Definition of military objectives
The principle of distinction, one of the foundational precepts of IHL, requires that the parties to an armed conflict must at all times distinguish between civilian objects and military objectives and may, accordingly, only direct their operations against military objectives. The customary definition of military objectives is found in Article 52(2) of Additional Protocol I:
In so far as objects are concerned, military objectives are limited to those objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage.
The formal scope of application of the Protocol is limited to international armed conflicts (IACs). However, an identical definition of military objectives is found in treaties applicable in non-international armed conflicts (NIACs). Moreover, certain non-party States to the Protocol accept the customary nature of the definition. Accordingly, the ICRC has characterized the definition of military objectives as a norm of customary international law applicable in both IACs and NIACs.
Relevant rules of IHL apply to kinetic operations as well as to cyber operations. However, the application of those rules in specific circumstances may pose novel challenges. This is because the rules governing targeting developed with physical operations in mind, and it is not always clear what their application to cyber operations entails. For example, there is some disagreement on what types of acts amount to “attacks” in the context of cyber operations, in particular when the operation in question is limited to the manipulation of data. Nevertheless, even those operations that might not qualify as “attacks” under IHL may still only be directed against military objectives, as required by the principle of distinction.
Qualification of data as a military objective under IHL
|Data as a military objective|
|The definition of military objectives and the prohibition of attacks on civilian objects are limited to “objects”. If the target of a cyber operation is not an “object”, then actions against it are not constrained by the rules of IHL that govern targeting. It is therefore of crucial importance whether data may qualify as an “object” and therefore be either a military objective subject to attack or a civilian object protected from attack, particularly with respect to cyber operations that do not result in a physical effect. If data does not qualify as an “object”, civilian datasets would enjoy little if any protection in times of armed conflict.
Two main views have emerged in this regard. Some experts consider the notion “object” to be limited to something with physical properties that is visible and tangible in the real world. This view rests on a textual interpretation of the term “object” and finds further support in the 1987 ICRC commentary to the Additional Protocols. Proponents of this position may also point out the methodological problem of discerning rules of international law on the basis of analogy – a method sometimes employed by proponents of the contrary position, as noted below. According to this view, cyber operations against data do not fall within the ambit of the relevant rules of IHL unless the operation in question results in some physical effect and/or a loss of functionality of the target system or network.
Alternatively, other experts view data as falling within the notion of “object” under IHL. They consider that the remarks on visibility and tangibility in the ICRC commentary were meant to distinguish between concrete things (for instance, a bridge) and abstract notions (for instance, civilian morale). Accordingly, data is analogous to the former category of concrete things because it is likewise susceptible to being attacked and destroyed. As a result, data will be either a military objective or a civilian object; if the latter, it remains protected from attack and from excessive incidental harm, in accordance with IHL’s central value of protection of civilians and civilian objects. According to this view, cyber operations against data do trigger the IHL rules of distinction and military objectives and any cyber operation against data that constitutes an attack may only be directed against data that meets the definition of military objective.
Notes and references
- Art 48 AP I; ICRC CIHL Study, rule 7.
- Art 1 AP I.
- See, eg, Amended Protocol II to the CCW, Article 2(6); Second Protocol to the Hague Convention for the Protection of Cultural Property, Article 1(f).
- See, eg, Brian Egan, Legal Adviser, Department of State, “Remarks to the American Society of International Law: International Law, Legal Diplomacy, and the Counter-ISIL Campaign” (1 April 2016), 242 (“In particular, I’d like to spend a few minutes walking through some of the targeting rules that the United States regards as customary international law applicable to all parties in a NIAC: … Insofar as objects are concerned, military objectives are those objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage.”).
- ICRC CIHL Study, rule 8.
- Tallinn Manual 2.0, rule 80 (“Cyber operations executed in the context of an armed conflict are subject to the law of armed conflict.”).
- See William H Boothby, The Law of Targeting (OUP 2012) 387–88.
- Cf Art 49(1) AP I (defining “attacks” as “acts of violence against the adversary, whether in offence or in defence”).
- See, eg, William H Boothby, The Law of Targeting (OUP 2012) 384–87; Noam Lubell, ‘Lawful Targets in Cyber Operations: Does the Principle of Distinction Apply?’ (2013) 89 Int’l L Studies 252, 254–74; Marco Roscini, Cyber Operations and the Use of Force in International Law (OUP 2014) 180–81; Yoram Dinstein, The Conduct of Hostilities under the Law of International Armed Conflict (3rd edn, CUP 2016) 3.
- Art 48 AP I (“the Parties to the conflict ... shall direct their operations only against military objectives”). It should be noted that it is not universally accepted that the reference to “operations” in Article 48 reflects customary international law. See, eg, Noam Neumann, ‘Challenges in the Interpretation and Application of the Principle of Distinction During Ground Operations in Urban Areas’ (2018) 51 VJTL 807, 821 fn 44.
- Tallinn Manual 2.0, commentary to rule 100, paras 5–6 (noting that the majority of experts considered that due to it being intangible, data does not fall within the ordinary meaning of the term object, which is “something visible and tangible”) (internal quotation marks deleted); but see Michael N Schmitt, ‘The Notion of ‘Objects’ during Cyber Operations: A Riposte in Defence of Interpretive and Applicative Precision’ (2015) 48 IsrLR 81, 93 (noting that although the “visible and tangible” criterion influenced the Tallinn Manual experts’ deliberations, it was not dispositive).
- Tallinn Manual 2.0, commentary to rule 100, para 5 (“An ‘object’ is characterised in the ICRC Additional Protocols 1987 Commentary as something ‘visible and tangible’.”), citing Yves Sandoz, Christophe Swinarski and Bruno Zimmermann (eds), Commentary on the Additional Protocols of 8 June 1977 to the Geneva Conventions of 12 August 1949 (ICRC 1987), 633–34 paras 2007–08.
- Cf, eg, Reparation for Injuries Suffered in the Service of the United Nations (Advisory Opinion)  ICJ Rep 174, Dissenting Opinion of Judge Badawi Pasha, 211 (“in international law, recourse to analogy should only be had with reserve and circumspection”).
- But see, eg, Silja Vöneky, ‘Analogy in International Law’, in R Wolfrum (ed), Max Planck Encyclopedia of Public International Law (OUP 2008) (updated February 2008), para 24 (“Reasoning by analogy ... as a method of treating similar cases legally in the same way promotes the coherent interpretation of international law, and hence leads to more predictability and stability of the international legal order”).
- Tallinn Manual 2.0, commentary to rule 100, para 6.
- Heather A Harrison Dinniss, ‘The Nature of Objects: Targeting Networks and the Challenge of Defining Cyber Military Objectives’ (2015) 48 IsrLR 39, 44; Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 67–68.
- Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 73.
- Kubo Mačák, ‘Military Objectives 2.0: The Case for Interpreting Computer Data as Objects under International Humanitarian Law’ (2015) 48 IsrLR 55, 77–80; see also Tallinn Manual 2.0, rule 100, para 7 (criticizing the majority position for “running counter to the principle … that the civilian population enjoys general protection from the effects of hostilities”).