This article has been written by Mr. P. Rohit a 3rd year student of Damodaram Sanjivayya National Law University, Visakhapatnam.
ABSTRACT
Cyberwarfare is primarily an online battle that involves attacks on information and information systems with political motivations. Cyberattacks have the ability to take down official websites and networks, interfere with or stop necessary services, steal or change classified information, and seriously impair financial systems.
One of the biggest risks to national security and the economy today is cyber security. There are significant challenges and many unanswered questions when attempting to apply the previously established general norms and principles to the new world of cyberspace. While some of these issues can be settled by applying traditional treaty interpretation, others call for an international community of nations to agree on a single course of action.
Nonetheless, there is already a great deal of potential for human tragedy, and this will probably get worse as our reliance on computer-controlled systems to get by grows. Therefore, it is even more crucial that governments understand their moral and legal commitments to future generations as well as their legal duty to determine if new weapons and tactics used in cyberwarfare would be compliant with current IHL.
INTRODUCTION
States, non-state groups, corporations, academic institutions, and individuals have all become more intertwined and dependent on one another today than was ever thought possible. The military’s reliance on networks and computer systems has grown rapidly at the same time, creating a “New” Warfield in addition to the previously acknowledged ones.
How far may current international law be applied to the cyberspace? Given the unique features of the technology in question, there may be challenges when attempting to apply established legal principles, conceptions, and language to a novel technology.
This article’s scope will be restricted to identifying problems and contextualizing them.
More precisely, it can be described as the deliberate use of harmful activities, or the threat of activities, against computers and networks, with the aim to harm or further political, social, or related purposes, or to intimidate any individual in furtherance of the same.
In cyberwarfare, figuring out who is really behind the scenes is a major difficulty. Due to the difficulty in determining the attacker’s nationality, efforts to enforce legal responsibilities may be made more difficult. This makes it difficult for organizations or individuals from the affected nation to file a complaint against the responsible nation in international forums.
It is important to recognize the seriousness of the risks. Cyberattacks have the power to “disable companies” and “bring whole nations to their knees.” Even if carrying out a cyberattack is not expensive, there may be substantial financial repercussions.
Both nation-states and non-state actors can misuse the data that is shared online for malicious ends. The time is not far off when terrorists will launch significant cyberattacks on their own. Working globally to guarantee cyber security and stop cyberwarfare and cybercrime requires a shared vision.
OBLIGATIONS OF NATION STATES UNDER THE UN CHARTER
Sovereignty: Among other things, state sovereignty means that a state has the authority to control, police, and decide (have jurisdiction) over individuals using its territory for cyber activities as well as cyber infrastructure. A State’s political independence is guaranteed by its sovereignty. Within the parameters of international law, a State has the sole right to exercise its authority within its borders. This includes safeguarding cyberspace, the participants in it, and its cyberinfrastructures from interferences, both cyber and non-cyber, that come from other States. A breach of territorial sovereignty will seem very likely if functional impairments have significant secondary repercussions within the territory of the victim State and if a sufficient relationship to the cyber activity can be inferred.
Prohibition of wrongful intervention: it is like the principle of sovereignty; this principle prohibits interference by other states and non-state parties from the internal matters of any other independent state. The International Court ruled in its Nicaragua decision that use of force either directly through military action or indirectly within another State defines and constitutes the fundamental component of prohibited intervention. This is especially evident when an intervention involves coercion. Malicious cyber activity may sometimes equate to the use of force, either directly or indirectly.
Prohibition of the use of force: Cyber activities, can in extreme cases come within the ban on using force and so be considered a violation of UN Charter. The requirements of the Charter “apply to any use of force, regardless of the weapons employed,” according to the ICJ’s Nuclear Weapons guidelines. Determining whether a cyber activity has overreached the limits of an unlawful use of force is a decision that shall be made on an individual basis. Some examples of qualitative factors that may be considered during the evaluation process are the extent of the cyberattack’s disruption of a foreign cyber infrastructure, the intensity of its interference, its immediate effects, and its level of organization and coordination.
