Professional Documents
Culture Documents
‘’The war is taking place on three fronts. The first is physical, the second is
on the world of social networks, and the third is cyber’’ – Carmela Avner, Israel’s
chief information officer, 2012
13
Introduction
The beginning of the new millennium saw an unprecedented technological advancement, with
the global expansion of the internet being one of its most prominent aspects, as recent studies
show that around 60% of the world’s population (4.5 billion) is now online (Internet World Stats,
March 2020). The more technology develops and the internet becomes increasingly more
important in most aspects of life (information, communication etc.), the more attempts are made
to use it for strategic and military purposes. Cyberspace is now the field in which modern
warfare is taking place, which has created new challenges for states and supranational bodies
uncover how individual and state information is collected, stored and used, as well as by whom.
This uncertainty in turn, has made fighting cybercrime a difficult task, and given the absence of
universal and coherent legal framework, it has raised many questions of legality, but also
morality of cyber warfare. Which acts can be classified as cyber-attacks? How is cyber warfare
form of cyber and/or conventional war? (Dipert 2010). But also, when is cyber war fought
justly? These are some of the questions we will try to explore in this paper, using the arguments
of Michael Walzer in his very influential ‘Just and Unjust Wars’ and particularly, the applicability
of ‘jus in bello’ arguments in cyber warfare. In fact, the paper is limited to ‘jus in bello’
arguments and it will not discuss ‘jus ad bellum’ (justification for going to war) aspects of cyber
warfare.
13
Before we can examine whether Walzer’ s Just War Theory could be applied to modern day
cyber warfare, it is important to provide a definition of the term ‘cyber warfare’, in order to
understand what it actually entails and how we can apply notions of just war ethics to it. One
widely accepted definition that includes all components that make up what we know as cyber
warfare, does not currently exist in literature. Shane M. Coughlan (2003) defines cyber warfare
as ‘’symmetric or asymmetric offensive and defensive digital network activity by states or state-
like actors, encompassing danger to critical national infrastructure and military systems’’. He
highlights that ‘’it requires a high degree of interdependence between digital networks and
infrastructure on the part of the defender, and technological advances on the part of the attacker
and it can be understood as a future threat rather than a present one, and fits neatly into the
Resolution refers to cyber warfare as ‘’’the use of computers or digital means by a government
or with explicit knowledge of or approval of that government against another state, or private
property within another state including: intentional access, interception of data or damage to
digital and digitally controlled infrastructure.’’2. What is understood from the above and other
similar definitions is that cyber warfare implies the involvement of states or state actors, which
distinguishes it from cyber-crime or cyber terrorism, which refer to individual and terrorist
1
Shane M. Coughlan (2003) “Is there a common understanding of what constitutes cyber
warfare?,” The University of Birmingham School of Politics and International Studies, p. 2
2
UN Security Council, Resolution 1113 (2011), 5 March 2011
13
One of the major issues that we are confronted with when discussing the ethics of cyberwar, is to
determine which acts taking place in cyber space can be considered ‘cyber-attacks’. The Tallinn
Manual (2.0 2017), one of the most commonly cited (non-binding) legal document on cyber
The logic behind this definition corresponds with notions of conventional warfare, which focuses
on loss of life and destruction of infrastructure. However, it has been argued that this definition is
too limited, as it not only does it not include hostile activities such as ‘cyber espionage’, but it
also fails to take into consideration the very nature of cyberspace, which makes it possible that
physical injury of persons or damage of objects does not occur, even if other disruptions do take
place. Such is the case of the very popular distributed denial-of-service (DDoS) attack, which
generally refers to the attempt to make a website or network unavailable, by ‘flooding’ it with too
much ‘traffic’4, which overwhelms the servers and temporarily takes down the website or
network altogether. This type of attack is called non-intrusive as the person carrying out this
attack, is not gaining access to the software of the computer or the data stored in a network. The
second type of cyber-attack is called intrusive, as the malware accesses the systems and is able to
alter information, erase data, and transmit the virus to other computers and to other users. 5 So,
3
Schmitt, Michael N., and Luis Vihul. Tallinn manual 2.0 on the international law applicable to
cyber operations. Cambridge, United Kingdom: Cambridge University Press, 2017
4
Nazario, Jose. (2008). DDoS attack evolution. Network Security. 2008. 7-10. 10.1016/S1353-
4858(08)70086-2.
5
Rowe, J., E.J. Crusty. 2010. Deception in cyber-attacks. In Warfare and cyber terrorism, L. Janczewski
and A. Colarik. Hershey: Information Science Reference
13
there is a vast difference in the kind of deception and the amount of harm that is caused by a
cyber-attack, which makes the application of moral arguments even harder to pinpoint.
