Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Exploitation, international law, Law, warfare

Cyber War and the Expanding Definition of War: Forbes

On October 26th, 2011, Sean Lawson wrote for Forbes on the debate as to whether cyberattacks constitute "stand-alone" acts of war.  Lawson first mentioned an article written by Dr. Thomas Rid (of the War Studies department of King's College in London) and titled "Cyber War Will Not Take Place."  The Rid article, which was published in the Journal of Strategic Studies, argued that we have yet to see any cyberattacks that would constitute "stand-alone" acts of war under Clausewitz's definition of war.  Further, Dr. Rid argued that we are unlikely to see stand-alone acts of cyber war, but rather, a continued proliferation of cyberattacks as tools used for sabotage, espionage, and subversion.  In response, cyber war expert Jeffery Carr wrote an article where he argues that cyber attacks can meet the Clausewitzian definition of war because cyberattacks have “lethal, instrumental, and political” dimensions.  

Lawson took Dr. Rid's side and argued that even if cyberattacks have lethal, instrumental, and political dimensions, none of these acts represent war in the conventional sense of the term.  Rather, capabilities of cyberattack (i.e. hacking a personal computer to enable an assassination, conducting espionage, and damaging computer systems) fall under the greater umbrella of traditional acts of war.  In this sense, espionage and subterfuge will continue to occur with or without the aid of cyberattacks; cyberattacks provide nation-states with a new tool to achieve a traditional end, but this does not necessarily make the use of those tools a new act of war.

Lawson goes on to note that the debate between Rid and Carr highlights the emerging debate about the definition of war in general and how cyberwar fits in.  This debate is drawn between the "expansionists" and "traditionalists".  The expansionists believe that current Clausewitzian definitions of war are inadequate and should be expanded to include a wide range of acts that traditionally would not be considered war (like cyberattacks). The traditionalists believe that existing definitions of war are more than adequate because the practice of war might change, but  its fundamental nature does not.  This debate is relevant in how we respond to increasing instances of cyberattacks.  Do we treat cyberattacks as something that traditional LOAC principles can handle, just a new approach to an old problem?  Or do we expand the concept of war, and treat cyberattacks, and the prospect of a cyberwar, as something completely new?

The source article can be found here.

Leave a Reply