Cyberwarfare is defined as being “wars conducted in and from computers and the networks connecting them, waged by States or their proxies against other States”. Even though many other definitions can be found for this word, there is no legal definition for it. Cyberwarfare often does not make it to the big news headlines. We have to look for updates on those specific events in order to stay informed.
The different States’ efforts to keep such occurrences on the down low is made easier by a surprising disinterest from the public to learn about them. Some consider that this results from society associating attacks and wars with the traditional idea of guns, soldiers, and bloodshed. This is highly surprising, considering the fact that cyberwars can have as important of an impact on our lives, as the traditional wars we are accustomed to, perhaps even more, as they have evolved since 1982, from single attacks to full-fledged wars.
In June of 1982, in the midst of the Cold War, the CIA learned that the USSR was planning to steal software from a Canadian company in order to control its trans-Siberian pipeline. The American Intelligence ended up altering that software, which caused the pipeline to explode. This event is largely considered the first ever cyber-attack, the downside of the evolution of technology.
In 1998, the United States hacked into Serbia’s air defense system to compromise air traffic control and facilitate the bombing of Serbian targets. Nearly a decade later in 2007, another attack took place, this time in Estonia, where a botnet of over a million computers brought down government businesses and websites across the country. The attack was suspected to have originated in Russia, motivated by political tension between the two countries. One of the most intense and major events is probably the one that took place in 2009: a cyber-spy network called “GhostNet” accessed confidential information belonging to both governmental and private organizations in over 100 countries around the world, and many believe it to have originated in China although Chinese authorities have denied responsibility.
Many believe cyberwarfare to be a lot less threatening than traditional wars, mainly because it is thought to be harmless given its virtual nature. However, the attacks mentioned above are proof that, while it is true that we cannot directly witness them, their consequences are drastic. Knowing that a country is able to compromise another’s air traffic control should be enough to worry us all. Civilian security can be put at risk, and this can lead to massive disasters. Some conspiracy theorists claim that the Malaysia airlines’ unofficial disappearance may have been the result of a cyber-attack. And even though those specific claims have been dismissed, the mere fact that those hypotheses are realistic should be alarming.
Unfortunately, reporting such events is an incredibly difficult task, which also explains the lack of media coverage they receive. The near impossibility of finding evidence of cyber-attacks or a full-fledged cyberwar going on between two countries seems to be enough of a reason to discourage journalists from attempting to report the incidents, which often leaves us unaware of conflicts that have the potential to affect us greatly. We can even wonder if governments are not only reassured by the lack of knowledge people have of such quarrels, but even seem to be taking advantage of that fact, in order to settle “disagreements” without their populations knowing, even though they sometimes publicize such information only in order to point fingers in the direction of the culprits.
Thankfully, cyberwars are limited by specific laws and rules. During the NATO , on September 5 2014, the search for a clear definition of the term was discussed, and the result was an agreement of the different head of States “that cyber-attacks can reach a threshold that not only threatens Transatlantic prosperity and security, but could even be “as harmful to modern societies as a conventional attack” and thus merit an invocation of Article 5 of the Washington treaty the collective defense clause.” The collective defense clause, stipulates that ”each party […] will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.” Collective defense means that an attack against one Ally is considered to be an attack against all Allies. Therefore, the NATO applied the rules governing traditional wars to cyber-attacks. Nevertheless, they carefully avoided defining which cyber-attacks would be crossing that threshold. In other words, even though specific regulations regarding cyber warfare are still new and somewhat fragile, there remains legal texts that countries victims of cyber-attacks can use to retaliate. The Tallinn Manual, a study that was conducted by a panel of international law experts, analyzes the topic of international law and its applicability to cyber-attacks and upholds the NATO’s position as the panel considered that “Legally speaking, a computer program that disables a nation’s air-traffic control system and sends planes falling out of a sky produces the same destruction that missiles would.”
Nevertheless, the definition of war and its differentiation from a harmless attack remains difficult. While it is true that laws regulating cyberwarfare do exist, it goes without saying that since those practices are fairly recent, the legal framework remains weak and imprecise. Even though the earliest codification of civil laws and texts in France was said to be strong because of its use of general terms, in this case, the vague definition given to cyber-attacks and cyberwars renders their juridical elements as weak and almost ineffective as their definition.
The threat of cyberwarfare has started to have an impact on technologically advanced countries such as the Unites States and Israel which are considered to be leaders when it comes to cyber feuds. But it remains extremely hard to find information about the events following cyber-attacks, even though acquiring a general understanding of the intentions of all countries, when it comes to fortifying their Cyber Commands gives us an idea of what the methods of retaliation. An immediate response to cyber threats, as well as the importance of putting together a proper cyber strategy seems to be on top of the list.
One major conclusion can be drawn: the threat of cyberwarfare is real, and States are actively working on reinforcing themselves on that scale. Nonetheless, the lack of information and legal framework remains an alarming truth, in the sense that citizens are being kept in the dark when it comes to events jeopardizing their well-being. The world’s population is often unaware of what is happening, and what is to come.
Roya Pary Bouery
First year law student