by MT Smith
This post is part of the student blogger project from the summer session of International Telecommunications Law.
MT Smith is from Jacksonville, FL and grew up in a military family, moving around the U.S. He calls Jacksonville, FL and Charlotte, NC home. MT graduated from the University of North Carolina at Wilmington with a Bachelor of Arts degree in Communication Studies. He then pursued a career in Naval Aviation as a pilot in the US Navy, flying multiple aircraft with his primary platform being the Navy’s E-6B Mercury. His many deployments as an Aircraft Commander and Mission Commander in support of USSTRATCOM’s TACAMO and Looking Glass operations fueled his interests in the arena of Communications and National Security issues as well as Air and Space Law. He is in his second year of law school at The University of Mississippi where he hopes to earn the National Center for Remote Sensing, Air and Space Law Certificate.
To simply say the United States should take a particular stance on a policy concerning the cyberwarfare battlefield, is equivalent to saying the United States should just print enough money to pay off all our debts. It does not work that way, it will not work that easily, and it certainly will not effectively solve our current or future concerns. There are laws that define the intricacies of the world economy as there are laws that define international warfare. These laws must be taken into account when analyzing an approach to advance a system that is not working.
The United States, as well as the international community as a whole, is at the dawn of a new era in global warfare. Cyberwarfare has manipulated the means by which destruction can be leveled across the globe. We are looking at a battlefield where, as (former) U.S. Deputy Defense Secretary William J. Lynn III put it, “bits and bytes can be as threatening as bullets and bombs.”1 Not only must the many international nations face the threat of these acts of destruction that through mere computer viruses, entire infrastructures can be rendered incapacitated, leaving thousands or more without their basic necessities often leading to public hysteria and civilian casualties, but these many nations must face the problem of an undefined and unregulated environment.
The International Committee of the Red Cross (ICRC), in its humanitarian efforts to advocate limited suffering and unnecessary conflict, approaches international communities in an effort to promote a standard in which all nations will comply.2 “As far as armed conflict is concerned, a distinction is made between jus ad bellum or the law that outlaws war- essentially the U.N. Charter that prohibits the use of force in the relations between States, except in cases of self-defense or collective security- and jus in bello or the law applicable in time of armed conflict.”3 These international standards have defined, rather well considering the many nations and their own agendas, the framework for those facing international armed conflict. The problem is managing the scope of the definition of “armed conflict” in the evolving international cyberwarfare environment and how we pose to assign the repercussions to those responsible.
When facing these new “acts,” nations must assess the threats and how they fit or relate within the guiding standards of international law. The ICRC has defined International Armed Conflict as “a declared war on any other armed confrontation between two or more states, even if the state of war is not recognized by one of them…and that no minimum level of intensity is required…and there may even be no combat at all.”4 This definition certainly leaves much to be desired in strict definition alone for cyberattacks, but there is a glimmer of possibility within the idea that armed conflict does not necessarily have to include “combat.” This is an idea that focuses on the results of an action as opposed to the means by which it brings them about.
Diving deeper into the rabbit hole of defining cyberwarfare through the current international laws, there are other isolated issues that bring problems to the international forefront concerning cyberwarfare. What can and cannot be used in these conflicts that are so narrowly defined by international standards? Who can be held responsible for these acts and do they fall into the boundaries of traditional warfare players?
The guiding framework for weapons of use has been one that has continually adapted to the changing means of war, all while serving the humanitarian ideals for mankind. The ICRC has adopted these changes over the many years and throughout the many international conflicts. As seen in the 1925 Geneva Gas Protocol, the 1972 Biological Weapons Convention, the 1980 Convention on Certain Conventional Weapons (and its five Protocols), the 1993 Convention on Chemical Weapons, and the 1997 Ottawa Convention on Anti-Personnel Mines, many meetings have led to many changes.5 With evolving methods of warfare, it is evident that the international community has found ways to bring certain destructive weapons to the forefront of the conversation, again focusing on ways to unify a standard in dealing with conflict, in the face of inevitable weaponry growth.
Along with these conflicts and weapons, we see an emerging player. Unlike the ICRC’s standardized combatants and non-combatants or civilians, the new breed of “unknown” soldier or terrorist has become a massive contributor to both modern warfare as well as the growth of cyberwarfare. The ICRC claims that most of these standards apply to combatants, not civilians, however, “the law of armed conflict does not prohibit direct participation in hostilities.”6 These civilians choosing to participate directly are liable to prosecution for unlawful acts of war.7 When a major hurdle is fighting the unknown actors behind a cyberattack, this small caveat breathes a light of hope in the idea that there is a possibility to bring strict justice to those responsible for their actions.
The point being, within the many strict and difficult definitions concerning international laws of war, there is room for interpretation, and interpretation may just be the necessary spark for change and revision. As with the foreign debt analogy, there must be a plan put in place, taking into account the current system that defines the environment that holds the conflict, as well as a systematic set of rules that take into account the means by which the international community can and will accept revision and change, and ultimately a realization that certain sacrifices will have to be made in order to successfully prosper. There are countless hurdles facing the international community in its preliminary struggles in defining the rules of cyberwarfare, but it goes without saying that steps must be taken, and taken within a legal and internationally respected posture. The United States, though early in its forward movement, has taken the proverbial “Cyberbull by the Horns,” and as Deputy Defense Secretary Lynn recently said, “We do not know the exact way in which cyber will figure in the execution of [DoD’s] mission, or the precise scenarios that will arise, but the centrality of information technology to our military operations and our society virtually guarantees that future adversaries will target our dependence on it.”8
4 Id. at 30
5 Id. at 31
6 Id. at 32