Jump to ContentJump to Main Navigation










Cyber Operations and the Use of Force in International Law

May 30, 2014

By Marco Roscini, Reader in International Law at University of Westminster and author of Cyber Operations and the Use of Force in International Law, available on Oxford Scholarship Online.

Cyber Operatinos and the Use of Force in International Law

The militarization of cyberspace is a reality of today, with the armed forces of several states having already established cyber units and included cyber operations in their military doctrines and strategies. States have also been the object of cyber attacks of which others were suspected; in some cases in connection with a traditional military operation or an armed conflict. In this context, Cyber Operations and the Use of Force in International Law takes the most relevant rules of international law on the use of force and the conduct of hostilities and neutrality, whether based on treaty or custom, and explains how these rules apply to cyber operations. The book addresses the key questions of whether a cyber operation amounts to the use of force and, if so, whether the victim state can exercise its right of self-defence; whether cyber operations trigger the application of international humanitarian law when they are not accompanied by traditional hostilities; what rules must be followed in the conduct of cyber hostilities; how neutrality is affected by cyber operations; and whether those conducting cyber operations are combatants or civilians.

The book’s thesis is that international law is well-equipped to face the cyber challenge. In particular, the book demonstrates that the traditional rules on the use of armed force apply to cyber operations even though the rules were adopted well before the advent of cyber technologies. In order to prove this thesis, the book frequently employs the notion of the evolutive interpretation of treaties. The International Court of Justice (the main judicial organ of the United Nations) has emphasized that ‘where parties have used generic terms in a treaty, the parties necessarily having been aware that the meaning of the terms was likely to evolve over time, and where the treaty has been entered into for a very long period or is “of continuing duration”, the parties must be presumed, as a general rule, to have intended those terms to have an evolving meaning’. Notions such as ‘force’, ‘armed conflict’ and ‘attack’, therefore, need to be interpreted taking into account the dependency of modern societies on computers, computer systems and networks. Indeed, the increasing digitalization of critical services has made it possible to cause significant prejudicial consequences on states through non-destructive means: cyber technologies can produce disruptive results comparable to those of kinetic weapons but without the need of physical damage.

What are the chances of having a treaty on cyber warfare in the foreseeable future? Russia and China have long supported the conclusion of a convention to regulate the offensive use of cyber technologies by states and to ban attacks on computer networks. Russia has even drafted a proposal for a Convention on International Information Security. In contrast, however, a majority of states, including the United States, argue that there is no need for such a treaty, as existing rules and law enforcement mechanisms suffice. Although the increasing frequency and gravity of cyber operations might determine a rapprochement of the two opposite positions, the chances of the adoption of a treaty on cyber warfare in the foreseeable future remain slim. If it is correct that existing international law on the use of force is flexible enough to regulate cyber operations with a sufficient degree of efficiency, perhaps such a treaty is not urgently needed. The rushed adoption of such a treaty could actually be counterproductive: we still have to fully understand the realities and potentialities of cyber capabilities, and the developments in these technologies occur at such a speed that any treaty would potentially be outdated the day after it has been opened for signature.

The overall goal of this book is therefore to provide a systematic and coherent analysis of the international law applicable to military cyber operations that will be of use to anyone who wants or needs to understand the basic issues of the rules of international law on the use of force and the law of armed conflict. The potentially severe humanitarian consequences of certain cyber operations sufficiently justify an investigation on how international law can deal with them, even if such consequences have luckily not yet occurred.

Discover more: the 'Identifying the Problem and the Applicable Law' in Cyber Operations and the Use of Force in International Law is now free and available to read until the end of July. Follow Marco Roscini on Twitter here.