Journal of Conflict & Security Law Oxford University Press 2012; all rights reserved.

For permissions, please e-mail: journals.permissions@oup.com

doi:10.1093/jcsl/krs016
.......................................................................

Editorial
Cyber War and International Law

The theme of this special issue is cyber war and international law. More specif-
ically, this special issue examines the application of the international law on the
use of force (jus ad bellum) and international humanitarian law (jus in bello)
to cyber war.
It is a truism to say that, nowadays, information and communication technol-
ogy forms an integral part of our lives, and that societies as well as states are
dependent upon such technology to carry out their manifold activities. Indeed,
the cyber space as the global digital communications and information infrastruc-
ture1 can deliver immense benefits to individuals and societies but at the same
time can be the source of many threats and vulnerabilities. Due to the depend-
ency of modern societies on cyber technology, cyber security has become a
number one state priority.2 Perhaps one of the most serious threats facing
states is the use of cyber capabilities to conduct military style operations with
the aim of degrading, denying or destroying information resident on computers
or computer networks. Such threats fall under the banner of cyber war.
Conceding that cyber threats are here to stay and that states need to respond
to such threats, questions immediately arise as to whether and to what extent
international law can apply to cyber activities. These are legitimate questions
because the relevant rules have been developed for different types of situations
or events, whereas cyber security involves many additional complicating factors,
such as the anonymity, speed and multi-level nature of cyber operations, the
wide availability of cyber weapons, the easy access by non-state actors to cyber
weapons and the destructive direct or indirect effects that cyber attacks can

1
P Cornish, D Livingstone, D Clemente and C Yorke, On Cyber Warfare, A Chatham
House Report (Royal Institute of International Affairs 2010) 5www.chathamhouse.
org.uk4 (accessed 19 June 2012).
2
For example, in the context of the UK see the UK National Security Strategy (2010)
5http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/
digitalasset/dg_191639.pdf?CIDPDF&PLAfurl&CREnationalsecuritystrategy4
(accessed 19 June 2012); Securing Britain in an Age of Uncertainty: The Strategic Defence
and Security Review (2010) 5http://www.direct.gov.uk/prod_consum_dg/groups/dg_
digitalassets/@dg/@en/documents/digitalasset/dg_191634.pdf?CIDPDF&PLAfurl&
CREsdsr4 (accessed 19 June 2012); The UK Cyber Security Strategy Protecting and
Promoting the UK in a Digital World (2011) 5https://update.cabinetoffice.gov.uk/sites/
default/files/resources/uk-cyber-security-strategy-final.pdf4(accessed 19 June 2012). In re-
lation to the US, see National Security Council, The Comprehensive National
Cybersecurity Initiative (2009)5http://www.whitehouse.gov/cybersecurity/comprehensive-
national-cybersecurity-initiative4 and White House, International Strategy for
Cyberspace: Prosperity, Security, and Openness in a Networked World (2011) 5http://
www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.
pdf4(accessed 19 June 2012).
..............................................................................
Journal of Conflict & Security Law (2012), Vol. 17 No. 2, 183186
184 Editorial

produce. For some, non-military methods involving peaceful countermeasures,

sanctions or new treaties are more effective in countering such threats.
Yet for others such threats should be countered according to the use of force
paradigm. In the latter case, it becomes necessary to examine how the jus ad
bellum and the jus in bello rules can apply to cyber war. If the jus ad bellum is to
be applied, questions arise as to whether a cyber attack can constitute an un-
lawful intervention violating the sovereignty of a state or even an unlawful use
of force within the meaning of Article 2(4) of the United Nations (UN) Charter.
Another question is whether and under what circumstances a cyber attack can
amount to an armed attack that can trigger a states right to self defence.
Further, this raises a critical question as to how such an attack can be attributed
to a state against which self-defence action can be taken. What if no attribution
can be made? Can self-defence be engaged in relation to a cyber attack com-
mitted by a non-state actor? Also, can defensive responses to cyber attacks be
cyber in nature or also kinetic?
As far as the jus in bello is concerned, pertinent questions relate to whether
conflicts that occur in the cyber realm demand the application of international
humanitarian law and, if so, whether such conflicts should be characterised as
international or non-international in character. Of equal importance are ques-
tions relating to whether those that engage in cyber attacks directly participate
in hostilities, thus rendering them lawful targets of attack. Furthermore, other
questions concern whether cyber weapons can be used compatibly with the
principles of distinction, proportionality and precaution.
These are some of the crucial questions that this special issue examines. The
first part comprises articles contributed by Professor Mary Ellen OConnell,
Dr Russell Buchan and Professor Nicholas Tsagourias and address the applica-
tion of the jus ad bellum to cyber war. The second part contains articles con-
tributed by Professor Michael Schmitt, Professor Yoram Dinstein and David
Turns and concern the application of the jus in bello to cyber war.
OConnell opens the first part of this special issue by arguing that, in most
cases, cyber attacks do not fulfil the international law criteria on the use of force
and, consequently, the use of force paradigm cannot apply to cyber attacks.
More than that, however, OConnell submits that the use of force framework
should not apply because it will lead to the militarisation of cyber space. In
OConnells view, alternative international legal frameworks, such as those
relating to economic activity and communications, are more relevant and ap-
propriate to regulate cyber activities. For her, cyber security can be delivered
through unilateral peacetime countermeasures, Security Council sanctions,
cyber law enforcement, cooperation and good cyber hygiene.
Buchan assesses whether an attack against the computer network of a state
constitutes an unlawful use of force for the purposes of Article 2(4) UN Charter.
Using the cyber attack against Iran in 2010 as an example, Buchan concludes
that a cyber attack will violate the use of force prohibition where it produces
physical damage; this being death or injury to people or damage to physical
 Editorial 185

