armed conflicts.

The growing recognition of cyber-warfare as a topic of legal concern in particular is of great importance, particularly for international law, which, among other things, it sets out a framework for the legally permissible use of force. International Humanitarian Law (also known as the Law of Armed Conflict) is the part of international law which tries to ensure that if there is armed conflict, it is conducted in as humane and restrained a manner as possible.

Determining how legal rules apply to cyber-warfare is obviously important. States will want to know whether cyber-offensives will come under the rules of international law, what limits may be applied and what action can be taken in response within the law. If a cyber-war is unavoidable, then states will also want to know what rules apply to the actual conduct of such war, for example in determining what targets are permissible, how rules on neutrality apply, and what kinds of cyber-weapons are permissible.

However, there is a lack of clarity on how international law applies to cyber-warfare. International law has evolved over time and is heavily influenced by traditional concepts of conventional armed warfare between clearly defined nation states. Cyber-warfare is so new it is not specifically addressed in any treaties. It is difficult enough to reach an agreement on international matters at the best of times, especially in dealing with conflicts. This difficulty will undoubtedly apply to cyber-warfare too.

In light of this considerable uncertainty, a recent report for Security Lancaster outlines an agenda for future legal research on cyber-warfare. This calls for a reconsideration of whether international law is a useful framework. For example, focuses heavily on states, but are future cyber-attacks likely to come from states themselves? How should cyber-hostilities initiated by federated or balkanised hacker groups with no clear state affiliation be legally categorised? Would we be better off starting to construct a from scratch as opposed to one built around outdated concepts that no longer reflect the current military realities?

It should be acknowledged that not all share the view that cyber-warfare is a significant or worrying prospect. Its detractors point out that it has been responsible for no human casualties to date, and no hostile cyber-incident has as yet been treated as an act of war or openly admitted to by a state. But this ought not to deter us from taking the issue seriously, and to start thinking about an acceptable – and perhaps more importantly, workable – legal framework to cover the resort to and conduct of cyber-warfare.

We would do well to recall that another world leader, Winston Churchill, was widely derided at the time for forecasting the onset of World War II, and remember that if the lessons of history are not learned they are destined to be repeated. If World War III promises to be digital, we must be as prepared as we can be.

Explore further: N.Korea 'doubles cyber war personnel'

add to favorites email to friend print save as pdf

Related Stories

Cyber war might never happen: researcher

Oct 10, 2011

Cyber war, long considered by many experts within the defence establishment to be a significant threat, if not an ongoing one, may never take place according to Dr. Thomas Rid of King’s College London.

N.Korea 'doubles cyber war personnel'

Jul 06, 2014

North Korea has doubled the number of its elite cyber warriors over the past two years and established overseas bases for hacking attacks, a report said Sunday.

Recommended for you

Throwing money at data breach may make it worse

10 hours ago

Information systems researchers at the University of Arkansas, who studied the effect of two compensation strategies used by Target in reaction to a large-scale data breach that affected more than 70 million customers, have ...

China condemns 'cyber terrorism' in wake of Sony attack

14 hours ago

China's foreign minister condemned all forms of "cyber terrorism" in talks with his American counterpart, a statement said Monday, as the US accused Beijing's ally North Korea with being behind a cyber attack on Sony Pictures.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

chocoman
not rated yet Aug 21, 2014
Does anybody really think that ISIS will follow "rules" if they think they can harm us using cyberwarfare?
If we start to physically mix it up with China, Russia, or Iran does anybody think that they will restrain themselves of using their cyber technology to gain an advantage? They are probably working against us at this moment.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.