Full Title of Reference
Wired Warfare: Computer Network Attack and jus in bello
Michael N. Schmitt, Wired Warfare: Computer Network Attack and jus in bello, 84 Int'l Rev. Red Cross 396, no. 846 (2002). Web
- Issues: Cyberwar
Information warfare is set to revolutionize armed conflict. A computer network attack is any operation intended to disrupt, deny, degrade or destroy information held in computers or computer networks. This article examines the use of such attacks in international armed conflict, where their ramifications could be far-reaching. It starts out by analyzing the applicability of international humanitarian law to computer network attacks, moving on to examine the legal effect of this body of law on the use of such attacks as a method of warfare. Certain experts are of the opinion that while humanitarian law contains no explicit rules concerning attacks on data networks, and while such attacks are not kinetic (i.e. not “armed” attacks as such), humanitarian law does apply given its underlying purpose, which is to protect civilians and their property. When an attack on a data network is intended to endanger protected persons or objects – or runs the risk of doing so – humanitarian law becomes applicable, and such attacks fall under jus in bello. In analyzing the legality of computer network attacks from the perspective of humanitarian law, the author highlights the underlying (and unresolved) legal issues involved and raises important questions concerning the definition of “armed conflict” and the capability of international humanitarian law to control means and methods of warfare that are both new and – from a conceptual point of view – interesting.
Discussion therefore centers on the use of CNA in the context of “State-on-State”armed conflict. Moreover,the article is an effort to explore lex lata,rather than an exercise in considering lex ferenda. While setting forth lex ferenda is an especially worthy project as the nature of warfare evolves, the goal here is simply to analyze the applicability of existing humanitarian law to computer network attack, and identify any prescriptive lacunae that may exist therein.
INFORMATION WARFARE - DEFINITIONS AND CONCEPTS
Information warfare is narrower. It consists of “information operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries”.Thus information warfare is differentiated from other operations by the context in which it occurs — crisis or conflict.
The United States National Military Strategy cites information superiority as a key element of its strategy for this century. “Information superiority is the capability to collect, process, and disseminate an uninterrupted flow of precise and reliable information, while exploiting and denying an adversary’s ability to do the same. Routine peacetime espionage is, for example, an information operation that does not constitute information warfare unless conducted during a crisis or hostilities.
A review of its instruments and principles makes clear that protecting individuals who are not involved in the hostilities directly, as well as their property,lies at their core. Most notably,protected entities include civilians and civilian objects, as well as those who are hors de combat (e.g. wounded or captured personnel) or provide humanitarian services (e.g. medical personnel). As for the protection they are entitled to, it is usually framed in terms of injury or death or,in the case of property, damage or destruction.These Geneva Law purposes are complemented by Hague Law norms intended to limit suffering generally through restrictions on certain weaponry and methods of warfare. This excessively abbreviated summary of humanitarian law’s fundamental purposes elucidates the term armed conflict:
Armed conflict occurs when a group takes measures that injure, kill, damage or destroy. The term also includes actions intended to cause such results or which are the foreseeable consequences thereof. Because the issue is jus in bello rather than ad bellum,the motivation underlying the actions is irrelevant. So too is their wrongfulness or legitimacy.
CNA AS ARMED CONFLICT:
By this standard,a computer network attack on a large airport’s air traffic control system by agents of another State would implicate humanitarian law.So too would an attack intended to destroy oil pipelines by surging oil through them after taking control of computers governing flow, causing the meltdown of a nuclear reactor by manipulation of its computerized nerve center,or using computers to trigger a release of toxic chemicals from production and storage facilities.
It should be apparent that, given advances in methods and means of warfare,especially information warfare,it is not sufficient to apply an actor-based threshold for application of humanitarian law; instead,a consequence-based one is more appropriate.
However, CNA is much more ambiguous than traditional military operations,thereby demanding a more challenging consequence-based consideration.
APPLICABILITY OF HUMANITARIAN LAW TO CNAs:
Humanitarian law covers armed conflict even when not explicitly under the auspice of international law: The Martens Clause,a well-accepted principle of humanitarian law, provides that whenever a situation is not covered by an international agreement,“civilians and combatants remain under the protection and authority of the principles of international law derived from established custom,from the principles of humanity,and from the dictates of public conscience.” By this norm,all occurrences during armed conflict are subject to application of humanitarian law principles; there is no lawless void.
The threshold question is whether computer network attack is even subject to humanitarian law. To begin with, there is no provision in any humanitarian law instrument that directly addresses CNA, or, for that matter, information warfare or information operations; this might suggest that CNA is as yet unregulated during armed conflict.
This analysis questions the argument for the inapplicability of humanitarian law to computer network attack — that it is not armed conflict, at least not in the absence of conventional hostilities. In fact, armed conflict is the condition that activates jus in bello.