Advanced

Cyber Warfare and Jus in Bello - The Regulation of Cyber 'Attacks' under International Humanitarian Law

Bills, Amanda LU (2017) LAGF03 20171
Department of Law
Faculty of Law
Abstract (Swedish)
Syftet med denna uppsats är att undersöka i vilken utsträckning cyberkrigsföring regleras av den internationella humanitära rätten. Särskild vikt läggs vid hur begreppet ”attack” i Tilläggsprotokoll I till Genèvekonventionerna ska tolkas i förhållande till cyberoperationer (en. cyber operations) som sker inom ramen för internationella väpnade konflikter, och tillämpligheten av de materiella reglerna som begränsar krigförande parters handlanden. Uppsatsen syftar även till att undersöka de tänkbara konsekvenserna av en icke-kvalificering av cyberoperationer som attacker enligt Tilläggsprotokoll I.

Den rättsdogmatiska metoden tillämpas för att fastställa hur den internationella humanitära rätten bör tolkas och tillämpas ifråga om... (More)
Syftet med denna uppsats är att undersöka i vilken utsträckning cyberkrigsföring regleras av den internationella humanitära rätten. Särskild vikt läggs vid hur begreppet ”attack” i Tilläggsprotokoll I till Genèvekonventionerna ska tolkas i förhållande till cyberoperationer (en. cyber operations) som sker inom ramen för internationella väpnade konflikter, och tillämpligheten av de materiella reglerna som begränsar krigförande parters handlanden. Uppsatsen syftar även till att undersöka de tänkbara konsekvenserna av en icke-kvalificering av cyberoperationer som attacker enligt Tilläggsprotokoll I.

Den rättsdogmatiska metoden tillämpas för att fastställa hur den internationella humanitära rätten bör tolkas och tillämpas ifråga om cyberkrigsföring. I analysen förs en normativ diskussion med ett utvecklingsperspektiv för att utvärdera gällande rätt. Uppsatsens perspektiv är genomgående internationellt och betonar i och med detta det rättsliga regelverkets tillämpning och funktion i staters internationella relationer.

Uppsatsen fann att begreppet ”attack” ska tolkas inskränkande så att det endast omfattar cyberoperationer som resulterar i dödsfall eller skada på person, alternativt skada på eller förstörelse av egendom. Det är därmed endast vissa typer av cyberoperationer som omfattas av de materiella reglerna som skyddar civila och deras egendom. Detta synsätt tillåter att ett bredare spektrum av cyberoperationer får riktas mot civila (en. the permissive approach). Storskaliga men icke-fysiska cyberoperationer får därmed avsiktligen – och lagligen – riktas mot civila och deras egendom. Civila riskerar därför att i allt högre utsträckning påverkas av väpnade konflikter, en effekt som förstärks i takt med att det moderna informationssamhället expanderar och blir allt mer beroende av cyberteknologier för infrastrukturer som exempelvis olja och gas, energiförsörjning, transportnätverk, energiförsörjning, vattenreningsverk och krishanteringssystem. I slutsatsen diskuteras dessa aspekter som ett argument för en framtida omtolkning av den gällande internationella humanitära rätten. (Less)
Abstract
The aim of this paper is to examine how cyber operations that are undertaken in the context of international armed conflicts are regulated in international humanitarian law. It will focus on the qualification of cyber operations as ‘attacks’ and the applicability of the substantive rules that restrict the conduct of hostilities under the Additional Protocol I to the Geneva Conventions. In particular, this paper aims to examine to what extent cyber operations that do not amount to attacks are regulated by the rules of the Additional Protocol I, as well as the practical implications of their non-qualification as attacks.

The legal dogmatic method is applied to determine how the legal framework of international humanitarian law applies to... (More)
The aim of this paper is to examine how cyber operations that are undertaken in the context of international armed conflicts are regulated in international humanitarian law. It will focus on the qualification of cyber operations as ‘attacks’ and the applicability of the substantive rules that restrict the conduct of hostilities under the Additional Protocol I to the Geneva Conventions. In particular, this paper aims to examine to what extent cyber operations that do not amount to attacks are regulated by the rules of the Additional Protocol I, as well as the practical implications of their non-qualification as attacks.

