A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of these articles raised alarm in the general public and identified a need for military thought on the future of kinetic and cyber warfare, and the convergence of these types of warfare.

Lost in these recent media pieces are thoughts on the rules of warfare, called the “Law of War,” and the application of these laws to cyber warfare. Given recent attacks, specifically in Ukraine allegedly conducted by Advanced Persistent Threat (APT) group 28 (known as Fancy Bear, Pawn Storm, Sandworm, Sednit, and Sofacy) and the as-of-yet-unknown actors who launched the malware known as Triss or Triton against civilian targets, the discussion of a “Cyber Law of War” is both timely and necessary.

The Cyber Law of War: What you need to know

Sanctioned and structured military operations conducted in accordance with international law have a rigorous approval structure and command authority. It’s certainly true some nations have a wider interpretation of the lawful use of force than others. However, it’s generally accepted that indiscriminate attacks on civilian, civilian infrastructure, places of worship, and locations of cultural or historical significance are to be avoided and respected when it comes to armed conflict between belligerent parties.

It becomes significantly problematic when belligerent parties exploit the above protected civilians and designated places. The 1899 and 1907 Hague Conventions created the primary body of work (with significant contributions and foundational work from the Oxford 1880 “Manual of Laws and Customs of War”) known as the Law of War. (Read more...)