After having presented critical arguments about what cyber warfare is and which activities
warfare, as it would help us identify the unique problems of cyber warfare with regards to just
war theory questions. The first difference, as we have already mentioned, is that cyber warfare is
a relatively new field of (state) conflict and as such, it has not been sufficiently discussed in
terms of comprehensive policy and ethical rules. Secondly, there is the ‘attribution’ problem.
This means, that it is extremely difficult to identify the source of a cyber-attack, and even in
cases where the location of the perpetrator is found, they can easily deny the allegations, or even
claim that the attack took indeed place within a certain geographical location, but without the
knowledge or initiation of the state actors (e.g. rogue attacker). Thirdly, cyber weapons do not
need expensive and technologically advanced components, like the ones found in nuclear and
biological weapons, which are difficult to attain and potentially leave a trace as to the identity of
the attacker. On the contrary, a cyber-attack can be carried out by anyone with advanced skills in
information systems, using a simple computer device, much like the billions of existing internet
users.6 However, cyber war does have some important similarities to conventional war, such as
6
Eric Talbot Jensen, 'Cyber Warfare and Precautions Against the Effects of Attacks' (2010) 88
Texas Law Review 1522, 1542
13
that defense is expensive and likely ineffective, while offence is relatively cheap and easy. 7
Furthermore, the effects of both types of warfare are often long-term and have uncertain side-
effects, e.g. economic consequences etc. which are hard to take into account. The question,
however, remains: are cyber-attacks at the same level as conventional acts of aggression in
traditional war? The answer to this question is fundamental, to decide whether Just War Theory
applies to cyber warfare. Given the various types and methods of cyber-attacks, there is not a
general consensus, with some arguing that loss of life and significant destruction of infrastructure
must take place in order to consider it as such, and others including any type of intrusion with
bad intent.
To properly evaluate whether applicability of Walzer’s just war theory and in particular ‘jus
in bello’ is possible with regards to cyber warfare, it is important to provide a brief summary of
the core arguments of ‘jus in bello’. Jus in bello generally refers to the conduct during war and
the regulations that the conflicting parties must adhere to in order for a war to be considered just.
For Walzer, a war is fought justly when it sufficiently fulfills the three basic conditions of his jus
in bello doctrine: discrimination, proportionality and a ban on means ‘mala in se’. Before we
begin on elaborating on the content of these conditions, it is important to underline that for
Walzer, the responsibility for jus in bello falls to the actors involved in the war itself, namely the
commanders, officers and soldiers, who commit, order and control the acts of aggression and not
the head of states and governments, as is the case in the justification for going to war (jus ad
bellum).
1. The first standard of jus in bello that is stressed by Walzer, is the discrimination between
legitimate and illegitimate targets. A legitimate target is one that is ‘engaged in harming’
and thus it has ‘lost their title to life and liberty’ (Walzer, 2006, 142), which non-
combatants are entitled to and which prohibits others from causing them intentional
this status grants them or denies them immunity from direct and intentional attacks
(Orend 2001). This fact is particularly trivial when discussing cyber warfare, as while
the majority of cyber-attacks do not cause death, they could cause significant harm to
individuals, without it being clear who the combatants are, or whether the attack is
cyber armies, but rather individual cyber warriors who can be located anywhere in the
world, and who could be contracted and thus not even obligated to be members of state
very challenging. That is to say that while in conventional wars, it is relatively easy to
determine whether the targets of aggression have been civilians or soldiers, in cyberspace
it is very difficult to do so, due to the fact that cyberspace is ‘’both inhabited by civilians
and the military’’8. This can be also seen in the case of the Stuxnet virus, created with the
8
Moore, Stephen (2013) "Cyber Attacks and the Beginnings of an International Cyber Treaty."
North Carolina Journal of International Law 39, no. 1 p. 239
13
intention of targeting nuclear facilities of Iran, which ended up spreading and infecting
many operational systems worldwide. Studies9 suggest that Stuxnet was planned with
discrimination taken into account, but turned out to be impossible to control once it was
to the proportionate use of force against legitimate targets, again bringing the issue of
more concerned with the outcome of a targeted attack and especially with whether the
attack that was carried out, was designed to prevent ‘excessive harm’ and "purposeless or
wanton violence". Causing harm to non-combatants as collateral damage, also falls under
the standard of proportionality, as this is only somewhat permissible in rare cases where
‘’a defeat is likely to bring disaster to a political community’’ (Walzer 2006, 268) but it
does not apply in cases where ‘only the speed and scope of victory is at stake’’. (Walzer
275). This argument is called ‘supreme emergency exception’ by Walzer, and it should
not, by any means, be used lightly to justify civilian killings. Concerning the outcomes of
significantly. Cyber-attacks are usually non-fatal and non-irreparable, but even in cases
where significant human suffering or damage of infrastructure has taken place that is
done so temporarily and through indirect means, such as in the aforementioned DDos
attacks, a very popular type of cyber-attack, which cause short-term disruptions in online
9
Watts, Sean (2012) "The Notion of Combatancy in Cyber Warfare." SSRN Electronic
Journal, doi:10.2139/ssrn.2484823.
