Editing National position of Israel (2020)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 58: Line 58:
   
 
Israel is a party to the four Geneva Conventions and other treaties governing particular aspects of conduct in armed conflict and is also bound by applicable customary law. Israel—like the United States and others—is not a party to the First and Second Additional Protocols to the four Geneva Conventions and is not bound by them as a matter of treaty law. However, we see the following as consistent with the relevant customary law and the Additional Protocols."<ref>[https://digital-commons.usnwc.edu/ils/vol97/iss1/21/ Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations, 8 December 2020.]</ref><section end=IL_2020 IHL />
 
Israel is a party to the four Geneva Conventions and other treaties governing particular aspects of conduct in armed conflict and is also bound by applicable customary law. Israel—like the United States and others—is not a party to the First and Second Additional Protocols to the four Geneva Conventions and is not bound by them as a matter of treaty law. However, we see the following as consistent with the relevant customary law and the Additional Protocols."<ref>[https://digital-commons.usnwc.edu/ils/vol97/iss1/21/ Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations, 8 December 2020.]</ref><section end=IL_2020 IHL />
 
==[[Attack (international humanitarian law)|Attack (international humanitarian law)]]==
 
<section begin=IL_2020 Attack (international humanitarian law) />
 
"One of the key issues, in the conduct of hostilities in particular, is how to define “attacks,” and in which circumstances cyber operations amount to attacks under LOAC. The concept of attack is central to targeting operations and only acts amounting to attacks are subject to the “targeting rules” relating to distinction, precautions, and proportionality. The definition of attack in LOAC requires several elements, but I will focus on those aspects carrying special relevance in the cyber context. Specifically, I will address the element requiring that an act will constitute an attack only if it is expected to cause death or injury to persons or physical damage to objects, beyond de minimis. One aspect of this element concerns the reasonably expected consequences of the act in question. Reasonably expected consequences are those that are anticipated with some likelihood of occurrence, and entail adequate causal proximity to the act. A second aspect of this element is the type of required damage. The requirement for physical damage has been accepted law since the introduction of the legal term of art “attack” into the LOAC discourse. For this reason, practices such as certain types of electronic warfare, psychological warfare, economic sanctions, seizure of property, and detention have never been considered to be attacks as such, and, accordingly, were not considered as subject to LOAC targeting rules. Only when a cyber operation is expected to cause physical damage, will it satisfy this element of an attack under LOAC. In the same vein, the mere loss or impairment of functionality to infrastructure would be insufficient in this regard, and no other specific rule to the contrary has evolved in the cyber domain. However, if an impediment to functionality is caused by physical damage, or when an act causing the loss of functionality is a link in a chain of the expected physical damage, that act may amount to an attack. For example, if a cyber operation is intended to shut down electricity in a military airfield, and as a result is expected to cause the crash of a military aircraft—that operation may constitute an attack (subject, of course, to the additional elements for attacks under LOAC). The existence of physical damage is assessed purely on objective and technical grounds. It is a factual question and as such does not depend on the subjective perception or the manner in which the other side chooses to address the loss or impairment of functionality.”<ref>Roy Schöndorf, Ministry of Justice, ‘[https://digital-commons.usnwc.edu/cgi/viewcontent.cgi?article=2957&context=ils Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations]’, 97 INT’L L. STUD. 395 (2021) 399-401.</ref>
 
   
 
==[[Conduct of hostilities]]==
 
==[[Conduct of hostilities]]==
Line 67: Line 63:
 
"One of the key issues, in the conduct of hostilities in particular, is how to define “attacks,” and in which circumstances cyber operations amount to attacks under LOAC. The concept of attack is central to targeting operations and only acts amounting to attacks are subject to the “targeting rules” relating to distinction, precautions, and proportionality.
 
"One of the key issues, in the conduct of hostilities in particular, is how to define “attacks,” and in which circumstances cyber operations amount to attacks under LOAC. The concept of attack is central to targeting operations and only acts amounting to attacks are subject to the “targeting rules” relating to distinction, precautions, and proportionality.
   
  +
The definition of attack in LOAC requires several elements, but I will focus on those aspects carrying special relevance in the cyber context. Specifically, I will address the element requiring that an act will constitute an attack only if it is expected to cause death or injury to persons or physical damage to objects, beyond de minimis.
[...]
 
  +
  +
One aspect of this element concerns the reasonably expected consequences of the act in question. Reasonably expected consequences are those that are anticipated with some likelihood of occurrence, and entail adequate causal proximity to the act.
  +
  +
A second aspect of this element is the type of required damage. The requirement for physical damage has been accepted law since the introduction of the legal term of art “attack” into the LOAC discourse. For this reason, practices such as certain types of electronic warfare, psychological warfare, economic sanctions, seizure of property, and detention have never been considered to be attacks as such, and, accordingly, were not considered as subject to LOAC targeting rules.
  +
  +
Only when a cyber operation is expected to cause physical damage, will it satisfy this element of an attack under LOAC. In the same vein, the mere loss or impairment of functionality to infrastructure would be insufficient in this regard, and no other specific rule to the contrary has evolved in the cyber domain.
  +
  +
However, if an impediment to functionality is caused by physical damage, or when an act causing the loss of functionality is a link in a chain of the expected physical damage, that act may amount to an attack. For example, if a cyber operation is intended to shut down electricity in a military airfield, and as a result is expected to cause the crash of a military aircraft that operation may constitute an attack (subject, of course, to the additional elements for attacks under LOAC).
  +
  +
The existence of physical damage is assessed purely on objective and technical grounds. It is a factual question and as such does not depend on the subjective perception or the manner in which the other side chooses to address the loss or impairment of functionality.
   
 
Finally, the fact that a cyber operation is not an attack does not mean that no legal limitations apply thereto. Indeed, there are general obligations in LOAC that apply to all military operations regardless of being attacks or not. Central among those is the requirement to consider the danger posed to the civilian population in the conduct of military operations. It is widely accepted today that parties to conflicts cannot blatantly disregard such harmful effects to the civilian population in their military operations. But there are also more specific protections that may apply to actions other than attacks. For example, cyber operations affecting medical units are regulated and limited, inter alia, by the LOAC obligation to respect and protect medical units, which applies regardless of whether the act constitutes an attack or not."<ref>[https://digital-commons.usnwc.edu/ils/vol97/iss1/21/ Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations, 8 December 2020.]</ref><section end=IL_2020 conduct of hostilities />
 
Finally, the fact that a cyber operation is not an attack does not mean that no legal limitations apply thereto. Indeed, there are general obligations in LOAC that apply to all military operations regardless of being attacks or not. Central among those is the requirement to consider the danger posed to the civilian population in the conduct of military operations. It is widely accepted today that parties to conflicts cannot blatantly disregard such harmful effects to the civilian population in their military operations. But there are also more specific protections that may apply to actions other than attacks. For example, cyber operations affecting medical units are regulated and limited, inter alia, by the LOAC obligation to respect and protect medical units, which applies regardless of whether the act constitutes an attack or not."<ref>[https://digital-commons.usnwc.edu/ils/vol97/iss1/21/ Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations, 8 December 2020.]</ref><section end=IL_2020 conduct of hostilities />
Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!
Cancel Editing help (opens in new window)