Article

A Proposal for an International Convention to Regulate the Use of Information Systems in Armed Conflict

Authors:
To read the full-text of this research, you can request a copy directly from the author.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... The policy not only establishes the need for a collective defense, it also confirms that international law applies in cyberspace (Anon., 2015). Self-defense in cyberspace does not necessarily mean defense of information assets and national critical information alone, it also extends to defense in the military, as the cyberspace if exploited negatively by enemy states could have an effect on the overall outcome of a warfare (Brown, 2006). Advancement in computing technology has gotten to a point where it is possible for military force to use the cyberspace to inflict injury, death, and destruction in the course of warfare. ...
... Advancement in computing technology has gotten to a point where it is possible for military force to use the cyberspace to inflict injury, death, and destruction in the course of warfare. Injury may not be physical but may include the repudiation, alteration and damage of data and databases (Brown, 2006). A simple illustration sees an enemy nation with the use of a deadly computer virus snakingly launching an attack against the financial markets of a nation thus leading to a financial crisis. ...
Article
Full-text available
... The prefix "cyber" suggests that this type of terrorism occurs throughout cyberspace and is, in turn, accessible through computers (Conway 2002). However, it is important to keep in mind that the lesser utilized mechanisms of telephone and fax machine also play a role in conducting denial-of-service attacks (i.e., DOS attacks), which render computer networks inaccessible, inoperable, or ineffectual, thus easing the transmission and distribution of propaganda by the attacker (Brown 2006). In causing attacks, a cyberterrorist, relying on the foundation of dependency in the relationship between critical infrastructure and the computer networks, has access to any given nation vulnerable to attacks of a grand scale that can cause irreparable damage (Lewis 2002). ...
... The understanding that attacks are conducted from a location removed from the target is also an appealing factor in the equation of cyberterrorism (Weimann 2005). An attacker can choose to attack based on vulnerability of targets in various areas of government, health, commerce, and utilities (Brown 2006). Such an example could be that of an attacker inflicting physical damage remotely by way of opening a dam and releasing flood waters, causing a nuclear power plant meltdown, or causing an oil pipeline to burst (Brownlie 1963). ...
Article
Full-text available
This paper provides a semiotic perspective on cyberterrorism and its opportunity to cause maximal damage while using terrorist propaganda. By and large, cyberterrorism refers to the use of the Internet, technology, and computerbased networks against critical infrastructures. A major premise of this paper is that the Internet revolutionizes the way in which cyberterrorists communicate, recruit new members, and advertise propaganda for their cause. In an attempt to shed light on the transition from traditional to modern methods of attack, the authors apply the different levels of Stamper's Semiotic Ladder-morphological, empirical, syntactical, semantic, and pragmatic-to cyberterrorism.
... Though most instances of cyberterrorism occur through Internet use, it is important to recognize that the lesser utilized mechanisms of the telephone also play a role in conducting denial-of-service attacks (i.e., D.O.S. attacks), which render computer networks inaccessible, inoperable, or ineffectual, thus easing the transmission and distribution of propaganda by the attacker (Howard 2009). One such example of a D.O.S. attack would be a victim who is injured attempting to get help by dialing 911, only to be met with continuous dropped phone calls or just a dead line (Brown 2006). In causing attacks, a cyberterrorist has access to any given nation vulnerable to attacks of a grand scale. ...
... An appealing factor in the equation of cyberterrorism is that the attacks are conducted from a location removed from the target (Weimann 2005). An attacker can handpick a target based on vulnerability in various areas of government, health, commerce, and utilities (Brown 2006). Examples that fall under the assertion of causing damage from a remote location could be that of an attacker opening a dam and releasing flood waters, causing a nuclear power plant meltdown, or causing an oil pipeline to burst (Brownlie 1963). ...
Article
Full-text available
This paper analyzes the role of propaganda use in cyberterrorism. The main premise is that cyberterrorists display various semiotic gestures (e.g., the use of images and Internet videos) to communicate their intents to the public at large. In doing so, they communicate themes-these themes range from hate to anger. Cyberterrorism, then, is a form of theater or spectacle in which terrorists exploit cyberspace to trigger feelings of panic and overreaction in the target population. In many cases, this form of propaganda is the primary means of communication for various cyberterrorist groups to convey their intents. Internet sites also produce numerous opportunities for in-group communication and publicity.
... 5 In the Estonian cyber-attacks, a major governmental machinery including websites, newspapers, TV stations, banks and other targets was shut down for three weeks, allegedly by Russian attackers. 6 A similar attack was committed against Georgia's networks in 2008. 7 The attack on Iran's nuclear refining operations was committed through a Stuxnet virus program, allegedly initiated by the American and Israeli intelligence services with Dutch support. ...
Article
Full-text available
With each step of technological advancement, we are entering a global technological domain susceptible to cyber infiltration. The individual privacy and security are supposed to be protected by the states governed by laws that are specifically a part of the national legal systems. The transnational cyber infiltration targeting the state actors by using the cyberspace creates a new plethora of questions. The issue has been highly debated, whether the jus ad bellum is sufficient in regulating the various types of cyber infiltrations. The matter of classifying the cyber-attacks as armed attacks has been furtively debated on contextual basis. The legal principles governing the laws of war have been held insufficient by some in order to include the new forms of attacks conducted through global cyberspace. In the midst of such debate, one conclusion can be derived that the cyber operations globally are causing a threat to state sovereignty and security. The focus on issues related to transnational cyber operations is based upon the existing legal principles and laws. The debate conjures up a few problems which need to be addressed. This article analyses the different perspectives of the cyber warfare and the identified problems related with the issue. According to the current problems faced by the states, a measure of the remedial system for states in international law is taken into consideration. The current system of remedies fails to accommodate the grievances of the states with regard to the cyber operations. Hence, a new platform for the state remedies is suggested and proposed.
... The evolving facts lead many experts to conclude that entirely new legal approaches are necessary to regulate abuses of digital technologies. "Cyberspace is nowhere," argues, for example, Davis Brown, a former Deputy Staff Judge Advocate of the US Defense Information Systems Agency (Brown 2006), and he proposes the development of "an unambiguous standard of conduct for information warfare that will be universally recognized and respected-a cyber-jus in bello." Many others believe, however, that states have resolved the question of whether cyberspace is a special realm by accepting that, as Heather Harrison Dinniss states: "Actors still act in physical space; hardware and networks (even wireless and virtual ones) still require physical constructs" (Harrison Dinniss 2014). ...
Book
Marking the 50th anniversary of UN sanctions, this work examines the evolution of sanctions from a primary instrument of economic warfare to a tool of prevention and protection against global conflicts and human rights abuses. The rise of sanctions as a versatile and frequently used tool to confront the challenges of armed conflicts, terrorism, the proliferation of weapons of mass destruction and violations of international humanitarian and human rights law, is rooted in centuries of trial and error of coercive diplomacy. The authors examine the history of UN sanctions and their potential for confronting emerging and future threats, including: cyberterrorism and information warfare, environmental crimes, and corruption. This work begins with a historical overview of sanctions and the development of the United Nations system. It then explores the consequences of the superpowers' Cold War stalemate, the role of the Non-Aligned Movement, and the subsequent transformation from a blunt, comprehensive approach to smart and fairer sanctions. By calibrating its embargoes, asset freezes and travel bans, the UN developed a set of tools to confront the new category of risk actors: armed non-state actors and militias, global terrorists, arms merchants and conflict minerals, and cyberwarriors. Section II analyzes all thirty UN sanctions regimes adopted over the past fifty years. These narratives explore the contemporaneous political and security context that led to the introduction of specific sanctions measures and enforcement efforts, often spearheaded for good or ill by the permanent five members of the Security Council. Finally, Section III offers a qualitative analysis of the UN sanctions system to identify possible areas for improvements to the current Security Council structure dominated by the five veto-wielding victors of World War II. This work will be of interest to researchers and practitioners in criminal justice, particularly with an interest in security, as well as related fields such as international relations and political science.
