The legal regulation of cyber attacks in times of armed conflict
Host item entries:
Collegium, No. 41, Automne 2011, p. 47-53
The law of armed conflict is flexible enough to accommodate new technological developments. The various rules and prohibitions arising, for example, out of the principle of distinction do not depend on the type of weapon or the specific method used. There should thus be no doubt that fundamental humanitarian rules and principles apply to cyber operations. However, it must be noted that the military potential of cyberspace, as well as corresponding State practice, is only starting to emerge. It remains to be seen above which threshold States will consider ‘cyber-attacks’ as triggering an armed conflict. For the time being it is difficult to assess how realistic or likely the theoretical worst-case scenarios that are contemplated in the literature, e.g., the manipulation of a nuclear power plant via cyberspace, really are. More significantly, the discussion as to which kind of military cyber operations would qualify as an ‘attack’ in the humanitarian legal sense is a controversial one, but one of crucial importance. Operations with less tangible consequences, such as the temporary disruption of certain networks and online services. If such denial-of-service attacks would not amount to an ‘attack’ in the legal sense, they could be carried out indiscriminately and could arguably also be directed against civilian installations.