Defining cyberwarfare...in hopes of preventing it Daniel Garrie
Wars are a tragic part of our history
and will almost certainly be a tragic part of our future.
Since the establishment of the United Nations,
wars of aggression have been outlawed
and multilateral conventions refer to armed conflict
instead of war.
But the wars of the future
won’t be like the wars of our past.
Alongside traditional warfare,
our future will include cyberwarfare,
remotely fighting our enemies
through the use of a new class of weapons,
including computer viruses
and programs to alter the enemy’s ability to operate.
And not only is cyberwarfare not covered
by existing legal frameworks,
but the question of what exactly constitutes cyberwarfare
is still highly debated.
So, how can we deal with cyberwarfare
if we can’t even agree on what it means?
One way forward is to envision situations
where new international laws may be needed.
Imagine a new kind of assassin,
one that could perpetrate a crime
without firing a single shot
or even being in the same country.
For example, an individual working for the government
uses a wireless device to send a signal
to another foreign leader’s pacemaker.
This device directs the pacemaker to malfunction,
ultimately resulting in the foreign leader’s death.
Would this cyber assassination
constitute an act of war?
As a second example,
imagine an allied group of nations
cooperatively infiltrating the computer systems
of an enemy nation’s nuclear warship.
This attack results in a nuclear-powered aircraft carrier
almost melting down,
which was stopped just short
of killing thousands of soldiers and civilians.
As a defensive measure,
the enemy country responds
by unleashing a defensive cyberattack
that results in the allied nations' power grids going down.
Hospitals can no longer treat patients,
entire regions without heat or clean water,
all ultimately causing tens of thousands civilian deaths.
The origin of the power failure
was the counterattack,
but the fragile infrastructure,
feeble cybersecurity,
and the antiquated state of the power grid
all contributed to the deaths of the civilians.
Could the country fight back?
Who would they fight?
And would their retaliation be considered an act of war?
Do they constitute war crimes against humanity?
Who is to be held responsible?
The computer programmers who wrote the code?
The military project manager
who oversaw the creation of the code?
The commander who hit the button,
setting off the event?
The hardware engineer who created the computers,
knowing that they were intended to enable an attack?
Because war has been with us for so long,
we have laws to deal with figuring out
who should be held accountable
for their actions in combat.
These legal frameworks aim to contain
and prevent atrocities from being more atrocious.
Commandeering civilian planes
and using them as weapons,
dropping atomic bombs,
the use of gas chambers or poisonous gas in conflict,
all of these actions, if committed,
constitute acts of war and war crimes
under customary international law
and the Hague conventions.
Again, the current legal framework stays silent
on hypothetical questions and countless others
because there are no easy answers,
and there are only two ways
to make progress on these questions:
peace or new laws.
So, what hypothetical but plausible scenarios
can you imagine falling under
the burgeoning definition of cyberwarfare,
and how might you design
an international legal framework
to deter these activities?