... Subsequent analyses have tended to default to one of two frames in discussing the regulation of cyberweapons. The first is arms control, in which historical experiences with nuclear, biological and chemical weapons serve as resources for thinking through how arms control mechanisms might be applied to cyberweapons (Brown, 2006;Geers, 2010;Meyer, 2011;Arimatsu, 2012;Maybaum and Tölle, 2016). The second frame concerns the criminalization of cyberweapons (Denning, 2000(Denning, , 2001Prunckun, 2008), drawing on the evolution of the Council of Europe Convention on Cybercrime (2001), discussed in greater detail below. ...
Article
Full-text available
Cyberweapons are a relatively new addition to the toolbox of contemporary conflict but have the potential to destabilize international relations. Since Stuxnet (a malicious computer worm) in 2010 demonstrated how computer code could be weaponised to generate political effect, cyberweapons have increasingly been discussed in terms of potential regulation and prohibition. Most analyses focus on how global institutions and regimes might be developed to regulate the development and use of cyberweapons and identify the political and technical obstacles to fulfilling this ambition. This focus on centralized authority obscures identification of existing governance efforts in this field, which together constitute an emerging global governance architecture for offensive cyber capabilities. This article explores three sources of cyberweapons governance—cyberwarfare, cybercrime and export controls on dual-use technologies—and briefly describes their political dynamics and prospects. It is argued that although fragmented, the global governance of cyberweapons should not be dismissed on this basis. Fragmentation is a condition of global governance, not its antithesis, and policy should respect this fragmentation instead of regarding it as an impediment to further development of cyberweapons governance. This article is published as part of a collection on global governance.
... The International Court of Justice has prohibited countries to use a threat of force to obstruct the civilian assets of other countries [23]. Article 2 (4) of the United Nation Charter provides that member countries must avoid any type of threat or attack that has unpredictable affects [22]. In addition, the member of NATO considers that cyber war attacks incompatible with the standards of international laws [24]. ...
Conference Paper
Full-text available
Persisting to ignore the consequences of Cyber Warfare will bring severe concerns to all people. Hackers and governments alike should understand the barriers of which their methods take them. Governments use Cyber Warfare to give them a tactical advantage over other countries, defend themselves from their enemies or to inflict damage upon their adversaries. Hackers use Cyber Warfare to gain personal information, commit crimes, or to reveal sensitive and beneficial intelligence. Although both methods can provide ethical uses, the equivalent can be said at the other end of the spectrum. Knowing and comprehending these devices will not only strengthen the ability to detect these attacks and combat against them but will also provide means to divulge despotic government plans, as the outcome of Cyber Warfare can be worse than the outcome of conventional warfare. The paper discussed the concept of ethics and reasons that led to use information technology in military war, the effects of using cyber war on civilians, the legality of the cyber war and ways of controlling the use of information technology that may be used against civilians. This research uses a survey methodology to overlook the awareness of Arab citizens towards the idea of cyber war, provide findings and evidences of ethics behind the offensive cyber warfare. Detailed strategies and approaches should be developed in this aspect. The author recommended urging the scientific and technological research centers to improve the security and develop defending systems to prevent the use of technology in military war against civilians. (Abstract)
... As per the 1949 Geneva Conventions, the cyber war attacks do not considered to be as a part of war crimes, however, they may still be illegitimate or against the law [16]. The International Court of Justice has forbidden countries to use a threat of force to interfere the internal affairs of other countries [19]. ...
Conference Paper
Full-text available
Nowadays cyber warfare is used to be as a tool in military for attacking other countries which may have a direct affect on their nation. The aim of this research is to investigate the ethics behind the offensive cyber war. Cyber army faces great challenges in how to ethically conduct operations. The author discussed the concept of ethics and reasons that led to use information technology in military war, the effects of using cyber war on civilians, the legality of the cyber war and ways of controlling the use of information technology that may used against civilians. The author recommends that if cyber war is needed to be used against enemy, it should be used to hit only military significant goals, avoid indiscriminate attacks and minimize harms to civilians. This research uses a survey methodology to study the awareness of Arab citizens about the cyber war, provide findings and evidences of ethics behind the offensive cyber warfare. Detailed strategies and approaches should be developed in this aspect. The author recommended urging the scientific and technological research centers to improve the security and develop the defending systems to prevent the use of technology in military war against civilians. The Security Council in the international community must not tolerate any country using technology to use against civilians. Future recommendations could focus on the utilization of cyber warfare scientific knowledge to further investigation of using cyber arms. This can be gained in community awareness of understanding the meaning of cyber warfare through various media of press.
Article
Full-text available
منذ أن خلق الإنسان وهو في تفكير مطرد لصنع أسلحة يمكن من خلالهـا إخـضاع العدو وأضعافه لأكبر قدر ممكن أثناء النزاعات المسلحة، ويتزايد معـه وبـالقوة نفـسها التفكير اللامحدود لاستعمال طرق ووسائل قتالية غير معهودة وعلى مر التأريخ. ويقابل هذا الأمر محاولات عديدة لكبح ذلك الاندفاع اللامبرر في نظر المدافعين عن الفكرة القائلة والتي أصبحت فيما بعد مبدأ يعتد به في نطاق اتفاقيات نزع السلاح وهو إن حق المقاتلين في استخدام وسائل القتال ليس حقا مطلقا. ومما لا شـك فيـه أن الأسـلحة التقليدية التي استعملت أو التي مازالت في نطاق الاستحداث والتطوير أو الاستعمال على شكل واسع في عالم اليوم تشكل مادة كبيرة للمناقشة والدراسة الدولية القانونية لما تطرحه من إشكاليات سيتم ذكرها تباعا. وتعد الأسلحة التقليدية المعروفة اليوم من أكثر العوامل مأساوية في مسلسل الحروب التي شهدها تأريخ البشرية على الإطلاق، لاسيما إذا عرفنا انه وبـين عـامي ١٩٨٩ -١٩٩٨ تم رصد ما يقرب من ٦١ نزاعا مسلحا كان معظم ضحاياه من المدنيين، فمثلا في بداية القرن المنصرم كان %١٠ من الضحايا من المدنيين بينما كـان %٩٠ كـان مـن المقاتلين،إلا أن هذه النسبة تغيرت في منتصف القرن نفـسه بحيـث أصـبح المـدنيون والمقاتلون متعادلون في عدد الضحايا. لقد تغيرت هذه التقديرات أخيرا ليصبح %٩٠ مـن الضحايا من المدنيين بينما ١٠ % من العسكريين وكل تلـك الـضحايا كانـت بـسبب الاستخدام غير المبرر لأسلحة تقليدية تعرف بأنها مفرطة الضرر أو عشوائية الأثر.
