Ed. Note: This post by Kanu Garg is a part of the TLF Editorial Board Test 2018
“Indeed, in today’s world, acts of terror could come not only from a few extremists in suicide vests but from a few key strokes on the computer – a weapon of mass disruption.”[1]
-Barack Obama
Past few decades have seen humankind practically thriving in two parallel and intermingled realities – the ‘actual’ and the ‘virtual’ world, and as is the case with any human civilization, this alternate human reality hasn’t escaped the clutches of crime either. But what is the nature and extent of these crimes? Do they have the potential of rising to the level of a full – fledged war between two nations? If yes, are we as a global community ready to face what scholars around the world are calling a ‘cyber war’?
What is a Cyber War?
There are two conflicting lines of thought as to what constitutes a cyber war – one referring to computer networks as ‘object’ under attack, and other as the ‘instruments’ of attack. While there are widely diverging views on the which is a more appropriate definition, for the purpose of our discussion here, cyber warfare is taken to be a confluence of both, i.e. –
‘Cyber war utilizes cyber operations as weapons to be used for causing disruption or destruction of computer operated systems for a political or national security objective’.
The kind of cyber threats in question here are not the traditional forms of cyber crimes like hacking and spamming, but are of the nature of ‘Stuxnet’ worm, which in the year 2010 got into the Siemens’ network of Iran that ran the centrifuge control system, and caused Iran’s centrifuges to spin uncontrollably while making it appear that they were working normally. This attack compelled Iran to disable a portion of its nuclear programme and unveiled before the world the possibilities of the effects of a cyber attack spilling into the tangible, physical world.
Scope Of Impact Of A Cyber Attack –
The key factor that distinguishes a cyber attack from a conventional physical one is its unrestricted scope and the difficulty in the determination of its source. Cyber codes are highly susceptible to minor errors which can have the implication of uncontrollable spread of the virus. For instance, the intended target of Sapphire worm had been South Korea, but it ended up destructing the Internet services of Thailand, Japan, Malaysia, the Philippines and India, disrupted 911 services of a city and caused troubles with the ATMs of Bank Of America in the USA, postponed Canadian elections and cancelled airline flights!
Moreover, cyber attacks often use tactics such as botnets and spoofing to conceal their actual location, making it almost impossible to accurately attribute the crime to one computer system or nation.
In light of such practical difficulties inherent in a cyber attack, there is an urgent need to examine the viability of the current international jurisprudence on war to deal with a cyber war.
Jus Ad Bellum And Jus In Bello –
All the conventions that currently deal with wars had been created with the idea of the physical warfare, and their applicability on a cyber attack is somewhat abstract. Yet, scholars have examined and established a link between the two.
Article 2(4) of the Charter of United Nations prohibits ‘use of force’ against other nations. However, Article 51 allows states to act in self – defense in case of an ‘armed attack’. The next question which arises naturally is when does a cyber attack become potent enough to fall within the ambit of ‘armed attack’ and invite an action of self – defense from the victim nation? There have been several theories in this regard, most prominent ones being the instrument theory, which seeks to affix liability on the basis of the nature of weaponry involved in the attack, the target or strict liability theory, which focuses on the intended object of the attack, the effect and the consequence theories, which aim to affix liability on the basis of impact of the attack, and more recently, the theory which views force as intentional damage to cyber – physical systems.[2] Cyber – physical systems are engineered systems which are operated using computer systems, i.e., they involve an intimate coupling of the cyber and the physical.[3] According to this theory, any intentional cyber attack on CPS, successful or unsuccessful, must fall within the ambit of ‘armed attack’.
Another form of cyber warfare is in the form of response to a provocation or to prepare the way for an imminent conventional attack.[4] The in bello necessity of cyber warfare don’t present any new challenges, but in bello proportionality becomes problematic because at times the indirect impact of cyber attack can be severe but difficult to determine. Greater troubles lie in the ‘distinction’ aspect of it. Essentially, military commanders must be able to distinguish in the military and civilian objectives of the attack and not cause civilian damage. However, military and civilian cyber infrastructure is mostly interconnected. For instance, in the USA 95% military operations take place on civilian network. Thus such a distinction loses practical viability. Added to the woes is the position of a ‘neutral’ state. Very often, cyber attacks take place via ‘zombie systems’ – innocent computer systems located in some other country. Scholars are divided on the liability of such ‘host’ nations – some argue that they must not be obligated to stop the belligerent of their facilities so long as they don’t actively help them, while some others argue for imposing liability on them for stopping the attack.
All said and done, while the existing theories must serve a very limited purpose of dealing with cyber war, nothing must dampen the call for a separate, more comprehensive international treaty aimed specifically at addressing cyber warfare. The need of the hour is international cooperation in information sharing, evidence collection and criminal prosecution of those participating in cyber warfare,[5] only then can any meaningful solution to the issue be attained.
[1] Remarks by President Obama, Securing our nation’s cyber infrastructure, May 29, 2009.
[2] Reese Nguyen, Navigating “Jus Ad Bellum” in the Age of Cyber Warfare, 101 Cal. L. Rev., 1079, 1124 (2013).
[3] Ragunathan Rajkumar et al., Cyber-Physical Systems: The Next Computing Revolution, in Proceedings of the 47™ Design Automation Conference 731,731(2010).
[4] Oona A. Hathaway et al., The Law Of Cyber – Attack, 100 Cal. L. Rev., 817, 850 (2012).
[5] Ibid p. 880.