The Implications of Transnational Cyber Threats in International Humanitarian Law: Analysing the Distinction Between Cybercrime, Cyber Attack, and Cyber Warfare in the 21st Century

Open access

Abstract

This paper is an attempt to draw distinctive lines between the concepts of cybercrime, cyber-attack, and cyber warfare in the current information age, in which it has become difficult to separate the activities of transnational criminals from acts of belligerents using cyberspace. The paper considers the implications of transnational cyber threats in international humanitarian law (IHL) with a particular focus on cyber-attacks by non-state actors, the principles of state responsibility, and the implications of targeting non-state perpetrators under IHL. It concludes that current international law constructs are inadequate to address the implications of transnational cyber threats; the author recommends consequential amendments to the laws of war in order to address the challenges posed by transnational cyber threats.

1. Albright, David, Paul Brannan, and Christina Walrond. “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?” Institute for Science and International Security Report (December 22, 2010): 1–10 // http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec2010.pdf.

2. Anderson, Michael. “Reconceptualizing Aggression.” Duke Law Journal 60 (2010): 411–456.

3. Antolin-Jenkins, Vida M. “Defining the Parameters of Cyber War Operations: Looking for Law in All the Wrong Places?” Naval Law. Rev. 51 (2005): 132–169.

4. Baker, Stewart, McAfee, Inc. “In the Crossfire: Critical Infrastructure in the Age of Cyber War” (2009) // http://newsroom.mcafee.com/images/10039/In%20the%20Crossfire_CIP%20report.pdf.

5. Barkham, Jason. “Information Warfare and International Law on the Use of Force.” N.Y.U. J. Int’l L. & Pol. 34 (2001): 57–114.

6. Billo, Charles G., and Welton Chang. Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States. Institute for Security Technology Studies, 2004.

7. Blank, Laurie R. “Taking Distinction to the Next Level: Accountability for Fighters’ Failure to Distinguish Themselves from Civilians.” Valparaiso University Law Review 46(3) (2012): 745–887.

8. Brenner, Susan W. “Is There Such a Thing as ‘Virtual Crime’?” Cal. Crim. L. Rev. 4 (2001): 1-18.

9. Brenner, Susan W. and Leo L. Clarke, “Civilians in Cyber Warfare: Conscripts,” Vanderbilt Journal of Transnational Law 43 (2010): 1011-1076.

10. Brenner, Susan. “At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare.” J. Crim. Law & Criminology 97 (2007): 363–381.

11. Brown, Davis. “Use of Force Against Terrorism After September 11th: State Responsibility, Self-Defense and Other Responses.” Cardozo J. of Int'l & Comp. Law 11 (2003): 1-57.

12. Cannizzaro, Enzo. “Contextualizing Proportionality: Jus Ad Bellum and Jus in Bello in the Lebanese War.” Int’l Rev. Red Cross 88 (864), 779 (2006): 779–827.

13. Carnahan, Burrus M. “Lincoln, Lieber and the Laws of War: The Origins and Limits of the Principle of Military Necessity.” Am. J. Int’l L. 92 (1998): 213–248.

14. Carr, Jeffrey. Inside Cyber Warfare. CA: O’Reilly Media Inc., 2010.

15. Clarke, Richard A., and Robert K. Knake. Cyber War: The Next Threat to National Security and What to do About it. New York: Ecco, 2010.

16. Coleman, Kevin. “The Cyber Arms Race Has Begun.” CSO Online (January 28, 2008) // http://www.csoonline.com/article/print/216991.

17. Condron, Sean. “Getting It Right: Protecting American Critical Infrastructure in Cyberspace.” Harv. J.L. & Tech. 20 (2007): 403–422.

18. Creekman, Daniel M. “A Helpless America? An Examination of the Legal Options Available to the United States in Response to Various Cyber-attacks from China.” Am. U. Int’l L. Rev. 17 (2002): 641–689.

19. Darcy, Shane. “Assistance, Direction and Control: Untangling International Judicial Opinion on Individual and State Responsibility for War Crimes by Non-state Actors.” International Review of the Red Cross 96(893) (2014): 259–261.