Article
Full-text available
يشهد العالم في الفترة الراهنة نوعاً جديداً من سباق التسلح ، لا على غرار المعروفة منها في حقل الأسلحة التقليدية وغير التقليدية، ويقوم هذا السباق على استحداث أو تطوير برامج الكترونية معدة لأغراض عسكرية تعرف اختصاراً بالسايبر (Cyber). لقد بدأ الباحثون منذ مدة لا تتجاوز خمس سنوات ماضية بالبحث والتحليل القانوني على هذا الموضوع، في ضوء معطيات مؤكدة بأن تهديداً ستتسبب به الهجمات السيبرانية على صعيد السلم و الأمن الدوليين و بمستوى لا يقل جسامة عن اخطر التهديدات المعروفة دولياً. ولأن الموضوع يحتل مرتبة متقدمة في الجهد القانوني وبالذات عند المؤسسات الدولية المتخصصة من جهة ، ولقلة الأبحاث العربية والعراقية منها بالذات من جهة أخرى، دفعنا ذلك لاختياره ليكون موضوعاً لدراستنا هذه، معولين في إتمامها على تحليل أحكام القانون الدولي العام و الجهود الدولية ذات الصلة بتنظيم استخدامها بالحظر أو التقييد، فضلاً عن أهم الاجتهادات القضائية والفقهية والتي تناولت موضوع الهجمات السيبرانية من زوايا مختلفة. أن عدداً من الإشكاليات ستثار لدى البحث والتحليل في موضوع الدراسة من أهمها: ما هي السيبرانية وكيف نشأت ؟ هل يمكن أن تصنف ضمن وسائل وطرائق القتال ؟ وإذا كانت كذلك هل ستنطبق عليها أحكام الاتفاقيات الدولية والقواعد العرفية ذات الصلة بسير العمليات القتالية؟ من جانب آخر، نسأل كيف تعامل المجتمع الدولي مع مشكلة الفراغ القانوني الذي يشهده موضوع التنظيم الدولي للسيبرانية ؟ و هل من بارقة أمل ببدء مفاوضات دولية متعددة الأطراف أو ثنائية تنهي الجدل حول شرعية اللجوء إليها في ضوء أحكام القانون الدولي الإنساني والقواعد العرفية المستقرة بين الأمم المتحضرة؟ و ماذا لو استمر إخفاق المجتمع الدولي في التوصل إلى إبرام اتفاقية دولية تعنى بتنظيم السيبرانية للأغراض العسكرية ؟ هل مفتاح الحل يكمن في تدخل الدول الرائدة في مجال تكنولوجيا المعلومات وبالأخص الولايات المتحدة وروسيا والصين أم تتدخل دول أخرى لتقريب وجهات النظر؟ كل هذه الإشكاليات سنحاول الإجابة عنها في ضوء خطة البحث المقسمة على مبحثين: الأول نسلط فيه الضوء على مفهوم الهجمات السيبرانية ، من حيث مصدر كلمة سايبر في اللغة والاصطلاح، فضلاً عن تصفح التاريخ الذي بدأ فيه استخدام الوسائل الالكترونية على هيئة هجمات مسلحة هذا من جهة. ومن جهة أخرى سنبحث في ابرز النماذج السيبرانية التي وثقتها المؤسسات الرسمية وغير الرسمية ، والتي ستمنح فرصة للاطلاع على حقيقة استخدام التكنولوجية الالكترونية في المجال العسكري والأمني وتحديد آثارها المستقبلية على السلم و الأمن الدوليين. أما المبحث الثاني فسنركز فيه على التنظيم الدولي المعاصر للهجمات السيبرانية، والتكييف القانوني لها في ضوء مبدأي الحق في اللجوء إلى الحرب ( Jus in bellum) و سلوكيات الحرب ( (Jus ad bello. وسواء أكان اللجوء إلى السيبرانية محظوراً أم مقيداً وفقاً لأحكام القانون الدولي العام والإنساني منه بالذات ،سنتطرق إلى المسؤولية الدولية الناشئة عنها في ضوء التنظيم الدولي الراهن، فضلاً عن البحث والتحليل في الجهود الدولية المعنية بإبرام اتفاقية دولية متعددة الأطراف تحظر أو تقييد الاستخدام الالكتروني للأغراض العسكرية، بالمقارنة مع التشريعات الوطنية لمكافحة الجريمة السيبرانية واتفاقية مجلس أوربا لعام 2001.
Preprint
Full-text available
The input discusses the increasing use of cyber capabilities in regional conflicts and the role of cyber power in various aspects of society. It mentions the International Court of Justice's endorsement of the effective control standard and the genocide standard for assessing the relationship between governments and groups. The input also discusses the ambiguity surrounding the delineation of force in international law and the United Nations Charter's aim to protect future generations from the consequences of armed conflict. It mentions economic coercion as an early form of coercion or intimidation and highlights the recognition of information technology as a potential instrument in armed conflicts. The study aims to determine if electronic attacks can be considered a manifestation of force and if they violate international law. It also mentions the concept of critical infrastructure and its importance for various nations.
Article
Full-text available
يعد موضوع انتشار الفيروسات والأوبئة من المواضيع المهمة التي تضع قواعد القانون الدولي أمام تحديات كبيرة, وقد سعت المنظمات الدولية وفي مقدمتها منظمة الأمم المتحدة, ومن خلال الأجهزة التابعة لها, إلى تنظيم مسألة معالجة انتشار الفيروسات والآثار المترتبة عليها وحماية البشرية من آثارها, وقد تكرر انتشار الفيروسات الفتاكة خلال القرن الماضي وفي وقتنا الراهن, وآخرها هو تفشي فيروس كورونا المستجد والذي فتك بالبشرية في مختلف أنحاء العالم، وأدى إلى هلاك مئات الآلاف من الناس في مختلف أرجاء المعمورة, ما دعا منظمة الصحة العالمية إلى إعلانه كجائحة عالمية, وقد أثيرت حيالها مجموعة من الفرضيات المدعمة بأدلة ذات صلة بنشأة هذا الوباء وانتقاله إلى مستوى جائحة، ومن تلك الفرضيات وجود هجمات سيبرانية الهدف منها تقويض مساعي الدول فرادا و المجتمع الدولي عموما للتصدي لهذه الجائحة، وهو ما يشكل تحدياً كبيراً على المستوى القانوني، دفع بالباحثين لاختياره كموضوع للبحث والتحقيق. وتكمن أهمية البحث في الهجمات السيبرانية ذات الصلة بنشر الفيروسات، لما تمثله الثورة التكنولوجية في مجال الفضاء السيبراني من آثار بالغة الخطورة على العلاقات الدولية في زمن السلم والنزاعات المسلحة، فضلاً عن اتساع استخدامها لتحقيق أهداف مدمرة بعيداً عن المواجهة المباشرة أو ما يصطلح عليه بالعنف عن بعد (Remote violence). أما بخصوص الإشكالية التي نحن بصدد البحث فيها، فتتلخص بالآتي: ادعت دول عدة بتعرض هجمات سيبرانية طالت أعيان مدنية وأهداف عسكرية في زمني السلم والحرب، من دون القدرة على تحريك المسؤولية عبر الأجهزة القضائية الدولية، فهل عدم القدرة في ذلك ناشئة عن فراغ قانوني في قواعد المسؤولية الدولية بذاتها أم أن الأمر يعود إلى عدم القدرة على اثبات الجهة التي قامت بالهجوم او رعت ذلك ؟ و ما الحال بشأن الهجمات السيبرانية لنشر الاوبئة؟ ألا يستحق ذلك إعادة النظر في القواعد الحالية وما يجب ان تكون عليه مستقبلا لمواجهة كوارث إنسانية لا تقل آثارا مدمرة عن تلك المتوقعة من استخدام أسلحة الدمار الشامل او حتى التقليدية منها ؟ لأجل الإجابة عن هذه الإشكالية ، سنقسم البحث على جزئيين رئيسين : نوضح في المبحث الأول مفهوما الفيروسات و الهجمات السيبرانية كوسائل قتال فتاكة ، وبالذات مفهوم الفيروسات الفتاكة في المطلب الأول, على أن يكون المطلب الثاني مخصصا لبحث مفهوم الهجمات السيبرانية من خلال التطرق إلى تعريفها ونشأتها ونماذج منها, أما المبحث الثاني فنخصصه لبحث المسؤولية الناشئة عن استخدام الهجمات السيبرانية في نشر الفيروسات الفتاكة وذلك في ثلاث مطالب, نتطرق في الأول إلى المسؤولية وفقاً لمشروع مسؤولية الدول عن التصرفات الخاطئة لعام 2001, وفي المطلب الثاني المسؤولية وفقاً للقانون الدولي الإنساني, على أن نوضح في المطلب الثالث المسؤولية وفقاً للقانون الدولي لحقوق الإنسان تتبعها خاتمة البحث وتتضمن النتائج التي توصل إليها البحث والمقترحات التي من الممكن أن تصب في صالح الحد من الأضرار التي تستهدف الإنسانية من خلال تحريك المسؤولية لجنائية الفردية الناشئة عن تفشي الأوبئة.
Article
Non participation in armed conflict gives rise to the relevance, role and content of the law of neutrality in contemporary international law. Despite scholarly opinion to the contrary the challenges posed by collective security and the prohibition of the use of force have not made neutrality obsolete. The validity of the law of neutrality is reaffirmed in State practice, mainly in the form of national military manuals, and the case-law of international tribunals. The legal framework of neutrality remains unchanged with respect to most rules. At the same time, it has been adapted to the evolution of the law of the sea as a result of the 1982 UN Law of the Sea Convention, the globalization of trade and the use of cyberspace in armed conflict. This has been achieved mainly through soft law documents and national military manuals. Neutrality, however, remains inapplicable in non-international armed conflict.
