From International cyber law: interactive toolkit
Revision as of 13:25, 9 November 2021 by Ccdcoe630 (talk | contribs)
Jump to navigation Jump to search

National positions

France (2019)

"Cyberoperations carried out in the context of an international armed conflict, or which trigger such a conflict, are subject to the law of neutrality. As such, the States party to an IAC may neither carry out cyberoperations linked to the conflict from installations situated on the territory of a neutral State or under the exclusive control of a neutral State, nor take control of computer systems of the neutral State in order to carry out such operations. The neutral State must prevent any use by belligerent States of ICT infrastructure situated on its territory or under its exclusive control. However, it is not required to prevent belligerent States from using its ICT networks for communication purposes.

Routing a cyberattack via the systems of a neutral State without any effect on that State does not breach the law of neutrality, which prohibits only the physical transit of troops or convoys."[1]

"The law of neutrality applies to cyberoperations. Belligerents must refrain from causing harmful effects to digital infrastructure situated on the territory of a neutral State or from launching a cyberattack from such infrastructure."[2]

Italy (2021)

"The law of neutrality applies in cyberspace in the context of an international armed conflict on the basis of existing international customary law. According to the law of neutrality, parties to an international armed conflict may not launch wrongful cyber operations from ICT infrastructure located in the territory or under the exclusive control of a neutral State.

Within an armed conflict, any action taken by a neutral State should be applied equally to all belligerents. For instance, a State may not provide or deny access to its ICT infrastructure to one party but not to the other(s). In addition, neutral States must abide by the rules and recommendations taken by the UNSC. They may thus not invoke their neutrality to refrain from adopting such measures against the wrongdoer(s)."[3]

Netherlands (2019)

"A key component of IHL is international law on neutrality. Neutrality requires that states which are not party to an armed conflict refrain from any act from which involvement in the conflict may be inferred or acts that could be deemed in favour of a party to the conflict. In its relations with parties to the armed conflict the neutral state is required to treat all parties equally in order to maintain its neutrality. A state may not, for example, deny access to its IT systems to one party to the conflict but not to the other. In its response to the above-mentioned advisory report by the AIV/CAVV, the government noted that, ‘In an armed conflict involving other parties, the Netherlands can protect its neutrality by impeding the use by such parties of infrastructure and systems (e.g. botnets) on Dutch territory. Constant vigilance, as well as sound intelligence and a permanent scanning capability, are required here.’"[4]

Romania (2021)

"We are also of the view that the principle of neutrality apply as well to cyber operations as part of an armed conflict and thus, belligerents must refrain from harming information and communication infrastructure situated on the territory of a neutral State or from launching attacks from such infrastructure."[5]

Switzerland (2021)

"As a matter of principle, Switzerland considers the rights and obligations of neutral countries in international armed conflicts to be applicable to cyberspace as well. If such an international armed conflict arises, a neutral country has a duty to prevent any infringements of its neutrality, such as the use of its territory by one of the conflicting parties. Parties to the conflict are obliged n turn to respect the territorial integrity of the neutral country. Therefore they may not conduct related cyber operations from installations that are either on the territory or under the exclusive control of the neutral country. Parties to the conflict are also prohibited from taking control of a neutral country's computer systems in order to carry out such operations.

Because of the global cross border nature of cyberspace, there are also limits to the rights and duties of a neutral country in terms of territoriality – airspace can be closed for certain flying objects, for example, but the same targeted approach cannot be used for data traffic oncthe internet. Another issue is that data are not only transmitted via terrestrial and cable channels but also via satellites located in outer space, which puts them outside the scope of application of the law of neutrality. Such factors must be taken into consideration when it comes to applying the rights and duties of neutral countries in cyberspace.

In principle, belligerent states are not permitted to damage the data networks of neutral countries when undertaking combat operations via their own computer networks. Neutral countries may not support conflicting parties with either troops or their own weapons. In terms of military cyber operations in connection with an international armed conflict, this means that a neutral country must prevent parties to the conflict from using its military-controlled systems or networks. In general, military networks are shielded and not publicly accessible."[6]


See also

Notes and references

Bibliography and further reading