Law & Policy
How does the legal and normative ecosystem relate to cyberattacks and operations deployed during an armed conflict?
The use of cyber capabilities is a reality of modern warfare. Since the Russian military invasion of Ukraine, the population has suffered significantly from the shelling and bombing of cities across the country, as well as from cyberattacks. Cyberattacks are used as a means of destruction, disruption, and data weaponization, in addition to the widespread use of disinformation; they have led to the destabilization of cyberspace.
The use of cyber tools and information warfare doesn't happen in a legal vacuum and poses a range of legal and policy questions. Explore this section to get answers to some of the following legal challenges. What are the rules applicable to the cyber dimension of an armed conflict? How does modern technology challenge the application of established rules of international law? What policy and legal questions arise in the use of cyber tools? What are the rules protecting civilians from harm in an armed conflict and when do civilians lose their protection?
The term cyber war is being routinely used in the context of the armed conflict in Ukraine. Cyber war—method of warfare – is a commonly used term to describe actions by state and non-state actors to penetrate another computer or network to cause damage or disruption.
The term cyber war describes cyber operations which are a type of military operation to which various prohibitions and restrictions apply.
During armed conflict (the current situation between the Russian Federation and Ukraine) International Humanitarian Law (IHL) applies and governs the conduct of hostilities including the use of cyber tools. In peacetime – rules of peacetime international law, human rights law and domestic law apply.
The international armed conflict between Ukraine and the Russian Federation, and its strategic and tactical implications, raises serious concerns and imposes considerations about how states and non-state actors respect and abide by the existing normative framework. This framework includes:
- international law, notably international humanitarian law (IHL), or jus in bello, (the law that governs the way in which warfare is conducted),
- domestic law (for example criminal law), and
- the non-binding rules of responsible state behavior in cyberspace emanating from the reports of both the United Nations Group of Governmental Experts (UN GGE) and Open Ended Working Group (OEWG).
When it comes to cyber operations there are rules applicable to this particular method of warfare aiming to restrain action of States and individuals and to protect civilians and critical infrastructure. As the International Court of Justice (ICJ) noticed, IHL “applies to all forms of warfare and to all kinds of weapons, those of the past, those of the present and those of the future [...]”.
The conundrum lies in the interpretation of the rules. Cyberspace, and Information and Communication Technologies (ICTs) are challenging decades of interpretation of the laws, and clarifications are required by States including how international humanitarian law applies to cyber operations.