20. DeLuca, Christopher D. “The Need for International Laws of War to Include Cyber Attacks Involving State and Non-State Actors.” Pace Int’l L. Rev. Online Companion 3 (2013): 278–329.

21. Dinstein, Yoram. “Computer Network Attacks and Self-Defense”: 99–120. In: Michael N. Schmitt and Brian T. O’Donnell, eds. Computer Network Attack and International Law. Naval War College, International Law Studies, vol.76, 2002.

22. DOD Dictionary of Military and Associated Terms (2001) // http://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf.

23. Dombrowski, Peter, and Chris C. Demchak. “Cyber War, Cybered Conflict, and the Maritime Domain.” Naval War College Review 67(2) (2014): 45–93.

24. Dormann, Knut. “Applicability of the Additional Protocols to Computer Network Attacks.” Int'l Committee of the Red Cross (November 19, 2004) // http://www.icrc.org/eng/assets/files/other/applicabilityofihltocna.pdf.

25. Estreicher, Samuel. “Privileging Asymmetric Warfare (Part II)?: The ‘Proportionality’ Principle under International Humanitarian Law.” Chi. J. Int’l L. 12 (2011): 1–143.

26. Franzese, Patrick W. “Sovereignty in Cyberspace: Can It Exist?” A.F. L. REV. 64 (2009): 1–54.

27. Gercke, Marco. Understanding Cybercrime: Phenomena, Challenges and Legal Response. ITU: Telecommunication Development Bureau, 2012.

28. German Federal Ministry of the Interior. Cyber Security Strategy for Germany. Berlin: Beauftragter der Bundesregierung für Informationstechnik, 2011.

29. Goodman, Ryan, and Derek Jinks, “The ICRC Interpretive Guidance on the Notion of Direct Participation in Hostilities under International Humanitarian Law: An Introduction to the Forum.” NYU J Intl L Pol. 42 (2010): 637–640.

30. Gordon, Sarah, and Richard Ford. “On the Definition and Classification of Cybercrime.” J. Computer Virology 1 (2006): 1–17.

31. Graham, David E. “Cyber Threats and the Law of War.” Journal of National Security Law & Policy 4 (2010): 87–134.

32. Halberstam, Manny. “Hacking Back: Re-evaluating the Legality of Retaliatory Cyber-attacks.” The Geo. Wash. Int'l L. Rev. 46 (2013): 199–258.

33. Hathaway, Melissa E., and Alexander Klimburg. “Preliminary Considerations: On National Cyber Security”: 1–43. In: Alexander Klimburg, ed. National Cyber Security Framework Manual. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence, Estonia Publication, 2012.

34. Hathaway, Oona, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue, and Julia Spiegel. “The Law of Cyber-Attack.” Calif. L. Rev. 100 (2012): 817–886.

35. Heinsch, Robert. “The Crime of Aggression After Kampala: Success or Burden for the Future?” Goettingen Journal of International Law 2 (2010): 709–763.

36. Henckaerts, Jean-Marie, and Louise Doswald-Beck. Customary International Humanitarian Law. ICRC, 2005.

37. Hildreth, Steven A. “Cyber Warfare.” Cong. Research Serv., CRS Report for Congress (2001): 1–29.

38. Hoisington, Matthew. “Cyber Warfare and the Use of Force Giving Rise to the Right of Self-Defense.” B.C. Int'l & Comp. L. Rev. 32 (2009): 439–481.

39. Hollis, Duncan B. “Why States Need an International Law for Information Operations.” Lewis & Clark Law. Review 11 (2007): 1023–1093.

40. Hurka, Thomas. “Proportionality in the Morality of War.” Philo & Pub Aff. 33 (2005): 34–72.

41. ICRC. “Interpretive Guidance on the Notion of Direct Participation in Hostilities under International Humanitarian Law.” Intl Rev Red Cross 90 (2008): 987–1026.

42. Jensen, Eric. “Computer Attacks on Critical National Infrastructure: A Use of Force Invoking the Right of Self-Defense.” Stan. J. Int’l Law 38 (2002): 207–240.

43. Jensen, Eric. “Unexpected Consequences from Knock-On Effects: A Different Standard for Computer Network Operations?” Am. U. Int’l L. Rev. 18 (2003): 1168–1197.

