The Author, Dewan Alif Ovi is a 4th year student at Department of Law and Human Rights, University of Asia Pacific
Dhaka, Bangladesh.
The exercise of cyber operations during armed strife is a fact. While a couple of States have freely recognized practicing such operations, an expanding number of nations are thriving military cyber capacities, and their utilization is probably going to upturn in the future.[1] Military cyber operations can be implying as those cyber activities which a tactical element of country-state plans and conducts to accomplishing key, operational, or strategic gain. This means the military cyber operation is an entity instead of an impact subordinate.[2] It is largely admitted that cyber operations having comparative effects to classic kinetic operations. For example, the demolition of military or civilian resources or cause the demise or injury of civilians or militants. Such operation can be operating in three main ways; those are – 1. Defensive 2. Offensive and 3. Cyber espionage operations. The consequences of cyber operations can be harmful in the real world – such as industries, telecommunications, infrastructure, transport, or governmental and financial systems – can be ransacked, altered or damaged. Examples of physical damage in cyber-attacks are given below:
Hospitals System Damage: A hacker was condemned to nine years in jail as a result of the digital assault that he caused in a medical clinic in 2011. With this occurrence of physical harm to a Hospitals's system, this individual utilized the abilities that he needed to introduce malware. Because of his activity, the Hospital's HVAC's framework was antagonistically changed making the patient's security be unduly risked. By distantly controlling the temperature in the emergency clinic, it's anything but a quick danger since it set medications and other clinical supplies at risk. In the present circumstance, the programmer was controlling both the air and warming system in the medical clinic from a far-off area.[3]
Remotely Derails Trains: Sadly, it is hard to tell how many dangers that any area is exposed to now. Especially, since a hacker doesn't need to be a grown-up (adult) to make actual damage to an area and even injury to other people. While this may sound a little strange when describing circumstances, extreme physical harm can happen whenever if the commercial security system is not ensured. For this situation, a young teen from the region of Lodz in Poland concluded that he would utilize a homemade constructed transmitter to cause this actual harm. With this trick, he had the option to trip the rail switches distantly to divert four cable cars. Because of his activities, twelve individuals were harmed.[4]
Not only hospital damage or remotely derails Trains, but cyber-attacks can also be happening in Power Grid Sabotage as Ukraine faced in 2015, Oil pipeline leak detection system as Turkey oil-based company faced in 2008, changing operational mechanism in the industry. And today this occurrence is not done by a single hacker or organization these tricks are practicing by militants and using at the inter-country level. Because of having prohibition on armed attacked and negative vibes advanced country are driving forward to cyber-attacks to first preference as detection of such attacks are quite impossible. But as a result there is a damaged and trespassing which is not legal in International Humanitarian Law and that’s why international body need to solve the problem and should raise their voice against cyber-attacks by military of other states and also in individual level.
Existing International Law on protecting Civilian harm from Cyber Attacks:
Article 2(4) of the UN Charter outlaws forceful conflict and prohibits a country state from exercising “the threat or utilization of force against the regional integrity or political freedom of another state, or in some other way inconsistent with the Purposes of the United Nations.” The Charter makes two special cases for this prohibition: 1. Security Council activity under Article 42 and 2. Self-protection under Article 51, not intertwine with Article 2(4). Article 51 applies to country states and disperse that "nothing in the existent Charter will impair the intrinsic right of self-preservation if strife occurs against a Member of the United Nations.[5]
From a legal point of view, there ought to be no vulnerability that current International Humanitarian Law (IHL) principles and rules apply to new weapons, means, and procedures for warfare, along with those banks on data and telecommunications technology. If IHL didn't make any difference to future techniques and methodologies for warfare, it would not be essential to audit their authenticity under existing IHL as required by Article 36 of the 1977 First Additional Protocol.
In 2003, Red Crescent and Red Cross were arranged its 28th International conference, where states were gathering to the Geneva Conventions called for “rigorous and multidisciplinary review” of techniques for fighting and new weapons to ensure that the law's assurance isn't surpassed by the improvement of innovation. The utilization of cyber operations in armed conflict is an ideal illustration of such quick technological progress.[6]
Besides, the International Court of Justice in an advisory opinion on Nuclear Energy states that the arrangement guidelines and rules of humanitarian law applicable in conflict apply to all types of warfare and weapons, including those of things to come.[7] Above mentioned provisions, decisions and principles directly indicate the protection of civilians from warfare; including cyber warfare. Re-interpretation of laws and amendments is badly needed for acceptance of such old provisions because of new problems.
