Scenario 27: Contesting and redirecting ongoing attacks

From International cyber law: interactive toolkit
Revision as of 07:50, 20 October 2022 by Kubomacak (talk | contribs) (adding reviewers)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Photo by Capt. Aaron Smith

Two States are involved in an armed conflict. One of the States initiates four missile attacks against the other. One is redirected in flight by the attacker due to new information on the status of its target, one sees the two States wrestle for control of the missile through cyber means, and two are redirected by the adversary forces who hack into the missile’s network. The analysis in this scenario considers whether the acts of redirection qualify as attacks under international humanitarian law. It further considers what obligations bind the two States in relation to their conduct, including the prohibition of attacking civilians and precautionary obligations.

Scenario[edit | edit source]

Keywords[edit | edit source]

Attack, causation, distinction, international humanitarian law, active precautions, passive precautions.

Facts[edit | edit source]

[F1] States A and B are engaged in ongoing armed hostilities. State A is a technologically advanced State which has, for years, been developing an arsenal of inter-networked military capabilities intended for the direct engagement of persons and objects. State B, while not possessing a technologically advanced military arsenal, has a well-trained cyber team integrated in its Defence Ministry and tasked with the detection of vulnerabilities in the military systems of State A.

[F2] In one of its military operations, State A launches a missile against a building in State B it believes to be a military objective. While the missile is in flight, the command centre receives information indicating that the object is in fact a civilian residence, and that civilians are present in the building. State A has the capacity to redirect the missile and does so, altering its course towards an empty parking lot in the vicinity of the building (incident 1).

[F3] Three days later, State A deploys a missile towards a military objective under the control of State B. According to State B’s assessment, the attack by State A will cause death and injury to civilians. State B hacks into the network on which the missile operates, gains control over it and redirects it back towards a civilian neighbourhood in State A (incident 2).

[F4] Soon after that incident, State A deploys a missile towards a military objective under the control of State B. State B seeks to hack into the missile’s guidance system. Both States A and B are contesting control over the weapon, and the missile ultimately crashes in a neighbourhood in State B, in which there is no evidence of the presence of military objectives. A subsequent, independent investigation is unable to determine which actor was factually in control of the missile at the last possible moment at which the adverse outcome could have been averted (incident 3).

[F5] State A launches a missile towards State B. Due to reliance on flawed intelligence – despite being in possession of intelligence, surveillance and reconnaissance capabilities that should have made precise target identification possible – the missile is aimed at a civilian neighbourhood in State B, in which there is no evidence of the presence of military objectives, and not at the intended target, a military objective. Unaware of the erroneous targeting and thus assuming the missile will in fact hit the military objective, State B hacks into the missile’s system and slightly redirects it, albeit in the direction of the same civilian neighbourhood. The military commander from State B ordering the redirection told the unit hacking into the missile system that, through this modification of trajectory, they will be able to accuse State A of committing a war crime. The missile causes considerable destruction to several civilian objects and the death and injury of civilians. A subsequent, independent investigation is unable to determine whether less or more harm would have occurred had State B not hacked the missile (incident 4).

Examples[edit | edit source]

Legal analysis[edit | edit source]

For a general overview of the structure of analysis in this section, see Note on the structure of articles.

[L1] The legal analysis of the present scenario assesses the meaning of attack under international humanitarian law in cases of redirection and contested control over a weapons system in the context of an international armed conflict. It also examines the relationship between negative and positive obligations under the rules on the conduct of hostilities, and in particular the prohibition of making civilians the object of attack and precautionary obligations.

Acts of redirection and contestation of control as attacks under international humanitarian law[edit | edit source]

The notion of ‘attack’ under international humanitarian law
Attack international humanitarian law.svg
The question of whether an operation amounts to an ‘attack’ as defined in international humanitarian law (IHL) is essential for the application of many of the rules deriving from the principles of distinction, proportionality and precaution. While some IHL rules impose limits on any military (cyber) operation, the rules specifically applicable to ‘attacks’ afford significant protection to civilians and civilian objects in times of armed conflict.[1]

Article 49 of Additional Protocol I defines ‘attacks’ as ‘acts of violence against the adversary, whether in offence or in defence’. Viewed as ‘combat action’,[2] they are understood to denote violence directed against military forces of an opposing party.[3] Arguments that a subjective element of purpose or motive to cause harm are inherent in the notion of attack[4] have not found wide support.[5]

The notion of violence in this definition can refer to either the means of warfare or their effects, meaning that an operation causing violent effects can qualify as an attack even if the means used to bring about those effects are not violent as such.[6] Accordingly, it is widely accepted that cyber operations that can be reasonably expected to cause injury or death to persons or damage or destruction to objects constitute attacks under IHL.[7]

There has been limited discussion over the contours of the reasonable foreseeability of harm standard for the purposes of defining attacks.[8] In the assessment of what constitutes the ‘reasonably expected’ effects of an operation that have to be considered, some States, including Denmark, Finland, New Zealand, Norway, Switzerland, or the United States, have clarified that this includes harm due to the foreseeable direct and indirect (or reverberating) effects of an attack.[9] An indirect or reverberating effect would include, for example, the death of patients in intensive-care units caused by a cyber operation on an electricity network that results in cutting off a hospital’s electricity supply – a view shared by the ICRC.[10] Care must be exercised in considering the extent to which understandings of reasonable foreseeability for the purposes of other rules of IHL can be deemed relevant in the interpretation of ‘attack’.

