Blogging on Issues of International and European Security

Cyber-warfare: Are we Ready?

Tech Week Europe

Source: Tech Week Europe

by Nina Levarska

According to the Economist magazine, “(n)o country has yet gone to war in cyberspace…Yet the vulnerabilities of modern society are multiplying, hugely expanding the ‘threat surface’—the scope for malefactors to steal secrets, do damage, distort decision-making or disrupt daily life.”[1] There is no doubt that deploying cyber-attacks in such an environment is tempting and recent attacks in South Korea and in Israel prove their relative feasibility. Nevertheless, the issue here is not to what extent these attacks are feasible, instead, the questions asked should be related to their ethicality and the capability of the international society to deal with cyber-warfare. In the latter case, the major problem lies in inefficiency or non-existence of legal tools governing cyberspace, which leads to fundamental disagreements on how cyber-warfare should be viewed.

Fritz Allhoff, associate professor of Philosophy at the Western Michigan University studies the ethical issues connected to cyber-warfare. Allhoff has pointed out that a significant part of his research ‘is trying to figure out how to understand traditional concepts in just-war theory and how they map onto the debate in cyber-warfare.’[2] The just war theory is both a legal and an ethical concept thus in this sphere, philosophy and law are very closely intertwined. Allhoff gives an example of attack directed against civilian computer networks.[3] Such conduct indisputably breaches the principle of discrimination (i.e. civilian immunity), which is also a cardinal principle of international humanitarian law. Problems can also arise in relation to response to such attacks as the principles of necessity and proportionality of the military response might be difficult to follow.[4] In Allhoff’s words: ‘…what if the enemy shuts down your banking system? Can you fire at its capital city? These sorts of questions haven’t yet been worked through.”[5] Interestingly, after the cyber attacks in Estonia in 2007, Aaviksoo, the former Estonian minister of defense was weighing up the possibility of  invoking Article 5 of the North Atlantic Treaty Organization according to which, attacking one allied country triggers the obligation of the alliance to respond by attacking the aggressor.[6]

There is no doubt that there is a number of discrepancies between the nature of cyber attacks and international law. For instance, one of the problems is that cyber attacks are non-lethal, while the principles of international humanitarian law rely on the fact that the attacks are physically destructive.[7] Moreover, it was held in the Nicaragua case that “(b)etween independent States, respect for territorial sovereignty is an essential foundation of international relations.”[8] Nevertheless, there is a disagreement on whether cyber attacks violate the principle of sovereignty because it is unclear if such a breach requires physical violation of the territory.[9]

Another legal ambiguity arises in relation to the prohibition of use of force laid down in the article 2(4) of the Charter of the United Nations[10]. Can a cyber attack be considered to be breaching this norm? The International Group of Experts created a list of factors (such as severity, immediacy, directness), which would help to define a particular attack as use of force.[11] In order for a cyber attack to qualify as use of force, a number of these factors has to be present. Severity is the only exception, which can alone determine the nature of attack. The attack reaches the severity threshold and therefore, constitutes the violation of the article 2(4) of the Charter of the United Nations, if the injury caused is greater than minimal.[12]

It is questionable where the disharmony between cyber-warfare and the international law leads us. According to many arguments, the current framework of international law is too obsolete, unable to regulate cyber warfare and in need of amendment. Moreover, according to O’Connell, “(s)ome prefer to dismiss international law from the discussion altogether. Others do not exclude international law, but interpret it any way that it is in effect excluded.”[13]Since ambiguity of international law often allows for flexible interpretation, a fundamental change of the current framework of law might not be necessary as the existing law can be applied to information warfare by analogy.[14] Not to mention that according to the trend called Moore’s law, computing technology has become twice more powerful and has twice extended its capacity approximately every eighteen months since its creation.[15] Therefore, any attempt to create new law regulating cyber warfare could become obsolete before it passes the legislative process.

Finally, in the beginning of this post, I mentioned that the question of whether cyber attacks are feasible is less relevant than the question of their relation to law and ethics. This is because cyber-warfare is often demonized without failing to observe its non-lethal potential. For example, it seems to be only logical to assume that cyber weapon could be used for the purposes for which “effect-based targeting” is deployed. “Effect-based targeting” aims towards shortening conflict through targeting strategically important places such as industrial sites, which is believed could shut down the enemy’s regime. However, it is a common sense to expect civilians to be present in such locations. Deploying cyber weapon instead of conventional weapons under such circumstances would save lives, which leads to the conclusion that cyber-warfare is not more “evil” than traditional warfare. It is feared because its nature is more mysterious and unpredictable. Although there is no doubt that it will be difficult to overcome this uncertainty, thus far it seems that the best solution requires a very flexible and creative legal interpretation.

[1] Cyber-warfere:“Is the Risk of Cyberwarfare overrated?” The Economist, (accessed on 28 October 2013).

[2] Yvonne Zipp, “Western Michigan University philosophy professor  awarded $500,000 grant to study cyberwarare ethics”, Mlive, 22 October 2013, (accessed on 28 October 2013).

[3] Ibid.

[4] Mary Allen O’Connell, “Cyber Security without Cyber War” Journal of Conflict&Security Law 17(2013): 187-209.

[5] Zipp, “Western Michigan University”.

[6]Scott J. Shackelford, “From Nuclear War to Net War: Analogizing Cyber Attacks in International Law.” Berkeley Journal of International Law 27 (2009): 192-251.

[7] Michael N. Schmitt, “The Law of Cyber Warfare: Quo Vadis?” Stanford Law and Policy Review 27 (2014): 16.

[8] Case Concerning Military and Paramilitary Activities In and Against Nicaragua (Nicaragua v. United States of America); Merits, International Court of Justice (ICJ), 27 June 1986, available at:

[9] Schmitt, “The Law of Cyber Warfare”, 6.

[10] United Nations, Charter of the United Nations, 24 October 1945, 1 UNTS XVI, available at:

[11] Schmitt, “The Law of Cyber Warfare”, 10.

[12] Ibid.

[13] O’Connell, “Cyber Security without Cyber War”.


[15] Brendan Gogarty, Meredith C. Hagger, “The Laws of Man Over Vehicles Unmanned: The Legal Response to Robotic Revolution on Sea, Land and Air” Journal of Law, Information and Science 19(2008):137.

One comment on “Cyber-warfare: Are we Ready?

  1. Pingback: Digital Borders: International Cyber Warfare and its Implications on Europe |

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



Enter your email address to follow this blog and receive notifications of new posts by email.

Join 175 other followers


%d bloggers like this: