Читать книгу Russian Cyber Operations - Scott Jasper - Страница 15

No clear legal definition exists for when exactly a cyberattack would constitute an act of war.⁵ US Code defines the term act of war to mean “any act occurring in the course of (A) declared war; (B) armed conflict, whether or not war has been declared, between two or more nations; or (C) armed conflict between military forces of any origin.”⁶ The term armed conflict infers an armed exchange. A more informal interpretation for an act of war is “a hostile interaction between two or more states.”⁷ The challenge is defining what cyber operations could prompt an initiation of armed conflict or a political declaration of war. In the physical domains, the answer might be more obvious. Take, for instance, the devastating attack on the American fleet at Pearl Harbor in 1941 that resulted in the US declaration of war against Japan.⁸ While metrics exist for what counts as a physical act of war, they do not exist for a cyber act of war.⁹

In May 2016, Sen. Mike Rounds introduced the Cyber Act of War Act of 2016, which is a bill “to require the President to develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.”¹⁰ A few months later, in September 2016, Marcel Lettre, undersecretary of defense for intelligence, declared at a Senate hearing that cyberattacks which “proximately result in a significant loss of life, injury, destruction of critical infrastructure, or serious economic impact should be closely assessed as to whether or not they would be considered an unlawful attack or an act of war.”¹¹ His statement affirms the reality that an assessment of what amounts to an act of war is “more a political judgement than a military or legal one.”¹² Professor Michael Schmitt and Liis Vihul, the chief executive officer of Cyber Law International, state that war is a “historical term that no longer enjoys the normative meaning associated with it for centuries, when the fact that states were ‘at war’ or had engaged in ‘an act of war’ meant that certain bodies of law, such as the law of war and neutrality law, applied.”¹³ Instead, “the traditional understanding of war has fallen into desuetude, replaced by a complex admixture of legal concepts.”¹⁴

After World War II, a normative scheme in the form of the Charter of the United Nations (UN) was crafted by the international community. The charter, combined with customary international law norms, dictates how and when states may employ force.¹⁵ The rules applicable during warfare were also reexamined by the international community, which abandoned the need for a declaration of war as the threshold for the application of the law of war.¹⁶ Instead, this body of law was relabeled the “law of armed conflict,” commonly referred to as “international humanitarian law,” which applies whenever armed conflict occurs. The United States has interpreted “armed conflict” according to Common Article 2 of the 1949 Geneva Convention to include “any situation in which there is hostile action between the armed forces of two parties, regardless of the duration, intensity or scope of the fighting.”¹⁷ Therefore, by these standards, “the concept of armed conflict implies forceful acts at whatever level.”¹⁸ For cyber operations to satisfy the armed criteria of armed conflict, they would have to result in injury or death of persons or damage or destruction of property. A host of legal regimes provide the basis for the further interpretation of how international law is applicable to cyber operations.