APPLICABILITY OF IHL IN THE CYBER CONTEXT
Cyberspace operations are subject to IHL when there is an armed conflict. The operation of hostilities is subject to IHL even though it was not recognized as a realm at the time the IHL’s fundamental treaties were drafted. Armed conflict between nations is a necessary condition for the applicability of IHL. This could also include conflicts that are carried out entirely or in part online.
The cyber operation must have a sufficient connection to the conflict, must be carried out by one of the parties to the war against its adversary and support its endeavours to be covered by IHL.
The same basic principles that govern the conduct of hostilities apply to cyberattacks in both international and non-international conflicts. These principles include distinction, taking safeguards during an attack, and forbidding unnecessary suffering and unnecessary injury.
States are required under the principle of distinction to distinguish between military and civilian goods. A computer, computer networks, cyber infrastructure, or even data stores utilized for both military and civilian purposes could be targeted by the military. As a result, citizens operating in cyberspace are deemed directly implicated in hostilities and are no longer safe. In situations where there is uncertainty, a thorough analysis may be required to determine whether a civilian computer is contributing to military operations.
Comparing cyber operations to more conventional, or physical, means or tactics of warfare can make it even more difficult to assess collateral damage, unintentional harm, or loss of life when performing a proportionality analysis. This does not, however, absolve those organizing and planning assaults from considering their anticipated direct and indirect consequences.
ATTRIBUTION (Nationality/Origin of Cyber-attacks)
As part of holding States accountable for wrongdoing and recording norm violations in cyberspace, attributing a cyber incident is crucial. Additionally, it is necessary for some kinds of responsive action. Cyber activities carried out by government agencies are the responsibility of the relevant State. The same holds true for people that have been allowed by a state to act officially the fact that an entity operating officially goes beyond what is authorized or against orders does not negate attribution. A State bears responsibility for cyber actions carried out by non-State entities under its direction.
Although countries must exercise a sufficient level of control, it is not necessary for it to possess comprehensive knowledge of or control over every component of the cyber activity, particularly those pertaining to technology. An in-depth analysis of each case’s unique circumstances is required to create an attributional link. It is important to distinguish attribution in the framework of State accountability from politically placing blame on States or non-State elements: These kinds of declarations are often issued at the option of each State and are an expression of that State’s independence.
It should be kept in mind, though, that extra or requirements are typically applicable for establishing State responsibility for individually attributed conduct, and grounds of attribution under international law do not always match to those under municipal law
INTERNATIONAL MECHANISMS TO REGULATE THE CYBER-SPACE
The United Nations has a dedicated organization called the International Telecommunication Union, which oversees developing standards and policies related to cyber security and telecommunications.
The Budapest Convention on Cybercrime is an international agreement that aims to combat cybercrime, or crime involving computers and the Internet, by coordinating national legislation, enhancing investigative methods, and fostering international collaboration. It became operative in July of 2004.
The Internet Governance Forum unites government, business participants in the discussion of Internet governance.
The non-profit Internet Corporation for Assigned Names and Numbers oversees organizing the maintenance and protocols pertaining to the Internet’s spaces, guaranteeing the network’s steady and safe functioning.
MEASURES OF RESPONSE: Retaliatory actions can be taken by a State in response to a cyberattack against it. Retorsions are hostile actions taken against the interests of another State that do not violate any international legal duties owed to that State. Retaliatory actions might be taken in response to hostile cyberattacks carried out by another nation. They can be implemented in response to an illegal cyber operation along with other forms of defence, like countermeasures, as part of a State’s all-encompassing, multifaceted defence against hostile cyberattacks on its territory.
The law of countermeasures permits a State to respond, in some situations, to cyber related breaches of its obligations to another State by enacting actions that, in turn, violate its own legal duties to that other State. If cyber reconnaissance activities meet the criteria for countermeasures, a state may use them to investigate countermeasure possibilities and evaluate the possible danger of side consequences.
