WarForTheWorld Help

XVI - Cyber-Operations

16.1 INTRODUCTION

This Chapter addresses the law of war and cyber operations. It addresses how law of war principles and rules apply to relatively novel cyber capabilities and the cyber domain. As a matter of U.S. policy, the United States has sought to work internationally to clarify how existing international law and norms, including law of war principles, apply to cyber operations.

Precisely how the law of war applies to cyber operations is not well-settled, and aspects of the law in this area are likely to continue to develop, especially as new cyber capabilities are developed and States determine their views in response to such developments.

16.5 CYBER OPERATIONS AND JUS IN BELLO
This section addresses jus in bello rules and cyber operations.

16.5.1 Cyber Operations That Constitute “Attacks” for the Purpose of Applying Rules on Conducting Attacks.
If a cyber operation constitutes an attack, then the law of war rules on conducting attacks must be applied to those cyber operations. For example, such operations must comport with the requirements of distinction and proportionality.

For example, a cyber attack that would destroy enemy computer systems could not be directed against ostensibly civilian infrastructure, such as computer systems belonging to stock exchanges, banking systems, and universities, unless those computer systems met the test for being a military objective under the circumstances. A cyber operation that would not constitute an attack, but would nonetheless seize or destroy enemy property, would have to be imperatively demanded by the necessities of war.

16.5.2 Cyber Operations That Do Not Amount to an “Attack” Under the Law of War.
A cyber operation that does not constitute an attack is not restricted by the rules that apply to attacks. Factors that would suggest that a cyber operation is not an “attack” include whether the operation causes only reversible effects or only temporary effects. Cyber operations that generally would not constitute attacks include:

  • defacing a government webpage;

  • a minor, brief disruption of internet services;

  • briefly disrupting, disabling, or interfering with communications; and

  • disseminating propaganda.


    Since such operations generally would not be considered attacks under the law of war, they generally would not need to be directed at military objectives, and may be directed at civilians or civilian objects. Nonetheless, such operations must not be directed against enemy civilians or civilian objects unless the operations are militarily necessary. Moreover, such operations should comport with the general principles of the law of war. For example, even if a cyber operation is not an “attack” or does not cause any injury or damage that would need to be considered under the principle of proportionality in conducting attacks, that cyber operation still should not be conducted in a way that unnecessarily causes inconvenience to civilians or neutral persons.

Last modified: 05 July 2024
XII - Non-Hostile Relations Between Belligerents