Challenges of Civilian Distinction in Cyberwarfare

  • Neil C. Rowe
Part of the Philosophical Studies Series book series (PSSP, volume 124)


Avoiding attacks on civilian targets during cyberwarfare is more difficult than it seems. We discuss ways in which an ostensibly military cyberattack could accidentally hit a civilian target. Civilian targets are easier to attack than military targets, and an adversary may be tempted to be careless in targeting. Dual-use targets are common in cyberspace since militaries frequently exploit civilian cyber infrastructure such as networks and common software, and hitting that infrastructure necessarily hurts civilians. Civilians can be necessary intermediate objectives to get to an adversary’s military, since direct Internet connections between militaries can be easily blocked. Cyberwarfare methods are unreliable, so cyberattacks tend to use many different methods simultaneously, increasing the risk of civilian spillover. Military cyberattacks are often seen by civilian authorities, then quickly analyzed and reported to the public; this enables criminals to quickly exploit the attack methods to harm civilians. Many attacks use automatic propagation methods which have difficulty distinguishing civilians. Finally, many cyberattacks spoof civilians, encouraging counterattacks on civilians; that is close to perfidy, which is outlawed by the laws of armed conflict. We discuss several additional problems, including the public’s underestimated dependence on digital technology, their unpreparedness for cyberwarfare, and the indirect lethal effects of cyberattacks. We conclude with proposed principles for ethical conduct of cyberwarfare to minimize unnecessary harm to civilians, and suggest designating cyberspace “safe havens”, enforcing reparations, and emphasizing cyber coercion rather than cyberwarfare.


Cyberwarfare Civilians Ethics Distinction Cyberattack Networks Dual-use Reporting Propagation Perfidy Infrastructure Product tampering 



The views expressed are those of the author and do not represent the U.S. Government. This work was supported by the U.S. National Science Foundation under the Secure and Trustworthy Cyberspace program.