44. Kalpokienė, Julija, and Ignas Kalpokas. “Hostes Humani Generis: Cyberspace, the Sea, and Sovereign Control.” Baltic Journal of Law & Politics 5:2 (2012): 132–163.

45. Kastenberg, Joshua E. “Non-intervention and Neutrality in Cyberspace: An Emerging Principle in the National Practice of International Law.” A.F. L. Rev. 64 (2009): 1–68.

46. Kelsey, Jeffrey T.G. “Hacking into International Humanitarian Law: The Principles of Distinction and Neutrality in the Age of Cyber Warfare.” Mich. L. Rev. 106 (2008): 1431–1468.

47. Kerschischnig, Georg. Cyber Threats and International Law. Eleven International Publishing, 2012.

48. Kingsbury, Alex. “Documents Reveal Al Qaeda Cyber-attacks.” U.S. News (April 14, 2010) // http://www.usnews.com/news/articles/2010/04/14/documentsreveal-al-qaeda-cyberattacks.

49. Landau, Susan. “National Security on the Line.” Journal of Telecomm. & High Tech. Law 4 (2006): 409–447.

50. Libicki, Martin C. “What is Information Warfare?” Strategic Forum No. 28 (1995): 1–3.

51. Little, Debra, John Shinder, and Ed Tittel. Scene of the Cybercrime: Computer Forensics Handbook. (MA: Syngress Publishing, Inc. Rockland, 2002).

52. Lülf, Charlotte. “Modern Technologies and Targeting under International Humanitarian Law.” IFHV Working Paper Vol. 3, No. 3 (December 2013): 39–45 // http://www.ruhr-uni-bochum.de/ifhv/documents/workingpapers/wp3_3.pdf.

53. Melzer, Nil. “Keeping the Balance between Military Necessity and Humanity: A Response to Four Critiques of the ICRC’s Interpretive Guidance on the Notion of Direct Participation in Hostilities.” Int’l L. & Pol. 42 (2010): 831–877.

54. Melzer, Nils. “Cyber Operations and Jus in Bello.” Disarmament Forum (2011).

55. Murphy, Matt, “War in the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict?” Economist (July 1, 2010).

56. Owens, William A., Kenneth W. Dam, and Herbert S. Lin, eds. Technology, Policy, Law, and Ethics Regarding US Acquisition and Use of Cyber-attack Capabilities. National Research Council Report, 2009.

57. Printer, Norman G., Jr. “The Use of Force against Non-State Actors under International Law: An Analysis of the U.S. Predator Strike in Yemen.” UCLA J. Int'l L. & Foreign Aff. 8 (2003): 331–392.

58. Proulx, Vincent-Joel. “Babysitting Terrorists: Should States Be Strictly Liable for Failing to Prevent Transborder Attacks?” Berkeley J. Int’l L. 23 (2005): 616–667.

59. Rollins, John W., and Catherine A. Theohary. Cyber warfare and Cyber terrorism: In Brief (Congressional Research Service (CRS) Report, R43955, March 27, 2015).

60. Sandoz, Yves, Christophe Swinarski, and Bruno Zimmermann, eds. Commentary on the Additional Protocols of 8 June 1977 to the Geneva Conventions of 12 August 1949. ICRC, 1987.

61. Schaap, Arie J. “Cyber Warfare Operations: Development and Use under International Law.” A.F. L. Rev. 64 (2009): 121–161.

62. Schindler, Dietrich, and Jiri Toman, eds. The Laws of Armed Conflicts: A Collection of Conventions, Resolutions and Other Documents. 4th ed. (Boston: Martinus Nijhoff Publishers, 2004.

63. Schmitt, Michael N. “‘Attack’ as a Term of Art in International Law: The Cyber Operations Context”: 283–293. In: Christian Czosseck, Rain Ottis, and Katharina Ziolkowski, eds. 4th International Conference on Cyber Conflict. Tallinn: NATO CCD COE Publications, 2012.

64. Schmitt, Michael N. “Military Necessity and Humanity in International Humanitarian Law: Preserving the Delicate Balance.” Virginia Journal of International Law 50(4) (2010): 761–799.