Article
This research paper appraises the legal framework for the protection of civilians in cyber warfare under International Humanitarian Law. The paper examines the existing rules of IHL on the protection of civilians in armed conflicts, their applicability or otherwise to cyber warfare, the existing gap in the law, with a view to making recommendations on more effective ways to protect the civilian population in armed conflicts. In doing this, the research methodology adopted is the doctrinal approach. Both primary and secondary sources of information were consulted and utilized in the course of this work. The primary sources include the four Geneva Conventions and their Additional Protocols, the Commentaries on the Geneva Conventions and Additional Protocols, the Rome Statute etc. The secondary sources include textbooks, journals, articles, newspaper, and online material retrieved from the ICRC website and other relevant websites. This paper finds that although International Humanitarian Law provides for robust rules aimed at the protection of civilians in armed conflicts, these rules do not sufficiently afford protection to civilians in cyber warfare as the complexity brought about by these new means and methods of warfare were not captured at the time the rules were made. This work identifies some of the challenges posed to the protection of civilians in cyber warfare and establishes a case for the need for a treaty to specifically regulate cyber warfare and provide for the protection of civilians in cyber warfare. This work also recommends that International policy debates on cyber warfare should be geared towards streamlining the various national views on cyber-attacks.
Article
Full-text available
For nearly thirty years scholars have offered changing definitions of cyberwar. The continued ambiguity demonstrates that efforts at establishing definitional clarity have not been successful. As a result, there are many different and contradictory definitions, ranging from cyberwar’s non-existence to cyberwar as an imminent threat. Ongoing definitional ambiguity makes interdisciplinary research and policy communications challenging in this diverse field. Instead of offering a new definition, this paper proposes that cyberwar can be understood through a fluid framework anchored in three themes and five variables identified in a broad interdisciplinary survey of literature. This framework's applicability is demonstrated by constructing an example definition of cyberwar utilising these themes and variables.
Article
With each step of technological advancement, we are entering a global technological domain susceptible to cyber infiltration. The individual privacy and security are supposed to be protected by the states governed by laws that are specifically a part of the national legal systems. The transnational cyber infiltration targeting the state actors by using the cyberspace creates a new plethora of questions. The issue has been highly debated, whether the jus ad bellum is sufficient in regulating the various types of cyber infiltrations. The matter of classifying the cyber-attacks as armed attacks has been furtively debated on contextual basis. The legal principles governing the laws of war have been held insufficient by some in order to include the new forms of attacks conducted through global cyberspace. In the midst of such debate, one conclusion can be derived that the cyber operations globally are causing a threat to state sovereignty and security. The focus on issues related to transnational cyber operations is based upon the existing legal principles and laws. The debate conjures up a few problems which need to be addressed. This article analyses the different perspectives of the cyber warfare and the identified problems related with the issue. According to the current problems faced by the states, a measure of the remedial system for states in international law is taken into consideration. The current system of remedies fails to accommodate the grievances of the states with regard to the cyber operations. Hence, a new platform for the state remedies is suggested and proposed.
Article
Full-text available
يعد موضوع انتشار الفيروسات والأوبئة من المواضيع المهمة التي تضع قواعد القانون الدولي أمام تحديات كبيرة، وقد سعت المنظمات الدولية وفي مقدمتها منظمة الأمم المتحدة، ومن خلال الأجهزة التابعة لها، إلى تنظيم مسألة معالجة انتشار الفيروسات والآثار المترتبة عليها وحماية البشرية من آثارها، وقد تكرر انتشار الفيروسات الفتاكة خلال القرن الماضي وفي وقتنا الراهن، وآخرها هو تفشي فيروس كورونا المستجد والذي فتك بالبشرية في مختلف أنحاء العالم، وأدى إلى هلاك مئات الآلاف من الناس في مختلف أرجاء المعمورة، ما دعا منظمة الصحة العالمية إلى إعلانه كجائحة عالمية، وقد أثيرت حيالها مجموعة من الفرضيات المدعمة بأدلة ذات صلة بنشأة هذا الوباء وانتقاله إلى مستى جائحة، ومن تلك الفرضيات وجود هجمات سيبرانية تهدف منها تقويض مساعي الدول فرادا والمجتمع الدولي عموما للتصدي لهذه الجائحة، وهو ما يشكل تحدياً كبيراً على المستوى القانوني، دفع بالباحثين لاختياره كموضوع للبحث والتحقيق.
Article
Full-text available
Günümüzde, gelişen teknolojiye bağlı olarak ortaya çıkan küreselleşmenin etkisiyle, devletlerin geleneksel yapılarında ve birbirleriyle olan her türlü ilişkilerinde değişiklikler meydana gelmektedir. Bu değişimler barış zamanında ekonomi, kültürel iletişim, eğitim, ticaret gibi pek çok konuda olmakla beraber, devletlerin ya da aktörlerin, çatışma veya savaş durumlarında da meydana gelmektedir. 21. yüzyılda, gelişen teknoloji ve bilişim sistemleri, geleneksel savaş yöntemlerini de değiştirmiş, ortaya, siber dünyada gerçekleşen yeni savaş ya da saldırı kavramları çıkmıştır. Ağlar üzerinden bilgi edinme, saldırı, zarar verme, yok etme, kontrol etme gibi yöntemlerle hedeflere savaş açılmış ya da saldırıda bulunulmuştur. Teknolojinin oldukça yaygın, ulaşılması kolay ve ucuz olması sebepleriyle bu tip saldırılar sadece devletler tarafından değil, biz-zat şahıslar tarafından yapılabilmekte; bu da bu suçların tespitini ve cezalandırılmasını zorlaştırmaktadır. Bu tip saldırıların, devlet desteği ile düşman bir aktör ya da devlete karşı işlenmesi durumu ise güncel olarak son derece ciddi ve hukuki bir zeminle çözülmesi gereken bir sorundur. Geleneksel savaşlarda olduğu gibi saldıranın aşikâr olmaması, çok farklı bölgelerden kaynaklanması, tespitinin ve kanıtlanmasının zor olması, bu suçların tanımını ve yaptırımının sağlanmasını zorlaştırmaktadır. 2007 yılında Estonya ve 2008 yılında Gürcistan'a karşı yapılan servis saldırılarının reddi (DoS), bu yeni savaş şeklinin operasyonel olduğunu ve ayrıca uluslararası hukukun siber savaş ile daha iyi bir anlayışın geliştirilmesi ihtiyacını kuvvetli bir şekilde göstermektedir. Mevcut uluslararası hukuk kurallarında geçen; saldırı, silah ve toprak gibi kavramlar siber saldırı ve savaşları açıklamaya yetmemektedir. Coğrafyacıların stratejik gerçeklikleri, gelecekteki siber çatışmalar bağ-lamındaki kararların, soyut bir şekilde tam bir izolasyon ve uluslararası kamu hukukunun hükümlerinin yorumlanmayacağını ve uygulanmayacağını dikte etmekte, siberuzayı da içeren çözümlenmemiş Jus ad bellum ve Jus in bello konuları birçok önemli kaygıya yol açmaktadır. Jus ad bellum kavramı genel olarak savaş yapma hakkıdır ve devletlerin güç kullanıp kullanamayacağı me-selesini ortaya koyan kavramdır ve jus in bello'nun uygulanması çatışmanın başlamasına bağlıdır. Jus ad bellum'un kaynağı çok daha yenidir ve B.M. Şartı'nın m. 2/4'ünde zikredilen kuvvet kullanma yasağına, söz konusu yasa-ğın istisnası olan m.51'de ifade edilen meşru müdafaa hakkına ve B.M. Şartı'nın yedinci bölümüne dayanmaktadır. Belirli eylemlerin silahlı saldırı mı veya güç kullanımı mı oluşturduğuna, nihai olarak karar veren mağdur devlet değil, asıl saldırgan devlet olacaktır; diğer bir deyişle, mağdur devletin hukuki yorumu, bu gibi eylemleri saygı duyulan hukuki sistemler ve askeri düzenlemeleri değerlendiren otoriteler, herhangi bir karşıt hukuk danışmanı yönlendirecektir. Çalışmamızda; siber savaş, siber uzay, siber terörizm tanımı yapılacak, siber savaş operasyonlarının öncesi ve uluslararası hukuk bağlamında gelişimine değinilecek, siber savaş operasyon silahlarından söz edilecek, saldırılarda sivil-asker ayrımının önemine ve egemenlik söylemine değinilerek, barışı korumak adına siber savaşa başvurulmasından ve siber savaş ile casusluk ilişkisinden söz edilecektir.
