I truly believe that the era of armed conflict is mostly over. The future wars will all be fought in cyberspace.
Cyber warfare (such as the recent attack on the Iranian nuclear facilities, with the Stuxnet Worm) is highly effective, and can cripple the enemy, without bloodshed and harm to civilians.
So, are there any rules for cyber warfare? The US Airforce has a new directorate for cyberwar-have they come up with any ground rules as to how such a conflict should be managed?
For example, suppose we were to launch a cyber attack on China, and we had discovered that the Chinese power grid was under computer control-would it be ethical to cause power surges on their grid-which would knock out substations and put cities in darkness? If a hospital lost power, innocent people could be harmed.
Has anyone proposed a “Geneva Convention” to regulate this new form of war?
The purpose of the Geneva Conventions are to distinguish between persons who are valid targets of combat and those that are *hors de combat *- the wounded, the shipwrecked, prisoners of war, and noncombatant civilians.
It doesn’t “regulate” war in any other way.
How would you have a Geneva Convention for cyberwar? Hold PS3s as being hors de combat?
Is a city’s phone network a legitimate target? How about bank records, or hospital mainframes? It’s an interesting question.
Its been said before, reference zepplins, poison gas, and heavy bombers, and probably a few that I am missing, none of these stopped conventional wars from occuring.
Stux was a limited strike against a target that had known venerabliites, had the Iranians been a bit more vigilant, the attack might have fissiled out.
Cyber warfare has a limited value, as each attack is launched, the vector becomes known and defenses are errected, it would entail a soft war/ hard war one two punch, with jdam strikes against nodes, and denial of service attacks, the ROE would be decided before hand as to what collateral damage is acceptable.
Hospitals by nature are already covered under most rules of engagement, no one is going to shell, bomb or otherwise direct attacks on a marked building serving as a hospital, that being said, a stick of bombs dropped several miles away on a power station, may cause the same level of power outages, the same with cities in general.
Its just a softer way of doing whats going to happen anyways.
I dont see it happening anytime soon. I doubt that any country is that electronically centralized to be crippled by essentially nuisance tactics.
Declan
The phone networks are very much a legit target, at least make the bastards work for it when your tanks are advancing down their streets, while they call in arty with AT&T and walk it right up to your merkerva.
Declan
(Disclaimer: I don’t know much about this topic)
Aren’t there Geneva Convention prohibitions on blinding weapons, certain landmines, and such that apply to both armed forces and civilians alike? (like this site discusses?)
More importantly, what happened to “All’s fair in love and war”?
Are there going to be agreements between countries? I wouldn’t doubt it. Is every country in the world going to sign on? I doubt it. Is somebody eventually going to breach that agreement? You betcha.
How could any sort of war regulation be expected to be kept by any except those who are subject to the policing actions of stronger countries/alliances?
ETA: I guess what I’m asking is, even if there were cyber-Geneva Conventions, how could they be any more than a feel-good measure and/or a way to bully weaker countries?
My understanding is that the Geneva Convention, as others have stated, is about distinguishing combatants from non-combatants, and limiting certain types of weapons that essentially place an undue burden on a country after the war is over in terms of care of its population (both combatant and non-combatant).
To answer the OP though, I would effectively say “no” to such a convention for a number of reasons:
-
The nature of cyber warfare is such that it may be waged by a small faction within a country outside the normal chain of command. Do you hold the country accountable for this, when even a developed country like our own experiences internal cyber attacks on a regular basis we have minimal ability to control?
-
A lot of the ‘unacceptable’ damage to a civilian population caused by a cyber attack that this Geneva Convention would address would be the fault of the country attacked, rather than the attacker, based on how they set up their infrastructure. In other words, if India attacks us, we have enough redundant infrastructure that it’s not a problem, and even if the power grid is successfully taken down, our hospitals have generators. If we attack India in the exact same way with the same kind of attack, my guess is that it would have a far more devastating effect. According to the Convention, we would likely be liable for war crimes and reparations simply because the enemy chose to have poor cyber defenses. I assume this is the cyber equivalent of a country crying foul when they place guns and missiles on top of an orphanage or mosque, then point to the bombed out facility later as being a target in violation of the Geneva Convention.
-
Similar to #2, the cascading nature of cyber attack makes the level of damage it will cause somewhat unpredictable, and may ultimately end up pulling in not only innocent civilians within the country, but outside as well. Imagine if I’m at war with Switzerland (that wacky neutrality was going to get them attacked eventually
). Now I attack their banking system and manage to wipe out all their bank records. How many non-Swiss citizens and companies worldwide are affected by that? -
Do you necessarily know who attacked you in violation of this new Geneva Convention? The nature of the cyber attack may not leave a lot of traceable evidence as to who caused what damage. What if a coalition force attacks a random country in the Middle East, with each player doing their own cyber attack. In the meantime, a small group of Russian hackers not part of the coalition decide that in all the chaos, they can use this as a cover to steal civilian documents, bank accounts, etc. Is the fact that this information was stolen after the fact in violation of the new Geneva Convention going to traceable back to these guys if they covered their tracks? It’s not like you can point to your bombed out orphanage and the unexploded artillery shell that says “Made in the USA” as proof of who attacked you.