Home
Current Issue
Developments
Archive
Table of Contents
Surveys
Book Reviews
Discussion Forum
Information
Reading Room
Links of Interest
Search
Join our email list
Translate this page
  

Information Warfare as International Coercion: Elements of a Legal Framework

Previous PageTable of ContentsNext Page

1. Introduction

Alvin and Heidi Toffler's The Third Wave proclaimed in 1991 the dawn of the Information Age. They depicted the history of the world in three waves - the agricultural wave, the industrial wave, and the information wave.1 A decade later, the Information Age has fundamentally transformed the way in which the world operates. Global proliferation in computer interconnectivity, most notably the profound growth in use of the Internet, has revolutionized the way governments, societies and much of the world communicates and conducts business.2

At the same time, the technology-intensive Information Age brings with it opportunities for `cyber-crime', `cyber-war' or, as more aptly put, the prosecution of `Information Warfare'. Western societies have spent years building information infrastructures that are interoperable, easy to access and easy to use. Attributes such as openness and ease of connectivity that promote telecommunications efficiency and expedite customer service also now render a society's information infrastructure vulnerable to attacks from other computerized systems.3 The implications of these developments are clear. Particularly regarding how governments conduct wars and use military force, the Information Age promises profound changes in the future. The manners and means in which states interact internationally are dramatically changing.4 Given such realities, international legal rules also must be dramatically adapted if new cyberspace technologies are to be regulated, or even managed, in their increasingly pervasive transnational applications.

This study examines known techniques of Information Warfare (IW) and the international legal implications generated by their use. For purposes of definition, our study considers IW to be a subset of Information Operations that is `conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries'.5 The realistic potential of instigating IW underscores the changed nature of the globalized world environment, as well as the technological revolution in how transnational conflict might be conducted in the twenty-first century. Coincidentally, both these developments highlight the need to develop or amend the rules and criteria on which factual assertions are based for a state to employ force against another state. The transnational nature of IW suggests that, while international legal norms found in contemporary UN Charter law are helpful, they may not be sufficient for reaching acceptable solutions.6

The rise of IW technologies in post-Cold War conflicts7 provokes questions about the legal definitions of `armed attack' and `self-defence' as articulated in the UN Charter, the norms for contemporary state behaviour, and the factual basis involved in IW activities. Claims that a government has surreptitiously penetrated another country's information infrastructure and caused great physical harm raise complex factual issues not previously present when states confronted and openly attacked each another with armies, planes, ships, tanks and conventional weapons. It may be difficult to attribute an IW attack to any particular foreign state, or to characterize that government's motive or intent. An IW attack might be initiated by a foreign private entity or person without state sponsorship. Or a foreign state could hire mercenary-like individuals to carry out an IW attack without attribution to state sponsorship. A cyber-attacker may not be physically near the locations where the attack is launched or where its effects impact. The means of a cyberspace attack may not be readily detectable. A virus sent to a computer via an e-mail attachment will not be readily apparent, as missiles are when they are launched. Under all these circumstances, what lawful action may a state take to respond? The recent availability of IW requires reconsideration of the fact-finding processes and criteria used by governments to make assessments concerning if or when force may be used transnationally through their computer systems.

This article examines how IW is regarded within the context of contemporary international legal rules. It assesses the vulnerabilities of state information infrastructures to these cyberspace technologies, including threats to their national security,8 and the reality of their international applications. International legal rules regulating the use of force are then analyzed as they apply to the use of IW techniques. This analysis also seeks to determine whether and when cyber-based IW activities might qualify as permissible uses of force. Finally, suggestions are made for criteria that contribute to clarifying the legal nature of IW and to designing a more appropriate regulatory framework. At bottom this study evaluates which legal rules applicable to IW might be used by governments to conduct their foreign policies in compliance with international law and which applications of cyberspace activities present serious legal challenges to maintaining order in contemporary relations among states.

1 See Alvin and Heidi Toffler, The Third Wave (1991). See also Alvin and Heidi Toffler, War and Anti-War: Survival at the Dawn of the 21st Century (1993) (the emerging knowledge-based society will use knowledge-based systems to conduct warfare).

2 Stocks are purchased on-line. Applications for employment are made on-line. Work is done on-line. University degrees are earned on-line. Airplane tickets are bought on-line. Communications with friends occur on-line. People even register to vote on-line. The benefits of the computer-based Internet system are enormous. Vast amounts of information are literally at the fingertips, facilitating research on virtually every topic imaginable. Financial and other business transactions can be executed almost instantaneously. Electronic mail, Internet websites and computer bulletin boards allow instantaneous communications quickly and easily with virtually an unlimited number of persons or groups.

3 A General Accounting Office report stated that the Defense Department was subjected to 250,000 information warfare attacks in 1995. See US General Accounting Office, `Information Security: Computer Attacks at Department of Defense Pose Increasing Risks', Report No. GAO/T-AIMD-96-92 (1996) (visited 18 July 2001), gpo.gov/sudocs/aces/aces160.shtml. The Pentagon asserts that there were only 500 incidents this year. See Maier, `Is US Ready for Cyberwarfare?', Insight on the News, 5 April 1999, at 18. Today, financial institutions can be defrauded on-line. Trade secrets can be stolen on-line. Extortion and blackmail can be committed on-line. People can be impersonated on-line. Commerce can be disrupted on-line. Persons can be stalked on-line. Even a war can be started on-line. See Cilluffo et al., `Cybercrime ... Cyberterrorism ... Cyberwarfare, Averting an Electronic Waterloo' (Center for Strategic and International Studies Task Force Report, 1998).

