The Economist describes cyberspace as the ‘fifth domain of warfare, after land, sea, air and space’. But what exactly is this ubiquitous cyberspace, originally coined in 1981 as a buzzword by science fiction author William Gibson?
US Department of Defense defines cyberspace as ‘a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.’
In the words of Richard Clarke, former US cybersecurity czar,
‘Cyberspace is all of the computer networks in the world and everything they connect and control. It’s not just the Internet. Let’s be clear about the difference. The Internet is an open network of networks. From any network on the Internet, you should be able to communicate with any computer connected to any of the Internet’s networks. Cyberspace includes the Internet plus lots of other networks of computers that are not supposed to be accessible from the Internet.’
Who are the ‘players’ of this novel battlefield? As interstate relations are mainly the quintessence of international law, the actors operating in cyberspace that are of interest for the subject of this paper are basically sovereign states. As far as cyber warfare operations are concerned, they can potentially be waged in two different modes. Primarily, a sovereign state can hire a group of hackers, which would be considered as a non-state actor. State attribution for their acts will be discussed in Part II of this paper. Moreover, current trends show that in the near future, every technologically advanced state will have a ‘cyber’ division as a separate military branch.
What exactly constitutes a ‘cyber warfare operation’?
Many authors obfuscate cyber attacks with cyber terrorism, cyber espionage or even cyber crimes. This paper will not deal with terrorism, nor with ‘conventional’ cyber crimes. The latter are effectuated against individuals and property, ranging from financial crimes to paedophilia perpetrated by individuals.
Others ‘loosen’ the term so that it can fit the larger gamut of information operations, which can be perpetrated in peacetime, but neither this is the object of this paper.
How can ‘cyber warfare operations’ be defined? The first problem arises in attempting to circumscribe a functional definition given not only the absence of a consensus among international law scholars but also due to the fact that legal literature has so far used interchangeably terms as ‘cyber force’, ‘cyber attack’, ‘information warfare’.
Adkins presents ‘a new taxonomy of cyber terms’, using the following, rather Clausewitz-‘scented’ definition for cyber warfare. ‘Any act intended to compel an opponent to fulfill our national will, executed against the software controlling processes within an opponent’s system’.
Wingfield asserts that a Computer Network Attack (CNA)—also referred to as “cyber war”—is a type of Information Warfare (IW), which is itself a subset of Information Operations (IO). Others, such as Dahl, prefer to use the looser term ‘network-centric warfare’.
Shackelford declares that ‘information warfare shall refer to the employment of computers and related technology to attack computer networks linked to a nation’s civilian, military and/or government information-based resources’. His proposed definition can be rather unsatisfactory, given that he includes cyber terrorism and cyber espionage as well.
It is quite evident that the very lack of a universally agreed upon definition clearly depicts the magnitude of the problem when a legal classification is attempted.