Abstract
This Chapter discusses the possible problems arising from the application of the principle of distinction under the law of armed conflict to cyber attacks. It first identifies when cyber attacks qualify as ‘attacks’ under the law of armed conflict and then examines the two elements of the definition of ‘military objective’ contained in Article 52(2) of the 1977 Protocol I additional to the 1949 Geneva Conventions on the Protection of Victims of War. The Chapter concludes that this definition is flexible enough to apply in the cyber context without significant problems and that none of the challenges that characterize cyber attacks hinders the application of the principle of distinction.
This Chapter is largely based, with some amendments and updates, on the author’s book, Roscini 2014a: 176–192.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Commentary subsequently rephrases the definition as ‘any movements, manœvres and other activities whatsoever carried out by the armed forces with a view to combat’ (Sandoz et al. 1987: para 2191). Inconsistently, the Commentary of Art 13 of Additional Protocol II defines ‘military operations’ more narrowly as ‘movements of attack or defence by the armed forces in action’ (ibid., para 4769).
- 2.
Rule 30 of the Tallinn Manual for instance, defines a cyber attack as ‘a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects’ (Tallinn Manual 2013: 106). The Manual includes ‘serious illness and severe mental suffering’ in the notion of ‘injury’ (Tallinn Manual 2013: 108).
- 3.
On evolutionary interpretation in the cyber context, see Roscini 2014a: 20–24, 280–281.
- 4.
Roscini 2014b. Denial of service (DoS) attacks, of which ‘flood attacks’ are an example, aim to inundate the targeted system with excessive calls, messages, enquiries or requests in order to overload it and force its shut down. Permanent DoS attacks are particularly serious attacks that damage the system and cause its replacement or reinstallation of hardware. When the DoS attack is carried out by a large number of computers organized in botnets, it is referred to as a ‘distributed denial of service’ (DDoS) attack.
- 5.
For a discussion of the application of the principle of distinction to the targeting of individuals (as opposed to objects), see Roscini 2014a: 192–215.
- 6.
Without referring to the notion of military objective, Art 2 of the 1907 Hague Convention IX Concerning Bombardment by Naval Forces in Time of War contains a list of objects that can be destroyed.
- 7.
The list includes military forces; military works; military establishments or depots; factories constituting important and well-known centres engaged in the manufacture of arms, ammunition or distinctively military supplies; lines of communication or transportation used for military purposes. It is doubtful whether the list is exhaustive (Rogers 2004: 60).
- 8.
See Arts 4, 19(2) of Geneva Convention I and Arts 4, 18(5) of Geneva Convention IV. The 1956 New Delhi Draft Rules for the Limitation of the Dangers Incurred by the Civilian Population in Time of War, drafted by the ICRC, proposed a list of military objectives, to be reviewed at intervals of no more than 10 years by a group of experts; however, even if an object had belonged to one of the listed categories, it would not have been a military objective if its total or partial destruction, in the circumstances ruling at the time, had offered no military advantage (Art 7). Another attempt to define the concept of ‘military objective’ was made by the Institute of International Law in 1969 (Annuaire de l’Institut de droit international (1969–II).359).
- 9.
Hard targets can be attacked both by kinetic or cyber means, while software and data can be attacked only by cyber means (Rauscher and Korotkov 2011: 19).
- 10.
Confusingly, the Commentary to Rule 38 of the Tallinn Manual makes the example of a cyber operation against a website that inspires ‘patriotic sentiments’ among the population as a case of non-effective contribution to military action (Tallinn Manual 2013:13); however, such an operation would not be an ‘attack’ in the sense of either Art 49(1) of Additional Protocol I or Rule 30 of the Manual itself.
- 11.
It is however normally the software rather than the hardware that turns a computer into a military objective (Dinstein 2012: 263).
- 12.
The three US Department of Defense’s internal networks, for instance, would be examples of networks that are military objectives by nature. In particular, the Secret Internet Protocol Router Network (SIPRNet), which is not connected to the internet, is used for classified information and to transmit military orders, while the Joint Worldwide Intelligence Communications System (JWICS) is used to communicate intelligence information to the military. On the three DoD networks, see Clarke and Knake 2010: 171–3.
- 13.
