Defining cyberwarfare...in hopes of preventing it Daniel Garrie

Wars are a tragic part of our history

and will almost certainly be a tragic part of our future.

Since the establishment of the United Nations,

wars of aggression have been outlawed

and multilateral conventions refer to armed conflict

instead of war.

But the wars of the future

won’t be like the wars of our past.

Alongside traditional warfare,

our future will include cyberwarfare,

remotely fighting our enemies

through the use of a new class of weapons,

including computer viruses

and programs to alter the enemy’s ability to operate.

And not only is cyberwarfare not covered

by existing legal frameworks,

but the question of what exactly constitutes cyberwarfare

is still highly debated.

So, how can we deal with cyberwarfare

if we can’t even agree on what it means?

One way forward is to envision situations

where new international laws may be needed.

Imagine a new kind of assassin,

one that could perpetrate a crime

without firing a single shot

or even being in the same country.

For example, an individual working for the government

uses a wireless device to send a signal

to another foreign leader’s pacemaker.

This device directs the pacemaker to malfunction,

ultimately resulting in the foreign leader’s death.

Would this cyber assassination

constitute an act of war?

As a second example,

imagine an allied group of nations

cooperatively infiltrating the computer systems

of an enemy nation’s nuclear warship.

This attack results in a nuclear-powered aircraft carrier

almost melting down,

which was stopped just short

of killing thousands of soldiers and civilians.

As a defensive measure,

the enemy country responds

by unleashing a defensive cyberattack

that results in the allied nations' power grids going down.

Hospitals can no longer treat patients,

entire regions without heat or clean water,

all ultimately causing tens of thousands civilian deaths.

The origin of the power failure

was the counterattack,

but the fragile infrastructure,

feeble cybersecurity,

and the antiquated state of the power grid

all contributed to the deaths of the civilians.

Could the country fight back?

Who would they fight?

And would their retaliation be considered an act of war?

Do they constitute war crimes against humanity?

Who is to be held responsible?

The computer programmers who wrote the code?

The military project manager

who oversaw the creation of the code?

The commander who hit the button,

setting off the event?

The hardware engineer who created the computers,

knowing that they were intended to enable an attack?

Because war has been with us for so long,

we have laws to deal with figuring out

who should be held accountable

for their actions in combat.

These legal frameworks aim to contain

and prevent atrocities from being more atrocious.

Commandeering civilian planes

and using them as weapons,

dropping atomic bombs,

the use of gas chambers or poisonous gas in conflict,

all of these actions, if committed,

constitute acts of war and war crimes

under customary international law

and the Hague conventions.

Again, the current legal framework stays silent

on hypothetical questions and countless others

because there are no easy answers,

and there are only two ways

to make progress on these questions:

peace or new laws.

So, what hypothetical but plausible scenarios

can you imagine falling under

the burgeoning definition of cyberwarfare,

and how might you design

an international legal framework

to deter these activities?