The multitude of advances in technology have redefined the concept of warfare from one that followed a prescribed set of rules, including under which circumstances a war could be waged and identifying the responsible parties, to one that is much more challenging to clearly define. As cyber attacks against critical infrastructure, financial institutions, military networks, etc. continue to evolve and become more sophisticated, questions are arising as to what the rules of engagement are as it pertains to launching a cyber war.
In an essay entitled “Is It Possible to Wage a Just Cyberwar?” the authors explore the ways in which the digital evolution is changing how wars are fought and the traditionally accepted “laws of war.” As it pertains to the justification of waging a war, historically war was a defense to aggression, which generally meant that human lives were “directly in jeopardy.” Using this rationale for launching a cyber attack is not as clear, as technically “the disruption of a computer system or infrastructure” does not appear to directly cause the loss of human life. However, it could be argued that cyber attacks may indirectly target human lives if the attack were to prevent “society from meeting basic human needs like providing food.” A second area explored in the essay involves proportionality, i.e., “the idea that it would be wrong to cause more harm in defending against an attack than the harm of the attack in the first place.” While a cyber attack may have been intended for a specific target, the potential exists for certain cyber attacks to get out of control and do more harm than expected. It can also be difficult to fully assess the amount of damage caused by a cyber attack, which could then hinder a lasting peace, or the “reversal of a cyber attack after hostilities have ceased.” There is also the law of attribution, which “requires combatants be identifiable to clarify which targets are legitimate.” The application of attribution in a cyber conflict could pose a significant challenge as it is “very easy to mask the identities” of those responsible for launching an attack.
Cyber attacks can behave in many ways, including infiltration, subtle disruptors, and precision strike capabilities – all of which are appealing to both individuals and groups, as innovations in technology enables them to anonymously launch a variety of attacks from anywhere in the world. Recognizing the shift from conventional, physical warfare to wars being waged in cyber space, The Mariner Group believes that the same, or a greater, level of emphasis must be applied to managing the cyber domain as has been applied to securing our nation physically. Over time, our cyber boundaries are no less important than physical barriers, borders or boundaries. Intentional detection, scenario modeling, resource management, coordinated effective response, collaboration, and post-mortem analysis are all vital to the cyber defense of our national interests.