Cyberwarfare in Context of International Humanitarian Law

Cyberwarfare in Context of International Humanitarian Law

Author: Nandini Tripathy, Symbiosis Law School, Hyderabad


Technology has dominated warfare since the early 1900s. Throughout history, societies have put their best minds to work creating new ways to fight each other. New Scientist looks at the major milestones in the development of tools of war. Cyber warfare is a new a phenomenon and scenario under International Humanitarian law. Cyberspace has opened up a potentially new warfighting domain, a man-made theatre of war additional to the natural theatres of land, air, sea and outer space and is interlinked with all of them. It is a virtual space that provides worldwide interconnectivity regardless of borders.

This paper was basically portrayed the impact of cyber warfare on international humanitarian law and assessed among other things the notion of cyber warfare, conduct of hostilities, legal framework, monitoring mechanisms of cyber warfare as well as current challenges.

Moreover, critical legal analysis is used as principal methodology for the furtherance of this project and in addition, experts on the field are interviewed as well as relevant literatures are consulted. The researcher also uses primary and secondary sources needless to mention, international treaties, customary international law, General principles of IHL and Case laws related with the subject at hand also investigated.

Major findings of the research revealed that there is plethora of issues to be underlined save as absence of binding treaty governing the challenging scenarios. Needless to mention, there should be comprehensive international treaty in a well-organized manner to govern cyber warfare. Plus, to that there should be serious humanitarian concern in respect of cyber warfare relates mainly to the potential impact on the civilian population because cyber operations could seriously affect civilian infrastructure and the notion of direct participation in hostilities should be on pragmatic way (case by case) that is if hackers take a direct part in hostilities by way of a cyber-attack in support of one side in an armed conflict. In such a situation, the hackers will be legitimately targeted. Recommendations are made by suggesting points of improvement until the international community have agreed on this cross-cutting contemporary issue.


To begin with, the concept of cyber warfare is a new phenomenon under International Humanitarian law (here in after ―IHL‖) since the era of science and technology, the means andmethods of warfare becomes more sophisticated and very much complex one interalia, the issue of cyber warfare is one of the current debatable issue as far as IHL is concerned.

The information revolution has fundamentally changed the way that wars are fought in the 21stC, from actors ‘point of view, the strategies that parties adopted as well as the spread of technology in to all aspects of warfare is pervasive. By similar fashion, technology now controls our daily lives to an unprecedented level from electricity generation, water supplies, communications and almost every aspect of our globalized world, making it increasingly vulnerable to computer attacks and other cyber operations during armed conflicts.[1]

On top of that, cyber warfare is Internet- based attack involving politically motivated missions on information and information systems. cyber warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data and cripple financial systems…among many other possibilities.

Cyber operations began to draw the attention of the international legal community in the late 1990s. Most significantly, in 1999 the United States Naval War College convened the first major legal conference on the subject.

In the aftermath of the attacks of11th of September 2001, terrorism and the ensuing armed conflicts diverted the attention of the world community from the topic until the massive cyber operations by activists ‘against Estonia in 2007 and against Georgia during its war with the Russian Federation in 2008, as well as cyber incidents like the targeting of the Iranian nuclear facilities with the Stuxnet worm in 2010.

The others being international terrorism, international military crises between States, and a major accident or natural hazard. Then after the United Kingdom issued The U.K. Cyber Security Strategy: Protecting and Promoting the U.K. in a Digitized World.

 The United States ‘2010National Security Strategy likewise cited cyber threats as ―one of the most serious national security, public safety, and economic challenge we face as a nation‖[2] and in 2011 the U.S. Department of Defense issued its Strategy for Operating in Cyberspace, which designates cyberspace as an operational domain.  In response to the threat, the United States has now established U.S. Cyber Command to conduct cyber operations.

During the same period, Canada launched Its cyber security strategy,and Russia published its cyber concept for the armed forces inConceptualViews Regarding the Activities of the Armed Forces of the Russian Federation in Information Space.