Chapter
This article describes how the interconnected world of today, or the cyber space so often called, is easily accessible through a wide array of devices and has an impact and reach beyond geo-political boundaries Owing to high levels of connectivity and the nature of E-governance activities today, the cyber space is rapidly becoming a potential global battlefield for cyber warfare among various state and non-state entities. An effective cyber weapon in this space is like an indicator of cyber power, its nature being offensive or defensive. Parameters of effectiveness and reliability range from the type of developer of the weapon, whether state or non-state to its longevity in time and technology and others like possibility of an economic implementation along with the scope of its usage. This article is aimed at analyzing existing definitions, opinions and notions about cyber weapons and defining the term cyber weapon from a techno-legal perspective, which could be universally acceptable and have characteristics of enforceability across all domains: civil, criminal & defense applications.
Article
Full-text available
Geçtiğimiz son yirmi yılda teknoloji kullanımının olağanüstü hızda artmasıyla birlikte ortaya çıkan sanal alanda, toplumlar ve hükümetler siber tehditler karşısında saldırıya duyarlı hedefler olmaya başlamışlardır. Siber saldırıların, klasik silah gücünün verdiği zarara eşdeğer birçok zararı verebilecek kapasiteye ulaşmasıyla nükleer santraller, askerî sistemler veya petrol boru hatları gibi sayısız ulusal kritik altyapı hedef hâline gelmiştir. Yaşanan gelişmeler klasik anlamdaki tehdit algısına yönelik olarak açık temel bir paradigma değişimini yansıttığı için uluslararası hukuk bu durumu dikkate almak zorunda kalmıştır. Uluslararası hukuk açısından temel sorun, siber saldırıların bir takım hak ve yükümlülükler bağlamında nasıl düzenleneceğidir. İlgili makalede siber saldırılar, uluslararası hukukta güç kullanımı çerçevesinde değerlendirilecektir. Uluslararası hukukta güç kullanımı devletlerin hangi durumlarda kuvvete meşru olarak başvurması veya yasaklanması durumunu düzenlemektedir. Uluslararası hukukta esas olarak, egemen devletin diğerinin ülke bütünlüğüne ve siyasi bağımsızlığına karşı kuvvet kullanması bazı istisnalar haricinde kesin olarak BM şartnamesiyle yasaklanmıştır. Bu bakımdan, klasik kuvvet kullanma ile aynı sonuçları doğurabilecek siber saldırılar, diğer koşulları sağlaması durumunda aynı şekilde uluslararası hukukun mevcut kuralları kapsamında değerlendirilebilir. Ancak, ilgili kuralların siber tehditlere yönelik ihtiyacı karşıladığı noktasında yetersiz olduğu da bilinen bir gerçekliktir. Tarihte nükleer veya kimyasal silahlar gibi yeni silahların kullanımına ilişkin uluslararası hukuk bir takım hak ve yükümlülükler getirmiştir. Siber saldırıların konvansiyonel silahlarla kıyas yapılmasının olası olmadığı ya da abartı olacağı iddia edilebilir, ancak her ikisinin de aynı etkiyi doğurma kapasitesine ulaşması bu iddiaları zayıflatmaktadır. Siber saldırılar için işleyen mevcut kurallardan yola çıkarak bir takım yeni hukuki düzenlemelerin gelmesi gerekli gözükmektedir. Çalışmanın temel amacı uluslararası hukuktaki kuvvet kullanımına ilişkin kuralların siber saldırılara yönelik olarak uygulanmasında ihtiyaçları ne derece karşıladığını ortaya koyarak çözüm yolları üretmeye çalışmaktır.
Chapter
This article describes how the interconnected world of today, or the cyber space so often called, is easily accessible through a wide array of devices and has an impact and reach beyond geo-political boundaries Owing to high levels of connectivity and the nature of E-governance activities today, the cyber space is rapidly becoming a potential global battlefield for cyber warfare among various state and non-state entities. An effective cyber weapon in this space is like an indicator of cyber power, its nature being offensive or defensive. Parameters of effectiveness and reliability range from the type of developer of the weapon, whether state or non-state to its longevity in time and technology and others like possibility of an economic implementation along with the scope of its usage. This article is aimed at analyzing existing definitions, opinions and notions about cyber weapons and defining the term cyber weapon from a techno-legal perspective, which could be universally acceptable and have characteristics of enforceability across all domains: civil, criminal & defense applications.
Book
We have witnessed a digital revolution that affects the dynamics of existing traditional social, economic, political and legal systems. This revolution has transformed espionage and its features, such as its purpose and targets, methods and means, and actors and incidents, which paves the way for the emergence of the term cyberespionage. This book seeks to address domestic and international legal tools appropriate to adopt in cases of cyberespionage incidents. Cyberespionage operations of state or non-state actors are a kind of cyber attack, which violates certain principles of international law but also constitute wrongful acquisition and misappropriation of the data. Therefore, from the use of force to state responsibility, international law offers a wide array of solutions; likewise, domestic regulations through either specialized laws or general principles stipulate civil and criminal remedies against cyberespionage. Confronting Cyberespionage Under International Law examines how espionage and its applications have transformed since World War II and how domestic and international legal mechanisms can provide effective legal solutions to this change, hindering the economic development and well-being of individuals, companies and states to the detriment of others. It shows the latest state of knowledge on the topic and will be of interest to researchers, academics, legal practitioners, legal advisors and students in the fields of international law, information technology law and intellectual property law.
Article
This article describes how the interconnected world of today, or the cyber space so often called, is easily accessible through a wide array of devices and has an impact and reach beyond geo-political boundaries Owing to high levels of connectivity and the nature of E-governance activities today, the cyber space is rapidly becoming a potential global battlefield for cyber warfare among various state and non-state entities. An effective cyber weapon in this space is like an indicator of cyber power, its nature being offensive or defensive. Parameters of effectiveness and reliability range from the type of developer of the weapon, whether state or non-state to its longevity in time and technology and others like possibility of an economic implementation along with the scope of its usage. This article is aimed at analyzing existing definitions, opinions and notions about cyber weapons and defining the term cyber weapon from a techno-legal perspective, which could be universally acceptable and have characteristics of enforceability across all domains: civil, criminal & defense applications.
Chapter
Our research demonstrates that active abuse of cyberspace by virtually all groups of sanctions violators across many UN sanctions regimes has grown over the past almost 20 years. For almost as long, UN sanctions monitoring experts have formulated concrete examples and recommendations for how to address these expanding problems. The Security Council chose not to respond for much of this time, and when it finally did, in response to cyber space abuses by ISIL, it still did not answer with a comprehensive cyber sanctions policy. While more security in cyberspace is clearly in the public and private sectors' interest, leading governments equally clearly prefer their many secret intelligence programs that have come to light over the past years through leaks and other indiscretions. Fear of terrorism serves governments well in justifying countermeasures that undermine privacy rights in the name of enhancing public security. Procrastinating on adopting comprehensive sanctions solutions against cyber threats is likely connected with their preference for gaining control over advanced information technologies in order to weaponize them before multilateral agreements create restrictions.
