INTRODUCTION
When an aggressive adversary’s computer network is infected with a harmful virus or a military cyber command is attacked from the air, this is referred to as “cyber warfare,” which is warfare carried out in cyberspace using cyber techniques and procedures. The “cyber warfare” targets might include people or things whose lives or possessions depend on information processing systems. Cyberspace warfare could result in kinetic or other impacts, not electronic ones, beyond the cyber realm. The only realm present, i.e., cyberspace, has been established by individuals, consisting of Stakeholders from the public and private sectors from all over the world jointly developed, managed, own, and run this domain’s operations.
The terms “computer network operation” (CNO), “computer network exploitation” (CNE), and “computer network defence” (CND) can be used to group cyber activities. Whereas CNE facilitates logistics and gathering of intelligence to obtain data from mechanized systems of networks and information, “Computer Network Attacks” (CNA) attempt to cause disruption, refuse, deteriorate, or damage information stored in networked computers. To ensure the safety of systems of information and networked computers, keep tabs on them, analyze their data, spot unauthorized action, and then take appropriate action.
CYBERWARFARE AND INTERNATIONAL LAW
Whether a nation can legitimately employ force is determined by the “jus ad bellum.”[1] It differs from “jus in Bello,”[2] which regulates employing force after a military war has started (and is covered further).
The Use of Force
According to “Art. 2(4) of the UN Charter”, all members are to refrain from employing force towards a nation’s integrity of territory or in another manner that appears incompatible with its goals. The “Security Council” -approved recourse to force and defend themselves in conformity with “Art. 51” are the only two limitations mentioned in the “Charter.” It has been challenging to comprehend this standard, particularly given that cyber activities have severe intangible implications. The “International Court of Justice” disapproved a restrictive understanding of “use of force” that restricts it either to force that is kinetic or actions that are not kinetic with obtaining likely implications. The “International Group of Experts” created a set of criteria that would determine whether cyber activities were considered to constitute acts of force. It was agreed that the act should be such conduct that resulted in any harm or harm than a minimum level was sufficiently necessary to avert damage. How governments respond to and conduct cyber operations will influence the interpretative development process.
Self-defence
“International law’s” core concept of the “right to self-defence” in cyberspace authorizes nations to retaliate with force. No government is allowed to restrict the inherent “right to self-defence” either individually or collectively, unless a military assault is launched at one of the members of the “UN,” according to “Art. 51 of the UN Charter”, as long as the “Security Council” takes action required to uphold global security and peace. The “International Group of Experts” concurred that any application of force that causes bodily harm or death, loss of property or destruction, or both constitutes a military assault that entitles the nation towards which such forceful attack is initiated to employ force in “self-defence.” There is still considerable debate over the necessary level of harm or loss in any case. The legal concept of “self-defence” is unclear in two respects: first, the extent to which a cyberattack that does not cause harm to people physically can nonetheless qualify as a military assault if it has non-harmful severe repercussions. It is possible that specific target types, such as essential facilities or vital tasks like cyber security, shaped how legal concepts of “self-defence” developed.
HUMANITARIAN LAW AND CYBER WARFARE
A component of the “international legal framework” recognized as “jus in Bello,” also referred to as the legal framework of war or “international humanitarian law” (IHL), focuses on ensuring the safety of people who are not directly involved in conflict and places limitations on the different types of warfare. It includes both “international treaty law” and “customary law,” which primarily consists of two types of treaties: the “Geneva and Hague law.” In contrast to the “Hague Law,” which concerns itself with the realistic military elements involved in conflicts, the “Geneva Law” is concerned with protecting civilians, prisoners of war, the injured, and people with illnesses on land and at sea.
How “IHL” can be used in information warfare is ambiguous. “Humanitarian law” governs cyber conflicts, and the “Geneva Conventions” apply in all instances of proclaimed war and any other Armed Wars involving two or more individuals. The distinguishing concept that demands the involved parties to make the difference between civilians and military persons and between civilian belongings and military goals is one of the fundamental tenets of “LoAC (Law of Armed Conflict).”
Another crucial element of “LoAC” is target selection, as strikes must be restricted solely to military goals. The distinction between civilian and military objectives gets muddled by the complexity of present-day interlinked networks of computers, making it incredibly challenging to implement this tenet. Since it makes coping with dual application objectives even more challenging, this civilian-military intermix enhances an issue specific to contemporary warfare.
