Army chief General Bipin Rawat recently said at a seminar that soldiers should use smartphones and social media which can be leveraged for psychological warfare. Cyberwar is the potent new weapon but do any international laws exist on the issue?
~By Praful Bakshi
Last June, Pakistani hackers compromised a number of websites, including, ironically, the Defence Institute of Advanced Technology and the Army Institute of Management and Technology and National Aeronautics, among other sensitive sites. This was in response to Indian hackers breaching Pakistani websites. Just weeks later, reports surfaced of a massive leak which revealed secret details about India’s Scorpene submarine fleet. The design plans were leaked from the French manufacturer and involved over 22,000 pages of top-secret material.
The role of information in the realm of military affairs and related fields is now well known. From hand-held devices to computers and satellite network for 24×7 surveillance, cyber systems are the potent new weapon in a virtual battlefield. Cyberspace now dominates military espionage, sabotage, intelligence gathering and denial of all these to the adversary. In high-tech warfare, the application of cyber-related activities is across the board, involving battlefield support, satellite communication, radar control and breaching or sabotaging enemy communication networks. This now extends to counter terrorism and security of sensitive installations.
The world over, national doctrines have to be rewritten, keeping in mind cyberwars. China has been accused of cyber attacks on a number of private and public organisations in Russia, India, USA, Canada and France. Iran faced a cyber attack by USA and Israel, when its nuclear facility in Natanz was infiltrated by the cyberworm, Stuxnet, which destroyed 1,000 nuclear centrifuges, setting back Iran’s nuclear programme by two years.
India created a Computer Emergency Response Team (CERT-In) in 2004 to counter cyber attacks. When security breaches rose from 23 in 2013 to 13,300 a year later, the government created the National Critical Information Infrastructure Protection System to counter attacks against sensitive targets in energy, transport, banking, telecom, defence and space.
A 2017 study conducted by security solutions provider Symantec found that India ranked fourth in online security breaches. All major military fighting systems, offensive or defensive, are network-centric. These depend on a vast network of communication systems, radars, electric grids along with satellites and UAVs. The aim of cyber operations is to neutralise these systems through Network Centric Warfare, thus making traditional fighting systems totally ineffective.
Advanced nations are already preparing themselves for what is termed as “Hybrid Warfare,” where modern conventional warfare is amalgamated with irregular warfare and cyber warfare. This was done successfully by Hezbollah fighters against the Israeli forces during the 2006 Lebanon war where military operations were aided by hacking into Israeli communication systems and Israeli soldiers’ mobile phones.
A number of studies are being conducted to ascertain what role international organisations can collectively take to address cyberspace and cyber warfare. The only known treaty which can stand on legal grounds in parts of the world is the Convention on Cyber Crimes, drawn up by the Council of Europe, and also known as the Budapest Convention. The idea was to coordinate individual capacities and capabilities in the investigation of cyber crimes. Till now, 45 nations have signed and ratified the Convention. Non-European countries like USA and Israel have ratified the treaty, and the US also helped in drafting it.
The United Nations has been quite active as well. The UN General Assembly has approved a number of resolutions. The UN Resolution 64/211 deals with the protection of Critical Information Infrastructure (CII). The aim is to achieve closer cooperation between UN member states to create an organisation to investigate cyber attacks against the CII of a nation and initiate action against rogue countries. This has led to intense debate on whether humanitarian laws and principles can be applied to cyber warfare.
The Tallinn Manual (originally titled Tallinn Manual on the International Law Applicable to Cyber Warfare) is an academic, non-binding study on how international laws (in particular humanitarian law) apply to cyber conflicts and cyber warfare.
The Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of experts. It was the first effort to analyse this issue comprehensively and address some of the complex legal issues involved. The manual states:
- A cyber threat or use must hold itself on the scale of legality.
- A state which is targeted has a right to self-defence.
- The use of force must follow the rule of proportionality as mentioned in the laws of armed conflict.
- Though cyber warfare has opened new horizons and scenarios to an armed conflict, the umbrella of international humanitarian laws is also there for the service of humanity.
The humanity aspect is important since the Tallinn Manual tried to take a leaf from the Geneva Convention and other treaties governing conventional warfare. Cyberwar is a vastly different battlefield and any effort like the Tallinn Manual will clearly have limited impact or acceptance, especially as a deterrent. What the Manual does is show us the contours of an emerging scenario where governments are still struggling to come to terms with a war that has no borders and is conducted by an unseen enemy.
—The author is a defence and security analyst and former spokesperson for the defence ministry