Chapter
Due to the continuing expansion of the notion of security, various national, regional and international institutions now find themselves addressing contemporary security issues. While institutions may evolve by adjusting themselves to new challenges, they can also fundamentally alter the intricate balance between security and current legal frameworks. This volume explores the tensions that occur when institutions address contemporary security threats, in both public and international law contexts. As part of the Connecting International with Public Law series, it provides important and valuable insights into the legal issues and perspectives which surround the institutional responses to contemporary security challenges. It is essential reading for scholars, practitioners and policy makers seeking to understand the legal significance of security institutions and the implications of their evolution on the rule of law and legitimacy.
Chapter
The cyber age holds out much promise for a democratised and newly empowered global information society. But in its early years, the social revolution has been overshadowed by threats, especially new mass surveillance technologies and an arms race foreshadowing prompt global strike (in milliseconds). Traditional understandings of sovereignty and citizenship have been shaken, and new opportunities for a reordering of aspects of international power have emerged. The most powerful states have responded by pursuing a dual-track strategy: one favouring state security (a war impulse) and the other emphasizing social and economic development (a justice impulse). While the military and confrontational impulses will remain dominant for some time, they will be increasingly counter-balanced by recognition of common interests in cyber space. For the balance to shift more decisively in favour of collaboration and common security, states will need to give more weight to ideas of mutual military restraint and to ethically grounded approaches.
Article
During the last decade international lawyers and IT specialists are brought together to conferences on issues of cyber-security. With various topics covered from such different perspectives, a clash of educations occurs. Lawyers are rarely able to understand the deep technological discussions, while legal presentations might seem too philosophical for the IT professionals, leaving them wondering, what do lawyers want and why. In this environment legal questions that cannot be answered without the deep technological knowledge possessed by the computer experts, should be formulated carefully and very precisely. Therefore, with emphasis on the jus in bello, this article aims to outline a list of issues that inevitably require joint lawyer-IT specialists dialogue and explain their significance from the point of view of international law. These issues include possibilities for digital “marking” of internationally protected objects online required under the existing humanitarian law, developing a “distinctive sign” for cyber-combatants, forewarning the enemy of incoming attacks (“carrying arms visibly”) and re-evaluating the concept of “vicinity” to dangerous installations in the context of cyber-space.
Chapter
The conclusion reprises a three-tier categorisation of cyber warfare threats developed throughout the book. In the first tier are modern, cyber-enabled examples of traditional information operations which can happen both during conflict and in peacetime scenarios. In the second tier are cyber attack activities which enable and shape the prosecution of conflict in the physical realm. The third tier comprises those activities over which, it is argued, there is most scepticism at present: namely cyber attacks which cause real physical death and destruction. Predicting the future, however, is a risky business. For this reason, policymakers need to continue to model and plan for such contingencies, while not allowing them to pervert the overall assessment of cyber security priorities.
Article
Cyberespionage has received even greater attention in the wake of reports of persistent and brazen cyberexploitation of U.S. and Canadian firms by the Chinese military. But the recent disclosures about NSA surveillance programs have made clear that a national program of cyberdefense of private firms' intellectual property is politically infeasible. Following the lead of companies like Google, private corporations may increasingly resort to the use of self-defense, hacking back against cross-border incursions on the Internet. Most scholarship, however, has surprisingly viewed such actions as outside the ambit of international law. This Note provides a novel account of how international law should govern cross-border hacks by private actors, and especially hackbacks. It proposes that significant harm to a state's intellectual property should be viewed as "transboundary cyberharm" and can be analyzed under traditional international legal principles, including the due diligence obligation to prevent significant harm to another state's territorial sovereignty. Viewing cyber espionage within this framework, international law may presently permit states to allow private actors to resort to self-defense as proportionate countermeasures. By doing so, this Note offers a prescription for how states might regulate private actors to prevent unnecessary harm or vigilantism while preserving the right of self-defense.
Article
In 2007 Estonia was faced with a new type of international violence that was difficult to conceptualise. Characterisations of the cyber attacks by Estonian officials at the time ranged from war, crime to terrorism. The technological makeup of cyberspace led to a range of problems for the traditional distinctions between these categories and hence international law was uncertain in its application to this new form of violence. These issues are among those generally discussed in literature on cyber attacks and international law. This literature also tends to follow a typical pattern of writing about law and technology, and arguably this does not result in a developed understanding of the relationship between law and technology. However, another body of literature exists which seeks to understand the intersection of law and technology better by looking at past events where technology created problems for the law, the socio-technical context of the law and the values that law seeks to protect. By adopting the insights from this body of literature, the uncertainties that cyber attacks (technology) creates for law will be explored. Accordingly, it will be shown that cyber attacks create a number of uncertainties for international law. On one level, this new type of violence has created uncertainties in the application of existing law and thus led to legal issues. These are centred around doctrinal issues on state responsibility (particularly attribution) and what constitutes an illegitimate use of force. On another level, they raise uncertainties about the compatibility of law premised upon a technological environment in which state sovereignty is central to regulate behaviour in an environment in which states lack a monopoly of violence and distinctions between the actors inflicting this violence is less clear. Exploring these uncertainties will lead to a more developed appreciation of how technology can shape the way we understand violence in international law.
Book
The information revolution has transformed both modern societies and the way in which they conduct warfare. Cyberwar and the Laws of War analyses the status of computer network attacks in international law and examines their treatment under the laws of armed conflict. The first part of the book deals with the resort to force by states and discusses the threshold issues of force and armed attack by examining the permitted responses against such attacks. The second part offers a comprehensive analysis of the applicability of international humanitarian law to computer network attacks. By examining the legal framework regulating these attacks, Heather Harrison Dinniss addresses the issues associated with this method of attack in terms of the current law and explores the underlying debates which are shaping the modern laws applicable in armed conflict.
Article
Cyber-Attacks and the Exploitable Imperfections of International Law reveals elements of existing jus ad bellum and jus in bello regimes that are unable to accommodate the threats posed by cyber-attacks. It maps out legal gaps, deficiencies, and uncertainties, which international actors may seek to exploit to their political benefit. © 2015 by Koninklijke Brill nv, Leiden, The Netherlands. All rights reserved.
Article
The conventional wisdom is that this country's privately owned critical infrastructure-banks, telecommunications networks, the power grid, and so on-is vulnerable to catastrophic cyber-attacks. The existing academic literature does not adequately grapple with this problem, however, because it conceives of cyber-security in unduly narrow terms: most scholars understand cyber-attacks as a problem of either the criminal law or the law of armed conflict. Cyber-security scholarship need not run in such established channels. This Article argues that, rather than thinking of private companies merely as potential victims of cyber-crimes or as possible targets in cyber-conflicts, we should think of them in administrative law terms. Many firms that operate critical infrastructure tend to underinvest in cyber-defense because of problems associated with negative externalities, positive externalities, free riding, and public goods- the same sorts of challenges the modern administrative state faces in fields like environmental law, antitrust law, products liability law, and public health law. These disciplines do not just yield a richer analytical framework for thinking about cyber-security; they also expand the range of possible responses. Understanding the problem in regulatory terms allows us to adapt various regulatory solutions-such as monitoring and surveillance to detect malicious code, hardening vulnerable targets, and building resilient and recoverable systems-for the cyber-security context. In short, an entirely new conceptual approach to cyber-security is needed.
Article
At the time of the state-wide cyber attacks in 2007, Estonia was one of the most developed nations in Europe regarding the ubiquitous use of information and communication technology (ICT) in all aspects of society. Relaying on the Internet for conducting a range of business transactions is common practice. But naturally, the more a society depends on ICT, the more it becomes vulnerable to cyber attacks. Unlike other research on the Estonian incident, this paper does not focus on the analysis of the events themselves. Instead, the authors examine Estonia’s cyber security policy and subsequent changes made in response to the cyber attacks. As such, the authors provide a comprehensive overview of the strategic, legal, and organisational changes based on lessons learned by Estonia after the 2007 cyber attacks. The analysis is based on a review of national security governing strategies, changes in the Estonia’s legal framework, and organisations with direct impact on cyber security. The paper discusses six important lessons learned and manifested in actual changes: each followed by a set of cyber security policy recommendations appealing to national security analysts as well as nation states developing their own cyber security strategy.