property. It follows that a cyber attack that only causes non-physical damage,
such as the attack against Estonia in 2007, will not qualify as an unlawful use of
force. However, Buchan argues that such a cyber attack will nevertheless violate
the principle of non-intervention where it can be regarded as coercive in nature;
this being that the attack is deployed with the intention of forcing the victim
state into a change of policy.
Assuming that a cyber attack amounts to an armed attack for self-defence
purposes, Tsagouriass contribution examines the question of attribution. For
him, attribution has technological, political and legal aspects which interact with
each other. As far as the legal aspects of attribution are concerned Tsagourias
submits that, according to prevailing international legal standards, an armed
attack in cyberspace will be attributed to a state where it has been committed
by an organ or agent of that state. Furthermore, attribution can be established
on the basis that a state has tolerated the existence of a non-state actor that then
commits a cyber attack. Indeed, Tsagourias suggests that, even if no state is
implicated in the cyber attack, customary law going back to the Caroline case
permits self-defence action against the non-state actor that has committed the
cyber attack.
Schmitts article opens the second part of this special issue by addressing how
cyber conflicts should be characterised for the purpose of international humani-
tarian law and, in particular, whether they give rise to an international or a
non-international armed conflict. In this regard, the author considers the ques-
tion of whether cyber attacks satisfy the requirement of international, armed
and attack for the purposes of the law of international armed conflict. In rela-
tion to the law of non-international armed conflict, the author considers the
question of whether a cyber group can be qualified as organised and what is
the required threshold of intensity of a cyber attack.
Dinsteins contribution focuses on the principle of distinction in international
cyber conflicts. For Dinstein, the principles of distinction, proportionality and
precaution apply to cyber war but their application is complicated because of the
complexity of cyber technology and the interconnectivity of computer systems.
Finally, Turnss contribution considers the application of the notion of direct
participation in hostilities to cyber war. In this context, he applies the criteria
developed by the International Committee of the Red Cross in its 2005
Interpretive Guidance; namely, the threshold of harm, direct causation and bel-
ligerent nexus. For him, direct causation is the most problematic in the context
of cyber war. He then goes on to consider the legal status of non-military per-
sonnel that are involved in the design, installation and operation of cyber weap-
onry and, more specifically, whether such non-military personnel can be
regarded as directly participating in hostilities. His findings are mixed, with
certain personnel not satisfying all the criteria all the time.
All the papers in this special issue, with the exception of Professor Schmitts,
have been presented at a workshop organised at the University of Glasgow in
October 2011. We would like to express our gratitude to the School of Law, the
186 Editorial

ASRF and the Chancellors Fund at the University of Glasgow and also to the
University of Sheffield for their generous financial support, without which this
workshop could not have been held. We would also like to thank all the par-
ticipants in the workshop. In particular, we would like to extend our gratitude to
Professor Terry Gill and Professor Eric Myjer for chairing the panels and to
Professor Robert Cryer and Professor Nigel White for providing concluding
comments to the workshop. Finally, we would like to thank the editors of the
Journal of Conflict and Security Law for publishing the papers. We believe that
their publication is timely and will contribute to the legal and policy debates on
cyber war in the years to come.

Russell Buchan, University of Sheffield

Nicholas Tsagourias, University of Glasgow