Cyber Warfare And State Responsibility – OpEd

By Almas Shaikh

In 1982, a CIA sponsored logic bomb planted in software, was responsible for the most monumental non-nuclear explosion and fire in Siberia, by exploding a Soviet gas pipeline.[1]

In 2010, the Stuxnet worm was discovered. It was a highly sophisticated cyber weapon which would specifically target the nuclear facilities in Iran by exploiting flaws in Microsoft Windows.

These are only a few of the instances which show that such espionage is on the rise. These crimes challenge the sovereign authorities of the state. Furthermore, the anonymity of such attacks makes it difficult to place State Responsibility.

State responsibility is a fundamental principle of international law, arising out of the nature of the international legal system and the doctrines of state sovereignty and equality of states. It provides that whenever one state commits an internationally unlawful act against another state, international responsibility is established between the two. A breach of an international obligation gives rise to a requirement for reparation.[2]

The essential characteristics of responsibility hinge upon certain basic factors: first, the existence of an international legal obligation in force as between two particular states; secondly, that there has occurred an act or omission which violates that obligation and which is imputable to the state responsible, and finally, that loss or damage has resulted from the unlawful act or omission.[3]

These characteristics have been outlined in many leading cases which claimed that “responsibility is the necessary corollary of a right. All rights of an international character involve international responsibility. Responsibility results in the duty to make reparation if the obligation in question is not met.” [4]

But, this idea of State Responsibility is fast changing, especially considering the increasing usage of internet for causing trouble across State borders. The problem is further aggravated by the speed with which these acts could be perpetrated through the internet and the anonymity that is granted to the perpetrators.

Estonia was victim to a cyber attack in 2008. It was a massive denial-of-service attack which resulted in the country going offline for three weeks. During this period, all services which depended on Internet connectivity was shut down. This meant that basic amenities such as internet banking, access to health care information etc. were denied to the people.[5]

Another example for the same could be when the Ukrainian President’s website was attacked by hackers in 2007. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility.[6] In 1999, the NATO computers were attacked and flooded with email as the hackers were protesting the NATO bombings of the Chinese embassy in Belgrade.[7]

Thus, it is conspicuous, that these attacks can be strategically used to create havoc and mess with the running of the Government. Most of these acts are carried out by non-state actors, while only some are carried out by State actors. But there is next to no literature to deal with such attacks on an international level. The science of tracing such attacks to the person responsible is primitive at best.[8] Furthermore, International Law has thus far been ill equipped to deal with the emergence of the new cyber warfare being sponsored by an increasing number of cyber powers.[9] Hence the burden of proof analysis, which is necessary is difficult to come by.

There is a growing necessity to address the problem due to the lack of resources that have been developed to deal with such an attack. In the era where internet usage has become a necessity and a way of life for most, the access to one for anyone has become extremely easy. In such a situation the State, individually and in collaboration with others must take a step towards protecting the cyberspace. State practice usually holds that some level of cyberattack is lawful under International law, particularly in the case of cyber espionage.[10]

To combat these problems, first of all, some clarifying distinction needs to be made. The attacks which have a low potential for the loss of human life must be distinguished from other attacks, and in the former case, greater flexibility must be given to the States to launch and respond to cyberattacks.[11] Another method, which is more viable politically is applying the telecommunications exception. This would assuage many of the concerns that neutral states have about policing their networks. Thirdly, the framework given in UNSCR 1373 could be put to use. This Resolution requires the State to reign in terrorist financing.[12] A more direct approach would be to raise cyber militias not unlike the ones done by Estonia, and closer home, even China.

These are but a few solutions to this problem. Cyber warfare/ Cyberattacks is a relatively new area which is increasingly being abused. Both municipal and the International law have to take immediate and separate measures to prevent any large scale destruction, as these attacks would not cross the armed attack threshold.

[1] Cyberwar: War in the Fifth Domain, ECONOMIST, July 3, 2010, at 25.
[2] Malcolm N. Shaw, International Law, (Cambridge University Press, 6th edition, 2008).
[3] Ibid.
[4] Spanish Zone of Morocco Claims, 2 RIAA, p. 615 (1923); 2 AD, p. 157.
[5] Maryann Cusimano Love, Beyond Sovereignty: Issues for a Global Agenda. Wadsworth, Cengage Learning (2011).
[6] Available at: http://news.kievukraine.info/2007/10/russian-nationalists-claim.html.
[7] Available at: http://www.cnn.com/TECH/computing/9905/10/hack.attack/.
[8] Scott J. Shackleford, State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem, Conference on Cyber Conflict Proceedings 2010 C. Czosseck and K. Podins (Eds.) CCD COE Publications, 2010, Tallinn, Estonia.
[9] Scott J. Shackleford & Richard B. Andres, State Responsibility for Cyber Attacks, Georgetown Journal of International Law, 2011.
[10] Brian T. O’ Donnell & James C. Kraska, Humanitarian Law: Developing International Rules for the Digital Battlefield, 8 J. Conflict & Security L. 133, 140 (2003).
[11] Jeffrey T. G. Kelsey, Hacking into International Humanitarian Law: The Principles of Distinction and Neutrality in the Age of Cyber Warfare, 106 Mich. L. Rec. 1427 (2008).
[12] Supra n. 9.