At present, different views exist on the interpretation of what constitutes ‘damage’ for assessing whether an operations amounts to an ‘attack’. One view, taken by some States including Denmark, Israel, and Peru, is that only physical damage is relevant in the assessment of what constitutes an attack under IHL.[11] Other States have interpreted the notion of ‘attack’ wider. States including Bolivia, Ecuador, France, Germany, Guatemala, Japan, and New Zealand consider that cyber operations may qualify as an ‘attack’ without causing physical damage if they disable the functionality of the target.[12] For its part, the ICRC interprets the notion of ‘attack’ as including a loss of functionality. In its view, ‘an operation designed to disable a computer or a computer network constitutes an attack under IHL, whether the object is disabled through kinetic or cyber means’.[13]

Publicly available national positions that address this issue include: National position of Australia (2020) (2020), National position of Brazil (2021) (2021), National position of Canada (2022) (2022), National position of France (2019) (2019), National position of Germany (2021) (2021), National position of Israel (2020) (2020), National position of the Italian Republic (2021) (2021), National position of Japan (2021) (2021), National position of the Netherlands (2019) (2019), National position of New Zealand (2020) (2020), National position of Norway (2021) (2021), National position of the Kingdom of Sweden (2022) (2022), National position of Switzerland (2021) (2021), National position of the United Kingdom (2021) (2021), National position of the United States of America (2016) (2016), National position of the United States of America (2021) (2021).

[L2] Before considering each scenario under the framework of positive precautionary obligations, it is important to investigate whether the acts of redirection and contestation of control qualify as attacks as defined under IHL. Common to all four factual scenarios is that the State intervening in the course of the missile, in seeking to protect from certain harm or gain a certain advantage, consciously engages in an act that will foreseeably cause harm to persons or objects. Given the rationales for intervention, a central question here is whether the presence of particular subjective elements is a prerequisite for qualifying an act as an attack.

[L3] On the two opposing ends of the spectrum, one can either argue that the qualification as an attack is a purely factual inquiry (that is, whether force was factually projected against persons or objects) or that attacks are defined by a motive of causing harm to an adversary. Neither argument is convincing. The purely factual view does not comport with the definition of attack, which presupposes the launching of an act ‘in offence or in defence’ and ‘against an adversary’. There thus seems to be an implicit attitudinal element in the definition of attack. The motive view is similarly difficult to accept. First, the definition of attack does not presuppose the existence of a purpose to harm. Second, accepting this view would introduce a new element that could serve as a facile justification for not treating otherwise violent acts as ‘attacks’ for a claimed lack of motive to cause harm. And finally, there is wide agreement that attitudes towards harm lower than purpose suffice. Both the Oslo Manual and the Tallinn Manual include acts reasonably expected to cause death, injury, destruction or damage within the ambit of ‘attack’.[14] Recently, Judge Chile Eboe-Osuji, in his partly concurring opinion to the 2021 Ntaganda Judgment, confirmed that ‘purpose or motive does not define a conduct as an ‘attack.’’[15]

[L4] Between these two views exists a range of attitudes towards the effects of a given act. For instance, the party engaging in the violent act could knowingly cause harm to persons or objects while pursuing a different goal. It could also cause such harm recklessly or even negligently. What is clear is that an attack involves a conscious decision to engage in an act of violence accompanied by a certain volitional or cognitive attitude towards the effects of that act. At the very least, consciously launching an act in the knowledge of its violent effects would qualify under the definition of attack. With this discussion in mind, the analysis can proceed to the four scenarios.

[L5] In incident 1, upon realising that the missile is headed towards a civilian object, State A, having the capacity to redirect, decides to do so. This is in line with its obligations to take precautions in attack by cancelling the strike when its mistake vis-à-vis the status of the target becomes apparent.[16] The act of State A falls within the category of the shift cold tactics, that is, the practice of deliberately diverting a guided munition in flight away from its intended target.[17] Debates on the legality of shift cold tactics have queried whether acts of redirection would constitute a new attack of its own right, the cancellation or suspension of an ongoing attack,[18] or merely the continuation of an ongoing attack.[19]

[L6] Starting with the last-mentioned option, redirection can be conceptualised as ‘guiding a weapon away from a point’ within the confines of the same initial attack, and relying on the ‘same aircraft, same weapon, and same personnel in control of the weapon.’[19] What this position fails to account for is the new decision-making point for a projection of force against a new target. And while it intuitively reaches the ‘correct’ conclusion for those seeking to minimise civilian casualties, the position becomes untenable if we were to consider attackers who redirect towards an area with more civilians, rather than less.

[L7] A better approach, and one which circumvents some of these issues, is one that treats the act of redirection as the cancellation/ suspension of an ongoing attack in cases where the attacker seeks ‘solely to avoid or minimize harm to civilians’.[18] Adopting the cancellation / suspension approach may avoid a conflict of obligations between the prohibition of directing attacks against civilians and the obligation to cancel or suspend attacks. However, even under this approach, any gains in coherence could lead to losses in protection and a reading that does not comport with the definition of the term attack.[20] Moreover, this approach seems to reintroduce a motive-like inquiry into the analysis which, as explained in paras L2–L4 above, ought to be rejected. Further, with shift cold, there is a deliberate redirection of a weapon (an act of violence) and the question of this act’s compliance with positive obligations does not alter its qualification as an attack.

[L8] In our view, there is no logical contradiction in accepting that an act of redirection can both constitute the cancellation of an attack and the initiation of a new one. In incident 1, the shift cold constituted a deliberate choice of giving the weapon a new direction with full knowledge of its violent effects. Thus, in line with the interpretation given above, the act of redirection constituted a new attack.