“Art. 43 of AP I” clarifies the difference between armed fighters and civilians by describing Armed forces as combatants with the right to engage in hostilities directly. People who are not fighters or “prisoners of war” (POWs) are considered civilians. The “Geneva Conventions” parameters, which can become detached from real life, form the basis of the present legal system for determining whether someone is a cyber-combatant. Under “art. 4 A (6) of the third Geneva Convention”, teen hackers operating in hostile nations may fall under the definition of “levée en masse.” Implementing these descriptions to cyber conflicts raises real-life challenges, mainly when attackers freely carry out networked computer strikes. An aggressor may use force to obligate an adversary’s surrender with the lowest possible loss of time, life, and resources under the tenet of military obligation, which has humanity acting as its counterbalance. Even since the attack is being carried out for military reasons, it must not result in unjustified hardship or harm. The “use of force” in incidents like this can be challenging to evaluate, but legislation of war is adequate to serve as commanders’ guidelines.
The “International Committee of the Red Cross”[3] (ICRC) is worried about “cyber warfare” because it can result in possible humanitarian costs and involves using cyber missions during military conflicts. Cyberattacks against interlinked systems can endanger people’s safety, infrastructure, and welfare. The “ICRC” stresses the significance of ongoing precautions to protect civilians and ensure that attacks are focused on military targets. The corresponding civilian damage and losses that will likely result must not be disproportionate compared to the direct military edge that the cyberattack has the potential to provide. The “ICRC” warns stakeholders to exercise caution when using cyberattacks because they are inextricably linked and may have direct and indirect implications.
ON A CONCLUDING NOTE-
“Cyber warfare” has drastically changed how conflicts are fought. While building a framework of “international law” for “cyber warfare” functioning has numerous possible advantages, Dealing with the difficulties of figuring out the attacker’s identification, dealing with the problem of state attributability, and ensuring international compliance is crucial.
The legal framework is probably going to change to reflect the increasing importance of cyber activities in contemporary societies by increasing security, levying responsibilities on states to behave prudently in cyberspace, reducing the threshold at which cyberattacks violate the restriction on the “use of force,” facilitating states to retaliate firmly against certain non-destructive cyber operations, and improving the security of cyberinfrastructure, data, and actions during conflicts involving arms. These changes may be expensive, impact privacy rights, include kinetic operations, and deny combat commanders of formerly accessible alternatives. Law, nevertheless, demonstrates national interests, and states must consider their moral and legal obligations to future generations to determine if new weapons and tactics used in “cyberwarfare” are compliant against current “IHL.”
The establishment of an “international legal system” for “cyber warfare” activities has several advantages, including providing assurance of safety to more highly susceptible states, developing a framework of humanitarian principles to be followed amid an armed conflict, and recognizing the shared interest in stopping terrorist, and non-state actors. Figuring out the attacker’s identity, attributing non-state actors’ actions to states, and the requirement for a country’s adherence must be conquered.
An “international treaty” governing information and cyber security warfare could resolve many current issues and create a generally recognized framework for law. Since cyberattacks are illegal, this might be an obstacle to those who would not think twice about carrying them out. Hollis puts forth the hypothesis that one or more states would create a contemporary “Lieber Code,” gradually establishing an “international law for information operations” (ILIO). A draft of “A Proposal for an International Convention to Regulate the Use of Information Systems in Armed Conflict”[4] was created by Davis Brown, who invited states to use it as a starting point for incorporating a thorough and significant code of conduct for information warfare.
Author(s) Name: Priya Mishra (SLS, Noida Symbiosis International University, Pune)
References:
[1] Michael N. Schmitt, ‘THE LAW OF CYBER WARFARE: QUO VADIS?’ (Stanford) <https://law.stanford.edu/wp-content/uploads/2018/03/schmitt.pdf> accessed 21 September 2023
[2] Nils Melzer, ‘Cyberwarfare and International Law 2011’ (UNIDIR Resources,2 November 2011) <https://unidir.org/sites/default/files/publication/pdfs//cyberwarfare-and-international-law-382.pdf> accessed 21 September 2023
[3] ‘Cyberwarfare and international humanitarian law: the ICRC’s position’ (ICRC) <https://www.icrc.org/en/doc/assets/files/2013/130621-cyberwarfare-q-and-a-eng.pdf> accessed 21 September 2023
[4] Afroditi Papanastasiou, ‘Application of International Law in Cyber Warfare Operations’ (SSRN, 9 September 2010) <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1673785> accessed 20 September 2023
