-
5. Inter arma silent leges Redux? The Law of Armed Conflict and Cyber Conflict
- Georgetown University Press
- Chapter
- Additional Information
C H A P T E R 5 Inter arma silent leges Redux? The Law of Armed Conflict and Cyber Conflict David P. Fidler Introduction FOR YEARS, EXPERTS HAVE PREDICTED that states will become increasingly interested in and adept at using computers and the Internet as weapons of war. Recent developments indicate that countries and their capabilities in cyberspace have entered a more serious dimension concerning competition and conflict in and through cyberspace. The 2010 establishment of US Cyber Command (USCYBERCOM ) with the mission to ‘‘conduct full-spectrum military cyberspace operations’’ illustrates the shifts taking place.1 These changes have stimulated concern about how the law of armed conflict (LOAC) applies to cyber operations.2 This chapter explores the relationship between LOAC and the use of cyber technologies by states and nonstate actors. Existing literature contains divergent views on this relationship, ranging from arguments that applying LOAC to cyber operations poses few difficulties to assertions that existing rules do not function well in cyberspace, producing the need to negotiate rules for this dimension of conflict. Debate between different perspectives is healthy, and I do not attempt to adjudicate among competing positions. Rather, I identify four problems that arise in evaluating the use of cyber technologies under LOAC—the problems of application, attribution, assessment, and accountability. The problem of application identifies the difficulty of characterizing the use of cyber technologies by state and nonstate actors. Whether an event constitutes an armed attack, espionage, terrorism, or a crime is not always clear when computers and the Internet are used. Thus, putting the event into a specific legal category—a critical step of legal analysis—proves problematic. The problem of attribution arises when victims of cyber acts cannot identify the perpetrators with confidence. Not 71 72 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inter arma silent leges Redux? being able to attribute the cyber event to specific actors makes application of law difficult, if not impossible. The problem of assessment occurs when analysts evaluate a cyber act under rules within LOAC. The assessment task confronts problems that arise with the legal principles as applied in noncyber contexts, such as controversies about the meaning of rules (e.g., the scope of the right of self-defense). Finally, the problem of accountability relates to the law’s imperative to assign responsibility for regulated acts and consequences for violations. Cyber operations can dilute the ability to assign legal responsibility by creating ambiguities that undermine confidence in imposing consequences and create incentives that deter completion of accountability analysis. To facilitate a comprehensive approach, LOAC is defined broadly to include the rules that address when states can resort to force (jus ad bellum), how states and nonstate actors engage in armed conflict (jus in bello), development and use of weapons (arms control and nonproliferation), and the criminal culpability of individuals for violating international law during conflict (international criminal law). The problems of application, attribution, assessment, and accountability arise, in some form, in these areas in the cyber context. Thus, these problems constitute dilemmas for LOAC’s regulation of cyber conflict. The cumulative effect of these problems threatens to create a cyberspace version of the ancient warning about the impact of law during war—inter arma silent leges.3 In cyberspace, competition and conflict transpire in a peculiar dimension that challenges the assumptions that legal analysis of armed conflict relies upon to evaluate behavior. Such disrupting challenges have happened in other contexts, as illustrated by the post-9/11 debates about whether an attack by a terrorist group triggers a state’s right to use force in self-defense. However, cyber conflict creates a range and diversity of confounding questions that threaten the ability to speak authoritatively about the role of LOAC in the cyber context. In this realm of confusion and controversy, additional efforts to show the relevance of LOAC will not make more headway than those already attempted. More important, the confusion and controversy provide cover for the cyber machinations of states, which are still feeling out the possibilities of cyber technologies. For the foreseeable future, LOAC will be difficult to use effectively in cases of actual or alleged cyber conflict, and states keen on being cyber powers will not seriously negotiate new rules until they better grasp the capabilities of cyber technologies in their pursuits of power and influence. From Geekfare to Warfare: Developments Implicating the Law of Armed Con...