[L9] In incident 2, State B, seeking to avoid a strike that would impact its civilian population, initiated its own act of redirection. In line with the analysis in paras L2–L4 above, this act of redirection constitutes a new attack. That State B, the target of State A’s attack, is the originator of the act of redirection does not alter the analysis. It constituted an act of force whose effects on the adversary – the civilian population under the control of State A, the opposing party – were either known or at least clearly foreseeable. There are thus strong grounds to consider that State B’s act qualifies as an attack.

[L10] In incident 3, State A launched a missile against a military objective under the control of its adversary. In line with the analysis in paras L2–L4 above, its conduct is to be qualified as an ‘attack’ pursuant to Article 49 of Additional Protocol I. For this to be the case, it is not necessary that the missile in fact reached its intended target.[21] State B, seeking to protect itself from State A’s attack, hacks into the missile system, initiating a contestation for control over its operation. In attempting to assume control over the missile in mid-flight in order to redirect it, State B did not ‘attack’ the neighbourhood on its own territory within the meaning of Article 49 of Additional Protocol I, as this would require the act to be given a direction ‘against the adversary’.[22] Therefore, while State A’s missile launch constitutes an attack, State B’s hack does not.

[L11] In incident 4, State A launched a missile against an object located in a neighbourhood in State B, in which there is no evidence of the presence of military objectives, in the mistaken belief that the target was a military objective. In line with the analysis in paras L2–L4 above, the launching of the missile constituted an attack pursuant to Article 49 of Additional Protocol I. For an ‘attack’ to have occurred, it is not necessary that it was successful in the eyes of the acting party.[23] A second question arising under this incident is whether State B’s redirection qualifies as an attack. It has been observed that whenever an actor assumes control of a weapon system and intentionally or knowingly directs a weapon at a certain target, the actor is responsible for the consequences of such conduct.[24] Even though this is exactly what State B did, its action cannot be qualified as an attack, as it directed the missile against an object under its physical control. State B’s conduct was thus not directed ‘against the adversary’ and therefore did not constitute an ‘attack’.[25]

Active and passive precautions in cases of redirection and contestation of control[edit | edit source]

Precautionary obligations under international humanitarian law
In addition to prohibitive rules, the conduct of hostilities regime under IHL contains a host of positive obligations that require parties to conflict to take certain protective steps. These positive obligations to take precautions supplement the basic rule of distinction. They are binding on parties to conflict under both treaty and customary IHL, in both international and non-international armed conflict, and they are applicable to all weapons, means, and methods of warfare, including cyber operations during armed conflict.[26]

In particular, “in the conduct of military operations, constant care must be taken to spare the civilian population, civilians and civilian objects”.[27] The term ‘military operations’ encompasses “any movements, manoeuvres and other activities whatsoever carried out by the armed forces with a view to combat” or “related to hostilities”.[28] The obligation of constant care is an obligation of conduct, to mitigate risk and prevent harm. It applies constantly in the planning or execution of any military operation.[29] As a general rule, the higher the risk for the civilian population in any given military operation, the more will be required in terms of care.[30]

Given that there is significant risk of harm to civilians whenever a military is executing an attack, IHL imposes additional obligations specific to those planning or deciding on or carrying out attacks (“active precautions”);[31] it also requires parties to protect civilians and civilian objects under their control against the effects of attacks (“passive precautions”).[32]

Obligations to take precautions in attack
The obligations to take precautions in attack (also referred to as “active precautions”) are most fully codified in Article 57 of Additional Protocol I. This article mandates the taking of a wide variety of measures from target verification and the giving of effective advance warnings through the choice of means and methods of warfare and choice of military objectives to cancellation or suspension of attacks where it becomes apparent that the attack’s target is not a military one or is subject to special protection, or that the attack may be disproportionate. In the interpretation of these precautionary measures, care must be taken to determine what exactly is required of those involved in planning, deciding upon, and executing attacks. The standards vary. For instance, some precautionary measures operate within a ‘feasibility’ standard, while others, such as effective advance warnings, must be taken ‘unless circumstances do not permit’.[33]

There is no specifically prescribed method through which these obligations ought to be discharged.[34] Feasibility, a standard that appears frequently in Article 57, is a contextual standard, and it depends on the presence of a range of factors in the circumstances prevailing at the time.[35] In this regard, ‘feasible’ is understood as ‘that which is practicable or practically possible, taking into account all circumstances prevailing at the time, including humanitarian and military considerations’.[36] Importantly, the standard of feasibility is capable of accommodating a range of considerations, and it evolves through time and with the acquisition of experience.[37]

While the protection of the civilian population and civilian objects in times of conflict is a challenging task in any domain, cyberspace adds its own layer of complexity. A primary reason for this is the interconnectivity of networks and the risks of escalation and unintended consequences. Thus, in conducting attacks in cyberspace, parties to conflict should consider suitable and feasible cyber-specific precautions such as impact assessments on the connectivity of military and civilian networks and on secondary effects of attacks or the identification of cyber networks and infrastructure that are serving specially protected objects.[38]

Obligations to take precautions against the effects of attacks
In addition to obligations to take precautions in attack, IHL requires parties to take precautions against the effects of attacks (also referred to as “passive precautions”).[39] According to Article 58 of Additional Protocol I, ‘The Parties to the conflict shall, to the maximum extent feasible: a) [...] endeavour to remove the civilian population, individual civilians and civilian objects under their control from the vicinity of military objectives; b) avoid locating military objectives within or near densely populated areas; c) take the other necessary precautions to protect the civilian population, individual civilians and civilian objects under their control against the dangers resulting from military operations.’[40]

