Regulating the Use and Conduct of Cyber Operations through International Law: Challenges and Fact-finding Body Proposal
| Author | Zhifeng Jiang |
| Pages | 59-88 |
2020 LSE LAW REVIEW
59
Regulating the Use and Conduct of Cyber Operations
through International Law: Challenges and Fact-finding
Body Proposal
Jiang Zhifeng*
ABSTRACT
Although cyber oper ations present an emerging threat to international peace and security, there
is a lack of interstate agreement on the international regulation of cyber operations. One
prevailing response is to theoretically extend existing international law to the cyber domain. This
paper, however, challenges this existing response. It argues that international law is theoretically
limited in regulating the use and conduct of cyber operations. With regards to use, there are limits
to prohibiting cyber operations as internationally wrongful acts of a state. Three internationally
wrongful acts are examined. These are prohibited “use of force”, as well as violations of the non-
intervention and self-determination principles. With respect to conduct, there are limits to
constraining the destructive effects of cyber operations through International Humanitarian Law
(IHL). The character of cyber warfare and the nature of societ ies in which cyber warfare is
conducted pose unique challenges to the applicability and effectiveness of IHL provisions. In order
to address the limitations faced by international law in regulating the use and conduct of cyber
operations, this paper concludes by proposing an independent fact-finding body.
* LLB (NUS), BA (Yale-NUS). The author would like to than k Assistant Professor
Rohan Mukherjee for his guidance and insightful comments, as well as Adjunct Associate
Professor Gérardine Goh Escolar for her helpful feedba ck. Any errors and omissions
remain the author’s own. The author can be contacted at jiangzhifeng@u.yale-nus.edu.sg.
Regulating the Use and Conduct of Cyber Operations
Vol. 5
60
INTRODUCTION
The threat of mutually assured destruction posed by nuclear weapons has
constrained and deterred the blatant use of conventional weapons in interstate
disputes between major powers. Cyber operations thus offer an attractive strategic
alternative of imposing costs on states while avoiding full-blown conventional
warfare. For th is reason, cyber operations are also particularly attractive tools in
asymmetric conflicts. Cyber operations refer to the “employment of cyber
capabilities to achieve objectives in or through cyberspace.”
1
Such objectives
include physical damage, as well as economic and political disruption. This paper
will analyse two types of cyber operations: Those used to inflict physical damage
such as civilian causalities and infrastructural damage and those that inflict non-
physical damage, namely economic and political disruption.
The capacity to cause damage both within and outside of cyberspace has led
to the characterization of cyberspace as the fifth domain of war. In contrast to
the air, land, sea, and space domains of warfare, cyberspace is arguably more
anarchical due to the current dearth of international laws governing cyberspace.
Regulatory responses to cyber operations conducted within and through
cyberspace have largely revolved around the use of national laws. National laws
are insufficient. This is because the cyber domain faces a security dilemma, a
situation where “the means by which a state tries to increase its security decrease
the security of others.”
2
A state’s efforts to increase its cyber security through the
creation of more sophisticated cyber defensive a nd offensive weapons can cause
states to subjectively feel vulnerable, thereby leading to continuous build-up of cyber
weaponry. This is attributable to how states “act in terms of the vulnerability they
feel, which can differ from the actual situation”
3
and that “states are uncertain
about their adversaries’ motives, lacking confidence that others are pure security
seekers”.
4
This security dilemma faced by states is more acute in cyberspace.
Cyber operatio ns ar e of fense-dominant, i n that they are strategically
advantageous, financially cheaper, and technically easier to attack first than to
1
Michael N Schmitt, Tallinn Manual 2.0 On The International Law Applicable To Cyber
Operations (Cambridge University Press 2017) 564.
2
Robert Jervis, ‘Cooperation Under The Security Dilemma’ (1978) 30 World Politics 169.
3
ibid 174.
4
Charles L Glaser, ‘The Security Dilemma Revisited’ (1997) 50 World Politics 195.
To continue reading
Request your trial