The U.S pentagon recently drafted a proposal to declare cyber warfare as an act of war. Cynics may consider this a tad hypocritical considering that they collaborated with Israel to launch the stuxnet virus that shut down Iranian nuclear reactors- they get points for brass balls certainly-but I’m not here to dwell on hypocrisy and cynicism.
I’m more interested in the legal and practical applications because-let’s face it- this is going to become a common position in the years to come.
A very 21st century crime.It’s not ridiculous to see how sustained and damaging cyber attacks could be considered an act of war.
In the olden days, back when you could settle your scores with a Kalashnikov and a crazed war cry, it was pretty easy to tell what an act of war was.
There would be a violent event, lots of shooting and casualties and with the warring party usually determined to inflict maximum physical damage on your troops or on your land.
Sometimes your opponent would make it even easier for everyone by explicitly declaring war on you. It was a lot more tangible, and it was usually pretty clear who exactly your opponent was.
Cyberwar might be low on the guns-and-bombs side, but it’s hard to argue that it can also cause untold damage.
With many governments relying heavily on their digital resources just to keep civilization up and running, a cyber attack could shut down power plants, take down communications and disrupt a Country in countless ways. The damage could be extensive and the financial cost would be heavy as well. And such an action is explicitly hostile.
But even if we concede that cyberwarfare could be declared an act of war, there are still several complications.
For one, it’s usually pretty difficult to figure out who exactly is attacking you. Just figuring out the Country of origin of the attacks couldn’t be conclusive as sophisticated hackers could easily hijack servers of another Country.
And finding the culprit might cause some inconvenient problems. Not many Countries have the capacity to carry out a truly effective cyber warfare, and they tend to be Nations that neither the United States nor anyone else would want to go with- the likes of Russia and China for example.
And how much cyber warfare would count as an act of war anyway? It’s a bit easier to imagine what wouldn’t count in this context.
Sending a barrage of spam mail-even if coordinated- for example wouldn’t be an act of war, even though it would be extremely disruptive.
An attack that poses a direct threat to national security and public order-shutting down telecommunications for example- could count as an act of war.
There would either have to be widespread damage or specific damage that affects a critical part of a Country’s security or public order infrastructure.
And how much coordination would count as an act of war anyway?
If several individual agents commit cyber attacks without coordinating these efforts, how will this be judged?
And if the Country of origin disavows the actions of the attackers- as is likely- then how can the attacked Country prove that those attacks were state-sanctioned?
And once an act of war has been identified and publicly declared, what should the response from the affected Country be?
Sending in the planes to bomb the bejeezus out of the guilty party or hitting back with cyber warfare of your own would be mainly targeting those who have nothing to do with the initial act of war.
We have got to a point in our history where wars can be launched by single young men sitting in their parents basements in their pajamas. At the risk of sounding glib, there’s an element of comedy to that.