Difference between revisions of "Scenario 10: Legal review of cyber weapons"
Jump to navigation Jump to search
, 2 years ago
→Legal analysis: model change for RAs
(→Legal analysis: model change for RAs)
There is no indication that the malware’s employment would cause any injury to persons, thus rendering inapplicable the rules on superfluous injury or unnecessary suffering. By contrast, the fact that the malware does not distinguish between civilian and military infrastructure in order to reach its intended target raises questions of its compatibility with the prohibition of inherently indiscriminate means of warfare.
A weapon is considered indiscriminate by nature if it either cannot be directed at a specific military objective,<ref>Art 51(4)(b)
However, with respect to the second condition, it is clear that the effects of the malware are not limited solely to the intended military objective and, moreover, that these effects are not wholly under State A’s control. Once released, the malware can spread through civilian infrastructure and can be expected to temporarily impair the ordinary use of infected civilian host systems. Accordingly, State A must assess whether the safeguards built in the malware are sufficient to prevent reverberating harmful effects going beyond the control of the attacker.<ref>Cf. Tallinn Manual 2.0, commentary to rule 105, para. 4 (noting that malware that would inevitably and harmfully spread into civilian networks in a manner beyond the control of the attacker would violate this prohibition).</ref>