Limits and challenges of cyber warfare

Does cyber warfare limits and rules? Are they protected against cyber attacks computers, networks and cyber infrastructure civilians? The answer is yes, according asserts an international group of jurists and military experts in Tallinn Manual, whose production document the ICRC has participated as an observer. This document explains that the Tallinn Manual, demonstrating the relevance of international humanitarian law in all armed conflicts, represents an important step towards reducing human suffering.

Why cyber warfare is of concern to the ICRC?

The term "cyber war" has been used by several people in reference to different situations. In the manual, "cyber warfare" means the means and methods of warfare employed in cyber operations that meet the threshold of armed conflict or are conducted in the context of an armed conflict within the meaning of international law humanitarian. For the ICRC, the wars of this kind are of concern because of the vulnerability of cyber networks and humanitarian cost which may entail. When computers or networks of a State are under attack, infiltration or a blockage, civilians may be deprived of basic services such as drinking water supply, healthcare and electricity. In case of shutdown of global positioning systems (GPS), there may be civilian casualties, for example, if flight operations of rescue helicopters providing vital services are interrupted. Dams, nuclear power plants and air traffic control systems are also vulnerable in the event of cyber attack, because of their dependence on computers. The degree of interconnection of networks is such that it can be difficult to limit the effects of an attack directed against part of the system without causing damage to other equipment or without disturbing the whole. Welfare, health and even countless lives of people could be affected. One of the tasks of the ICRC is to remember, to all parties to the conflict, to be taken at all times, the necessary precautionary measures to preserve the lives of civilians. The wars have rules and limits that are applicable to the use of both cyber weapons as rifles, artillery shells or missiles.

In manual recently published by a group of lawyers and military experts, known as the Tallinn Manual provides that IHL applies in case of cyber warfare and modalities of implementation of IHL rules in this area are described.

We are pleased to note that experts reflect on the consequences of cyber warfare and the law applicable in this case. The use of cyber operations in armed conflicts can have devastating humanitarian consequences. Trial ICRC is crucial to identify channels to limit the humanitarian cost of cyber operations and, in particular, to reaffirm the relevance of IHL when this new technology used in armed conflict. That is exactly what experts assert the Tallinn Manual. The means and methods of warfare evolve over time and is plain that not resemble those that existed when the Geneva Conventions were drafted in 1949; However, IHL is still applicable in all the activities that the parties conduct during armed conflict and must be respected. You cannot rule out, however, that it may be necessary to continue developing the right in order to provide sufficient protection to the civilian population, as they evolve the cybernetic technologies or better understand their humanitarian consequences. This issue should be settled by the states.

While the Tallinn Manual is a non-binding document, prepared by a group of experts, we hope to contribute usefully to encourage discussions among States on this complex issue. We also desire that both states and non-state armed groups ensure fulfillment with its international responsibilities to resort cyber operations in armed conflicts. The ICRC will continue to provide expert advice on IHL to address these challenges.

This does not mean that IHL is applicable in any cyber operation or all is often called "cyber attacks" in everyday language. IHL does not regulate cyber operations unrelated to a situation of armed conflict. Businesses and governments are so exposed to cyber espionage, cyber crimes and other malicious cyber activities as cyber attacks incumbent IHL. While similar technical means can be used to protect infrastructure cyber espionage or an attack, the right that governs these operations is different. Therefore, it is essential to determine the circumstances in which it can be considered a cyber operation is conducted during armed conflict or gives rise, in itself, an armed conflict; so that it fits implement IHL.

Role of the ICRC in this process:

The ICRC participated as an observer in the deliberations of the experts who wrote the Manual Tallinn, make it reflect, as far as possible, existing provisions of IHL and maintain the protection that this branch of law gives the victims of armed conflict. The 95 standards included in the manual reflect the issues that were the subject of consensus among experts. The ICRC generally consistent with the formulation of standards, with some exceptions: for example, contrary to the findings of the ICRC study on customary IHL, cultural goods are not included in the standard by which the ban retaliate recalls war against certain persons and certain goods that enjoy special protection. In the manual, helpful comments on standards are also presented, including discrepancies between experts. For example, one of the differences concerning the obligation of the parties to armed conflict to take all feasible precautions to protect the effects of cyber attacks on the population and civilian objects under their control; although in the comments of the manual states that the scope of this standard be limited to international armed conflicts, the ICRC considers that the obligation be applied in all types of armed conflict.

Main challenges of cyber war:

There is only one cyberspace, shared by civil and military users, in which everything is interconnected. The main challenges lie in ensuring that attacks are directed exclusively against military targets and constantly ensure the preservation of life of the population and civilian infrastructure. In addition, deaths among civilians and damage to civilian objects that can cause incidentally should not be excessive in relation to the concrete and direct military advantage anticipated achieved through a cyber attack. If you cannot meet these conditions, you should not attack. In this respect, the manual is a timely reminder that for collateral damage means the effects of both direct and indirect effects of an attack and should be taken into account all planned indirect effect when the proportionality assessment is carried out in phases planning and execution of an attack, an issue extremely relevant in cyberspace. These issues highlight the importance of States to take extreme caution when resorting to cyber attacks.