Scenario 22: Cyber methods of warfare

__NUMBEREDHEADINGS__

Two States are involved in an international armed conflict. One State uses its cyber capabilities against the other in two distinct operations. This scenario explores the concept of methods of warfare in international humanitarian law (IHL). In doing so, it distinguishes methods of warfare from means of warfare and weapons generally and in the context of cyber operations specifically. The analysis in this scenario also briefly addresses whether cyber capabilities can ever be considered means of warfare or weapons under IHL or always be regarded as methods of warfare.

Keywords
Article 36, cyber weapons, means and methods of warfare, indiscriminate attack, distributed denial of service, malware, weapons review, international humanitarian law

Facts
[F1] State A launched a Distributed Denial of Service (DDoS) operation against the computer infrastructure of the Emergency Services Sector (ESS) in State B (incident 1). The ESS, an essential element of civilian critical infrastructure, provides a wide range of prevention, preparedness, response, and recovery services. The ESS includes geographically distributed facilities, equipment, and organizations that rely heavily upon its networks, servers, and other cyber infrastructure. To facilitate the DDoS operation, the cyber team from State A remotely controlled thousands of compromised computers inside and outside State B to conduct the coordinated DDoS attack. In doing so, they flooded the ESS networks and servers with repeated waves of significant internet traffic. The targeted cyber infrastructure became overwhelmed, shutting down or slowing the networks and servers to the point that their use was significantly impeded or degraded. The DDoS attack caused delay and inconvenience and permanently damaged approximately one-third of the targeted computer systems of the ESS, thereby causing degraded emergency responses throughout State B. Moreover, this incident resulted in significant loss of life and property damage across State B.

[F2] State A then launched another cyber operation against its adversary’s integrated air defense system, including some surface-to-air missiles (incident 2). This cyber operation involved two aspects. First, the attackers hacked into computer networks supporting State B’s air-defense system and fed State B with a false sky picture that then enabled State A’s air force to bomb various sites without risk to its forces because State B’s air-defense system did not report State A’s infiltration. In the second phase of the cyber operation, the attacking cyber team inserted malware directly into the air defense missiles. This malware interfered with the ignition and control systems of the surface-to-air missiles, causing some to explode on the launchpads immediately after ignition and others, when launched, to go wildly off target. Some of the errant missiles hit civilian population centers in State B, causing death and destruction.

[F3] State A is not a Party to Additional Protocol I.

Examples

 * Cyber attacks against Estonia (2007)

Legal analysis
For a general overview of the structure of analysis in this section, see Note on the structure of articles.

[L1] The legal analysis first distinguishes the concepts of means and methods under IHL in the context of cyber warfare and then applies the concepts to the facts of the scenario focusing on methods of warfare.

Means and methods of cyber warfare
[L2] Regarding the DDoS operation against the ESS cyber infrastructure in State B (incident 1), the cyber means of warfare is the large botnet of computers. This botnet is the device or instrumentality used to conduct the attack. It is an Internet-connected system of computers being commanded by one party to an armed conflict to cause damage or destruction to objects or injury or death to another party. That is the very essence of a means or weapon under IHL. By contrast, the distributed denial of service attack against State B is the method of cyber warfare. That is how the operation is being carried out. A distributed denial of service is a well-known method of cyber warfare. In this instance, it is devastatingly effective against the cyber infrastructure of the ESS, causing delay in the provision of emergency services and permanently damaging a significant number of computers in the ESS system.

Checklist

 * Is there an ongoing international armed conflict?
 * Is the State in question a party to Additional Protocol I?
 * Are the cyber capabilities being used as weapons or means of warfare under IHL?
 * If so, are there any limitations or restrictions on the cyber weapons or means?
 * Are the cyber capabilities being used as methods of warfare under IHL?
 * If so, are there any limitations or restrictions on the cyber method?
 * Is a review under Article 36 of Additional Protocol I required?

Bibliography and further reading

 * Jeffrey T Biller and Michael N Schmitt, ‘Classification of Cyber Capabilities and Operations as Weapons, Means, or Methods of Warfare’ (2019) 95 Int’l L Stud 179.
 * William H Boothby, The Law of Targeting (OUP 2012).
 * Geoffrey S. Corn, Rachel E. VanLandingham, and Shane R. Reeves (eds), U.S. Military Operations: Law, Policy, and Practice (OUP 2016).
 * Geoffrey S Corn and others, The Law of Armed Conflict: An Operational Approach (2nd edn, Wolters Kluwer 2019)
 * ICRC, A Guide to the Legal Review of New Weapons, Means and Methods of Warfare: Measures to Implement Article 36 of Additional Protocol I of 1977 (Kathleen Lawand ed.) (ICRC 2006).
 * Yves Sandoz, Christophe Swinarski, and Bruno Zimmermann (eds), Commentary on the Additional Protocols of 8 June 1977 to the Geneva Conventions of 12 August 1949 (ICRC 1987).
 * Michael N Schmitt (ed), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (CUP 2017).
 * Gary D Solis, The Law of Armed Conflict: International Humanitarian Law in War (2nd ed., CUP 2016).
 * United States, FM 6-27, MCTP 11-10C, The Commander’s Handbook on the Law of Land Warfare (August 2019).
 * David Wallace, ‘Cyber Weapon Reviews under International Humanitarian Law: A Critical Analysis’ (2018) Tallinn Paper No. 11.

Contributions

 * Scenario by: David Wallace
 * Analysis by: David Wallace
 * Reviewed by: Laurie Blank, Hitoshi Nasu, Wen Zhou