Law & Policy
How does the legal and normative ecosystem relate to cyberattacks and operations deployed during an armed conflict?
The term cyber war is being routinely used in the context of the armed conflict in Ukraine. Cyber war—method of warfare – is a commonly used term to describe actions by state and non-state actors to penetrate another computer or network to cause damage or disruption.
The term cyber war describes cyber operations which are a type of military operation to which various prohibitions and restrictions apply.
During armed conflict (the current situation between the Russian Federation and Ukraine) International Humanitarian Law (IHL) applies and governs the conduct of hostilities including the use of cyber tools. In peacetime – rules of peacetime international law, human rights law and domestic law apply.
The international armed conflict between Ukraine and the Russian Federation, and its strategic and tactical implications, raises serious concerns and imposes considerations about how states and non-state actors respect and abide by the existing normative framework. This framework includes:
- international law, notably international humanitarian law (IHL), or jus in bello, (the law that governs the way in which warfare is conducted),
- domestic law (for example criminal law), and
- the non-binding rules of responsible state behavior in cyberspace emanating from the reports of both the United Nations Group of Governmental Experts (UN GGE) and Open Ended Working Group (OEWG).
When it comes to cyber operations there are rules applicable to this particular method of warfare aiming to restrain action of States and individuals and to protect civilians and critical infrastructure. As the International Court of Justice (ICJ) noticed, IHL “applies to all forms of warfare and to all kinds of weapons, those of the past, those of the present and those of the future [...]”.
The conundrum lies in the interpretation of the rules. Cyberspace, and Information and Communication Technologies (ICTs) are challenging decades of interpretation of the laws, and clarifications are required by States including how international humanitarian law applies to cyber operations.