These specific measures require defending forces to protect the civilian population and civilian objects under their control.[41] They are cast in relative terms,[42] as they incorporate a standard of feasibility.[43] A type of conduct, rather than a result, is what lies at the heart of these precautionary obligations. In cyberspace, these precautionary measures can take the form of, for example, building strong cyber resilience cultures at a societal level, segregating civilian and military cyber networks and infrastructure, using antivirus software, or setting up systems for the detection of cyber vulnerabilities.[44]

[L12] Incident 1 involves, as examined in paras L5–L8 above, a new attack initiated through the act of redirection of State A. The question at this stage is whether this new attack complies with the obligations of State A. IHL defines civilian objects in a negative way: civilian objects are those objects that are not military objectives.[45] The scenario provides no factual details that would indicate that the parking lot struck by the missile in this incident served a purpose that would render it a military objective;[46] the principal objective of the redirection – to prevent civilian casualties – cannot in itself be qualified as a military objective. It must thus be assumed that the parking lot retained its status as a civilian object. Given this, State A appears to be in violation of the prohibition of attacking civilian objects for knowingly directing an attack against a civilian object. It should be admitted that this conclusion also places State A in a conflict of obligations, as it is both required to cancel or suspend the act of violence as a matter of precautionary obligations and to abstain from launching an act of violence against civilian objects. However, resolving what could be seen as an undesirable situation under the law does not necessitate a change in the interpretation of ‘attack’. Other avenues could include considering possible defences for the attacker or revisiting the scope of the notion of civilian objects.[47]

[L13] Incident 2 similarly involves an apparent conflict between positive and negative obligations under IHL. State B, in conducting its act of redirection, which qualifies as an attack (see para. L9 above), is constrained by several rules on the conduct of hostilities, including the prohibitions of directing attacks against civilians and civilian objects and indiscriminate attacks, and the positive precautionary obligations binding attackers. At the same time, State B’s act of redirecting the missile away from the civilians under its control might itself be legally required under IHL: Article 58(c) of Additional Protocol I provides that states are under an obligation to take necessary precautions to protect the civilian population, individual civilians and civilian objects under their control against the dangers resulting from military operations.

[L14] While ‘precautions’ has traditionally been understood as preventative measures carried out temporally prior to the adversary’s attack, for example the building of shelters for the protection of the civilian population,[48] a natural understanding of the notion does not preclude an interpretation that comprises a duty to take positive steps to protect civilians under one’s control after the attack has been initiated. In particular in light of evolving technological capabilities, such as the ability to redirect an enemy missile after launch by way of hacking into its control systems, it has been suggested that the scope of the obligation stemming from Article 58(c) of Additional Protocol I should be construed accordingly.[49]

[L15] Accepting this understanding, then, State B seems to be both required to take active steps to protect the civilian population under its control (which it seeks to do through the act of redirection) and to abstain from launching attacks against civilians under the control of the adversary. However – unlike with regard to incident 1 examined in para. L12 above – the obligation to take precautions against the effects of attacks pursuant to Article 58(c) of Additional Protocol I does not mandate the taking of a particular course of conduct. The state must only do what is ‘feasible’; that State B’s own attack may violate other legal rules is a consideration that ought to be factored in the feasibility analysis. A conflict of obligations, in this scenario, can thus be avoided through an interpretation of the concept of feasibility, such that courses of conduct that would violate other obligations of the party would not be considered feasible.[50] Accordingly, State B violated its obligation not to direct attacks against civilians when it redirected the missile towards the civilian neighbourhood in State A.

[L16] Compliance with precautionary obligations is a question that also arises in incident 3. This question arises for the conduct of both State A and State B. First, it should be explored whether State A may have been in violation of the principle of precautions in attack. As has been discussed by states in the context of autonomous weapons systems,[51] it may be argued that the ‘feasible precautions’ to be observed under Article 57 should comprise the safeguarding, to the extent realistically possible,[52] of a missile control system against malicious cyber intrusions that may provide an adversary with the opportunity to redirect the missile’s path mid-air.[53] Even though it has to be conceded that to date, there do not exist explicit state practice or expressions of opinio juris to this effect, in principle, neither the purpose of the ‘constant care’ obligation nor the context of Article 57 of Additional Protocol I prima facie rule out such an interpretation. To be sure, a State employing a missile with redirection capabilities is only under an obligation to do what is ‘feasible’, and it will not be possible to protect the control system’s source code completely against adversarial hacking. Still, as a general consideration, as states have ‘a responsibility to reduce the risk of civilian harm through appropriate cyber security measures’[54] in the context of military operations, this should extend to the use of weapon systems that can be hacked for adversarial purposes.

[L17] If the interpretation of Article 58(c) of Additional Protocol I as proposed in paras L14–L15 above is accepted, State B may have violated the principle of precautions against the effects of attacks, as the scope of this rule comprises ‘defensive action in whatever form’.[55] When State B hacked into the missile control system in an attempt to redirect the weapon, it could not assume that it would be successful, especially in light of the possibility that State A would detect the intrusion and initiate countervailing measures to wrestle for control. Even though it has been suggested that in such situations of contested control over an already deployed weapon system, it may not be possible to attribute responsibility to either party,[56] the ‘balance of responsibility’ will generally depend on the exact circumstances of the individual case.[55] At least when it was predictable for State B that its defensive actions would put its own civilian population at enhanced risk of harm but it proceeded with its conduct nonetheless, it would bear at least some degree of responsibility for any actually realized harm.[55] Considering the details of incident 3, it cannot be ruled out prima facie that it might have been predictable for State B that its hacking would harm individuals under its control, putting it in breach of the rule. Furthermore, as the hacking conducted by State B was a ‘military operation’ within the scope of Article 57(1) of Additional Protocol I, the state might also have violated its obligation to take constant care to spare the civilian population, civilians and civilian objects when it initiated an action whose adverse consequences it could not control.