The legal dogmatic method is applied to determine how the legal framework of international humanitarian law applies to cyber warfare. In its analysis, the paper will engage in a normative discussion to evaluate the legal framework from a developmental perspective. An international perspective is applied throughout to emphasise how the relevant rules function in the international relations of states.

This essay found that while international humanitarian law applies to cyber warfare, the concept of an attack should be narrowly interpreted to refer only to cyber operations that result in either death or injury to persons, or damage or destruction to objects. The implications of this consequence-based understanding of the notion of an attack is that most of the substantive provisions protecting civilians and their objects under the Additional Protocol I are not applicable to cyber operations.

The permissive approach, one that allows for a wider range of cyber operations to be directed against civilians, was found to be the most consistent with de lege lata. Large-scale but non-physical cyber operations may therefore intentionally – and lawfully – be directed against civilians, and may lead to an expansion of war’s impact on civilians. These effects are likely to amplify as modern societies become increasingly reliant on cyber technologies for essential infrastructure such as oil and gas, transportation networks, electricity generating systems, water treatment facilities and emergency response services. The negative reality of the permissive approach represents a strong argument for the reinterpretation of the current legal framework in order to adapt to the special characteristics of cyber warfare. (Less)
Please use this url to cite or link to this publication:
@misc{8907825,
  abstract     = {The aim of this paper is to examine how cyber operations that are undertaken in the context of international armed conflicts are regulated in international humanitarian law. It will focus on the qualification of cyber operations as ‘attacks’ and the applicability of the substantive rules that restrict the conduct of hostilities under the Additional Protocol I to the Geneva Conventions. In particular, this paper aims to examine to what extent cyber operations that do not amount to attacks are regulated by the rules of the Additional Protocol I, as well as the practical implications of their non-qualification as attacks.

The legal dogmatic method is applied to determine how the legal framework of international humanitarian law applies to cyber warfare. In its analysis, the paper will engage in a normative discussion to evaluate the legal framework from a developmental perspective. An international perspective is applied throughout to emphasise how the relevant rules function in the international relations of states.

This essay found that while international humanitarian law applies to cyber warfare, the concept of an attack should be narrowly interpreted to refer only to cyber operations that result in either death or injury to persons, or damage or destruction to objects. The implications of this consequence-based understanding of the notion of an attack is that most of the substantive provisions protecting civilians and their objects under the Additional Protocol I are not applicable to cyber operations.

The permissive approach, one that allows for a wider range of cyber operations to be directed against civilians, was found to be the most consistent with de lege lata. Large-scale but non-physical cyber operations may therefore intentionally – and lawfully – be directed against civilians, and may lead to an expansion of war’s impact on civilians. These effects are likely to amplify as modern societies become increasingly reliant on cyber technologies for essential infrastructure such as oil and gas, transportation networks, electricity generating systems, water treatment facilities and emergency response services. The negative reality of the permissive approach represents a strong argument for the reinterpretation of the current legal framework in order to adapt to the special characteristics of cyber warfare.},
  author       = {Bills, Amanda},
  keyword      = {international humanitarian law,folkrätt,public international law,internationell humanitär rätt,jus in bello,conduct of hostilities,krigsföring,protection of civilians,skydd av civila,cyber,cyber warfare,cyberkrigsföring,cyber attacks,cyberattacker,cyber operations,cyberoperationer,Geneva Conventions,Genèvekonventionerna,Additional Protocol,Tilläggsprotokollen,Tallinn Manual},
  language     = {eng},
  note         = {Student Paper},
  title        = {Cyber Warfare and Jus in Bello - The Regulation of Cyber 'Attacks' under International Humanitarian Law},
  year         = {2017},
}