 By the same vein, NATO acknowledged the new threat in its 2010Strategic Concept, wherein it committed itself to ―develop further our ability to prevent, detect, defend against and recover from cyber-attacks, including by using the NATO planning process to enhance and coordinate national cyber-defence capabilities, bringing all NATO bodies under centralized cyber protection, and better integrating NATO cyberawareness, warning and response with member nations.

 Needless to mention, one of the challenges States face in the cyber environment is that the scope and manner of international law ‘s applicability to cyber operations, whether in offence or defence, has remained unsettled since their advent.

After all, at the time the current international legal norms (whether customary or treaty-based) emerged, cyber technology was not on the horizon. Consequently, there is a risk that cyber practice may quickly outdistance agreed understandings as to its governing legal regime.

 The threshold questions are whether the existing law applies to cyber issues at all, and, ifso, how? Views on the subject range from a full application of the law of armed conflict as inferred from the International Court of Justice ‘spronouncement that it applies to ―any use of force, regardless of the weapons employed to strict application of the Permanent Court of International Justice‘s pronouncement that acts not forbidden in international law are generally permitted.Of course, the fact that States lack definitive guidance on the subject does not relieve them of their obligation to comply with applicable international law in their cyber operations.

Finally, the researcher believes that the international community should attentively follow the impact of cyber warfare on IHL, and tried to delve in to various cross-cutting issues.

Problem of the Study

To begin with, almost all IHL treaties are known by their bad connotation called ―One war behind realitythus, due to that reason there were plenty of sufferings and superfluous injuries occurred in history of mankind. In other words, in the past 150 years all most all IHL treaties were not stipulated in advance before those historically known wars had brought the unforgettable and immeasurable sufferings. Albeit; treaties were so far enacted after the drama of a certain warfare. For instance, the 1929 Convention on the treatment of prisoners of war was the result of The incident of First world war (WWI).Surprisingly even the Four Geneva Conventions of 1949 were enacted after the scourges of Second World War (WWII).[3]

On top of that, now a day there is no binding legal framework under international law to govern and deal with cyber warfare. The only authoritative document that may question the above assertion if to be cited is Protocols Additional to The Geneva Conventions relating to the Protection of Victims of International Armed Conflicts(Protocol I) here in after ―AP I” have even in this document, one can find only one provision which is phrased with terms of vagueness and more general articulations as it is stated:In the study, development ,acquisition or adoption of a new weapon, means  and methods of war fare, a High Contracting party is under an obligation to determine whether its employment would, in some or all circumstances, be prohibited by this protocol or by any other rule of international law applicable to the High Contracting party.

The Nexus Between Cyber warfare And International Humanitarian Law (IHL)

To begin with, the nexus between international humanitarian law and cyber warfare now a day is interwoven and interconnected. As we know, International Humanitarian Law (IHL) deals the rules that militaries must follow when participating in a war. These laws of war describe what actions may or may not be taken against non-combatants, soldiers, and unlawful combatants. 

A key point of IHL is that civilians and non-combatants may not be killed or treated inhumanely during times of war. The International Humanitarian law has banned the use of many weapons, which includes exploding bullets, chemical and biological weapons, blinding laser weapons and anti-personnel mines. 

The International Criminal Court (ICC), with the objective of repressing inter alia war crimes, was created by the 1998 Rome Statute to try cases relating to IHL. The ongoing 21st century is the Era where several new military warfare concepts have emerged. The concept of Cyber warfare is one of them. Where computer networks are used for cyber-attacks instead of conventional weapons; and satellites are used for providing images far more detailed than human spies and reconnaissance units have ever offered.

However, as Cyber technology is the new phenomena in the 21st century, IHL faces the new challenge of addressing ethical standards for war in cyber space. Though the obvious wars on land, sea, and air may be claimed as issues covered by the existing rules and customs of warfare, cyberspace is undefined. While cyberspace itself is non-physical, it is a critical infrastructure that can greatly affect the physical world. Logic bombs and computer viruses can disrupt everything from electric grids and the stock market to nuclear power plants and water treatment facilities. 