13
networks. This is evidently not the case with conventional military operations, in which
direct loss of human life or permanent destruction are usually found. Therefore it would
be unjust for a state to cause disproportionate amount harm to defend itself than the
original attack ever caused, for instance by means of retaliation using conventional
means. This notion is found in utilitarian ethics and it is associated with the fairness in
war principles. Walzer himself is not very certain about the content of proportionality
itself and for cyber war it becomes even more complex. What is a proportionate way to
the states involved are very dissimilar in size and power, so that the smaller and less
powerful state is much more affected by such an attack? Given such questions that arise,
we should analyze proportionality in cyber-attacks at a very different basis, than the one
combatants to use means of war that "shock the moral conscience of mankind’’. This
refers to methods that are intrinsically evil within themselves (‘mala in se’), and deprive
humans of fundamental rights, such as dignity. Genocide and ethnic cleansing fall under
this category, as Walzer states that ‘’the intentional destruction, or forcible displacement
for Walzer, as any state that makes use of them, commits deliberate killings of civilian
population of tremendous scale and magnitude. It is evident therefore, that this condition
is binding into the first two standards of discrimination and proportionality, on a much
broader level. While the interconnectedness of most of the global population is a good
13
base on which such a detrimental, large-scale cyber-attack could take place, it is hard to
imagine how cyber-attacks, at least by the current known means and technology, could
V. Conclusion
Having laid out the premises of cyber-warfare, its unique qualities compared to conventional
warfare and the identification of cyber-attacks as such, we have examined whether Michael
Walzer’s ‘jus in bello’ core arguments could be applied to cyberwar. Overall, this application is
quite challenging, mainly due to the fact that it is very hard to determine who qualifies as
and even if it is possible to exclusively target combatants. Then we considered the issue of
proportionality, which is very hard to translate into the context of cyberspace, especially when
the issue of harming non-combatants as collateral damage is concerned. Lastly, we reviewed the
‘mala in se’ methods of war, which are totally intertwined with the first two conditions of
discrimination and proportionality, and we have argued that we cannot confidently deem a cyber-
attack able to pose as such a large-scale, ‘evil’ act, at least by the thus far available means.
Conclusively, the standards of Walzer’s ‘jus in bello’ cannot be entirely applied the way that they
are to cyber warfare, as they fail to take into account, the unique issues that the militarization of
cyberspace brings. Rather, they need to be adapted, in order to include more parameters of cyber
Bibliography
1. Boyle, A. S. (2012). Moving Towards Tallinn: Drafting the Shape of Cyber Warfare.
American Security Project.
7. Moore, Stephen (2013) "Cyber Attacks and the Beginnings of an International Cyber
Treaty." North Carolina Journal of International Law 39, no. 1
8. Nazario, Jose. (2008). DDoS attack evolution. Network Security. 2008. 7-10.
10.1016/S1353-4858(08)70086-2.
9. Orend, Brian. (2001). Just and Lawful Conduct in War: Reflections on Michael Walzer.
Law and Philosophy. 20. 1-30. 10.1023/A:1006432622002.
12. Schmitt, M. N. 2002. Wired Warfare: Computer Network Attack and jus in bello.
International Review of the Red Cross, 84846, 365-399.
https://www.icrc.org/eng/assets/files/other/365_400_schmitt.pdf
doi:10.1017/S1560775500097741
13. Schmitt, Michael N., and Luis Vihul. Tallinn manual 2.0 on the international law
applicable to cyber operations. Cambridge, United Kingdom: Cambridge University
Press, 2017
14. Shane M. Coughlan (2003) “Is there a common understanding of what constitutes cyber
warfare?,” The University of Birmingham School of Politics and International Studies
15. Should There Be an International Treaty on Cyberwarfare. (2012). Retrieved May 2020,
from http://www.usnews.com/debate-club/should-there-be-an-international-treaty-on-
cyberwarfare
13
16. Turns, D. (2013). Cyber War and the Concept of "Attack" in International Humanitarian
Law. In Saxon, D. Ed., International Humanitarian Law and the Changing Technology of
War pp. 209-227. Leiden, Boston: Martinus Nijhoff Publishers.
doi:10.1163/9789004229495_011.
18. Walzer, M. (2006). Just and unjust wars: A moral argument with historical illustrations.
New York: Basic Books.
19. Watts, Sean (2012) "The Notion of Combatancy in Cyber Warfare." SSRN Electronic
Journal, doi:10.2139/ssrn.2484823.
20. Woltag, J. (2010), Cyber Warfare. Max Planck Encyclopedia of Public International Law.
Retrieved from
http://opil.ouplaw.com.proxy.indylaw.indiana.edu/view/10.1093/law:epil/978019923690/
law-9780199231690-e280?rskey=JEVkjI&result=1&prd=EPIL