Surprisingly enough, the SCID program is relatively silent on cyber warfare. It is briefly referred to in relation with the so-called new terrorism: terrorist groups would have the ability to carry out ‘electronic terrorist attack targeting critical infrastructure’ (Department of Criminology, 2013). This is a very narrow part of what constitutes nowadays cyber warfare and by no means does it capture the stakes of the current cyber arm race.
As with many new concepts, there is no universal accepted definition of the term. Most definitions underline the use of computers and digital means in a coordinated manner by a government or a non-state group with a purpose of causing disruption and/or damage (Sakharian, 2013; Andress, 2013). The target of a cyberwar is computers, networks and digitally controlled devices. If the objective may not be destructing physical infrastructure or killing people, the impacts of cyber operations cannot be contained to the digital world. It is not solely about offering a bloodless military superiority or an economic advantage (Kirsch, 2012). To the contrary, the US department of defence’s Laws of War manual (DoD, 2015) is explicit in recognising that certain cyber operation do constitute use of force in the meaning of Art. 2 § 4 of the UN charter. It cites Operations ‘ that: (1) trigger a nuclear plant meltdown; (2) open a dam above a populated area, causing destruction; or (3) disable air traffic control services, resulting in airplane crashes’ (DoD, 2015: 989). It is reported that more than 100 States are developing some forms of cyberwar capacity (Limnell, 2016).
As in our daily lives, the frontier between the digital and physical world is increasingly becoming difficult to identify. Cyber operations are equally challenging legal and policy boundaries. From a legal standpoint, the fact that a major military power like USA explicitly consider that cyber operations are submitted to both Jus ad Bellum and Jus in Bello (IHL) does not solve everything. Recognising a cyber operation as an act of war is important as it may influence the type of counter measure the victims may consider. It may as well contain policy makers in taking aggressive actions (Lin 2012). However, this restraining frame may be completely ineffective as the imputability or the attribution of a cyber operation to its perpetrator remains extremely difficult (Dortmans 2015, Lin 2012). As a result, waging an cyber attack is extremely low-cost and risk-free compared to the pay off (Limnell, 2016). States have still to learn to operate an adapted range of countermeasures to cyber attack in avoiding to make mistake that could jeopardise their political credit or cause an unwanted escalation in the conflict (Limnell, 2016). The danger of unwanted escalation is real. As a technological arm race is ongoing, states have little time to properly assess the effect of the arsenal and could be nevertheless tempted to unleash it.
The layers are at a loss. Applying IHL rules on the conduct of hostilities to cyber attack is thus extremely difficult and efforts of experts who have proposed to NATO the Tallinn Manual on the International Law applicable to Cyber Warfare is not entirely convincing (Schmitt, 2013). In the absence of precise knowledge on the offensive capacities of cyber weapons, it is very difficult to operationalise and respect the principles of distinction, proportionality and precautions (Droege, 2012). There is an urgent need for a new treaty banning certain cyber weapons and/or creating new regulatory and surveillance authority such as the one existing for chemical weapons or for atomic energy.
Political scientists are at bay, too. Policy framework and guidance have to be adapted to this new reality to ensure that cyberspace is not transformed in a wild battlefield. Regional or collective early warning system for aggressive cyber activity are inexistent. Cybersecurity and cyber warfare are ‘team sport’ where international cooperation is key. Old times alliances created for responding to threats in the physical world need to be shaken up to meet the challenge. International commission of investigation or international fact-finding missions on alleged cyber warfare activities are yet to be created or even suggested in the corridors of New York. Is it so utopian to imagine negotiating cyber cease-fire and mandating cyber observers, to be nicknamed the “Blue Tablets”, as modern peacekeepers for monitoring it? The new wars of the nineties have shaken the whole approach to peacebuilding. Cyber warfare offers a similar shift of paradigm. Let us not wait a ‘Cyber-Srebrenica’. Let us prevent it by thinking and acting out of the box now.
Andress, J. (2013) Cyber Warfare Techniques, Tactics and Tools for Security Practitioners, 2nd ed., Burlington: Elsevier Science.
Department of Criminology (2013), SCID module 6 Unit 3, Resource 1, Leicester: University of Leicester.
Department of Defence (2015) Law of War Manual, Washington DC: Department of Defence, available at http://www.defense.gov/Portals/1/Documents/DoD_Law_of_War_Manual-June_2015_Updated_May_2016.pdf (last accessed 21 September 2016).
Dortmans, P., Thakur, N. and Ween, A. (2015) ‘Conjectures for framing cyberwarfare’ Defense & Security Analysis 31(3): 172-184.
Droege, C. (2012) ‘Get off my cloud: cyber warfare, international humanitarian law, and the protection of civilians’ International Review Of The Red Cross 94(886): 533-578.
Kirsch, C. (2012) ‘Science fiction no more: cyber warfare and the United States’ Denver Journal of International Law and Policy 40(4): 620-686.
Limnéll, J. (2016) ‘The cyber arms race is accelerating- what are the consequences?’ Journal of Cyber Policy, (1)1: 50-60.
Lin, H. (2012) ‘Cyber conflict and international humanitarian law’ International Review of the Red Cross, 94(886): 515-531.
Shakarian, P. (2013) Introduction to Cyber-Warfare A Multidisciplinary Approach, Burlington: Elsevier Science.
Schmitt, M. (2013) Tallinn manual on the international law applicable to cyber warfare. Cambridge: Cambridge University Press.