The toolkit of statecraft has many an item in it; war and its related concepts are but one tool in that. Over the centuries, the international law related to war has been divided into two distinct spheres: jus ad bellum (law of war) and jus in bello (law in war). The former deals with the justifications or reasons leading to war while the latter deals with the conduct of war. The practice of the two spheres is not as neat as the distinction. To this confusion of practice, we must add the emerging concept of the fifth-dimension warfare. The fifth-dimension warfare has many related concepts like information warfare, irregular warfare, cyber warfare, grey war, etc. ‘Fifth-dimension warfare’ is preferred by the United States military. It sounds more convincing for the following reasons:
First, the ‘fifth-dimension warfare’ is conceptually more distinct than its related concepts: it clearly distinguishes itself from the first-dimension warfare (the land), the second-dimension warfare (the sea), the third-dimension warfare (the air) and the fourth-dimension warfare (the space).
Secondly, its dimensional description notionally separates it from domestic and national laws.
Thirdly, the US predominately uses the fifth-dimension warfare in its policy documents, but many other jurisdictions opt for using the term cyber warfare. In deference to the international practice, the term ‘cyber warfare’ will be used in this write-up.
Building on the concept of cyber warfare and US military’s circumlocution of ‘the fifth-dimension warfare’, it will now be appropriate to elucidate the six threshold questions that have been central to policy debates on the subject:
1. The first question that has been persistently asked is the definition of ‘cyber warfare’.
2. Whether the extant international law related to armed conflicts in form of jus ad bellum and jus in bello is applicable to the cyber warfare?
3. Does a cyber attack qualify to be treated as ‘force’ in terms of article 4(2) of the UN Charter that regulates the use or threat to use of force?
4. In its interstate form, is a cyber attack an international armed conflict?
5. In its intrastate or, in state vs. non-state form, is the cyberattack a non-international armed conflict?
6. What is the scope of state responsibility in cyber warfare?
With no straight answers to these questions, the threshold questions have excited debate amongst the academics as well as the policymakers.
A. The US Response
Researchers who regularly study the relationship between the international law and cyber warfare cite speech made by Harold Koh, Legal Advisor to the US State Department, at the United States Cyber Command’s (USCYBERCOM) Inter-Agency Legal Conference which was held on 18th September 2012 as an example of the US position on the subject. Salient features of his speech, ergo the US position, are:
i. The established principles of international law apply to cyberspace. Note, he referred to ‘cyberspace’ and not cyber warfare, per se;
ii. The established regimes of jus ad bellum and jus in bello apply to cyber action;
iii. Cyber activities ‘that proximately result in death, injury or significant destruction would likely be viewed as a use of force’ in terms of Article 2(4) of the UN Charter that regulates the use of force in the international system. He specifically mentioned three examples of cyber action qualifying as use of force:
a. operations that trigger a nuclear plant meltdown;
b. operations that disable air traffic control, resulting in aeroplane crashes;
c. operations that open a dam above a populated area causing destruction.
iv. The right to self-defence under Article 51 of the UN Charter can be ‘triggered by computer network activities that amount to an armed attack or imminent threat thereof’. He also mentioned the US International Strategy for Cyberspace (2011) wherein the position has been institutionalized within the US military doctrine;
v. The principles of necessity and proportionality as codified in the international humanitarian law (jus in bello) will apply to means and methods of cyber warfare. He further added that there was no requirement within the law to respond cyber action with cyber action; thus, implying that the cyber action can be retaliated by non-cyber action;
vi. The principle of distinction that is codified in the international humanitarian law will be applicable in cyber warfare. The combating parties will be under an obligation to distinguish between the military and non-military objectives;
vii. States should regularly assess their cyber weapons on the touchstone of ‘inherent indiscrimination’. He shared that the US applies a two-stage review. First, at the time of induction of new weapons, and second, at specific operations.
vii. The physical infrastructure that supports internet is located in the sovereign territory; therefore, the territorial jurisdiction has to be considered in cyber warfare. The states, thus, cannot be absolved of their responsibility in preventing cyber attacks;
B. The NATO Response
NATO’s response came in the form of the Tallinn Manual. NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), with the help of nineteen international lawyers, tried to consolidate a manual that it styled as the Tallinn Manual. Its first version (Tallinn Manual 1.0) came in 2013 and its latest version (Tallinn Manual 2.0) was published in 2017. The Tallinn Manual is non-binding and is a product of three years of academic work done by noted international lawyers. The lead expert was Michael Schmitt from the University of Exeter, the United Kingdom. Quintessentially, the Tallinn Manual has found itself in agreement with the US response. The scope of the Manual and its treatment of sub-force level cyber attacks under international law were questioned by some authors, but its overall impact and the way it stated the international cyber warfare law has been appreciated by all.
Pakistan and Cyber Warfare
Depending on the technological prowess of states, asymmetric power equations may be bridged by the use of cyber warfare capabilities. On the pattern of the United States, Pakistan might need a fifth-dimension warfare setup under the joint command of the armed forces. In this regard, the international law perspective may inform the policymakers in their decisions, and they may be able to integrate cyber warfare in their spectrum of capabilities.