Marianthi Seitanidou (s1025094) Just War Theory – Term paper

The Internet in bello:

The applicability of Michael Walzer’s ‘jus in bello’ arguments to cyber warfare

‘’The war is taking place on three fronts. The first is physical, the second is
on the world of social networks, and the third is cyber’’ – Carmela Avner, Israel’s
chief information officer, 2012
 13

Introduction

The beginning of the new millennium saw an unprecedented technological advancement, with

the global expansion of the internet being one of its most prominent aspects, as recent studies

show that around 60% of the world’s population (4.5 billion) is now online (Internet World Stats,

March 2020). The more technology develops and the internet becomes increasingly more

important in most aspects of life (information, communication etc.), the more attempts are made

to use it for strategic and military purposes. Cyberspace is now the field in which modern

warfare is taking place, which has created new challenges for states and supranational bodies

alike. As anonymity is a fundamental aspect of cyber networks, it is particularly demanding to

uncover how individual and state information is collected, stored and used, as well as by whom.

This uncertainty in turn, has made fighting cybercrime a difficult task, and given the absence of

universal and coherent legal framework, it has raised many questions of legality, but also

morality of cyber warfare. Which acts can be classified as cyber-attacks? How is cyber warfare

comparable to conventional warfare? Would a perceive cyber-attack justify retaliation in the

form of cyber and/or conventional war? (Dipert 2010). But also, when is cyber war fought

justly? These are some of the questions we will try to explore in this paper, using the arguments

of Michael Walzer in his very influential ‘Just and Unjust Wars’ and particularly, the applicability

of ‘jus in bello’ arguments in cyber warfare. In fact, the paper is limited to ‘jus in bello’

arguments and it will not discuss ‘jus ad bellum’ (justification for going to war) aspects of cyber

warfare.
 13

I. What is cyber warfare?

Before we can examine whether Walzer’ s Just War Theory could be applied to modern day

cyber warfare, it is important to provide a definition of the term ‘cyber warfare’, in order to

understand what it actually entails and how we can apply notions of just war ethics to it. One

widely accepted definition that includes all components that make up what we know as cyber

warfare, does not currently exist in literature. Shane M. Coughlan (2003) defines cyber warfare

as ‘’symmetric or asymmetric offensive and defensive digital network activity by states or state-

like actors, encompassing danger to critical national infrastructure and military systems’’. He

highlights that ‘’it requires a high degree of interdependence between digital networks and

infrastructure on the part of the defender, and technological advances on the part of the attacker

and it can be understood as a future threat rather than a present one, and fits neatly into the

paradigm of Information Warfare.”. 1 On a similar note, a relatively recent UN Security Council

Resolution refers to cyber warfare as ‘’’the use of computers or digital means by a government

or with explicit knowledge of or approval of that government against another state, or private

property within another state including: intentional access, interception of data or damage to

digital and digitally controlled infrastructure.’’2. What is understood from the above and other

similar definitions is that cyber warfare implies the involvement of states or state actors, which

distinguishes it from cyber-crime or cyber terrorism, which refer to individual and terrorist

activities in cyberspace respectively.

1
Shane M. Coughlan (2003) “Is there a common understanding of what constitutes cyber
warfare?,” The University of Birmingham School of Politics and International Studies, p. 2
2
UN Security Council, Resolution 1113 (2011), 5 March 2011
 13

II. What can be classified as a ‘cyber-attack’?

One of the major issues that we are confronted with when discussing the ethics of cyberwar, is to

determine which acts taking place in cyber space can be considered ‘cyber-attacks’. The Tallinn

Manual (2.0 2017), one of the most commonly cited (non-binding) legal document on cyber

warfare, defines a cyber-attack, as “a cyber-operation, whether offensive or defensive, that is

reasonably expected to cause injury or death to persons or damage or destruction to objects’’. 3

The logic behind this definition corresponds with notions of conventional warfare, which focuses

on loss of life and destruction of infrastructure. However, it has been argued that this definition is

too limited, as it not only does it not include hostile activities such as ‘cyber espionage’, but it

also fails to take into consideration the very nature of cyberspace, which makes it possible that

physical injury of persons or damage of objects does not occur, even if other disruptions do take

place. Such is the case of the very popular distributed denial-of-service (DDoS) attack, which

generally refers to the attempt to make a website or network unavailable, by ‘flooding’ it with too

much ‘traffic’4, which overwhelms the servers and temporarily takes down the website or

network altogether. This type of attack is called non-intrusive as the person carrying out this

attack, is not gaining access to the software of the computer or the data stored in a network. The

second type of cyber-attack is called intrusive, as the malware accesses the systems and is able to

alter information, erase data, and transmit the virus to other computers and to other users. 5 So,