Besides, as far as the nexus between IHL and Cyber warfare is concerned, it is worthy to reiterate the central themes of humanitarian laws; Interalia.Jus in bello, conjointly called the law of war,the law of armed conflict (LoAC) or international humanitarian law (IHL)[4] is the section of law of nations handling the protection of persons who are not any longer collaborating within the hostilities which restricts the means and strategies of warfare. It includes written agreement law and customary law, because the latter has been crystallized throughout history. Treaty law consists primarily of two sets of IHL legal package: that is Hague Conventions and

Geneva Conventions. The first one, Hague Conventions deals with sensible military aspects of the conduct of hostilities, consisting of city rules of 1899 and 1907, plus numerous other conventions and agreements prohibiting the employment of sure weapons and military tactics.

The second one, Geneva Conventions concentrates on the protection of civilians, prisoners of war, wounded and sick toward land and sea, comprising of the four 1949 Geneva Conventions.Further Protocol III was added in 2005 regarding the Adoption of a further Distinctive Emblem.

International law is a body of rules and regulations governing the relation between various states and International Humanitarian law is just a part of it, which applies to armed conflict. 

It covers two areas:

  • The protection of those who are not a part or not a party to conflict.
  • Restrictions on the means of warfare – in particular weapons and the methods of warfare, like military tactics.

However, it also regulates, through its general rules, the legitimacy of all means and strategies of warfare, as well as the employment of all weapons. specifically, Article 36 of I protocol to the Geneva Conventions provides that, ―in the study, development, acquisition or adoption of a brand-new weapon, means that or methodology of warfare, a High contracting Party is below associate obligation to see whether or not its employment would, in some or all circumstances, be prohibited by this Protocol or by the other rule of jurisprudence applicable to the High Contracting Party.

On the far side the precise obligation it imposes on States parties, this rule shows that general IHL rules apply to new technology. 

Unless IHL addresses specific guidelines for warring nations to follow in cyberspace, civilians and non-combatants could be seriously endangered in the event of cyber-war.  However, there are still arguments ‘inclining to the position that IHL provisions do not specifically mention cyber operations. Because of this, and because the exploitation of cyber technology is relatively new and sometimes appears to introduce a complete qualitative change in the means and methods of warfare, it has occasionally been argued that IHL is ill adapted to the cyber realm and cannot be applied to cyber warfare.  But one has to note that, the absence in IHL of specific references to cyber operations does not mean that such operations are not subject to the rules of IHL. New technologies of all kinds are being developed all the time and IHL is sufficiently broad to accommodate these developments.

International Armed Conflicts

Pursuant to common Article 2 to the four Geneva Conventions of 1949, an international armed conflict is any ‗declared war or any other armed conflict which may arise between two or more States even if the state of war is not recognized by one of them and “Armed conflicts in which peoples are fighting against colonial domination and alien occupation and against racist regimes in the exercise of their right of self-determination”

Besides there is no comprehensive treaty definition of international armed  conflicts. It is by now accepted that, in the words of the International Criminal Tribunal for the former Yugoslavia (ICTY), an international armed conflict arises ‗whenever there is a resort to armed force between States‘.[5]The application of IHL depends on the factual Situation and not on the recognition of a state of armed conflict by the parties thereto. The specific question that arises in cyber warfare is whether an international armed conflict can be triggered by a computer network attack in the absence of any other (kinetic) use of force. 

 The answer depends on whether a cyber-attack is 

  • Attributable to the state and 
  • Amounts to a resort to armed force – a term that is not defined under IHL.

Non-international armed conflicts

Surprisingly, when it comes to non-international armed conflicts in the cyber arena, the main difficulty is whether the act is a ordinary criminal behavior or armed conflict that tantamount to use of force. It is not rare to hear or read about the actions of hacker or other groups, including. groups such as Anonymous or Wikileaks, being referred to as ‗war‘.Of course, such statements do not necessarily allude to armed conflict, or more precisely Non international armed conflict, in a legal sense. 