65. Schmitt, Michael N. “Rewired Warfare: Rethinking the Law of Cyber Attack.” Int’l Rev. Red Cross 96(893) (2014): 182–205.

66. Schmitt, Michael N. “The Impact of High Tech and Low Tech Warfare on Distinction”: 169–189. In: Roberta Arnold and Pierre-Antoine Hildbrand, eds. International Humanitarian Law and the 21st Century’s Conflicts: Changes and Challenge. Lausanne: Ed. Interuniversitaires Suisses-Edis, 2005.

67. Schmitt, Michael N. “Wired Warfare: Computer Network Attack and Jus in Bello.” Int'l Rev. of the Red Cross 84 (2002): 365–399.

68. Schmitt, Michael N., ed. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press, 2013.

69. Schmitt, Michael N., Harrison A. Dinniss, and Thomas C. Wingfield. “Computers and War: The Legal Battle Space.” Background Paper prepared for Informal High-Level Expert Meeting on Current Challenges to International Humanitarian Law. Cambridge (June 25–27, 2004).

70. Schmitt, Michael. “Pre-emptive Strategies in International Law.” Mich. J. Int’l Law 24 (2003): 534–569.

71. Shane, Harris, “The Cyber war Plan,” National Journal (November 14, 2009) // http://www.nationaljournal.com/njmagazine/cs_20091114_3145.php.

72. Sharp, Walter Gary. Cyberspace and the Use of Force. Virginia, Falls Church: Aegis Research Corporation, 1999.

73. Shimeall, Timothy, Phil Williams, and Casey Dunlevy. “Countering Cyber War.” NATO Rev. 49 (2001): 16–19.

74. Sklerov, Matthew J. “Solving the Dilemma of State Responses to Cyber-attacks: A Justification for the Use of Active Defenses against States Which Neglect Their Duty to Prevent.” Mil. L. Rev. 201 (2009): 1–85.

75. Smith, Gerry. “UK Authorities Brace for ‘Cyber Jihad’ By Al Qaeda after Bin Laden Death.” The Huffington Post (July 12, 2011) // http://www.huffingtonpost.com/2011/07/12/al-qaeda-cyberjihad_n_895579.html.

76. Solce, Natasha. “The Battlefield of Cyber Space: The Inevitable New Military Branch – The Cyber Force.” Alb. L.J. Sci. & Tech. 18 (2008): 292–336.

77. Stevens, Sharon R. “Internet War Crimes Tribunals and Security in an Interconnected World.” Transnat’l L. & Contemp. Probs. 18 (2009): 657–676.

78. Svarc, Dominika. “Redefining Imminence: The Use of Force Against Threats and Armed Attacks in the Twenty-First Century.” ILSA J. Int’l & Comp. L. 13 (2006): 171–219.

79. Swanson, Lesley. “The Era of Cyber Warfare: Applying International Humanitarian Law to the 2008 Russian-Georgian Cyber Conflict.” L.A. Int’l & Comp. L. Rev. 32 (2010): 303–353.

80. Teo, Cheng Hang. “The Acme of Skill: Non-Kinetic Warfare.” Air Command & Staff Coll., Wright Flyer Paper No. 30 (2008) // http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA485268&Location=U2&doc=GetTRDoc.pdf.

81. Turns, David. “Cyber Warfare and the Notion of Direct Participation in Hostilities.” Journal of Conflict & Security Law (2012): 279–297.

82. U.K. Cabinet Office. The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World (November 2011) // https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-strategy-final.pdf.

83. U.K. Ministry of Defence. The Joint Service Manual of the Law of Armed Conflict. 3. Wiltshire: The Joint Doctrine and Concepts Centre, UK, 2004.

84. U.K. Secretary of State for the Home Dep’t. Contest: The United Kingdom’s Strategy for Countering Terrorism. Her majesty’s Stationary Office (July 2011) // https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/97995/strategy-contest.pdf.

85. US Army Training & Doctrine Command, DCSINT Handbook No. 1.02, Critical Infrastructure Threats and Terrorism: Cyber Operations and Cyber Terrorism Handbook. 2005.

