This is part two of a series, ‘Lessons from the first cyberwar.’ Read part one.
As the internet connects more people, businesses, governments and military systems, it also becomes a gateway for cyberattacks. National infrastructures, government systems and financial institutions, all linked by networks, are at risk.
The growing number of potential cyberattack vectors means that ordinary citizens can also become involved in waging cyber warfare, like Ukraine’s volunteer IT Army, or they can become targets.
The 19th-century wartime strategist Carl von Clausewitz defined war as “an act of force to compel our enemy to do our will.” This perspective also views war as a state-directed effort to achieve political objectives.
Central to Clausewitz’s theory is the “warfare trinity”: the people, the military and the government. Historically, this trinity operated in the physical realm, predominantly through physical force – a characteristic of the industrial age. Clausewitz argued that, while the nature of war remains constant, its manifestation evolves over time with advancements in technology.
In the transition to the information age, the principles of Clausewitz’s warfare trinity remain relevant but the battlefield has transformed. Cyber warfare now represents a new domain where physical force is replaced by information and digital tools. This form of warfare simultaneously impacts all aspects of the trinity – people, military and government – almost instantaneously, and often with global scope.
The rise of cyber warfare illustrates Clausewitz’s belief that, while the nature of war is immutable, the methods and arenas of warfare continue to evolve. Today, cyber warfare aims to achieve political and strategic objectives through cyberspace, extending the battleground beyond physical spaces.
Cyber warfare blurs traditional lines between combatants and non-combatants, as civilians – either willingly or unwittingly – become part of cyber conflicts. Russia also uses organized crime for cyber operations against the West.
In the past, there was a clear difference between civilians and soldiers, often marked by uniforms. Civilians were usually away from the battlefield, which had defined boundaries.
However, in modern conflicts, this distinction has faded. Today’s enemies often include nonstate actors who blend in with civilians, making it hard to tell them apart, and the concept of a specific battlefield has vanished; military actions can now happen anywhere.
Cyber norms and international agreements
As the internet interconnects more facets of our lives it opens up new arenas for nation-states waging war, making the establishment of international cyber norms and agreements more relevant.
The shift from traditional battlefields to cyber warfare necessitates a re-evaluation of how international law and wartime strategies apply to the digital domain due to the increasing involvement of civilians in cyber conflicts and the blurring of lines between combatants and noncombatants.
Initiatives such as the Tallinn Manual and the Red Cross Cyber Norms have emerged as critical efforts to adapt existing legal frameworks to the realities of cyber warfare, aiming to mitigate the impact on civilians and ensure a degree of accountability and restraint in cyberspace.
The Tallinn Agreement stems from the work done in the Tallinn Manual, an influential guide on how international law applies to cyber warfare.
The Tallinn Manual, initiated by the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Estonia, was developed by an international group of legal scholars and practitioners. It has become an influential resource for scholars and policymakers to use as a framework to deal with cyber warfare.
The Tallinn Agreement was created following Russia’s first large-scale cyberattack, against Estonia in 2007. The process began in 2009 when the NATO CCDCOE recognized the growing importance and unique challenges of cyber operations in international law and initiated a project to clarify the legal landscape.
The necessity for such a manual became clear due to the growing incidence of cyber operations that potentially crossed the line into armed conflict, or at least had significant international legal implications.
The manual addresses issues including sovereignty, state responsibility, the applicability of international humanitarian law in cyberspace and the conduct of hostilities.
The first version, known as Tallinn Manual 1.0, was published in 2013 and focused specifically on the most severe forms of cyber operations – those that would be considered equivalent to armed attacks under international law and the laws of armed conflict.
Tallinn Manual 2.0, published in 2017, expanded this scope to include a broader range of cyber operations, especially those occurring outside the context of armed conflict. This included considerations of sovereignty, state responsibility and human rights.
Red Cross Cyber Norms
The International Committee of the Red Cross (ICRC) has been advocating for the application of existing international humanitarian law to cyber warfare, especially emphasizing the need to protect civilians and civilian infrastructure.
One theme that has featured prominently in the Russo-Ukrainian war has been the rise of civilians engaging in digital warfare. Some of these civilians are minors, which may complicate the classification of them as enemy combatants in the cyber realm.
The Red Cross Cyber Norms seek to clarify how principles like distinction, proportionality and necessity apply in the digital sphere – particularly given the potential for significant civilian harm due to cyber operations targeting critical infrastructure such as hospitals, power grids and water systems.
Like the Tallinn Manual, the ICRC’s positions on cyber operations are interpretative. They are advisory and non-binding. They don’t create new legal obligations but aim to influence states and other actors to consider humanitarian principles when engaging in cyber warfare.
As countries such as Russia expanded their efforts to conduct cyber warfare against other countries, the need to create international norms and frameworks began to take shape.
However, even as these agreements and frameworks were being created, Russian attacks against the West and Ukraine became more brazen and destructive, with many of Russia’s attacks in recent years targeting critical infrastructure.
David Kirichenko is a Ukrainian-American security engineer and freelance journalist. Since Russia’s full-scale invasion of Ukraine in 2022 he has taken a civilian activist role.
These articles are excerpted, with kind permission, from a report he presented at the UK Parliament on February 20 on behalf of the Henry Jackson Society.