4 See Alvin and Heidi Toffler, War and Anti-War (1993) 2. See Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Senate Commission on Government Affairs, 104th Cong. (1996) 150, at 155 (testimony of Jamie S. Gorelick, Deputy Attorney-General, describing how technology generally, and information networks specifically, play critical roles in the functioning and development of these important areas).

5 Traditional means of conducting IW include psychological operations, electronic warfare, military deception, physical destruction and information attack. For example, in using IW a government could manipulate the enemy's reasoning (i.e. psychological operations), deny accurate information to the enemy (i.e. electronic warfare), mislead the enemy about its own capabilities and intentions (i.e. military deception), use conventional bombs or electromagnetic pulse weapons targeting information systems of the enemy (i.e. physical destruction) and corrupt information without visibly changing the physical entity within which it resides (i.e. information attacks). The US Air Force defines information warfare as `any action to deny, exploit, corrupt, or destroy the enemy's information and its functions; protecting ourselves against those actions; and exploiting our own military information functions'. Department of the Air Force, `Cornerstones of Information Warfare' (visited 18 July 2001), www.af.mil/lib/corner.html. See also Chairman of the Joint Chiefs of Staff, Joint Publication 1-02, Dictionary of Military and Associated Terms (1998) 422, available at www.dtic.mil/doctrine/jel/new_pubs/jp1_02.pdf; Office of the Chief of Naval Operations, Department of the Navy, OPNAVINST 3430.26, at 1 (18 January 1995) (`Information warfare is the action taken in support of national security strategy to seize and maintain a decisive advantage by attacking an adversary's information infrastructure through exploitation, denial, and influence, while protecting friendly information systems'); Dorothy E. Denning, Information Warfare and Security (1999) 23 (`Information warfare consists of offensive and defensive operations against information resources of a "win-lose" nature'). For some general discussions on Information Warfare, see Alrich, `The International Legal Implications of Information Warfare' (US Air Force Institute for National Security Studies Occasional Paper 9, April 1996) 3-5; Martin C. Libicki, What Is Information Warfare? (Center for Advanced Command Concepts and Technology, Institute for National Strategic Studies, National Defense University, August 1995) (identifying seven forms of Information Warfare); Stein, `Information Warfare', Airpower Journal (Spring 1995) 31-39; Colonel Richard Szafranski, USAF, `Theory of Information Warfare: Preparing for 2020', Airpower Journal (Spring 1995) 56-65; Winn Schwartau, Information Warfare: Chaos on the Electronic Highway (1994) (defining IW into three categories according to the nature of the defence); and Arquilla and Ronfeldt, `Cyberwar is Coming!', 12 Comp. Strategy (April-June 1993) 141 (introduces the concept of `cyber-war' for the purpose of examining knowledge-based conflict at the military level). See also Haeni, `An Introduction to Information Warfare' (visited 19 July 2001), www.tangle.seas.gwu.edu/reto/infowar/info-war.html.

6 These Charter-based rules were designed for a world where military conflict mainly involved large-scale armed attacks by one state against the territory of another, such as those in the First World War, the Second World War and on smaller scales throughout the Cold War. During those conflicts, governments could count an enemy's planes, tanks and ships. From these assessments, a government could decide how to organize its defence based upon its calculations of the enemy's offensive threat capabilities. The use of cyber-space technologies makes the determination of an enemy's assets more difficult and thus complicates arrangements for setting up adequate defensive strategies. See generally Vizard, `War.Com: A Hacker Attack Against NATO Uncovers a Secret War in Cyberspace', Popular Science, 1 July 1999, at 80. It is difficult to manage risks in conflict or to know what assets must be spent on defence, especially when who, where or what IW weapons an enemy possesses remain unknown factors. See also Rattray, `The Emerging Global Information Infrastructure and National Security', Fletcher Forum on World Affairs (Summer-Fall 1997) 81, at 93-95 (describing the need for multilateral efforts to control information warfare and positing several different international mechanisms); see also Anthony Lake, 6 Nightmares (2000) 57 (citing Deputy Secretary of Defense John Hamre's statements on the difficulties of dealing with the lack of borders in cyberspace).

7 See Allard, `The Future of Command and Control: Towards a Paradigm of Information Warfare', in L. Benjamin Ederington and Michael J. Mazarr (eds), Turning Point: The Gulf War and US Military Strategy (1994) 161, at 166; Department of Defense, `Conduct of the Persian Gulf Conflict: Final Report to Congress' (1992); Swalm, `Joint STARS in Desert Storm', in Alan D. Campen (ed.), The First Information War (1992) 167.

8 For a more extensive discussion of the threats to the national security from abroad see James Adams, The Next World War (1998); and Lake, supra note 6.

Previous PageTable of ContentsNext Page


Top of Page

© 1990-2004 European Journal of International Law
All comments and suggestions should be sent to webmaster
This site is part of the Academy of European Law online, a joint partnership of the Jean Monnet Center at NYU School of Law and the Academy of European Law at the European University Institute.
This file was last modified: Monday, February 11, 2002 02:19PM