3
Schmitt, Michael N., and Luis Vihul. Tallinn manual 2.0 on the international law applicable to
cyber operations. Cambridge, United Kingdom: Cambridge University Press, 2017
4
Nazario, Jose. (2008). DDoS attack evolution. Network Security. 2008. 7-10. 10.1016/S1353-
4858(08)70086-2.
5
Rowe, J., E.J. Crusty. 2010. Deception in cyber-attacks. In Warfare and cyber terrorism, L. Janczewski
and A. Colarik. Hershey: Information Science Reference
 13

there is a vast difference in the kind of deception and the amount of harm that is caused by a

cyber-attack, which makes the application of moral arguments even harder to pinpoint.

III. Cyber warfare vs. conventional warfare

After having presented critical arguments about what cyber warfare is and which activities

constitute a cyber-attack, it is important to look at how cyber warfare compares to conventional

warfare, as it would help us identify the unique problems of cyber warfare with regards to just

war theory questions. The first difference, as we have already mentioned, is that cyber warfare is

a relatively new field of (state) conflict and as such, it has not been sufficiently discussed in

terms of comprehensive policy and ethical rules. Secondly, there is the ‘attribution’ problem.

This means, that it is extremely difficult to identify the source of a cyber-attack, and even in

cases where the location of the perpetrator is found, they can easily deny the allegations, or even

claim that the attack took indeed place within a certain geographical location, but without the

knowledge or initiation of the state actors (e.g. rogue attacker). Thirdly, cyber weapons do not

need expensive and technologically advanced components, like the ones found in nuclear and

biological weapons, which are difficult to attain and potentially leave a trace as to the identity of

the attacker. On the contrary, a cyber-attack can be carried out by anyone with advanced skills in

information systems, using a simple computer device, much like the billions of existing internet

users.6 However, cyber war does have some important similarities to conventional war, such as

6
Eric Talbot Jensen, 'Cyber Warfare and Precautions Against the Effects of Attacks' (2010) 88
Texas Law Review 1522, 1542
 13

that defense is expensive and likely ineffective, while offence is relatively cheap and easy. 7

Furthermore, the effects of both types of warfare are often long-term and have uncertain side-

effects, e.g. economic consequences etc. which are hard to take into account. The question,

however, remains: are cyber-attacks at the same level as conventional acts of aggression in

traditional war? The answer to this question is fundamental, to decide whether Just War Theory

applies to cyber warfare. Given the various types and methods of cyber-attacks, there is not a

general consensus, with some arguing that loss of life and significant destruction of infrastructure

must take place in order to consider it as such, and others including any type of intrusion with

bad intent.

IV. Just in bello standards in cyber warfare

To properly evaluate whether applicability of Walzer’s just war theory and in particular ‘jus

in bello’ is possible with regards to cyber warfare, it is important to provide a brief summary of

the core arguments of ‘jus in bello’. Jus in bello generally refers to the conduct during war and

the regulations that the conflicting parties must adhere to in order for a war to be considered just.

For Walzer, a war is fought justly when it sufficiently fulfills the three basic conditions of his jus

in bello doctrine: discrimination, proportionality and a ban on means ‘mala in se’. Before we

begin on elaborating on the content of these conditions, it is important to underline that for

Walzer, the responsibility for jus in bello falls to the actors involved in the war itself, namely the

commanders, officers and soldiers, who commit, order and control the acts of aggression and not

Eric Talbot Jensen, 'Cyber Warfare and Precautions Against the Effects of Attacks' (2010) 88

7

Texas Law Review 1522, 1542

 13

the head of states and governments, as is the case in the justification for going to war (jus ad

bellum). 

1. The first standard of jus in bello that is stressed by Walzer, is the discrimination between

legitimate and illegitimate targets. A legitimate target is one that is ‘engaged in harming’

and thus it has ‘lost their title to life and liberty’ (Walzer, 2006, 142), which non-

combatants are entitled to and which prohibits others from causing them intentional

harm. So, discrimination has to do with identifying combatants from non-combatants, as

this status grants them or denies them immunity from direct and intentional attacks

(Orend 2001). This fact is particularly trivial when discussing cyber warfare, as while

the majority of cyber-attacks do not cause death, they could cause significant harm to

individuals, without it being clear who the combatants are, or whether the attack is

targeted to non-combatants (civilians).  Unlike in conventional war, states do not have

cyber armies, but rather individual cyber warriors who can be located anywhere in the

world, and who could be contracted and thus not even obligated to be members of state

governments. For instance, is someone writing a code that is used by a government to

infiltrate another government’s security systems, considered a combatant?