Instituting a fresh International Cyber Operational Convention (ICOC):
As of now, there is two important agreement directing cyber exercise namely: The Convention on Cybercrime, 2001 (and its additional protocol, 2006); and The Shanghai Cooperation Organization’s International Information Security Agreement (2009) both of the conventions are terribly restricted. So, to protect civilians there is no better option than instituting a new and fresh convention.
To reduce the problem of cyber operations and its security and chances of conflict will require cautious institutional design. To increase the effectiveness of the International Cyber Operational Convention must full fill the following goals: 1) Secure wide interest from leading cyber faring nations, 2) Set out rules and regulations that viably coerce state conduct, 3) Give adequate sound data on activities in cyberspace to lessen vulnerability about country interests and permit effective pointing and 4) guarantee appropriate expenses to non-compliance.
By improving data sharing, setting up prescribed procedures, and speeding up joint capacity constructing, an ICOC would help reinforce national cyber protections and make public ICT frameworks stronger to attack. Additionally, by establishing early warning instruments, an ICOC would bring down the probability that cyber-attacks.[8] By initiating joint administration and oversight over the cycle of attribution and response, an ICOC would serve to slow down the cycle of retaliation. And have several benefits as per experts saying.
Critics Objections and Solutions:
Critics are raised a number of questions regarding fresh new conventions but there are three common and most constructive criticism are[9] -
- The absurdity of Monitoring and Enforcement: The most regular issue with an international treaty overseeing cyber clashes is that it would be difficult to confirm assent or authorize the arrangement of the terms. As discussed, cyber weapons are significantly hard to monitor, primarily because of their double use nature and the way that they are effortlessly covered. Solution: A joint attribution system managed by a global authority would enormously improve state's individual and aggregate capacity to choose such inquiries and would in this manner go a long way towards tackling the question of Monitoring and enforcement.
- An ICOC Would take too long to Negotiate: A second issue with a conventional settlement is that it would take too long to even think about arranging. Arranging the UN Convention on the Law of the Sea took over 10 years. One may add that arrangements over the CWC, signed in 1993, spanned several decades.
Solution: After WW-II Geneva Conventions were just signed by 18 countries in 1949; the rest came gradually over many years. So it takes time to establish a convention as an effective one.
- The third issue with an ICOC focuses on the question of quick technological change, which suggests that any deal looking to set down detailed guidelines for the cyber domain would before long be obsolete.
Solution: Yearly periodic review of the convention and its annexes list of prohibition can be the solution of new technologies.
Indisputably, No International agreement will be perfect, and any arrangement that came to on cyber administration would probably require ensuing amendment—both as a result of learning experience and to adjust to technological change. But to solve any problem first make sympathy, characterize the issue, ideate arrangements, prototype answers and test them. That’s how the power of International law can behold and civilian harm would be avoided.
References:
[1] “International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC Position Paper Submitted to the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security and the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security, November 2019” (2020) 102 International Review of the Red Cross 481
[2] Aaron Brantly and Max Smeets, 'Military Operations In Cyberspace' [2020] Handbook of Military Sciences.
[3] Simon Parker, 'Understanding The Physical Damage Of Cyber Attacks' (Infosecurity Magazine, 2017) accessed 1 July 2021.
[4] Ibid
[5] Charter of the United Nations, 1945
[6] 'What Limits Does The Law Of War Impose On Cyber Attacks? - ICRC' (Icrc.org, 2013) accessed 1 July 2021.
[7] Laurent Gisel and Tilman Rodenhäuser, 'Cyber Operations And International Humanitarian Law: Five Key Points - Humanitarian Law & Policy Blog' (Humanitarian Law & Policy Blog, 2021) accessed 1 July 2021.
[8] Loren Thompson, 'Cyber Alliances: Collective Defense Becomes Central To Securing Networks, Data' (Forbes, 2021) accessed 1 July 2021.
[9] Eilstrup-Sangiovanni, M., 2017. Why the World Needs an International Cyberwar Convention. [ebook] Available at: [Accessed 31 May 2021].
