Conduct of hostilities

From International cyber law: interactive toolkit
Jump to navigation Jump to search

National positions[edit | edit source]

Costa Rica (2023)[edit | edit source]

"44. Costa Rica agrees with the global consensus on the significance and applicability of the established international legal principles of IHL, which include the principles of humanity, necessity, distinction, and proportionality.

45. The principles of humanity and military necessity underlie and inform the entire normative framework of IHL. All rules of IHL reflect a careful balance between these two principles, which in turn inform the interpretation of these rules. The two principles also impose limits beyond specific rules, including in the ICT environment. In Costa Rica’s view, this means that even if a cyber operation during an armed conflict is not specifically prohibited by a rule of IHL, to be lawful it must nonetheless comply with the principles of military necessity and humanity."[1]

France (2019)[edit | edit source]

"The use of a cyber weapon in an armed conflict situation obeys the principles governing the conduct of hostilities. A cyber weapon, which is governed by IHL, may be used in combination with conventional military resources or in isolation. In support of conventional means, it produces the same intelligence, neutralisation and deception effects as those conventional means, which have long been subject to the targeting procedures used by the French armed forces in compliance with IHL.

The specific nature and complexity of offensive cyber warfare resources demand risk control arrangements just as robust as those applied to conventional operations, taking into account the inherent features of the conduct of operations in cyberspace. In practice, the risks linked to the use of a cyber weapon, especially the immediacy of the action, the duality of targets and the hyperconnectivity of networks, demand a specific digital targeting process spanning all phases of the cyberoperation in order to ensure compliance with the principles of distinction, precaution and proportionality, inter alia in order to minimise potential civilian damage and loss of life. The process involves long and specific planning carried out in close coordination with the planning of operations in the physical sphere."[2]

Israel (2020)[edit | edit source]

"One of the key issues, in the conduct of hostilities in particular, is how to define “attacks,” and in which circumstances cyber operations amount to attacks under LOAC. The concept of attack is central to targeting operations and only acts amounting to attacks are subject to the “targeting rules” relating to distinction, precautions, and proportionality.


Finally, the fact that a cyber operation is not an attack does not mean that no legal limitations apply thereto. Indeed, there are general obligations in LOAC that apply to all military operations regardless of being attacks or not. Central among those is the requirement to consider the danger posed to the civilian population in the conduct of military operations. It is widely accepted today that parties to conflicts cannot blatantly disregard such harmful effects to the civilian population in their military operations. But there are also more specific protections that may apply to actions other than attacks. For example, cyber operations affecting medical units are regulated and limited, inter alia, by the LOAC obligation to respect and protect medical units, which applies regardless of whether the act constitutes an attack or not."[3]

Netherlands (2019)[edit | edit source]

"IHL also lays down specific rules regarding attacks aimed at persons or objects, which apply equally to cyber operations carried out as part of an armed conflict. When planning and carrying out such operations, states must act in accordance with, for example, the principles of distinction and proportionality, as well as the obligation to take precautionary measures."[4]

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

Bibliography and further reading[edit | edit source]