According to the ICRC Commentary, purpose is ‘the intended future use of an object, while that of use is concerned with its present function’ (Sandoz et al. 1987: para 2022, emphasis in the original).
- 14.
Jensen has for instance claimed that ‘Microsoft Corporation Headquarters in Washington State is a valid dual-use target, based on the support it provides to the U.S. war effort by facilitating U.S. military operations’ (Jensen 2002–2003: 1160). However, he eventually denies that it is a lawful military objective because of doubts with regard to the military advantage that can be gained from its destruction or neutralization (1167–6).
- 15.
See Rule 39, Tallinn Manual. As has been observed, an ‘object becomes a military objective even if its military use is only marginal compared to its civilian use’ (Droege 2012: 563).
- 16.
The provision only applies when doubt concerns the use of the object, not its nature, location or purpose (Boothby 2012: 71).
- 17.
For critical comments of the US position and the documents in which it appears, see Bartolini 2006: 235–6.
- 18.
It also appears that China sees cyber operations against financial systems, power generation, transmission facilities, and other NCIs as part of a conflict with another state (Owens et al. 2009: 333).
- 19.
Al Arabiya News: 2012. Oil production, however, remained uninterrupted.
- 20.
Responses to advance questions, Nomination of Lt Gen Keith Alexander for Commander, US Cyber Command, US Senate Committee on Armed Services, 15 April 2010, 13, http://armed-services.senate.gov/statemnt/2010/04%20April/Alexander%2004-15-10.pdf.
- 21.
DeSaussure refers to the examples of the 1972 Christmas bombing of Hanoi or the never implemented bombing of a depot in the heart of Argentina during the Falklands war, which would have not helped the British reoccupy the islands (DeSaussure 1987: 513).
- 22.
The list is reprinted in ICTY Final Report, 2000, para 39.
- 23.
The ICTY Final Report on the NATO bombing campaign against Yugoslavia emphasized that, even if the RTS building in Belgrade was considered a military objective, broadcasting was interrupted only for a brief period and in any case Yugoslavia’s command and control network, of which the RTS building was allegedly a part, could not be disabled with a single strike (ICTY Final Report, 2000, para 78).
- 24.
Resilience does not, however, mean invulnerability. For instance, 88 per cent of Egyptian internet access was shut down as a consequence of the withdrawal of 3500 Border Gateway Protocol (BGP) routes by Egyptian ISPs (Williams 2011).
Bibliography
Books and Articles
Aldrich, George H. 1999. Yugoslavia’s television studios as military objectives. International Law Forum du droit International 1: 149–150.
Bartolini, Giulio. 2006. Air operations against Iraq (1991 and 2003). In The law of air warfare-contemporary issues, ed. Natalino Ronzitti and Gabriella Venturini, 227–272. Utrecht: Eleven Publishing.
Bartolini, Giulio. 2013. Air targeting in operation unified protector in Libya. Jus ad bellum and IHL issues: An external perspective. In Legal interoperability and ensuring observance of the law applicable in multinational deployments, ed. Stanislas Horvat and Marco Benatar, 242–279. Brussels: International Society for Military Law and the Law of War.
Boothby, William H. 2012. The law of targeting. Oxford: Oxford University Press.
Bothe, Michael, Karl J. Partsch, and Waldemar A. Solf. 1982. New rules for victims of armed conflicts: Commentary on the two 1977 protocols additional to the Geneva conventions of 1949. The Hague: Nijhoff.
Clarke, Richard A., and Robert K. Knake. 2010. Cyber war. The next threat to national security and what to do about it? New York: Harper Collins.
Cryer, Robert. 2002. The fine art of friendship: Jus in Bello in Afghanistan. Journal of Conflict and Security Law 7(1): 37–83.
DeSaussure, Hamilton. 1987. Remarks at the Six Annual American Red Cross-Washington College of Law Conference on International Humanitarian Law: A workshop on customary international law and the 1977 protocols additional to the 1949 Geneva conventions. American University Journal of International Law and Policy 2: 415–538.
Dinstein, Yoram. 2012. The principle of distinction in cyber war in international armed conflicts. Journal of Conflict and Security Law 17: 261–278.
Dinstein, Yoram. 2013. Cyber war and international law: Concluding remarks at the 2012 Naval War College international conference. International Law Studies 89: 276–287.