86. US Department of Defense (DOD). “Memorandum for Chiefs of the Military Services, Commanders of the Combatant Commands, Dirs. of the Joint Staff Directories – Joint Terminology for Cyberspace Operations” (November 2011): 1-16 // http://www.nsci-va.org/CyberReferenceLib/2010-11-joint%20Terminology%20for%20Cyberspace%20Operations.pdf.

87. US Department of Defense (DOD). “Quadrennial Defense Review” (2010).

88. US Department of Defense (DOD). “Strategy for Operating in Cyberspace” (July 2011).

89. US White House. The National Strategy to Secure Cyberspace (2003) // http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf.

90. Vatis, Michael A. “Cyber Attacks during the War on Terrorism: A Predictive Analysis.” Institute for Security Technology Studies at Dartmouth College, Report OMB No. 074-0188 (September 2001).

91. Waxman, Matthew C. “Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4).” Yale Journal of International Law 36 (2011): 411–452.

92. Wedgwood, Ruth. “Proportionality, Cyber war and the Law of War”: 219–254. In: Michael N. Schmitt and Brian T. O’Donnell, eds. Computer Network Attack and International Law. Naval War College, International Law Studies, vol.76, 2002.

93. Wheeler, David, and Gregory Larsen. “Techniques for Cyber Attack Attribution.” Inst. Def. Analysis (October 2003): 23–25 //http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA468859&Location=U2&doc=GetTRDoc.pdf.

94. Wingfield, Thomas. The Law of Information Conflict: National Security Law in Cyberspace. Texas: Aegis Research Corp, 2000.

1. Advisory Opinion on the Legality of the Threat or Use of Nuclear Weapons. 1996 I.C.J. para. 79 (July 8).

2. Combating the Criminal Misuse of Information Technologies. G.A. Res. 55/63, paras.1,3 U.N. Doc. A/RES/55/63 (Jan. 22, 2001).

3. Convention on Cybercrime. Council of Europe, Nov. 23, 2001, 41 I.L.M. 282, 2296 U.N.T.S. 167.

4. Eighth United Congress on the Prevention of Crime and the Treatment of Offenders. G.A. Res. 45/121, para.3, U.N. Doc. A/RES/45/121 (Dec. 14, 1990).

5. Geneva Convention (III) Relative to the Treatment of Prisoners of War. Aug. 12, 1949, 6 U.S.T. 3316, 75 U.N.T.S. 135.

6. Hague Convention (IV) with Respect to the Laws and Customs of War on Land. Oct. 18, 1907, 36 Stat. 2277, 187 Consol. T.S. 429.

7. Lieber Code, U.S. War Dep’t, General Orders No. 100: Instructions for the Government of Armies of the United States in the Field (April 24, 1863).

8. Military and Paramilitary Activities in and Against Nicaragua (Nicaragua v. U.S.). 1984 I.C.J. Rep. 392.

9. Prosecutor v. Tadić. Case No. IT-94-1-A, I.C.T.Y. App. Ch., at 49 (July 15, 1999).

10. Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts. June 8, 1977, 1125 U.N.T.S. 3.

11. Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts. June 8, 1977, 1125 U.N.T.S. 3.

12. Review Conference of the Rome Statute of the International Criminal Court. Kampala, Uganda, May 31-Jun. 11, 2010, U.N. Doc. R/Con./Res.6, Annex I.

13. Rome Statute of the International Criminal Court. July 17, 1998, 37 I.L.M. 1002.

14. UN General Assembly, ‘Definition of Aggression’. G.A. Res. 3314, U.N. GAOR, 29th Sess., U.N. Doc. A/RES/3314 (Dec. 14, 1974).

15. US Critical Infrastructure Protection Act of 2001. 42 U.S.C.S. §5195c(e) (2006).

Baltic Journal of Law & Politics

A Journal of Vytautas Magnus University

Journal Information


CiteScore 2017: 0.22

SCImago Journal Rank (SJR) 2017: 0.119
Source Normalized Impact per Paper (SNIP) 2017: 0.113

Target Group researchers and scholars in the fields of law and politics, with an acute interest in the cross-pollinations of disciplines, comparative approaches to regional issues, and active dialogue on pressing contemporary issues of theoretical and practical import.

Cited By

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 984 949 117
PDF Downloads 710 700 97