[L18] Incident 4 brings to the fore questions of responsibility where an attacker relies on flawed intelligence, thus leading to the direction of attacks against protected objects. Targeting civilians and civilian objects, State A may have violated the principle of precautions in attack pursuant to Article 57 of Additional Protocol I.[57] For the rule to be engaged, the failure to ‘do everything feasible to verify that the objectives to be attacked are neither civilians nor civilian objects’ must go beyond a simple error of judgment.[58] According to the statement of facts, State A relies on flawed intelligence in constructing its object of attack even though it would have had the capabilities necessary for a precise identification. The facts therefore indicate that the process of target verification in this instance fell short of the standard of doing ‘everything feasible to verify’ the status of targets. Depending on the process of intelligence collection, assessment, and verification, State A could be considered in breach of its obligations even if its actions are carried out in the honest belief that the target was military in nature.

[L19] However, the intervening hack carried out by State B must be addressed in the context of the rule. While it has been argued that for a violation of the principle of distinction, it is sufficient for the attack to have been directed at a civilian or civilian object whereas it is not necessary for the attack to have been successful,[59] this is less clear in relation to the principle of precautions. The problem with respect to this incident is that although civilians and civilian objects were in fact harmed in the attack, the consequences of the mistaken targeting by State A were not in fact realized. Instead, the conduct of State A would have been causal to the harm only if State B had not intervened by hacking into the missile’s system.[60] Due to this intervention, it was in fact the hacking by State B into the missile control system and the redirection that led to the harmful consequences, but not the mistaken targeting by State A. For the causal analysis, it is immaterial that the missile would have hit civilians and civilian objects even without the intervention of State B.[61]

[L20] Therefore, State A can only be held responsible for a violation of the rule if it is sufficient to have failed to discharge the legally required duty of care at the time of the attack, whether or not the resulting harm or other adverse consequences can be attributed to State A’s behaviour. While this question is rarely addressed explicitly, the available literature and State practice at least hint at the existence of an interpretation that in the absence of harmful consequences, there is no violation of the rule, irrespective of the question of whether the responsible commander acted with the appropriate degree of care when initiating the attack against the adversary.[62] If this view is taken to be the correct one, then State A cannot be held responsible for a violation of the principle of precautions in attack. The responsibility of State B under IHL is less straightforward; in contradistinction to incident 3, State B intentionally targeted a civilian population under its control by hacking into the missile. Such constellation is most appropriately addressed within IHRL, see below in para L24.

The right to life and the redirection and contestation of control over attacks[edit | edit source]

Right to life
The right to life is a fundamental right whose protection is a precondition for the enjoyment of all other individual rights and freedoms. It is protected under both treaty and customary international human rights law (IHRL). It is generally accepted that, along with all other human rights, it must be protected online just as it is protected offline.[63] Its wording differs across treaty instruments, which means that its interpretation must be carried out at the level of specific primary rules arising under specific treaty regimes.

The International Covenant on Civil and Political Rights enshrines the right to life in Article 6: “Every human being has the inherent right to life. This right shall be protected by law. No one shall be arbitrarily deprived of his life.” According to the Human Rights Committee, “[t]he obligation of States parties to respect and ensure the right to life extends to reasonably foreseeable threats and life-threatening situations that can result in loss of life.”[64] In other words, the obligations stemming from the right to life are not confined to intentional deprivations of life.

[L21] Incident 3 raises questions under IHRL, and in particular the right to life. State B may have violated the right to life of individuals under its jurisdiction, provided these individuals died as a consequence of the crashing missile. As such, the existence of an armed conflict, triggering the application of IHL, does not displace IHRL, including the right to life.[65] That must hold even more true as far as a situation concerns a state’s harmful conduct towards populations under its control.

[L22] It may be asked, however, whether the rule’s content ought to be modified to take into account the factual peculiarities of armed conflict. Generally speaking, as put forth by the UN Human Rights Committee, the ‘obligation (...) to respect and ensure the right to life extends to reasonably foreseeable threats and life-threatening situations that can result in loss of life.[66] The Committee accepts that uses of lethal force that comply with IHL are, in general, not arbitrary. However, ‘practices inconsistent with international humanitarian law, entailing a risk to the lives of civilians and other persons protected by international humanitarian law, including [...] failure to apply the principles of precaution and proportionality [...] would also violate article 6 of the Covenant.’[67]

[L23] While it could be argued that the ‘fog of war’ during armed conflict might impair a party’s ability to foresee potential harm caused by its actions, this does not mean that decreased foreseeability precludes the application of the right to life safeguards. At least in situations in which a state actively creates a particular risk to civilian life by certain dangerous conduct – e.g., by hacking into a missile’s systems in mid-flight without the guarantee of being able to control it subsequently – a state cannot claim to not have been able to foresee potential harm. Thus, as State B did not ensure that its hacking would enable it to assume control over the missile, it follows that it acted in breach of the right to life of the individuals under its control.

[L24] Incident 4 provides a clearer example of State B violating its obligations under the right to life. The deliberate targeting and harming of individuals under State B’s jurisdiction amounted to a clear violation of the right to life under IHRL. By pre-empting the consequences that would have occurred on the chain of events as initiated by State A, the hacking was also causal to the harm.