Doswald-Beck, Louise. 2002. Some thoughts on computer network attack and the international law of armed conflict. International Law Studies 76: 163–186.
Droege, Cordula. 2012. Get off my cloud: Cyber warfare, international humanitarian law, and the protection of civilians. International Review of the Red Cross 94: 533–578.
Fenrick, William J. 1996–1997. Attacking the enemy civilian as a punishable offence. Duke Journal of Comparative and International Law 7:539–570.
Geiß, Robin, and Henning Lahmannn. 2012. Cyber warfare: Applying the principle of distinction in an interconnected space. Israel Law Review 45: 381–400.
Henckaerts, Jean Marie, and Louise Doswald-Beck. (ed.). 2005. Customary International Humanitarian Law. Cambridge: Cambridge University Press (two volumes).
Jensen, Eric Talbot. 2002–2003. Unexpected consequences from knock-on effects: A different standard for computer network operations? American University International Law Review 18: 1145–1188
Lubell, Noam. 2013. Lawful targets in cyber operations: Does the principle of distinction Apply? International Law Studies 89: 252–275.
Oeter, Stefan. 2013. Methods and means of combat. In The handbook of international humanitarian law, ed. Dieter Fleck, 115–230. Oxford: Oxford University Press.
Owens, William, A. Dam, W. Kenneth, and Herbert S. Lin. 2009. Technology, policy, law, and ethics regarding U.S. acquisition and use of cyberattack capabilities. Washington, DC: The National Academies Press.
Rauscher, Karl F., and Andrey Korotkov. 2011. Working towards rules for governing cyber conflict. Rendering the Geneva and Hague conventions in cyberspace. New York: East West Institute.
Rogers, A.P.V. 2004. Law on the battlefield. Manchester: Manchester University Press.
Roscini, Marco. 2014a. Cyber operations and the use of force in international law. Oxford: Oxford University Press.
Roscini, Marco. 2014b, March 31. Is there a ‘Cyber War’ between Ukraine and Russia. OUPBlog. http://blog.oup.com/2014/03/is-there-a-cyber-war-between-ukraine-and-russia-pil/.
Sandoz, Yves, Christophe Swinarski, and Bruno Zimmermann (eds.). 1987. Commentary on the additional protocols of 8 June 1977 to the Geneva conventions of 12 August 1949. Dordrecht: Nijhoff.
Schmitt, Michael N. 2011. Cyber operations and the Jus in Bello: Key issues. International Law Studies 87: 89–112.
Schmitt, Michael N. (ed.). 2013. Tallinn manual on the international law applicable to cyber warfare. Cambridge: Cambridge University Press.
Turns, Davis. 2012. Cyber warfare and the notion of direct participation in hostilities. Journal of Conflict and Security Law 17: 297–300.
Vierucci, Luisa. 2006. Sulla nozione di obiettivo militare nella guerra aerea: recenti sviluppi della giurisprudenza internazionale. Rivista di diritto Internazionale 89: 693–735.
National Military Manuals and Operational Handbooks
Department of Air Force. 1997. Cornerstones of information warfare. http://www.google.co.uk/url?url=http://www.dtic.mil/cgi-bin/GetTRDoc?Ad.
Federal Ministry of Defence. 2013. Law of armed conflict manual. Joint Service Regulation 15/2. http://www.bmvg.de/resource/resource/MzEzNTM4MmUzMzMyMmUzMTM1MzMyZTM2MzIzMDMwMzAzMDMwMzAzMDY5MzIzNDZmN2E3NjZmNjgyMDIwMjAyMDIw/Law%20of%20Armed%20Conflict_Manual_2013.pdf.
UK Ministry of Defence. 2004. The manual of the law of armed conflict. Oxford: Oxford University Press.
US Air Force. 1998, February 1. Intelligence targeting guide. Air force pamphlet 14-210 intelligence. http://www.fas.org/irp/dodir/usaf/afpam14-210/part17.htm.
U.S Air Force Pamphlet 110-31. 1976. International law –The conduct of armed conflict and air operations. https://www.cna.org/sites/default/files/research/5500045700.pdf
US Navy, U.S Marine Corps, U.S Coast Guard. 2007. The commander’s handbook on the law of naval operations. http://www.fichl.org/uploads/media/US_Navy_Commander_s_Handbook_1995.pdf.
