Strauss Center Scholar Presents Policy Options for Mitigating Civilian Harm in Cyber Operations
May 14, 2020 | Cybersecurity
Strauss Center’s Distinguished Scholar Michael Schmitt recently published “Wired warfare 3.0: Protecting the civilian population during cyber operations” in the International Review of the Red Cross. Schmitt raises two issues that have hobbled attempts to craft a consensus legal framework for cyber operations occurring during armed conflicts.
The first is the meaning of the term “attack,” which has always been understood to denote “an act of violence” in the cyber context. The dilemma is that non-destructive cyber operations can be exceptionally disruptive without being destructive. Some have argued these cyber operations are not “attacks” because they are not violent and therefore are not subject to the legal prohibition on “attacking civilians and civilian objects.” This result would seem to run counter to the humanitarian underpinnings of international humanitarian law (the law of armed conflict). The second issue is the need to ascertain whether data constitutes a civilian “object,” such that the prohibition on attacking civilian objects extends to alteration of deletion of civilian data. Many argue that it does not.
Schmitt offers two policy proposals for addressing these issues. He suggests that states should as a matter of policy 1) accord special protection to “‘essential civilian functions or services’ by committing to refrain from conducting cyber operations against civilian infrastructure or data that interfere with them,” and 2) commit to “refraining from conducting cyber operations to which the IHL rules governing attacks do not apply when the expected concrete negative effects on individual civilians or the civilian population are excessive relative to the concrete benefit related to the conflict that is anticipated to be gained through the operation.” Schmitt concludes by noting that while these solutions do not address the full range of challenges in this rapidly developing area, their adoption would represent a much needed step towards protecting the civilian population from the harmful and disruptive effects of wartime cyber operations. Read the full article here.