Cyber Warfare

Computer Network Attacks (CNA), commonly referred to as cyber warfare is another development that pose challenges to the principle of distinction. This section will begin with a brief introduction to the concept of cyber warfare and how cyber-attacks are generally

697P Alston “The CIA and Targeted Killings Beyond Borders” (2011) 2 Harvard National Security Journal 441. 126

carried out. This discussion will be general and limited, as I do not have the expertise in the field of computer science. The discussion is intended to set a foundation for discussing how cyber warfare relates to the principle of distinction. The chapter will then move on to discuss how cyber warfare interact with the laws of armed conflict, particularly the principle of distinction. Questions that need to be answered are firstly, whether IHL regulates cyber warfare at all, secondly, what constitutes an attack under cyber warfare, thirdly, the relationship between cyber-attacks and the concept of direct participation in hostilities. This discussion will pave way for the main discussion of the challenges of applying the principle of distinction to cyber warfare.

4.5.1 Cyber Warfare: Background

In the modern world, many everyday activities are performed using computer system and the internet. For example, computers control communications, power systems, sewage regulation, health care systems, economic activities such as banking among other things.698 Computers and the internet are also used for military purposes. As Antolin-Jenkins puts it, the internet “provides universal interconnectivity of computer networks without distinction between civilian and military uses”.699 Given the dual purpose that computers and the internet serve, there is need for harmonious use by civilians and the military and any attempt to disrupt the use of internet for one purpose will affect the other. This raises concerns regarding whether it is practically possible for cyber warfare to comply with the principle of distinction. Cyber warfare came into the limelight recently as a result of the “highly publicized cyber-attacks against Georgia, Estonia and Iran”.700 These developments raised questions regarding the application of international law. This section will explore the application of the principle of distinction to cyber warfare.701

698J T G Kelsey “Hacking into International Humanitarian Law: The Principles o f Distinction and Neutrality in the Age o f Cyber Warfare” (2008) 106 (7) Michigan Law Review 1427 at 1432.

699V M Antolin-Jenkins “Defining the Parameters o f Cyber War Operations: Looking for Law in All the Wrong Places?” (2005) 51 Naval Law Review 132 at 137.

700E Crawford Identifying the Enemy: Civilian Participation in Armed Conflict 138. It is important to note that strictly speaking, the Estonia and Iran attacks have not been dealt with as cases o f cyber warfare.

701 See R Wedgwood “Proportionality, Cyberwar and the Law o f War” (2000) 76 International Law Studies 219. 127

4.5.2 The Concept of Cyber Attacks

Ottis defines cyber-attacks as “the malicious use of information systems in order to influence the information, systems, processes, actions or decisions of the target without their consent”.702 Cyber-attacks are divided into two groups, which are Computer Network Attacks (CNA) and Computer Network Exploitation (CNE). CNAs are “operations to disrupt, deny, degrade or destroy information resident in computer networks, or the computer and networks themselves”.703 On the other hand, CNE is the “ability to gain access to information hosted on information systems and the ability to make use of the system itself’.704 Cyber warfare has been classified as a subset of what is commonly known as information operations/warfare and this involves the “employment of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt or usurp the decision-making of adversaries and potential adversaries while protecting our own”.705

Cyber warfare covers a wide range of hostile techniques that cannot be fully discussed in this study.706 Several ‘weapons’ are used to execute cyber-attacks.707 These include denial of service (DoS), in which the target computer is flooded with a “large amount of legitimate traffic to the effect of rendering it inaccessible to other users”.708 These types of attacks result in disruption and inconveniences and have not caused known physical harm to persons or property.709 Where DoS attacks are conducted using numerous computer systems, “they are referred to as distributed denial of service attacks” (DDoS).710 DDoS were used in the 2007 attacks on Estonia where pro-Russian messages encouraged readers to download software to allow their own computers to participate in the attacks against Estonian websites.711 DDoS were also used to bombard Georgian government websites during the brief Georgian-Russian

702R Ottis “On Definitions: Conflicts in Cyberspace”. 14 July http://conflictsincyberspace.blogspot.co.za/ (accessed 1 April 2016).

703E Crawford Identifying the Enemy: Civilian Participation in Armed Conflict 139.

704Ibid.

705US Joint Chiefs o f Staff, Joint Publication 1-02 Department o f Defense Dictionary o f Military and Associated Terms, 8 November 2010 (as amended to 15 January) see page 140.

706Crawford Identifying the Enemy: Civilian Participation in Armed Conflict 140. 707Ibid.

708P Shakarian et al, Introduction to Cyber-Warfare: A Multi-Disciplinary Approach (2013) 12-13 709E Crawford Identifying the Enemy: Civilian Participation in Armed Conflict 140.

710Ibid.

711J Davis “Hackers Take Down the Most Wired Country in Europe” Wired Business http://www.wired.com/2007/08/ff-estonia/ (accessed 18 July 2016).

conflict in 2008.712 Other sophisticated weapons that can also be used in cyber-attacks are called logical weapons.713 These are used in conducting reconnaissance of vulnerable opponent networks and attacking the targets found.714 This will result in the information being retrieved from the targeted networks or “the targeted network being disrupted to render it inoperative or defective”.715 Logical weapons can also cause damage to systems and hardware dependent on the software being attacked.716 An example of a cyber-attack using logical weapons is the attack on Iranian nuclear facility at Natanz in 2010.717 In this incident, the “Stuxnet worm was inserted into the closed network of the nuclear facility with the intention of disrupting the network through malware”.718 The attack caused the “IR-1 centrifuges used for enriching uranium to spin at higher or lower frequencies and consequently causing mechanical damage to some centrifuges and sub-optimal performance of other centrifuges”.719 Crawford points out that while weapons such as DoS are easily accessible, logical weapons are more complex and therefore are likely to be only available to states that can invest more time in the production of such weapons.720 However, the scope of cyber-attacks is “extensive and whichever definition is used, cyber-warfare encompasses a range of actions which are available to military planners”.721