Dr. Andrew Liaropoulos
(RIEAS Senior Analyst and Lecturer at the University of Piraeus, Greece)

Copyright: www.rieas.gr 

Over the last two decades there is a growing body of literature over exploiting cyberspace for offensive and defensive purposes. Cyber-conflict is after all the newest mode of warfare and cyber-weapons have been described as weapons of mass disruption. The Information Revolution has transformed not only the way society functions, but also the way war is conducted and a new type of conflict that takes place in cyberspace has emerged. Cyber-conflict is one of the greatest threats to international security and has become a part of modern warfare. Cyber-attacks are rapid; they cross borders and can serve both strategic and tactical goals. Militaries and terrorist groups now have the capability to launch cyber-attacks not only against military networks, but also against critical infrastructures that depend on computer networks. 

Although the attention on the technical dimension of cyberspace is justifiable, one needs also to look into the legal and ethical aspects of cyber-conflict, in order to comprehend the complex nature of cyberspace. Conflict in cyberspace raises many ethical questions for both theorists and practitioners of warfare. The lack of an international legal framework that defines the use of force in cyberspace, operational difficulties in deterring and identifying cyber-attacks as well as the asymmetric dimension of cyber-conflicts pose without a doubt, great pressure on the just war tradition. Cyberspace is accessible to all and there are no rules or norms providing guidelines for the use of force. In addition to that, cyber-conflict appears to be less lethal and has a global reach. As a result, cyberspace makes conflict more thinkable, but that does not mean that it must also be unjust.
Recent cases of cyber-attacks in Estonia in April-May 2007 and Georgia in August 2008 certify that the conflict spectrum has expanded and includes cyberspace as well. The Georgia cyber-attack defaced the presidential website and made other government websites unavailable. The Estonia cyber-attack, which primarily targeted commercial financial networks, shut down the heavily online Estonian banking system for several days. Cyber-conflict is primarily disruptive, rather than destructive; and its low entry cost makes it possible for states, terrorist groups and even individuals to acquire cyber-conflict capabilities with relative ease. The less lethal appearance of cyber-conflict and the possibility of concealing the attacker’s true identity (plausible deniability) put serious pressure on every war-related aspect and just war theory in particular.
The just war theory can be divided into two areas. The first one, jus ad bellum, refers to the transition from peace to war and basically lays out when states may lawfully resort to armed conflict. The second one, jus in bello, also known as the law of armed conflict, refers to the actual use of force during war. Therefore, the key concepts of just war theory fall into the categories of criteria for going to war (jus ad bellum) and of fighting justly during war (jus in bello).
Uncertainty and confusion have always been part of the battlefield and the same applies for the cyberspace. The implications of uncertainty are most pronounced for deterrence. Deterrence depends on the threat of retaliation to change the opponent’s calculus of the benefits and costs of an attack. But it is hard to convincingly threaten an unknown cyber-attacker. Likewise, uncertainty about collateral damage will affect decisions by political leaders, who may be unwilling to incur the risk of a cyber attack that could widen or escalate a conflict. This uncertainty also affects the ethics of conducting cyber-attacks.
In addition, it is important to note the inherent blurriness with regard to defining combatants and acts of war. Whereas in other types of warfare, it is quite clear who is making the attacks, in cyber-conflict, almost anyone can fight. Thus, it is important, from an ethical perspective, to make a distinction between those with access to advanced information technology and those using it for purposes of waging cyber-attacks. Further, the very nature of cyber-attacks is such that it may often be difficult to discern between criminal, terrorist, and military acts.
Although certain cyber-attacks do not harm people directly, they still raise an ethical issue because they can destroy a country’s infrastructure (from providing water and electricity, to communications and transportation). Consider any western capital city. To deprive it of electricity would be to paralyze it. Adding to that the destruction of the communications systems, the transportation system, as well as private and business computers, the city would stop functioning except on the most primitive level, and hence the effect on innocent civilians would be devastating.
To conclude, the cyber-attacks in Estonia and Georgia, stress the need to define what sort of responses are permissible as self-defense by a state that is targeted. International law must evolve and adapt, because cyber-warriors, have taken the threat out of the realm of the abstract and made it real.


We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.