Creighton international and comparative law journal, Vol. 8, issue no.1, December 2016, p. 4-22
Cyber operations are an emerging and revolutionary area of State practice; the belligerents in a future armed conflict are unlikely to forsake its advantages. Cyber operations offer technologically advanced belligerents a means to bring about favorable outcomes short of costly, labor and resource intensive, conventional military operations. Moreover, during an armed conflict, cyber operations offer a valuable complement to broader on-going conventional operations, especially in making such operations more efficient and effective. Even so, with the complex, inter-connected and dual-use nature of the Internet in a technologically advanced country, it means that cyber attackers will have to spend increased time and resources in the planning and conduct of operations. Indeed, cyber practitioners must consider not only the direct effects of a proposed attack, but also the so-called “knock-on”—the second and third order— effects of an attack. A cyber practitioner must, therefore, conduct a sophisticated reconnaissance and analysis of a proposed target to ensure that the target is properly identified, and that injury to civilians and damage to civilian objects is minimized over a broad period. This leads to issues regarding the permissible range of cyber operations that may be conducted by civilian cyber practitioners. In other words, when does a civilian practitioner become a cyber-combatant and what kinds of things can that person do without violating international law?