Additionally, it is really hard to prove whether a cyber-attack has been used to

intentionally harm non-combatants, as the very ability to exclusively target combatants is

very challenging. That is to say that while in conventional wars, it is relatively easy to

determine whether the targets of aggression have been civilians or soldiers, in cyberspace

it is very difficult to do so, due to the fact that cyberspace is ‘’both inhabited by civilians

and the military’’8. This can be also seen in the case of the Stuxnet virus, created with the
8
Moore, Stephen (2013) "Cyber Attacks and the Beginnings of an International Cyber Treaty."
North Carolina Journal of International Law 39, no. 1 p. 239
 13

intention of targeting nuclear facilities of Iran, which ended up spreading and infecting

many operational systems worldwide. Studies9 suggest that Stuxnet was planned with

discrimination taken into account, but turned out to be impossible to control once it was

out there. Therefore, the standard of discrimination as proposed by Walzer is very

difficult to be applied to cyber warfare.

2. The condition of proportionality is closely related to the one of discrimination, as it refers

to the proportionate use of force against legitimate targets, again bringing the issue of

distinguishing between soldiers and civilians to the fore. However, proportionality is

more concerned with the outcome of a targeted attack and especially with whether the

attack that was carried out, was designed to prevent ‘excessive harm’ and "purposeless or

wanton violence". Causing harm to non-combatants as collateral damage, also falls under

the standard of proportionality, as this is only somewhat permissible in rare cases where

‘’a defeat is likely to bring disaster to a political community’’ (Walzer 2006, 268) but it

does not apply in cases where ‘only the speed and scope of victory is at stake’’. (Walzer

275). This argument is called ‘supreme emergency exception’ by Walzer, and it should

not, by any means, be used lightly to justify civilian killings. Concerning the outcomes of

conventional and cyber-attacks, these as we have already mentioned, typically differ

significantly. Cyber-attacks are usually non-fatal and non-irreparable, but even in cases

where significant human suffering or damage of infrastructure has taken place that is

done so temporarily and through indirect means, such as in the aforementioned DDos

attacks, a very popular type of cyber-attack, which cause short-term disruptions in online
9
Watts, Sean (2012) "The Notion of Combatancy in Cyber Warfare." SSRN Electronic
Journal, doi:10.2139/ssrn.2484823.
 13

networks. This is evidently not the case with conventional military operations, in which

direct loss of human life or permanent destruction are usually found. Therefore it would

be unjust for a state to cause disproportionate amount harm to defend itself than the

original attack ever caused, for instance by means of retaliation using conventional

means. This notion is found in utilitarian ethics and it is associated with the fairness in

war principles. Walzer himself is not very certain about the content of proportionality

itself and for cyber war it becomes even more complex. What is a proportionate way to

retaliate to a cyber-attack? Another cyber-attack of similar magnitude and intent? What if

the states involved are very dissimilar in size and power, so that the smaller and less

powerful state is much more affected by such an attack? Given such questions that arise,

we should analyze proportionality in cyber-attacks at a very different basis, than the one

of conventional attacks, in order for this condition to be applicable in cyberspace. 

3. A more general condition of Walzer’s jus in bello standards is the prohibition of

combatants to use means of war that "shock the moral conscience of mankind’’. This

refers to methods that are intrinsically evil within themselves (‘mala in se’), and deprive

humans of fundamental rights, such as dignity. Genocide and ethnic cleansing fall under

this category, as Walzer states that ‘’the intentional destruction, or forcible displacement

of whole peoples, is literally unbearable’’. Nuclear weapons is another plausible example

for Walzer, as any state that makes use of them, commits deliberate killings of civilian

population of tremendous scale and magnitude. It is evident therefore, that this condition

is binding into the first two standards of discrimination and proportionality, on a much

broader level. While the interconnectedness of most of the global population is a good
 13

base on which such a detrimental, large-scale cyber-attack could take place, it is hard to

imagine how cyber-attacks, at least by the current known means and technology, could

fall under this condition.

V. Conclusion

Having laid out the premises of cyber-warfare, its unique qualities compared to conventional

warfare and the identification of cyber-attacks as such, we have examined whether Michael

Walzer’s ‘jus in bello’ core arguments could be applied to cyberwar. Overall, this application is

quite challenging, mainly due to the fact that it is very hard to determine who qualifies as

combatant in cyberspace (discrimination), whether a cyber-attack is aimed at non-combatants

and even if it is possible to exclusively target combatants. Then we considered the issue of

proportionality, which is very hard to translate into the context of cyberspace, especially when

the issue of harming non-combatants as collateral damage is concerned. Lastly, we reviewed the

‘mala in se’ methods of war, which are totally intertwined with the first two conditions of

discrimination and proportionality, and we have argued that we cannot confidently deem a cyber-

attack able to pose as such a large-scale, ‘evil’ act, at least by the thus far available means.

