Scenario 13: Cyber operations as a trigger of the law of armed conflict

Two States and one non-State actor get involved in an armed confrontation featuring a combination of cyber and kinetic operations. The outside State provides various forms of financial and military support to the non-State group in its struggle against the territorial State. The analysis in this scenario considers whether any of the relevant incidents trigger the application of the law of armed conflict and it considers whether the resulting situation would qualify as either an international or a non-international armed conflict.

Keywords
Effective control, international armed conflict, international humanitarian law, internationalization, overall control, non-international armed conflict, non-State actors

Facts
Relations between States A and B has been strained for a long time, stemming primarily from State A’s longstanding unfavourable treatment of a minority group M that lives in that State’s territory. The members of the minority M share their ethnicity with the dominant ethnic group in State B. Recently, individuals belonging to minority M formed an armed faction X with a highly active cyber wing. State B does not hide its support for the newly formed armed faction. In particular, State B gradually extends the following forms of support to the armed group:  State B provides the armed group with significant financial assistance, which the group uses to establish and maintain its cyber wing (incident 1); State B’s military intelligence agency provides the cyber wing of the armed group with several zero-day exploits that were identified for their potential to be used against industrial control systems employed by State A (incident 2); State B’s civilian intelligence agency provides the cyber wing of the armed group with specific continuous guidance throughout cyber operations the group launches, utilizing the previously provided exploits. As a result of these operations, the group succeeds in:   Temporarily disabling the power grid in parts of the territory of State A (incident 3a); and  Opening the floodgates of several dams in State A, which results in significant material damage and the deaths of several individuals (incident 3b).  The series of cyber attacks conducted by the group bring about considerable chaos and panic across State A. Soon after, fighting erupts between State A’s armed forces and the armed group.

Examples

 * Georgia-Russia conflict (2008)
 * Ukraine-Russia conflict (2014-)

Legal analysis
For a general overview of the structure of analysis in this section, see Note on the structure of articles.

The law of armed conflict (also referred to as international humanitarian law, IHL) applies in all situations of armed conflict, either international armed conflict (IAC) or non-international armed conflict (NIAC). The characterization of a situation as either an IAC or a NIAC is a distinct legal test based on the objective facts and remains unaffected by the subjective views of the belligerent parties. The analysis in this scenario first considers whether an IAC exists between States A and B as a result of any of the incidents detailed in the scenario. In the alternative, it then considers whether the situation should be considered as a NIAC between State A and armed group X.

Characterization as an international armed conflict
In the present scenario, incidents 1 and 2 do not amount to a resort to armed force. They are both best seen as preparatory vis-à-vis the events that follow, but in and of themselves, neither of them has the potential to trigger the law of IAC.

Incident 3a (reversible attack against the power grid) resulted only in a temporary disruption of the operation of infrastructure on State A’s territory. As such, it is unsettled in the present state of the law whether or not this incident could have triggered the application of IHL.

By contrast, incident 3b (cyber attack against several dams) occasioned considerable physical damage and the deaths of several individuals. The fact that it was conducted by the group under the guidance of State B’s civilian intelligence agency and not its military forces does not make any difference in this regard. On that basis, the effects of incident 3b can be described as comparable to those of classic kinetic operations, which would be sufficient for the purposes of applicability of IHL as long as there was a sufficient level of State involvement. This issue is considered in the following paragraph.

There is no doubt that State B has extended its support to armed group X throughout the relevant events. This has taken the form of financial support (incident 1), training and equipping (incident 2), and operational guidance and co-ordination (incidents 3a and 3b). The first two forms of support would not suffice for either of the tests of “effective control” and “overall control”. However, in combination with State B’s participation in the co-ordination of the cyber operation qualifying as a resort to armed force, the level of State B’s involvement would reach that required by the “overall control” test. By contrast, the higher test of “effective control” would remain unmet on the facts of this scenario.

In summary, there was an IAC between States A and B as of the moment when armed group X, acting under the overall control of State B, launched the cyber operation against the dams in State A. The continuation of hostilities by kinetic means does not alter this conclusion in any way.

Characterization as a non-international armed conflict
''The engagement between group X and State A may also, or separately, qualify as a NIAC, based on the fulfilment of the requisite criteria of organization and intensity (analysed in the present section).

Group X appears to have sufficient organization, given that it was capable of carrying out sustained military operations of both kinetic and cyber nature, although more details would be needed before making a conclusive determination. Note, however, that the criterion threshold is not particularly high, and the extent of organization certainly does not need to reach the level of organization of State armed forces.

The threshold for intensity is relatively high and would certainly not be met by any of incidents 1–3a, given that the impact of these incidents was not similar to that of kinetic attacks. In contrast, incident 3b, which resulted in the opening of floodgates of dams and then led to fighting that required the engagement of State A’s armed forces, would likely fulfil the requirement of intensity in the present case.

In sum, to the extent that armed group X maintains its operational autonomy and the overall control test is not met by State B, the armed confrontation between the group and State A qualified as a NIAC from the moment when the cyber operation against the dams in State A’s territory was launched.

Checklist

 * Do the relevant cyber operations have destructive or injurious effect in the physical world?
 * Do the relevant cyber operations result in irreversible loss of functionality of cyber infrastructure belonging to the adversary?
 * Does the form and extent of support provided by State B to armed group X reach the level of “overall control”?
 * Does armed group X qualify as an organized armed group?
 * Do the hostilities between State A and armed group X reach the required intensity?

Bibliography and further reading

 * [TBC]

Contributions

 * Scenario by: Kubo Mačák
 * Analysis by: Kubo Mačák
 * Reviewed by: [TBC]