Checklist[edit | edit source]

  • The concept of attack
    • Did the acts of redirection constitute attacks within the meaning of IHL?
    • Is the party to conflict redirecting an attack towards persons or objects launching a new attack?
    • Did the situation of contested control over a weapons system qualify as an attack?
  • Precautionary obligations
    • Was State A required to cancel or suspend its attack if the act of cancellation or suspension would breach other applicable obligations under IHL?
    • Was State B required to redirect State A’s attack to comply with its obligation to take feasible precautionary measures against the effects of attacks?
    • Does the obligation to take feasible precautions in attack require State A to take positive steps to safeguard its weapons systems against malicious cyber intrusion?
    • Did States A and B breach their obligations to take precautions as a consequence of the situation of contested control over the weapons system?
    • What is the legal significance of State B’s intervening conduct for the responsibility of State A in relation to its mistaken attack against protected persons?

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

  1. Concretely, rules such as the prohibition of attacks against civilians and civilian objects, the prohibition of indiscriminate and disproportionate attacks, and the obligation to take all feasible precautions to avoid or at least reduce incidental harm to civilians and damage to civilian objects when carrying out an attack apply to those operations that qualify as ‘attacks’ as defined in IHL. The notion of attack under IHL, defined in Article 49 of AP I, is different from and should not be confused with the notion of ‘armed attack’ under Article 51 of the UN Charter, which belongs to the realm of the law on the use of force (jus ad bellum). To determine that a specific cyber operation, or a type of cyber operations, amounts to an attack under IHL does not necessarily mean that it would qualify as an armed attack under the UN Charter.
  2. Yves Sandoz, Christophe Swinarski and Bruno Zimmermann (eds), Commentary on the Additional Protocols, ICRC, Geneva, para. 1879 (‘Commentary of Additional Protocol I’).
  3. International Criminal Court (ICC), Situation in the Democratic Republic of the Congo in the case of the Prosecutor v Bosco Ntaganda, Roger O’Keefe, Observations by Professor Roger O’Keefe, pursuant to rule 103 of the Rules of Procedure and Evidence, No. ICC-01/04-02/06 A2, 17 September 2020, p. 3.
  4. ICC, Situation in the Democratic Republic of the Congo in the case of the Prosecutor v Bosco Ntaganda, Submission of Observations to the Appeals Chamber Pursuant to Rule 103 by Geoffrey Corn et al, No.: ICC-01/04-02/06 A2, 18 September 2020, paras. 14 – 15.
  5. ICC, Prosecutor v Bosco Ntaganda, ICC-01/04-02/06, Judgment (Appeals Chamber), 30 March 2021, Partly Concurring Opinion of Judge Eboe-Osuji, para. 110; Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020), rule 8 and the discussion of reasonable foreseeability of harm.
  6. Cordula Droege, “Get Off My Cloud: Cyber Warfare, International Humanitarian Law, and the Protection of Civilians”, (2012) 94(886) International Review of the Red Cross 533, 557; William H. Boothby, The Law of Targeting (OUP 2012) 384; Laurent Gisel, Tilman Rodenhäuser, and Knut Dörmann, ‘Twenty years on: International humanitarian law and the protection of civilians against the effects of cyber operations during armed conflicts’, (2020) 102(913) International Review of the Red Cross 287, 312.
  7. ICRC, “International humanitarian law and the challenges of contemporary armed conflicts” (2015) 41–42; Tallinn Manual 2.0, rule 92. This view is also held by States including Australia, Australia’s submission on international law to be annexed to the report of the 2021 Group of Governmental Experts on Cyber, at 4; and Switzerland, Switzerland's position paper on the application of international law in cyberspace, Annex UN GGE 2019/2021, at 10.
  8. See, for instance, the commentary to the relevant rules in the Tallinn and Oslo Manuals: Tallinn Manual 2.0, rule 92 and accompanying commentary; Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020), rule 8 and accompanying commentary.
  9. Denmark, Military Manual on International Law Relevant to Danish Armed Forces in International Operations (2016) 677 (when discussing computer network attacks); Finland, International law and cyberspace: Finland’s national positions (2020) 7; New Zealand, Manual of Armed Forces Law (2nd edn, 2017) vol 4, para 8.10.22; Norway, Manual i krigens folkerett (2013) para 9.54; Switzerland, “Switzerland’s position paper on the application of international law in cyberspace: Annex UN GGE 2019/2021” (27 May 2021) 10; United States, “United States Submission to the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2014–15)”, at 6, and from a practical perspective Joint Publication 3-12 (R) ‘Cyberspace operations’ (5 February 2013), at IV-4.
  10. ICRC, International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper (November 2019) 7. Israel has further argued that an operation may amount to an attack if ‘a cyber operation is intended to shut down electricity in a military airfield, and as a result is expected to cause the crash of a military aircraft—that operation may constitute an attack’. Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 International Law Studies 395, 400.
  11. Denmark, Military Manual on International Law Relevant to Danish Armed Forces in International Operations (2016) 290–291; Roy Schöndorf, ‘Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations’, (2021) 97 International Law Studies 395, 400; Peru, Response Submitted by Peru to the Questionnaire on the Application of International Law in OAS Member States in the Cyber Context (June 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 31.
  12. Bolivia, Note from the Plurilateral State of Bolivia, Ministry of Foreign Affairs, OAS Permanent Mission to the OAS Inter-American Juridical Committee, MPB-OEA-NV104-19 (17 July 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para 33; Ecuador, Verbal Note 4-2 186/2019 from the Permanent Mission of Ecuador to the OAS (28 June 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para. 32; France, Ministry of the Armies, International Law Applied to Operations in Cyberspace, 2019, p. 13; Germany, On the Application of International Law in Cyberspace Position Paper, March 2021, p. 9; Guatemala, Note Of. 4VM.200-2019/GJL/lr/bm, from Mr. Gabriel Juárez Lucas, Fourth Vice Minister of the Interior Ministry of the Republic of Guatemala to Luis Toro Utillano, Technical Secretariat, Inter-American Juridical Committee (14 June 2019), cited in OAS, Improving Transparency: International Law and State Cyber Operations: Fifth Report, OAS Doc. CJI/doc. 615/20 rev.1 (7 August 2020) para. 32; Italy, Italian Position Paper on ‘International Law and Cyberspace’, 2021, pp. 9–10; Japan, Ministry of Foreign Affairs of Japan, Basic Position of the Government of Japan on International Law Applicable to Cyber Operations, 2021, p. 7; New Zealand, The Application of International Law to State Activity in Cyberspace (1 December 2020), para. 25.
  13. ICRC, International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper (November 2019) 7–8. The ICRC bases this interpretation on a contextual and teleological interpretation of the notion of ‘attack’ in Additional Protocol I. See ICRC, International humanitarian law and the challenges of contemporary armed conflicts (2015) 41.