Conclusively, the standards of Walzer’s ‘jus in bello’ cannot be entirely applied the way that they

are to cyber warfare, as they fail to take into account, the unique issues that the militarization of

cyberspace brings. Rather, they need to be adapted, in order to include more parameters of cyber

warfare, and contribute to its regulation.

 13

Bibliography

1. Boyle, A. S. (2012). Moving Towards Tallinn: Drafting the Shape of Cyber Warfare.
American Security Project.

2. Brenner, S. W., & Clarke, L. L. (2010). Civilians in Cyberwarfare: Conscripts. Vanderbilt

Journal of Transnational Law, 43, 1011-1076.

3. Duquette D. (2007) From Rights to Realism: Incoherence in Walzer's Conception

of Jus in Bello. In: Lee S.P. (eds) Intervention, Terrorism, and Torture. Springer,
Dordrecht

4. Eric Talbot Jensen, 'Cyber Warfare and Precautions Against the Effects of Attacks' (2010)

88 Texas Law Review 1522, 1542

5. Jensen, E. T. (2013). Cyber Attacks: Proportionality and Precautions in Attack.

International Law Studies, 89, 198-217. Retrieved from
https://www.usnwc.edu/getattachment/e1f7e410-9694-43ff-8d21-ee5cb30e5909/Cyber-
Attacks--Proportionality-and-Precautions-in-.aspx

6. Melzer, N. (2009). Interpretive Guidance on the Notion of Direct Participation in

Hostilities under International Humanitarian Law. Geneva: International Committee of
the Red Cross; Retrieved from
https://www.icrc.org/eng/resources/documents/publication/p0990.htm
 13

7. Moore, Stephen (2013) "Cyber Attacks and the Beginnings of an International Cyber
Treaty." North Carolina Journal of International Law 39, no. 1

8. Nazario, Jose. (2008). DDoS attack evolution. Network Security. 2008. 7-10.
10.1016/S1353-4858(08)70086-2.

9. Orend, Brian. (2001). Just and Lawful Conduct in War: Reflections on Michael Walzer.
Law and Philosophy. 20. 1-30. 10.1023/A:1006432622002.

10. Rowe, J., E.J. Crusty. 2010. Deception in cyber-attacks. In Warfare and cyber terrorism,

L. Janczewski and A. Colarik. Hershey: Information Science Reference
11. Schmitt, M. N. (2004). Direct Participation in Hostilities and 21st Century Armed
Conflict. In Fischer, H. et al . Eds., Crisis Management and Humanitarian Protection:
Festschrift fur Dieter Fleck pp. 505-529. Berlin: BWV

12. Schmitt, M. N. 2002. Wired Warfare: Computer Network Attack and jus in bello.
International Review of the Red Cross, 84846, 365-399.
https://www.icrc.org/eng/assets/files/other/365_400_schmitt.pdf
doi:10.1017/S1560775500097741

13. Schmitt, Michael N., and Luis Vihul. Tallinn manual 2.0 on the international law
applicable to cyber operations. Cambridge, United Kingdom: Cambridge University
Press, 2017

14. Shane M. Coughlan (2003) “Is there a common understanding of what constitutes cyber
warfare?,” The University of Birmingham School of Politics and International Studies

15. Should There Be an International Treaty on Cyberwarfare. (2012). Retrieved May 2020,
from http://www.usnews.com/debate-club/should-there-be-an-international-treaty-on-
cyberwarfare
 13

16. Turns, D. (2013). Cyber War and the Concept of "Attack" in International Humanitarian
Law. In Saxon, D. Ed., International Humanitarian Law and the Changing Technology of
War pp. 209-227. Leiden, Boston: Martinus Nijhoff Publishers.
doi:10.1163/9789004229495_011.

17. UN Security Council, Resolution 1113 (2011), 5 March 2011

18. Walzer, M. (2006). Just and unjust wars: A moral argument with historical illustrations.
New York: Basic Books.

19. Watts, Sean (2012) "The Notion of Combatancy in Cyber Warfare." SSRN Electronic
Journal, doi:10.2139/ssrn.2484823.

20. Woltag, J. (2010), Cyber Warfare. Max Planck Encyclopedia of Public International Law.
Retrieved from
http://opil.ouplaw.com.proxy.indylaw.indiana.edu/view/10.1093/law:epil/978019923690/
law-9780199231690-e280?rskey=JEVkjI&result=1&prd=EPIL