Abstract
The internet has made it possible to do damage at a distance by the use of networked computers. A deliberate act doing such damage may be referred to as a cyberattack. My concern in this essay is the ethics or morality of cyberattack as a part of war. The morality of war or military attacks in general is judged in terms of just war theory, which examines war in its two aspects, the morality of going to war (jus ad bellum) and the morality of conduct in war (jus in bello). I examine the morality of cyberattacks in each of these areas. My conclusion is that, while the use of cyberattacks is a novel form of conflict in many ways, its ethical dimensions can for the most part be understood in terms of the traditional categories of just war theory. There remains, however, an important aspect of cyberattack that may carry us beyond the limits of traditional just war thinking about war.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
I do not have much to say in this paper about the use of cyberattacks by non-state agents, because, as I claim later, the likelihood that such attacks could rise to the level of acts of war is not significant.
- 2.
As a point of comparison, note that some would, for a very different reason, deny that there could be a nuclear war, understood as a major war consisting largely or exclusively of nuclear attacks. They would argue that “nuclear war” is a misnomer on the grounds that it must be possible for a war to have winner in the traditional sense, which a large-scale nuclear conflict would not have. There could not be a “nuclear war” because nuclear attacks are too destructive, while there could not be a “cyberwar” because cyberattacks are insufficiently destructive.
- 3.
For more general purposes, revisions would have to be made in such a definition to account for civil war in its various forms. Later I will address the role of non-state agents in cyberconflict.
- 4.
When a series of cyberattacks were aimed at Estonia in 2008, NATO refused Estonia’s request to invoke the collective self-defense provision of the NATO treaty on the ground that its sovereignty had been violated, stating that “a cyber attack is not a military action” (Lucas MS, p. 9).
- 5.
Schmitt, “Wired Warfare,” p. 367. The distinction between active and passive intrusions may be represented by the contrast between the Stuxnet worm (June 2010), which sought to damage nuclear centrifuges in Iran and the Flame virus (May 2012), apparently meant simply to collect information.
- 6.
Given the potential severity of economic sanctions, as the Iraq sanctions indicate, the way might be open to challenge this categorization by positing that economic sanctions can also sometimes be acts of war.
- 7.
- 8.
I use the term “cyber technology,” henceforth, to refer to the use of such technology for military purposes.
- 9.
For a discussion of this sort of cyberattack, see (Bayles 2001, p. 50).
- 10.
As a terminological point, it should be noted that any cyberattack in the context of a conventional war could be referred to as an act of war. The claim in this paper that only cyberattacks causing sufficient physical damage would be acts of war refers to stand-alone cyberattacks, cyberattacks outside the context of a general war. This latter includes cyberattacks that initiate a war, a war which might then either continue as a cyberwar or become a conventional war, for example, if there was a conventional retaliation to the initial cyberattack.
- 11.
This view is expressed, for example, in (Schmitt 1998–1999, p. 897).
- 12.
This view was confirmed by a news article documenting how Stuxnet was a project of the United States and Israel (Sanger 2012).
- 13.
For an argument against an understanding of the rules of war that would allow such a permissive view of the liability of dual-use infrastructure to attack, see (Shue and Wippman 2002).
- 14.
Of course, I must note that the judgments made in this section, as with other of the judgments in this essay, are at least partly speculative, given that the future development of the technology and the way it turns out to be applied in the real world of war cannot be accurately predicted.
- 15.
Joseph Nye notes that a strategic cyberattack could send the economy back to 1990, while a strategic nuclear attack could sent the economy back to the Stone Age (Nye 2011, p. 22).
- 16.
This discussion largely concerns adversarial relations between “near-peer” states, those roughly equal in military capability. Different factors may arise in the relations between adversaries in an asymmetrical power relationship.
- 17.
Another factor in the need for a delay before the retaliatory response is that it may take time for the victim of a cyberattack to figure out how much damage was done, which it needs to know before it can decide how great the retaliation should be (or even whether it should occur at all) (National Research Council 2009, p. 310).
References
Arquilla, John. 1999. Ethics and information in warfare. In The changing role of information in warfare, ed. Z. Khalilzad et al. 379–401. Santa Monica: Rand Corporation.
Bayles, William. 2001. The ethics of computer network attack. Parameters 31:44–58.
Clarke, Richard, and Robert Knake. 2010. Cyber war: The next threat to national security and what to do about it. New York: Harper Collins.
Dilpert, Randall. 2010. The ethics of cyberwarfare. The Journal of Military Ethics 9:384–410.
Hirschland, Matthew. 2001. Information warfare and the new challenges to waging just war presented at conference of the American Political Science Association, Denver, CO..
Lucas, George R. 2011. Permissible preventive cyber warfare, Proceedings of the Air Force Research Institute on the Future of Cyber Power, ed. Pano Yanakageorgos, et.al.
Lucas, George R. 2010. Postmodern war. Journal of Military Ethics 9:289–298.
National Research Council. 2009. Technology, policy, law, and ethics regarding U.S. acquisition and u se of cyberattack capabilities. Washington, D.C.: National Academies Press.
Nye, Joseph. 2011. Nuclear lessons for cybers. Strategic Studies Quarterly 5 (4):18–38.
Powell, Michael. 1998. The deaths he cannot sanction; Ex-U.N. Worker details harm to Iraqi children. Washington Post, 17 December.
Rid, Thomas. 2011. Cyber war will not take place. Journal of Strategic Studies 35:5–32.
Rowe, Neil. 2010. The ethics of cyberweapons in warfare. International Journal of Cyberethics 1:20–31.
Sanger, David. 2012. Obama order sped up wave of cyberattacks against Iran. New York Times, 1 June.
Schmitt, Michael. 1998–1999. Computer network attack and the use of force in international law: Thoughts on a normative framework. Columbia Journal of Transnational Law 37:885–937.
Schmitt, Michael. 2002. Wired warfare: Computer network attack and Jus in Bello. International Review of the Red Cross 84:365–398.
Shue, Henry, and David Wippman. 2002. Limiting attacks on dual-use facilities performing indispensable civilian functions. Cornell International Law Journal 35:559–577.
Whitehouse. 2011. International strategy for cyberspace.http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Lee, S. (2014). The Ethics of Cyberattack. In: Floridi, L., Taddeo, M. (eds) The Ethics of Information Warfare. Law, Governance and Technology Series, vol 14. Springer, Cham. https://doi.org/10.1007/978-3-319-04135-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-04135-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04134-6
Online ISBN: 978-3-319-04135-3
eBook Packages: Humanities, Social Sciences and LawPhilosophy and Religion (R0)