Nevertheless, it is worth clarifying the parameters for qualifying a situation as a non-international armed conflict. In the absence of a treaty definition, state practice and doctrine has led to a definition of non- international armed conflicts that the ICTY has summed up as follows: a non-international armed conflict exists ‗whenever there is protracted armed violence between governmental Authorities and organized armed groups or between such groups within a State.[6]The ‗protracted‘ requirement has with time been subsumed under a requirement that the violence must reach a certain intensity.

 Thus, two criteria determine the existence of a non-international armed conflict: the armed confrontation must reach a minimum level of intensity and the parties involved in the conflict must show a minimum of organization.

 However, when we come back to cyber arena the scenario thereto is very worse since With respect to hacker or other similar groups, the question that arises is whether groups that are organized entirely online can constitute armed groups within the meaning of IHL.

 According to; Michael Schmitt: The members of virtual organizations may never meet nor even know each other‘s actual identity. Nevertheless, such groups can act in a coordinated manner against the government (or an organized armed group), take orders from a virtual leadership, and be highly organized. For example, one element of the group might be tasked to identify vulnerabilities in target systems, a second might develop malware to exploit those vulnerabilities, a third might conduct the operations and a fourth might maintain cyber defenses against counterattacks.[7]

As to anonymous actors the researcher believes that in case of any type armed conflict should be liable through surveillance if they have taken part in hostilities. In a nut shell, the researcher argues IHL will apply to cyber operations that are conducted within the framework of an ongoing international or non-international armed conflict in addition to kinetic operations. 

 In the absence of kinetic operations, ‗pure‘cyber warfare is not excluded in theory, but it remains to be seen whether there will be many examples in practice in the near future.[8]In particular, it remains unclear in what direction state practice will tend. Given the reluctance of states to admit situations of armed conflict, in particular non- international armed conflict, the tendency could be to avoid a discourse of armed conflict. 

This is not only due to the likely anonymity of many computer network attacks and the practical problems of attribution, but also to the fact that most of the situations might not amount to extreme cases of physical destruction caused by computer network attacks but rather to low-level, bloodless manipulation of infrastructure. States might choose to deal with such situations as matters of law enforcement and criminal law, and not see them as being governed by the legal framework applicable to armed conflict.

UN Charter and Cyber Warfare in a Nut shell

As far as the relationship between UN charter and Cyber warfare is concerned, it is worthy to reiterate the provisions of UN charter as the Modern legal regulation of force and conflict begins with the UN Charter, and specifically which mandates that ―all Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.

 By virtue of UN Charter which provides that ―nothing in the present Charter shall impair the inherent right of individual or collective self-defense if an armed attack occurs against a Member of the United Nations.‖[9]Although significant debate exists about the scope of self-defensive rights to resort to military force, it is generally agreed that the use of military force authorized under Article 51 is not prohibited under Article 2(4).

With respect to offensive cyber-capabilities and the UN Charter, then, these provisions raise several major questions: In terms of Article 2(4), does a cyber-attack constitute a prohibited ―use of force‖? If so, would a cyber-attack give rise to a right to use military force in self-defensive response pursuant to the rights reserved in Article 51?

On the other hand, an alternative view of Article 2(4) looks not at the instrument used but its purpose and general effect: that it prohibits coercion. Kinetic military force is but one instrument of coercion, and often the easiest to observe. At various times some States—usually those of the developing world or, during the Cold War, the ―Third World‖—have pushed the notion that ―force‖ includes other forms of pressure, such as political and economic coercion that threatens State autonomy.

During the Charter‘s early years, debates similar to that over Article 2(4)‘s definition of ―force‖ also played out in the UN General Assembly over how to define prohibited ―aggression.‖ The United States and its Western allies pushed a narrow definition of ―aggression,‖ focused on military attacks, while developing States advocated an expansive definition to include other forms of coercion or economic pressure. A problem with the latter approach has always been the difficulty of drawing lines between unlawful coercion and lawful pressure, since coercion in a general sense is ever-present in international affairs and a part of everyday inter-State relations.


