Blind Justice? The Role of Distinction in Electronic Attacks
This chapter questions the direct applicability of the just war tradition’s principle of distinction to electronic attacks involving computer network exploitation (CNE). It offers three principle challenges to maintaining the norm of distinction in electronic attacks that are rooted in the impossibility of foreknowledge of the object of attack in a computer network. In lay terms, without significant inside assistance it is impossible for a hostile agent seeking to exploit a computer network from knowing the network’s architecture and role prior to conducting hostile exploitation of the network. Due to this lack of knowledge, it is impossible for the hostile agent to be certain that initial exploitation will be free of negative consequences. This draws attention to the understanding of hostile action in both CNE and computer network attacks (CNA). This impossibility of foreknowledge leads to three challenges in applying the principle of distinction to cyber attacks: the access problem – where if CNE is considered to be an attack, then our understanding of distinction collapses, the boundary problem – where it may be impossible for an agent to know the boundaries or couplings of the system that they are attacking, and the levels problem – where humans are held accountable for non-human agency inherent in the deployment of autonomous software programmes (‘viruses’, ‘malware’, etc). This chapter argues that these problems are surmountable, but not with an understanding of distinction that is directly transposed from human interactions.
KeywordsCyber security Ethics Just war theory International humanitarian law Distinction Computer network exploitation Surveillance
- Amini, P. 2008. Kraken Botnet Infiltration. DVLabs. http://dvlabs.tippingpoint.com/blog/2008/04/28/kraken-botnet-infiltration.
- BBC Online. 2015. Is cyber-warfare really that scary?. http://www.bbc.co.uk/news/world-32534923.
- Boothby, B. 2013. How will weapons reviews address the challenges posed by new technologies? Military Law & Law of War Review 52:37.Google Scholar
- Butler, J. 2009. Frames of war: When is life grievable? London: Verso.Google Scholar
- Coates, A.J. 2012. The ethics of war. Manchester: Manchester University Press.Google Scholar
- Cooke, E., F. Jahanian, and D. McPherson. 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX SRUTI workshop, vol. 39.Google Scholar
- Dandeker, C. 1990. Surveillance, power & modernity. Cambridge: Polity Press.Google Scholar
- Dittrich, D., F. Leder, and W. Tillmann. 2010. A case study in ethical decision making regarding remote mitigation of botnets. Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 6054, 216–230.Google Scholar
- Fisher, David. 2012. Morality and war: Can war be just in the twenty-first century? Oxford: Oxford University Press.Google Scholar
- Grayling, A.C. 2007. Among the dead cities: Is the targeting of civilians in war ever justified? London: Bloomsbury.Google Scholar
- Kabay, M.E. 2009. Computer security handbook, 5th ed. New York: Wiley.Google Scholar
- Kelsey, J.T. 2008. Hacking into international humanitarian law: The principles of distinction and neutrality in the age of cyber warfare. Michigan Law Review 106: 1427–1451.Google Scholar
- Korzak, E. 2011. Computer network attacks, self-defence and international law. In International law, security and ethics: Policy challenges in the post-9/11 world, ed. A. Hehir, N. Kurt, and A. Mumford, 147–163. New York: Routledge.Google Scholar
- Langner, R. 2013. To kill a centrifuge a technical analysis of what Stuxnet’s creators tried to achieve. The Langner Group, Arlington. Online at http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf.
- Lee, R.M., M.J. Assante, and T. Conway. 2014. ICS CP/PE (Cyber-to-Physical or Process Effects) case study paper – German steel mill cyber attack. SANS ICS. Online at https://ics.sans.org/media/ICS-CPPE-case-Study-2-German-Steelworks_Facility.pdf.
- Levine, A. 2012. Hacking by China not necessarily a “hostile act”. CNN. http://security.blogs.cnn.com/2012/02/14/hacking-by-china-not-necessarily-a-hostile-act/.
- Libicki, M.C. 2012. The specter of non-obvious warfare, 88–101. Fall: Strategic Studies Quarterly.Google Scholar
- Lubell, N. 2013. Lawful targets in cyber operations: Does the principle of distinction apply? International Law Studies 89: 252.Google Scholar
- Mavropoulou, E. 2015. Targeting in the cyber domain: Legal challenges arising from the application of the principle of distinction to cyber attacks. Journal of Law & Cyber Warfare 4: 23.Google Scholar
- Mazzetti, M., and D.E. Sanger. 2013. Security leader says U.S. would retaliate against cyberattacks. The New York Times.Google Scholar
- Purves, D., R. Jenkins, and B.J. Strawser. 2015. Autonomous machines, moral judgment, and acting for the right reasons. Ethical Theory and Moral Practice, online at http://link.springer.com/article/10.1007/s10677-015-9563-y.
- Ramsey, P. 2002. The just war: Force and political responsibility. Oxford: Rowan & Littlefield.Google Scholar
- Rid, T. 2013a. Cyber war will not take place. London: Hurst.Google Scholar
- Schlosser, E. 2013. Command and control. London: Allen Lane.Google Scholar
- Schneier, B. 2014. There’s no real difference between online espionage and online attack. The Atlantic. http://www.theatlantic.com/technology/archive/2014/03/theres-no-real-difference-between-online-espionage-and-online-attack/284233/.
- Schneier, B. 2015. Data and Goliath: The hidden battles to collect your data and control your world. New York: WW Norton & Company.Google Scholar
- Strauss, M. 2003–2004. Torture. 48 New York Law Review 201.Google Scholar
- The United Nations Office at Geneva. 2014. Report of the 2014 informal meeting of experts on Lethal Autonomous Weapons Systems (LAWS). Geneva: UN.Google Scholar
- Walzer, M. 2006. Just and unjust wars: A moral argument with historical illustrations. London: Basic Books.Google Scholar