Introduction
In today’s day and age, tensions among geopolitical regional powers are growing higher and higher. This leads to, not only arms races, but cyber arms races as well. In order to destabilize regions within opposing countries or attempts to further develop advanced forms of weaponry, you don’t need to be a cyber security expert to understand that anything with some type of connection is a viable target for these regional powers. With this in mind we can examine the risks of these forms of engagement and how it applies to humanitarian laws.
Vulnerability
A report done by HP states that cyber attacks on nation states have doubled over the last 3 years. This can be attributed to a rise in a remote workforce which means a rise in remote applications. Many companies and more importantly their employees are slow to adopt a risk aware culture which is the first step in organizational preparedness to ward off these types of threats.
In the HP report it notes that there is major evidence of nation-states “stockpiling” zero day vulnerabilities for use as leverage against organizations associated with specific countries. These zero day RCE threats’ consequences span from lost data, proxied or unsecure communications, to potential damage to corporate reputation.
AI Systems
Just like in espionage and warfare computer systems can be taken advantage of to operate in ways they were not intended to. These same tactics can be applied to AI systems. Some simple weaknesses of AI systems can be seen in a vacuum that ejects the dust it just cleaned in order to “clean more dust” or an AI in a racing game that collects more points by ignoring the main objective. While these “weaknesses” might seem simple in nature, one can imagine the types of risks imposed when applied to systems that have control over aircraft functions, healthcare and loans, or even facial recognition technology.
A recent development in this nature would have to be Israel’s AI controlled machine gun at one of their checkpoints that has the ability to fire less than lethal munitions like sponge tipped bullets and tear gas.
A Humanitarian Concern
Many cyber operations being carried out in today’s armed conflicts often deal severe damage to critical infrastructure and essential services for civilian populations. Healthcare systems, which are being increasingly digitized, are often left unprotected and are usual targets and particularly vulnerable to these types of attacks. Water, power, infrastructure, and hospitals are often left damaged by shelling and to add a major cyber incident to it could have devastating consequences on the civilians who are already struggling from the conflict.
There is also an increased risk of intentional and unintentional harm through the misuse of data dissemination, specifically through social media, in or to spread misinformation and hate speech. Recently, the company Meta, has alleged to have taken down a Russian troll farm in august and just a few days ago a Russian disinformation network targeting Europe.
Questions of Legality
Currently as it stands there is no defined area of policy as it comes to cyber warfare specifically as it is very difficult to prosecute. The main way to deal with these attacks would be to treat them as violations of international law. However the main response to international law violations is public condemnation and sanctions which can do very little in serious situations such as the conflict between Russia and Ukraine. The US also risks being labeled a hypocrite given the types of American cyber activity occurring abroad.
A panel of several law professors from Yale, Columbia, and the university of Virginia discussed the types of questions that need to be considered in regards to legal prosecution. How are the “cyberweapons” being used, what are the relevant institutions (With the US in the lead with US Cyber Command and NSA), what counts as use of force and when is an act of self defense justified.
Many of these concerns are difficult to navigate, for example, typically it is unlawful to attack civilians, however if a server is being attacked which is being used both militarily and for civilian purposes which then causes civilian damage, this is where the questions become difficult.
Conclusion
As the world becomes more technologically involved and cyberwarfare becomes more prevalent, it is important for humanity as a whole to formalize the ability to legally prosecute cyber violations in order to protect civilian populations and mitigate the risks and damage caused by these types of threats.
– Arthur Tonoyan 9/28/22
Sources
https://www.wilsoncenter.org/blog-post/cybersecurity-and-ai-three-security-concerns-watch
RIT Cyber Security Policy and Law Class Blog 