Editing Attack (international humanitarian law)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 12: Line 12:
 
At present, different views exist on the interpretation of what constitutes ‘damage’ for assessing whether an operations amounts to an ‘attack’. One view, taken by some States including Denmark, Israel, and Peru, is that only physical damage is relevant in the assessment of what constitutes an attack under IHL.<ref>Denmark, ''Military Manual on International Law Relevant to Danish Armed Forces in International Operations'' (2016) 290–291; Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 ''International Law Studies'' 395, 400; Peru, Response Submitted by Peru to the Questionnaire on the Application of International Law in OAS Member States in the Cyber Context (June 2019), cited in OAS, ''Improving Transparency: International Law and State Cyber Operations: Fifth Report'', OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 31.</ref> Under this approach, ‘the mere loss or impairment of functionality to infrastructure would be insufficient’ to qualify a cyber operation as an ‘attack’.<ref>Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 ''International Law Studies'' 395, 400.</ref>
 
At present, different views exist on the interpretation of what constitutes ‘damage’ for assessing whether an operations amounts to an ‘attack’. One view, taken by some States including Denmark, Israel, and Peru, is that only physical damage is relevant in the assessment of what constitutes an attack under IHL.<ref>Denmark, ''Military Manual on International Law Relevant to Danish Armed Forces in International Operations'' (2016) 290–291; Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 ''International Law Studies'' 395, 400; Peru, Response Submitted by Peru to the Questionnaire on the Application of International Law in OAS Member States in the Cyber Context (June 2019), cited in OAS, ''Improving Transparency: International Law and State Cyber Operations: Fifth Report'', OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 31.</ref> Under this approach, ‘the mere loss or impairment of functionality to infrastructure would be insufficient’ to qualify a cyber operation as an ‘attack’.<ref>Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 ''International Law Studies'' 395, 400.</ref>
   
Other States have interpreted the notion of ‘attack’ wider. States including Bolivia, Ecuador, France, Germany, Guatemala, Japan, New Zealand consider that cyber operations may qualify as an ‘attack’ without causing physical damage if they disable the functionality of the target. While no uniform formulation of the requisite threshold of damage exists, it has been said that a cyber operation can be qualified as an attack if it ‘neutralizes’ an object,<ref>Japan, Basic Position of the Government of Japan on International Law Applicable to Cyber Operations (28 May 2021) 7.</ref> if it causes a ‘loss of functionality, equivalent to that caused by a kinetic attack’,<ref>New Zealand, The Application of International Law to State Activity in Cyberspace (1 December 2020), para 25.</ref> or ‘only produce[s] a loss of functionality’,<ref>Guatemala as cited in OAS, ‘[http://www.oas.org/en/sla/iajc/docs/International_Law_and_State_Cyber_Operations_publication.pdf Improving Transparency: International Law and State Cyber Operations: Fifth Report]’, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 32.</ref> if ‘the [affected] system is functionally disabled’,<ref>French Ministry of the Armies, ‘[https://www.defense.gouv.fr/content/download/567648/9770527/file/international+law+applied+to+operations+in+cyberspace.pdf International Law Applied to Operations in Cyberspace]’ (9 September 2019), 13.</ref> ‘if harmful effects on communication, information or other electronic systems, on the information that is stored, processed or transmitted on these systems or on physical objects or persons’ are caused,<ref>Germany, ''On the Application of International Law in Cyberspace Position Paper'' (March 2021) 9.</ref> or if the operation ‘renders inoperable a state’s critical infrastructure’<ref>Ecuador, Verbal Note 4-2 186/2019 from the Permanent Mission of Ecuador to the OAS (28 June 2019), cited in OAS, ''Improving Transparency: International Law and State Cyber Operations: Fifth Report'', OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 32.</ref> or disables a ‘state’s basic services (water, electricity, telecommunications, or the financial system”)’.<ref>Bolivia, Note from the Plurilateral State of Bolivia, Ministry of Foreign Affairs, OAS Permanent Mission to the OAS Inter-American Juridical Committee, MPB-OEA-NV104-19 (17 July 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 33.</ref>
+
Other States have interpreted the notion of ‘attack’ wider. States including Bolivia, Ecuador, Germany, France, Japan, New Zealand consider that cyber operations may qualify as an ‘attack’ without causing physical damage if they disable the functionality of the target. While no uniform formulation of the requisite threshold of damage exists, it has been said that a cyber operation can be qualified as an attack if it ‘neutralizes’ an object,<ref>Japan, Basic Position of the Government of Japan on International Law Applicable to Cyber Operations (28 May 2021) 7.</ref> if it causes a ‘loss of functionality, equivalent to that caused by a kinetic attack’,<ref>New Zealand, The Application of International Law to State Activity in Cyberspace (1 December 2020), para 25.</ref> if ‘the [affected] system is functionally disabled’,<ref>French Ministry of the Armies, ‘[https://www.defense.gouv.fr/content/download/567648/9770527/file/international+law+applied+to+operations+in+cyberspace.pdf International Law Applied to Operations in Cyberspace]’ (9 September 2019), 13.</ref> ‘if harmful effects on communication, information or other electronic systems, on the information that is stored, processed or transmitted on these systems or on physical objects or persons’ are caused,<ref>Germany, ''On the Application of International Law in Cyberspace Position Paper'' (March 2021) 9.</ref> or if the operation ‘renders inoperable a state’s critical infrastructure’<ref>Ecuador, Verbal Note 4-2 186/2019 from the Permanent Mission of Ecuador to the OAS (28 June 2019), cited in OAS, ''Improving Transparency: International Law and State Cyber Operations: Fifth Report'', OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 32.</ref> or disables a ‘state’s basic services (water, electricity, telecommunications, or the financial system”)’.<ref>Bolivia, Note from the Plurilateral State of Bolivia, Ministry of Foreign Affairs, OAS Permanent Mission to the OAS Inter-American Juridical Committee, MPB-OEA-NV104-19 (17 July 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 33.</ref>
   
 
For its part, the ICRC interprets the notion of ‘attack’ as including a loss of functionality. In its view, ‘an operation designed to disable a computer or a computer network constitutes an attack under IHL, whether the object is disabled through kinetic or cyber means’.<ref>ICRC, [https://www.icrc.org/en/download/file/108983/icrc_ihl-and-cyber-operations-during-armed-conflicts.pdf International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper] (November 2019) 7–8.</ref> The ICRC bases this interpretation on a contextual and teleological interpretation of the notion of ‘attack’ in Additional Protocol I.<ref>ICRC, ''International humanitarian law and the challenges of contemporary armed conflicts'' (2015) 41.</ref>
 
For its part, the ICRC interprets the notion of ‘attack’ as including a loss of functionality. In its view, ‘an operation designed to disable a computer or a computer network constitutes an attack under IHL, whether the object is disabled through kinetic or cyber means’.<ref>ICRC, [https://www.icrc.org/en/download/file/108983/icrc_ihl-and-cyber-operations-during-armed-conflicts.pdf International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper] (November 2019) 7–8.</ref> The ICRC bases this interpretation on a contextual and teleological interpretation of the notion of ‘attack’ in Additional Protocol I.<ref>ICRC, ''International humanitarian law and the challenges of contemporary armed conflicts'' (2015) 41.</ref>
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)