  14. Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020), rule 8; Tallinn Manual 2.0, rule 92.
  15. ICC, Prosecutor v Bosco Ntaganda, ICC-01/04-02/06, Judgment (Appeals Chamber), 30 March 2021, Partly Concurring Opinion of Judge Eboe-Osuji, para. 110.
  16. Additional Protocol I, art. 57.
  17. See, eg, Michael Schmitt and Lt. Col. Matthew King, The Shift Cold Military Tactic and International Humanitarian Law, Just Security, 20 February 2018, explaining that ‘[a] “shift cold” occurs when an operator … redirects a guided munition, such as a missile or guided bomb, away from its initially-intended point of impact to another location while the munition is in flight (that is, post-launch or release). This is generally done to avoid harm to civilians or to friendly forces in the target area who, at the time of weapon launch or release, were not expected to be there.’
  18. 18.0 18.1 Adil Ahmad Haque, The “Shift Cold” Military Tactic: Finding Room Under International Law, Just Security, 20 February 2018
  19. 19.0 19.1 Michael Schmitt and Lt. Col. Matthew King, The Shift Cold Military Tactic and International Humanitarian Law, Just Security, 20 February 2018.
  20. van Benthem, “The redirection of attacks by defending forces”, International Review of the Red Cross, Vol. 102 (914), 2021. It is notable that even Haque who proposes the cancellation / suspension approach acknowledges that this approach may prove too much, and that accepting that new scenarios may bring about conflicts of obligations may provide a fruitful opportunity for reflection on how to resolve such norm conflicts.
  21. See Tallinn Manual 2.0, commentary to rule 99, para 5.
  22. Commentary of Additional Protocol I, para. 1890.
  23. See Tallinn Manual 2.0, commentary to rule 92, para 17.
  24. Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020), commentary to rule 45, para 2a.
  25. ICRC Commentary on the APs, para 1890.
  26. ICRC, International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper (November 2019) 5.
  27. ICRC Customary IHL Study, Rule 15; AP 1, Article 57(1).
  28. ICRC Commentary on the Additional Protocols, cited in footnote 249 above, p. 680, para. 2191, p. 617, para. 1936, and p. 600, para. 1875.
  29. Tallinn Manual 2.0, cited in footnote 263 above, p. 477, para. 5.
  30. International Law Association Study Group on the Conduct of Hostilities in the 21st Century, “The conduct of hostilities and international humanitarian law: Challenges of 21st century warfare”, International Law Studies, U.S. Naval War College, Vol. 93, No. 322, 2017, (ILA Study Group Report), 381.
  31. Additional Protocol I, Article 57 and 58; See also ICRC Customary IHL Study, Rules 15, 16, 17, 18, 19 and 20, 22, 23, 24 and 97.
  32. ICRC EWIPA Report, p 103.
  33. Compare Article 57(2)(a)(i)–(ii) with Article 57(2)(c) Additional Protocol I.
  34. Théo Boutruche, “Expert Opinion on the Meaning and Scope of Feasible Precautions under International Humanitarian Law and Related Assessment of the Conduct of the Parties to the Gaza Conflict in the Context of the Operation ‘Protective Edge’”, Expert Opinion commissioned by Diakonia, 2015, p 17.
  35. id, pp 15 – 16.
  36. See Protocol II to the CCW (1980), Article 3(4); Protocol III to the CCW (1980), Article. 1(5); Amended Protocol II to the CCW (1996), Article 3(10); J-M. Henckaerts and L. Doswald-Beck (eds), Customary International Humanitarian Law, Volume I: Rules (2005), Rule 15; ICRC, Explosive Weapons with Wide Area Effects: A Deadly Choice in Populated Areas (2022), p 104.
  37. Marco Sassòli and Anne Quintin, “Active and Passive Precautions in Air and Missile Warfare”, Israel Yearbook on Human Rights, Vol. 44, 2014, p 87.
  38. ICRC, International humanitarian law and the challenges of contemporary armed conflicts (2015), p 43; see also ICRC, Avoiding Civilian Harm from Military Cyber Operations during Armed Conflicts (2021).
  39. Additional Protocol I, art. 58; see also ICRC Customary IHL Study, Rules 22, 23-24.
  40. Under customary IHL, the second and third rules are “arguably” applicable in non-international armed conflicts. See Henckaerts/Doswald-Beck, commentary on Rules 23 and 24, pp 71 and 74.
  41. Commentary of Additional Protocol I, para. 2239.
  42. Dieter Fleck (ed.), The Handbook of International Humanitarian Law, OUP 2021, s 8.08.
  43. Eric Jensen, “Precautions against the effects of attacks in urban areas”, International Review of the Red Cross, Vol. 98 (1), 2016, pp 164 – 165.
  44. ICRC, Avoiding Civilian Harm from Military Cyber Operations during Armed Conflicts, 2021; Jonathan Horowitz, “Cyber Operations under International Humanitarian Law: Perspectives from the ICRC”, American Society of International Law Insights, Vol. 24:11, 2020.
  45. Article 52(1) Additional Protocol I; ICRC CIHL Study, rule 6.
  46. Additional Protocol I, art. 52(2).
  47. Both these avenues require further inquiry.
  48. Commentary of Additional Protocol I, para. 2257.
  49. van Benthem, “The redirection of attacks by defending forces”, International Review of the Red Cross, Vol. 102 (914), 2021, p. 880.
  50. van Benthem, “The redirection of attacks by defending forces”, International Review of the Red Cross, Vol. 102 (914), 2021.
  51. See UN Doc. CCW/GGE.1/2018/3 (23 October 2018), para. 21(e).
  52. See Tallinn Manual 2.0, commentary to rule 115, para 4.
  53. See with regard to autonomous weapons Rain Liivoja, Maarja Naagel and Ann Väljataga, ‘Autonomous Cyber Capabilities under International Law’, CCDCOE (2019), p. 6.
  54. See ICRC, Avoiding civilian harm from military cyber operations during armed conflicts, 2020, pp. 25 – 27.
  55. 55.0 55.1 55.2 William H. Boothby, The Law of Targeting (OUP 2012), 178.
  56. Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020), commentary to rule 45, para 3.
  57. This scenario does not discuss a possible violation of art. 52 of Additional Protocol I.
  58. William H. Boothby, The Law of Targeting (OUP 2012), 177.
  59. See Tallinn Manual 2.0, commentary to rule 99, para 5.
  60. See Ilias Plakokefalos, ‘Causation in the Law of State Responsibility and the Problem of Overdetermination’ (2015) 26 European Journal of International Law 471, 473.
  61. See Ingeborg Puppe and Richard W. Wright, ‘Causation in the Law: Philosophy, Doctrine and Practice’, in Marta Infantino and Eleni Zervogianni (eds), Causation in European Tort Law (CUP 2017), 17, 35.
  62. See UK Manual, para 5.32.1 (‘effects’); Tallinn Manual 2.0, commentary to rule 114, para 4; William H. Boothby, The Law of Targeting (OUP 2012), 136.
  63. See, eg, United Nations Human Rights Council, The promotion, protection and enjoyment of human rights on the Internet, Resolution A/HRC/RES/32/13 (1 July 2016), para 1.
  64. UN Human Rights Committee, General Comment No. 36, ‘Article 6: Right to Life’, UN Doc. CCPR/C/GC/36, 30 October 2018, para 7.
  65. UN Human Rights Committee, General Comment No. 36, ‘Article 6: Right to Life’, UN Doc. CCPR/C/GC/36, 30 October 2018, para 7.
  66. UN Human Rights Committee, General Comment No. 36, ‘Article 6: Right to Life’, UN Doc. CCPR/C/GC/36, 30 October 2018, para 7.
  67. UN Human Rights Committee, General Comment No. 36, ‘Article 6: Right to Life’, UN Doc. CCPR/C/GC/36, 30 October 2018, para 64.