LEGAL RESPONSIBILITIES OF DIRECTLY AFFECTED STATES
A state has obligations to both people who reside on its territory and its own citizens. These obligations are ingrained in international humanitarian law, human rights legislation, and the basic concept of sovereignty. It may be more difficult for citizens to exercise fundamental rights like the right to privacy, movement, association, and even life itself if a state fails to protect its computer networks appropriately or to promptly, effectively, and adequately repair any harm done to these systems.
Cybersecurity incidents that affect one nation’s network component’s security or functionality may have significant knock-on effects on other network components’ security or functionality, as well as the security or functionality of other networks that are connected to or otherwise related to it. These effects may have an indirect or direct impact on non-state actors or other states.
It is commonly known that no state may use its territory or allow others to use it in a way that endangers another state’s territory, its people, or their properties. Therefore, addressing the risks and difficulties associated with cybersecurity breaches should fall partially on the shoulders of the states that are directly impacted by them. There are multiple layers to their culpability, which in no way lessens that of the governments or non-state actors who first created the threat.
CONCLUSION
All states must invest money, technology, intelligence, and human resources to lower their vulnerability to cybersecurity incidents; additionally, they must invest in and strengthen their capacities to recognize, evaluate, prioritize, and disrupt threats as soon as possible in order to effectively deal with cybersecurity harms.
A nation must promptly secure its computing environment using the most up-to-date tools, patches, upgrades, and tried-and-true techniques. To safeguard banks and other financial institutions, governments urgently need to establish strict cyber security standards and cultivate fundamental capabilities in the domains of data integrity and cyber security.
It is imperative that all States develop shared understandings of what constitutes illegal activity in cyberspace and go beyond talks of abstract ideas. To hold the wrongdoing state accountable for its attacks in the affected state’s Cyber Realm, it becomes challenging to attribute the attackers’ nationality due to the absence of clear and concise rules and regulations aimed at controlling malicious cyberattacks.
The harmed nations can only seek justice before international authorities such as the International Court of Justice (ICJ) and hold the offending state accountable for its conduct when laws are enacted at the international level.
References:
This article was originally written by Nils Melzer published on unidir website. The link for the same is herein. https://unidir.org/files/publication/pdfs/cyberwarfare-and-international-law-382.pdf
This article was originally written by Neelam Sethi published on Lok Sabha Docs website. The link for the same is. https://loksabhadocs.nic.in/Refinput/New_Reference_Notes/English/Cyber_Warfare_and_National_Security_Challenges.pdf
This article was originally written by Oren Gross published on Cornell website. The link for the same is herein. https://ww3.lawschool.cornell.edu/research/ILJ/upload/Gross-final.pdf
This article was originally written by Adam Smith published on Government of Canada’s website. The link for the same is herein. https://www.international.gc.ca/world-monde/issues_developmentenjeux_developpement/peace_securitypaix_securite/cyberspace_law-cyberespace_droit.aspx?lang=eng#a8.
This article was originally written by The German Government published on Government of Germany’s website. The link for the same is herein. https://www.auswaertiges-amt.de/blob/2446304/32e7b2498e10b74fb17204c54665bdf0/on-the-application-of-international-law-in-cyberspace-data.pdf.
This article was originally written by Drishti IAS published in Drishti website. The link for the same is herein. https://www.drishtiias.com/to-the-points/paper3/cyber-security
This article was originally written by Bruce Schneier published on United Nations website. The link for the same is herein. https://www.un.org/en/chronicle/article/cyberconflicts-and-national-security
This article was originally written by Scott J. SHACKELFORD published on Cambridge university website. The link for the same is herein. https://ccdcoe.org/uploads/2018/10/Shackelford-State-Responsibility-for-Cyber-Attacks-Competing-Standards-for-a-Growing-Problem.pdf
This article was originally written by Yuchong Li published in Science Direct website. The link for the same is herein. https://www.sciencedirect.com/science/article/pii/S2352484721007289.