Attack (international humanitarian law)

Definition


National positions


United States of America (2016)
“To the extent that such cyber operations constitute “attacks” under the law of armed conflict, the rules on conducting attacks must be applied to those cyber operations (…)Not all cyber operations, however, rise to the level of an “attack” as a legal matter under the law of armed conflict. When determining whether a cyber activity constitutes an “attack” for purposes of the law of armed conflict, States should consider, among other things, whether a cyber activity results in kinetic or non-kinetic effects, and the nature and scope of those effects, as well as the nature of the connection, if any, between the cyber activity and the particular armed conflict in question. Even if they do not rise to the level of an “attack” under the law of armed conflict, cyber operations during armed conflict must nonetheless be consistent with the principle of military necessity. For example, a cyber operation that would not constitute an “attack,” but would nonetheless seize or destroy enemy property, would have to be imperatively demanded by the necessities of war. Additionally, even if a cyber operation does not rise to the level of an “attack” or does not cause injury or damage that would need to be considered under the principle of proportionality in conducting attacks, that cyber operation still should comport with the general principles of the law of war."

United States of America (2021)
“The United States recognizes that cyber activities in the context of an armed conflict may in certain circumstances constitute an “attack” for purposes of the application of the jus in bello rules that govern the conduct of hostilities, including the principles of humanity, necessity, proportionality, and distinction recognized in the 2015 GGE report." 