Bibliography and further reading[edit | edit source]

  • William H. Boothby, The Law of Targeting (OUP 2012).
  • Théo Boutruche, “Expert Opinion on the Meaning and Scope of Feasible Precautions under International Humanitarian Law and Related Assessment of the Conduct of the Parties to the Gaza Conflict in the Context of the Operation ‘Protective Edge’”, Expert Opinion commissioned by Diakonia, 2015.
  • Yoram Dinstein and Arne Willy Dahl, Oslo Manual on Select Topics of the Law of Armed Conflict (Springer 2020).
  • Dieter Fleck (ed.), The Handbook of International Humanitarian Law, OUP 2021.
  • Adil Ahmad Haque, The “Shift Cold” Military Tactic: Finding Room Under International Law, Just Security, 20 February 2018.
  • Jonathan Horowitz, “Cyber Operations under International Humanitarian Law: Perspectives from the ICRC”, American Society of International Law Insights, Vol. 24:11, 2020.
  • Eric Jensen, “Precautions against the effects of attacks in urban areas”, International Review of the Red Cross, Vol. 98 (1), 2016.
  • Ilias Plakokefalos, ‘Causation in the Law of State Responsibility and the Problem of Overdetermination’ (2015) 26 European Journal of International Law 471.
  • Ingeborg Puppe and Richard W. Wright, ‘Causation in the Law: Philosophy, Doctrine and Practice’, in Marta Infantino and Eleni Zervogianni (eds), Causation in European Tort Law (CUP 2017).
  • Yves Sandoz, Christophe Swinarski and Bruno Zimmermann (eds), Commentary on the Additional Protocols, ICRC, Geneva.
  • Marco Sassòli and Anne Quintin, “Active and Passive Precautions in Air and Missile Warfare”, Israel Yearbook on Human Rights, Vol. 44, 2014.
  • van Benthem, “The redirection of attacks by defending forces”, International Review of the Red Cross, Vol. 102 (914), 2021.

Contributions[edit | edit source]

Authors’ note[edit | edit source]

While the capacities to hack into missiles and redirect them in flight or to initiate a contestation of control may seem a marginal concern under current operational realities, there are good reasons to carefully investigate this question. First, capacities for redirection already exist in the context of shift cold tactics, and the timeframe for redirection, both from the attacking party and from other actors, is likely to increase with the deployment of semi-autonomous and autonomous weapons. And second, this discussion raises important questions and exposes normative tensions that can help clarify the scope and interactions of some of the foundational rules of IHL.

Previous: Scenario 26: Export licensing of intrusion tools