Conference Paper
The multihop based Voronoi cell structure provides the least energy consumption in the communication infrastructure if the nodes within the Voronoi cell are static. In other words, the architecture does not perform well if the nodes move around, which is common in many real applications. In addition, the dynamic nature of mobile nodes in Voronoi cell leads to edge disconnections during the data transmission that result in heavy packet loss. In this paper, we are motivated by these problems and refine the architecture. We contribute to the paper by adopting the inter-cell mobility management and intra-cell mobility management to the multihop based Voronoi cell architecture. We simulate the proposed architecture in ns2 and show the results of these architectures for comparison.
Article
The legality of cyber attacks is generally approached from the use of force prohibition contained in Article 2(4) UN Charter. In order to constitute an unlawful use of force it is widely accepted that an intervention must produce physical damage. Of course, a cyber attack can cause physical damage and therefore violate Article 2(4). Upon the available evidence, I submit that the deployment of the Stuxnet virus against Iran in 2010 is such an example. However, the issue is that many cyber attacks do not manifest physical damage and are thus not captured by Article 2(4). Contrary to claims in existing cyber war literature, this does not mean that such attacks are lawful. Instead, I argue that where such attacks are coercive in nature they will nevertheless violate the non-intervention principle that is embedded in customary international law. I suggest that the cyber attack against Estonia in 2007 provides a good example of a cyber attack amounting to an unlawful intervention.
Article
Full-text available
This short essay presents a legal analysis of cyber force, an intangible form of international coercion that exploits computer networks leaving havoc in its wake. After providing recent examples of this phenomenon, as well as circumscribing its scope, the essay sets out to determine to what extent cyber force can be reconciled with contemporary jus ad bellum. Two key questions will be addressed: is cyber force a use of force as defined in article 2(4) of the UN Charter, and if so, could it conceivably rise to level of an armed attack justifying self-defence as meant by article 51 of the same document? In order to respond to these queries, the analysis hinges upon the interpretative techniques of the Vienna Convention of the Law of Treaties as well as the current doctrinal debates regarding cyber force. The essay ends with a brief consideration of plausible prospects with respect to the regulation of this novel form of coercion.
Conference Paper
Despite a greater willingness on the part of States to enter into a dialogue on the potential implications of cyber warfare, there is continued disagreement on whether new rules are required to govern this 'new domain' and, if so, whether such rules should be in codified form or be left to evolve through a natural progression of customary international law. Closely interlinked with these questions is the distinct issue of whether there is a need for an arms control treaty. To speak of an arms control treaty or the regulation of a particular weapon by reference to the law of armed conflict (LOAC) is to presuppose a common conception of the particular type of weapon that is under discussion. This paper therefore poses the question, 'What is a cyber-weapon?' before considering whether an arms control treaty is a feasible option, let alone whether such a treaty would be capable of addressing the concerns that have been raised by its proponents. This paper also considers existing LOAC rules to identify the issues that are unique to cyber-weapons and, in doing so, it is argued that further clarification is indeed merited.
Article
Cyber warfare figures prominently on the agenda of policymakers and military leaders around the world. New units to ensure cyber security are created at various levels of government, including in the armed forces. But cyber operations in armed conflict situations could have potentially very serious consequences, in particular when their effect is not limited to the data of the targeted computer system or computer. Indeed, cyber operations are usually intended to have an effect in the ‘real world’. For instance, by tampering with the supporting computer systems, one can manipulate an enemy's air traffic control systems, oil pipeline flow systems, or nuclear plants. The potential humanitarian impact of some cyber operations on the civilian population is enormous. It is therefore important to discuss the rules of international humanitarian law (IHL) that govern such operations because one of the main objectives of this body of law is to protect the civilian population from the effects of warfare. This article seeks to address some of the questions that arise when applying IHL – a body of law that was drafted with traditional kinetic warfare in mind – to cyber technology. The first question is: when is cyber war really war in the sense of ‘armed conflict’? After discussing this question, the article goes on to look at some of the most important rules of IHL governing the conduct of hostilities and the interpretation in the cyber realm of those rules, namely the principles of distinction, proportionality, and precaution. With respect to all of these rules, the cyber realm poses a number of questions that are still open. In particular, the interconnectedness of cyber space poses a challenge to the most fundamental premise of the rules on the conduct of hostilities, namely that civilian and military objects can and must be distinguished at all times. Thus, whether the traditional rules of IHL will provide sufficient protection to civilians from the effects of cyber warfare remains to be seen. Their interpretation will certainly need to take the specificities of cyber space into account. In the absence of better knowledge of the potential effects of cyber warfare, it cannot be excluded that more stringent rules might be necessary.
Article
The dramatic increase over the past decade in the quantity and sophistication of communications satellites in the earth's orbit raises new legal questions regarding the hostile disruption of satellite transmissions. As dependence on satellite communications in the military, governmental, economic and civilian spheres escalates globally, both states and non-state entities have become increasingly vulnerable to the consequences of disrupted transmissions, whether accidental or intentional. The implications of this new phenomenon for international humanitarian law (IHL) are better understood in the context of a preliminary analysis of the principles and norms underlying three regimes which now converge around satellite activities ad bellum. These are the substantive law regarding freedom of transborder communication, including relevant jus cogens prohibitions; international telecommunications regulation; and space law. The present analysis focuses on (a) the development of a taxonomy of the types of hostile disruption of satellite transmissions, (b) an examination of the three present normative regimes which govern international satellite transmissions in peacetime, and (c) the relevance of these three regimes for the development of applicable IHL. Overall, the article addresses the legal and policy aspects of an improved international response to the growing phenomenon of transmission disruption on the part of state and non-state entities both in peacetime and during war. Greater clarity regarding the applicable legal norms will enable both state and non-state actors to utilise satellite systems with increased certainty, reliability and effectiveness.
Article
Full-text available
Technological advance is a double edge sword. Computer systems that monitor and control industrial infrastructure brings efficiency but at the same time security challenges too. Urged by this complexity some countries have considered to use military force in response to cyber-attacks. Such possibilities have created shockwaves inside the legal community. While some negate the applicability of Ius ad bellum others believe that its principles, standards and norms provide framework for use of force in self-defense. Giving the influence that legal community has in policy making the article offers legal analyses with these regards and use them to provide some incentives for legal alternatives. The overall argument of the article is that division inside the legal community is one more reason for international community to reconsider international legal reforms. These reforms must be based on holistic approach. DOI: 10.5901/mjss.2013.v4n14p115
Article
As far as malware-related crimes are concerned, extra territorial jurisdiction and the law of extradition need one another to work perfectly, but there has never been a standard universal rule governing them. While Universality Principle can be argued to be the most ideal solution to the problem, it is opposed by the supporters of the notion of self-regulation of the internet, not to mention it lacks the required universal support. Thus the determination of the issues has to be based on the analysis of existing measures of practical applications.
Article
As cyberspace matures, the international system faces a new challenge in confronting the use of force. Non-State actors continue to grow in importance, gaining the skill and the expertise necessary to wage asymmetric warfare using non-traditional weaponry that can create devastating real-world consequences. The international legal system must adapt to this battleground and provide workable mechanisms to hold aggressive actors accountable for their actions. The International Criminal Court--the only criminal tribunal in the world with global reach--holds significant promise in addressing this threat. The Assembly of State Parties should construct the definition of aggression to include these emerging challenges. By structuring the definition to confront the challenges of cyberspace--specifically non-State actors, the disaggregation of warfare, and new conceptions of territoriality--the International Criminal Court can become a viable framework of accountability for the wars of the twenty-first century.
Article
In December 2005 a new mission statement was released by the Air Force Leadership, "to deliver sovereign options for the defense of the United States of America and its global interests...to fly and fight in Air, Space and Cyberspace." (Wynne & Mosley, 2005) With the stand up of the AFCYBER command and the use of cyberspace to carry out our daily mission the U.S. needs to have a clear understanding of what war in cyberspace looks like and what the laws are governing war in cyberspace. This research and it's resulting data analysis is intended to provide a better understanding of what the current laws of war are and how they translate to cyber war and the complexities that exist, along with recommendation on future revisions of the laws.
