During a recent speech to university students, Iran’s Supreme Leader Ayatollah Khamenei urged the country’s students to prepare for cyberwar, the semi-official Mehr News Agency reported last Wednesday. Calling the students “cyberwar agents” he reminded them of their special role in this particular kind of war and that Tehran is prepared for a cyber battle against the United States and Israel.
Ayatollah Khamenei’s remarks are believed to be a response to Israel’s Major General Aviv Kochavi, who went on record as saying, “cyber, in my modest opinion, will soon be revealed to be the biggest revolution in warfare, more than gunpowder and the utilization of air power in the last century.” These remarks are a powerful reminder of the uncertainty of future international cyberwarfare and how unregulated it is.
Over the past decade, the United States and Iran have changed the definition of traditional warfare giving the international community a glimpse into what future wars will look like. In the past decade, both countries have extensively built up their cyber arsenals launching sophisticated assaults on each other’s computer networks, banks and sensitive infrastructure. It could be argued that the United States has been more successful but Iran is catching up. It is clear that when these cyberattacks do grow in escalation they may potentially have a serious humanitarian impact. Yet, international law has not been absent in addressing the cyberwar domain. For many, cyberwar and cybersecurity is seen as still the ‘stuff’ you see in summer blockbusters and not for what it really is: serious, perplexing and scary.
Michael Schmitt, a professor at the U.S. Naval War College, when asked in an interview with the CBC what international laws governs cyberwarfare, “The answer is there’s nothing and there’s everything.” However, he stressed, “If you’re looking for cyber specific law, a law that says ‘a cyberattack that causes these consequences in an armed attack to which you can respond,’ you will find nothing,” he said. “But it was our unanimous consensus among the group of experts that the existing international law applies to cyberspace and to cyberweapons.”
This has left the international community vulnerable to a kind of cyber wild west. Since everything is interconnected - the key challenge is to ensure that any cyberattacks are directed against military objectives and that ordinary civilians along with civilian infrastructure is protected. Governments have an important responsibility in being extremely cautious in cyberwarfare. But why hasn’t the international community implemented official legal structures on the conduct or justification of cyberwarfare? And what can world citizens do to deter the threat of cyberwarfare?
One of the main challenges in international cybersecurity is that there is still not a widely agreed upon set of definitions on what cyberwarfare and its related dimensions are. Defining the terms and dimensions of cyberwarfare, such as cybercrime, cyberterrorism, and cyberattacks is important in deterring cyberthreats. Until recently there have been two major state-led efforts to define the scope and range of cyberwarfare, one by the United States and the other by the Shanghai Cooperation Organization. Unsurprisingly, not only do their understandings and definitions differ but they both have tremendous ambiguity, overlap and coverage gaps.
While the US government mostly takes on an objective-based definition of cyberthreats, the Shanghai Cooperation Organization, on the other hand, adopts a more expansive means based definition of cyberwarfare to include the dissemination of information to undermine political, economic and spiritual stability in a country. The gap between these two major government-led understandings of cyberwarfare only adds to the threat and our global cyber-insecurity. Before cyberattacks escalate between countries or groups, world citizens must organize and urge their governments to sit down and specifically define the range and scope of cyberwarfare. This is vital as it will be these clear definitions and understanding that will guide how international law on cyberwarfare will proscribe its range and scope and justification by a state.
International law and cyberwarfare
The ambiguities of cyberwarfare are worrisome for ordinary people and governments alike. The existing law of war structure and framework- that includes, jus ad bellum and jus in bella, provides some limited guidelines for states seeking an answer to cyberwarfare. Some military experts reaffirm the law of war as a proper body of laws to address this issue. However, this code of laws fails to cover the entire range and scope of cyberwarfare activities. International legal frameworks such as the United Nations, Council of Europe, NATO, Organization of American States and the Shanghai Cooperation Organization have all provided inadequate efforts on definitions and legal structures.
All these international bodies have shown growing interest in cybersecurity and addressing issues pertaining to cyberwarfare. Yet they have failed in establishing an effective legal framework that can govern all cyberattacks. Once clear definitions are made, dialogue between states can lead to international cooperation on ratifying rigorous international laws and legal structures that can serve as a limit on cyber warfare.
Cyberwarfare and world safety
The first effort to combat this insecurity is to have the Geneva and Hague conventions apply clear principles related to cyber warfare. These principles and agreements on cyberwarfare, for example, must designate sensitive infrastructure such as nuclear energy plants, hospitals and electronic records such as university or medical records as red lines. Moreover, although international norms on cyberwarfare would be effective, the international community must also understand that any international laws implemented on cyberwarfare must be interpreted only in a cyber-context. States and international organizations must avoid merely interpreting the nature of the threat of cyberwarfare. Rather, the severity of the consequences of cyberattacks that can result in the loss of thousands of innocent lives and severe damage to civilian infrastructure must be emphasized.
We are in the early years of cyberwarfare and the US-Iran cyberwar is just one of many wars to come. It’s scary. It’s destabilizing. It’s no summer blockbuster and the threat can destroy the fabric of our world. Besides clarifying definitions and implementing international cyber laws, our only remaining choice is to urge our governments to sign cyberwar peace treaties. This won’t magically make this threat go away, but it will make our world safer.