Reports
Amnesty International. 2000, June. ‘Collateral Damage’ or ‘Unlawful Killings?’ Violations of the laws of war by NATO during operation Allied Force. AI-Index EUR70/18/00 https://www.amnesty.org/en/documents/document/?indexNumber=EUR70%2F018%2F2000&language=en.
Final Report to the Prosecutor by the Committee Established to Review the NATO Bombing Campaign Against the Federal Republic of Yugoslavia. 8 June 2000. http://www.icty.org/x/file/Press/nato061300.pdf.
Human Rights Watch. 2003. Off target. The conduct of the war and civilian casualties in Iraq. http://www.hrw.org/reports/2003/usa1203/usa1203.pdf.
ICRC. 2011, October. International humanitarian law and the challenges of contemporary armed conflicts. https://www.icrc.org/eng/assets/files/red-cross-crescent-movement/31st-international-conference/31-int-conference-ihl-challenges-report-11-5-1-2-en.pdf.
Mandiant. 2013. APT1. Exposing one of China’s cyber espionage units. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.
Melzer, Nils. 2011. Cyberwarfare and international law. UNIDIR, 27. http://www.isn.ethz.ch/Digital-Library/Publications/Detail/?lang=en&id=134218.
Ziolkowski, Katharina. 2012. Stuxnet – Legal Considerations. NATO CCD COE Publications, 5. https://ccdcoe.org/search.html
Cases
Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion, 8 July 1996, ICJ Reports 1996.
Partial Award, Western Front, Aerial Bombardment and Related Claims, Eritrea’s Claims 1, 3, 5, 9–13, 14, 21, 25 and 26, 19 December 2005, Reports of International Arbitral Awards. Vol. XXVI, Part VIII
Prosecutor v Kupreškić, Case No IT-96-16-T, Trial Chamber Judgment, 14 January 2000.
On-Line Publications and Other Documents
Al Arabiya News. 2012, December 9. Saudi Aramco says cyber attack targeted kingdom’s economy. http://www.alarabiya.net/articles/2012/12/09/254162.html.
Broad, William J. 2010, November 23. Report suggests problems with Iran’s nuclear Efforts. The New York Times. http://www.nytimes.com/2012/11/24/world/middleeast/24nuke.html.
Dörmann, Knut. 2001, May 19. Computer network attack and international humanitarian law. http://www.icrc.org/eng/resources/documents/misc/5p2alj.htm.
Dörmann, Knut. 2004, November 9. Applicability of the additional protocols to computer network attacks. https://www.icrc.org/eng/assets/files/other/applicabilityofihltocna.pdf.
Herold, Marc W. 2002, March. A Dossier on civilian victims of United States’ aerial bombing of Afghanistan: A comprehensive accounting. http://www.cursor.org/stories/civilian_deaths.htm.
Statement by the Spokesperson for NATO Operation Unified Protector, Colonel Roland Lavoie, Regarding Air Strike in Tripoli. 30 July 2011. NATO Strikes Libyan State TV Satellite Facility. http://www.nato.int/cps/en/natolive/news_76776.htm.
Vincent, James. 2013, August 27. Chinese domains downed by ‘Largest Ever’ cyber attack. The Independent. http://www.independent.co.uk/life-style/gadgets-and-tech/news/chinese-domains-downed-by-largest-ever-cyberattack-8786091.html.
Williams, Christopher. 2011, January 28. How Egypt shut down the internet. The Telegraph. http://www.telegraph.co.uk/news/worldnews/africaandindianocean/egypt/8288163/How-Egypt-shut-down-the-internet.html.
Zetter, Kim. 2015, August 1. A cyber attack has caused confirmed physical damage for the second time ever. Wired. https://www.wired.com/2015/01/german-steel-mill-hack-destruction/.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Roscini, M. (2017). Military Objectives in Cyber Warfare. In: Taddeo, M., Glorioso, L. (eds) Ethics and Policies for Cyber Operations. Philosophical Studies Series, vol 124. Springer, Cham. https://doi.org/10.1007/978-3-319-45300-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-45300-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45299-9
Online ISBN: 978-3-319-45300-2
eBook Packages: Religion and PhilosophyPhilosophy and Religion (R0)