Article
Full-text available
Cyberwar has become a reality. The question is no longer “if” the United States will experience a major cyberattack aimed at disrupting critical infrastructure, but “when.” In July of 2010, Iranian uranium enrichment activities were severely hindered by the Stuxnet worm, which used a number of zero-day exploits and damaged the Iranian nuclear infrastructure. In early 2011, documents leaked from the files of a computer security company provide evidence that there are “cyber contractors” in the United States that provide subscriptions to lists of exploitable vulnerabilities in popular software. Additionally, there exists the threat of Distributed Denial of Service (DDoS) attacks that could be used to knock a system’s defenses off-line and render the system more vulnerable to further attacks. In the United States, highly visible corporations and privately owned critical infrastructure are both likely targets for debilitating cyber-attacks, and there is an urgent need to ensure that these groups are protected. Currently, there is no consistently effective domestic or international criminal law regime to deter these sorts of attacks, and resorting to civil litigation is likely to prove impractical. A major barrier to punishing cyber-attackers is the difficulty of identifying individual attackers. Passive defense methods, like firewalls, software patches, and antivirus software, do not require potential attackers to be identified to be effective. However, passive defense methods are not used consistently enough to have a perfect deterrent effect, and are all but useless against attacks utilizing zero-day exploits. For these reasons, we strongly urge a regulatory regime that would govern the use of active defense technologies, especially technologies that would enable mitigative counterstriking. Active defense, however, has been a controversial subject, and it is this controversy that we seek to engage in. The reason that commentary about active defense has been so tentative and inconclusive up to this point is that active defense is intuitively bothersome and seen as amounting to vigilantism that carries significant danger of collateral damage. We assert that researchers have been analyzing this topic incorrectly as a unitary whole, instead of by looking at the different aspects of active defense (detecting, tracing, and counterstriking) and the two possible characterizations of counterstrikes (mitigative and retributive). A mitigative counterstrike would involve actions taken in self-defense in order to interrupt an attack in progress and mitigate immediate harm to a target system. Self-defense in cyberspace is a necessity, especially to protect critical infrastructure. Our analysis concludes that cyber counterstriking is readily justifiable under a self-defense framework, provided principles of mitigation are observed. Mitigative counterstriking is also legally justifiable under several areas of domestic and international law, and can be made consistent with other areas of law by amending the law or by reinterpreting it. After evaluating the technologies, the potential types of attacks, and the legal context, we conclude that mitigative counterstriking would be the most effective when used in response to DDoS attacks originating from botnets. Such a counterstrike would interrupt the attack and mitigate harm to the victim system, while also preserving the victim system’s defenses against additional attacks. Harming non-attackers through counterstrikes is also a potential concern, but we observe that the technological capabilities to engage in self-defense are advancing rapidly and provide the capability to avoid unnecessary harm to third parties. We urge that the government should regulate active defense and oversee mitigative counterstriking, perhaps as part of a public-private partnership to take advantage of the core competencies of both the public and private sectors on this topic. Our recommended regime to permit mitigative counterstrikes as self-defense would also include liability rules to protect third parties in the event that a counterstrike causes harm to a party other than the initial attacker. In short, the current situation with cyber-attacks is ominous, and more effective methods must be provided to potential victims to permit them to protect themselves. The time to act is now, and we must legally solidify the right to use self-defense in cyberspace, while also protecting the rights of potential uninvolved third parties who might be harmed by mitigative counterstrikes.
Article
Just as states have spent the last several years wrestling with the appropriate legal response to terror, they must now undertake a similar effort to deal with the burgeoning use of information operations (IO). IO involves the use of information technology, such as computer network attacks or psychological operations, to influence, disrupt, corrupt, usurp or defend information systems and the infrastructure they support. More than thirty states have developed IO capacities. But IO is also undoubtedly attractive to non-state actors like Al Qaeda, since the technology is mostly inexpensive, easy-to-use, and capable of deployment from virtually anywhere. This Article assesses the ways in which international law, specifically the rules regulating the use of force and the law of war, currently applies to IO. Conventional wisdom suggests existing rules can cover IO by analogy. The conventional wisdom is only half-right. This Article explains why the existing rules govern IO, but challenges the unstated assumption that they do so appropriately. Translating existing rules into the IO context produces extensive uncertainty, risking unintentional escalations of conflict where forces have differing interpretations of what is permissible. Alternatively, such uncertainty may discourage the use of IO even if it might produce less harm than traditional means of warfare. Beyond uncertainty, the existing legal framework is insufficient and overly complex. Existing rules have little to say about the non-state actors that will be at the center of future conflicts. And where the laws of war do not apply, even by analogy, an overwhelmingly complex set of other international and foreign law rules purport to govern IO. To remedy such deficiencies, this Article proposes a new legal framework, an international law for information operations (ILIO). By adopting an ILIO, states could alleviate the uncertainty and complexity of the status quo, reduce transaction costs for states fighting global terror, and lessen the collateral costs of armed conflict itself. This Article concludes with a review of some of the regulatory design questions facing an ILIO, but does not offer any specific rules. Rather, its ultimate aim is to convince states and scholars about the need for an ILIO in the first place.
Article
Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon identification of actors and intent, arguing that inherent defects in the Internet’s architecture must be remedied to enable attribution. These proposals, if adopted, would badly damage the Internet’s generative capacity for innovation. Drawing upon scholarship in economics, animal behavior, and mathematics, this Article takes a radical new path, offering a theoretical model oriented around information, in distinction to the near-obsession with technical infrastructure demonstrated by other models. It posits a regulatory focus on access and alteration of data, and on guaranteeing its integrity. Counterintuitively, it suggests that creating inefficient storage and connectivity best protects user capabilities to access and alter information, but this necessitates difficult tradeoffs with preventing unauthorized interaction with data. The Article outlines how to implement inefficient information storage and connectivity through legislation. Lastly, it describes the stakes in cybersecurity debates: adopting current scholarly approaches jeopardizes not only the Internet’s generative architecture, but also key normative commitments to free expression on-line.
Article
This Essay is speculative in the sense that the law of armed conflict has not yet been extended to cover warfare waged over the World Wide Web. Therefore, potential risks posed for private-citizen users of the Internet are based on an extrapolation from existing principles of the law of armed conflict. It is, however, a modest extrapolation. Private-citizen Internet users who want to protect themselves in the cyber-realm will be well served to assume that the line of thinking presented in this Essay reflects the shape of law to come.
Article
The conclusion and adoption of the Statute of a permanent International Criminal Court 2 (“Statute”) in Rome in July 1998 3 represent a turning point in the enforcement of legal norms regulating armed conflict. Th e Rom e Conference was the latest, and most important, chapter in a long saga concerning the broader issue of the conclusion and adoption of a Draft Code of Crimes against the Peace and Security of Mankind, an important part of which was the establishment of an international criminal court to try such crimes. 4 The International Law Commission (ILC), the UN organ responsible for the preparation of the Code, 5 decided to separate the two objectives and to proceed with the drafting of a statute for an international criminal court that was distinct from the Draft Code of Crimes: the ILC envisaged a court that would exercise jurisdiction in respect of crimes of international concern which existed as such in various treaties already in force. 6 This approach is reflected in the provisions of the Statute adopted at Rom e concerning the jurisdiction of the Court, as explained below. 7
Article
Belligerent reprisals have long occupied a curious position in the law of armed conflict. They are one of the oldest means for the enforcement of that law, and, until recently, were widely regarded as indispensable. Yet the scope for abuse and the danger that reprisals, far from enforcing the law, can produce an escalating spiral of atrocities completely undermining respect for the law have also long been recognized. Thus, the Lieber Code of 1863 states that: ‘The law of war can no more wholly dispense with retaliation than can the law of nations, of which it is a branch. Yet civilised nations acknowledge retaliation as the sternest feature of war. A reckless enemy often leaves to his opponent no other means of securing himself against the repetition of barbarous outrage’.