  1. Al-Qasem, I., S. Al-Qasem, and A. Al-Hammouri, 2013. Leveraging online social networks for a real-time malware alerting system. In: Proceedings of the 38th IEEE conference on local computer networks, Sydney, AU, October, 272–275.Google Scholar
  2. Angwin, J. 2014. Dragnet nation: A quest for privacy, security, and freedom in a world of relentless surveillance. New York: Times Books.Google Scholar
  3. Anonymous. 2012, July. The collateral damage of Internet censorship by DNS injection. ACM SIGCOMM Computer Communications Review, 42(3):22–27.Google Scholar
  4. Brenner, S., and L. Clarke. 2011. Civilians in cyberwarfare: Casualties. Accessed 1 Nov 2011.
  5. Burnham, G., R. Lafta, S. Doocy, and L. Roberts. 2006, October 11. Mortality after the 2003 invasion of Iraq: A cross-sectional cluster sample. The Lancet, 368(9545):1421–1428.Google Scholar
  6. Clarke, R., and R. Knake. 2010. Cyber war: The next threat to national security and what to do about it. New York: HarperCollins.Google Scholar
  7. Dinniss, H. 2012. Cyber warfare and the laws of war. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  8. Elisan, C. 2012. Malware, rootkits, and botnets: A beginner’s guide. New York: McGraw-Hill Osborne.Google Scholar
  9. Flemming, D., and N. Rowe. 2015. Cyber coercion: Cyber operations short of cyberwar. In: Proceedings of the 10th international conference on cyber warfare and security, Skukuza, South Africa, March.Google Scholar
  10. Geers, K., D. Kindlund, N. Moran, and Rachwald. 2013. World War C: Understanding nation-state motives behind today’s advanced cyber attacks. Accessed 7 Apr 2013.
  11. Geiss, R., and H. Lahmann. 2012, November. Cyber warfare: Applying the principle of distinction in an interconnected space. Israel Law Review 45(3):381–399.Google Scholar
  12. Gross, M. 2012. A declaration of cyber-war. Vanity Fair, April 2011. Retrieved May 12, 2012, from
  13. Hagopian, A., A. Flaxman, T. Takaro, E. Shatari, A. Sahar, J. Rajaratnam, S. Becker, A. Levin-Rector, L. Galway, H. Al-Yasseri, J. Berq, W. Weiss, C. Murray, G. Burnham, and E. Mills. 2013, October 15. Mortality in Iraq associated with the 2003–2011 war and occupation: Findings from a national cluster sample survey by the University Collaborative Iraq Mortality Study. PLoS Medicine 10(10). Accessed 9 Nov 2013.
  14. Hashim, S., A. Ramli, F. Hashim, K. Samsudin, R. Abdulla, R. Azmir, L. Barakat, A. Osamah, I. Ahmed, and M. Al_Habshi. 2013, September. Scarecrow: Scalable malware reporting, detection, and analysis. Journal of Convergence Information Technology 8(14): 9–19.Google Scholar
  15. International Committee of the Red Cross (ICRC). 2015. Treaties and customary law. Accessed 11 Jan 2015.
  16. Kaplan, D. 2011, October 18. New malware appears carrying Stuxnet code. SC Magazine. Accessed 1 Aug 2012.
  17. Kaurin, P. 2007. When less is more: expanding the combatant/noncombatant distinction. In Rethinking the just war tradition, ed. M. Brough., J. Lango and H. van der Linden, Chapter 6. New York: SUNY Press.Google Scholar
  18. Kimmel, P., and C. Stout (eds.). 2006. Collateral damage: The psychological consequences of America’s war on terrorism. Westport: Praeger.Google Scholar
  19. Kinsella, H. 2011. The image before the weapon: a critical history of the distinction between combatant and civilian. Ithaca: Cornell University Press.CrossRefGoogle Scholar
  20. Pearce, M., S. Zeadally, and R. Hunt. 2013, February. Virtualization: Issues, security threats, and solutions. ACM Computing Surveys 45(2):17.Google Scholar
  21. Raymond, D., G. Conti, T. Cross, and R. Fanelli. 2013. A control measure framework to limit collateral damage and propagation of cyber weapons. In: Proceedings of fifth international conference on cyber conflict, Tallinn, Estonia.Google Scholar
  22. Rowe, N. 2013. Cyber perfidy. In The Routledge handbook of war and ethics, ed. F. Allhoff, N. Evans and A. Henschke, Chapter 29, 394–404. New York: Routledge.Google Scholar
  23. Rowe, N. 2015. Distinctive ethical challenges of cyberweapons. In The research handbook on cyber security, ed. N. Tsagourias and R. Buchan, Chapter 14, 307–325. Cheltenham: Edward Elgar Publishing.Google Scholar
  24. Shakarian, P., J. Shakarian, and A. Ruef. 2013. Introduction to cyber-warfare: A multidisciplinary approach. Amsterdam: Syngress.Google Scholar
  25. Slay, J., and M. Miller. 2008. Lessons learned from the Maroochy water breach. In: Critical infrastructure protection, ed. E. Goetz and S. Shenoi, Chapter 6. New York: Springer.Google Scholar
  26. Smith, T. 2002. The new law of war: Legitimizing hi-tech and infrastructural violence. International Studies Quarterly 46: 355–374.CrossRefGoogle Scholar
  27. TechRepublic. 2005. Flaw finders go their own way., dated January 26, 2005. Accessed 1 Aug 2012.
  28. USCCU (United States Cyber Consequences Unit). 2009, August. Overview by the US-CCU of the cyber campaign against Georgia in August of 2008. US-CCU special report. Accessed 2 Nov 2009.
  29. von Heinegg, W. 2012. Neutrality in cyberspace. In: Proceedings of the 4th international conference on cyber conflict, Tallinn, Estonia.Google Scholar
  30. War Legacies Project. 2010. Agent orange record. Accessed 2 Mar 2015.

Copyright information

© Springer International Publishing Switzerland 2017

Authors and Affiliations

  1. 1.Computer Science DepartmentU.S. Naval Postgraduate SchoolMontereyUSA

Personalised recommendations