First and foremost, there should be comprehensive and well organized International legal machinery by enacting separate treaty document to govern cyber warfare.

 Secondly, from jus in bello point of view since the law of war is based in large part on the provisions of the Geneva Conventions and their customary counterparts so that Some of the fundamental principles underlying law of war are the principle of military necessity (military operations must be intended to assist in the military defeat of the enemy and must serve the intended military purpose) the principle of distinction (military operations may be conducted only againstmilitary objectives‘ and not against civilian targets), and the principle of proportionality (the expected incidental loss of civilian life, injury to civilians or damage to civilian objects must not be disproportionate to the anticipated military advantage).Thus, the researcher recommends that fore one-thing, cyber warfare should be conducted to serve military necessity principle fore another thing, Even if one cyber dominion, combatants  in cyber warfare should spare civilians‘ and their objects. And with regard to objects having dual purpose that is military as well as civil use effective assessment should be made in light with principle of proportionality.

 Thirdly, from human rights point of view, when human rights are violated during armed conflicts then international humanitarian law applies conjointly. For instance, during cyber warfare, Two of the rights enumerated in the International Covenant on Civil and Political Rights (ICCPR) And oneright in International covenant on Economic, Social and cultural Rights (ICESCR) may be relevant to the cyber domain. To begin with, Article 17 ICCPR (protecting privacy and reputation) might be relevant to cyber operations intended to harm the reputation of an individual like falsifying computer-based records about transactions or to discover private information about an individual and Article 19 ICCPR (protecting rights to seek information) might be relevant to cyber-attacks intended to prevent individuals from obtaining service from the Internet or other media. Moreover, Article 15 ICESCR the right to benefit from scientific, literary or artistic production including copyrights and patents. Therefore, the author believes that such human rights coupled with other plethora rights should be protected when cyber warfare is conducted.

Fourthly, As to should hackers a legitimate target in cyber warfare? Most hackers would be civilians who remain protected by IHL against direct attack – although they would remain subject to law enforcement and possible criminal prosecution depending on whether their activities violated other bodies of law. The researcher recommends the notion of direct participation in hostilities should be on pragmatic way (case by case) that is if hackers take a direct part in hostilities by way of a cyber-attack in support of one side in an armed conflict. In such a situation, the hackers will be legitimately targeted.

Fifthly, from humanitarian point of view, there should be serious humanitarian concern in respect of cyber warfare relates mainly to the potential impact on the civilian population, in particular because cyber operations could seriously affect civilian infrastructure.

Finally, from monitoring organ point of view, there are no centralized monitoring mechanisms to govern cyber warfare so far only NATO, Council of Europe, Organization of American states and Shanghai Cooperation Organization follow up their respective regions and members. There should be United Nation Special body for Cyber Affairs to come up with centralized monitoring organ.

[3] The financial cost of World War II is estimated at about a $1.944 trillion U.S. dollars worldwide,making it the most costly war in capital as well as lives.see generally visited 1205-2014

[4] Glance at, The Law of Armed Conflict: Constraints on the Contemporary Use of Military Force By Howard M. Hensel; The Law of Armed Conflict: International Humanitarian Law in War By Gary D. Solis; International law and armed conflict: exploring the fault lines: By Michael N. Schmitt, JelenaPejic, YoramDinsṭein.; The conduct of hostilities under the law of international armed conflict By YoramDinstein; The contemporary law of armed conflict By Leslie Green; The law of war By Ingrid Detter

[5] International Criminal Tribunal for the Former Yugoslavia (ICTY), Prosecutor v. Tadic, Case No. IT-94-1-A,  Appeals Chamber Decision on the Defence Motion for Interlocutory Appeal on Jurisdi

[7] M. N. Schmitt pp 256

[8] Supra note 15,pp552

[9] Ibid, Arts 51


One thought on “Cyberwarfare in Context of International Humanitarian Law

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: