Cyber attacks on civilians are becoming increasingly common in our ultra-connected world. Simultaneously, society is faced with the looming threat of cyber-based incidents infringing on physical infrastructure, causing even more tangible damage. As a result, these types of attacks are being weaponized by nations, and their increasing gravity continues to blur the lines between war, peacetime and diplomacy.
A coordinated attack known as “Stuxnet” is perhaps one of the most notable examples of this phenomenon. As part of a joint project between Israel and the United States, multiple iterations of the virus sought to disrupt the nuclear armament process of Iran. The program is famously estimated to have set back the Iranian nuclear program by two years after damaging equipment without detection and frustrating engineers. The idea behind this was to provide the allies with options to avoid full-on warfare, had a nuclear deal with Iran fallen through.
Alternatively, rogue hackers can now more easily attack traditional strategic targets, such as infrastructure, simply through internet connectivity. The town of Rye, New York, recently learned that no matter how far removed it may be from conflict of any form, it, too, can become a remote target. Over the course of several months in 2013, a group of hackers with ties to the Iranian government achieved unauthorized access to a computer in the basement of Rye City Hall. The computer controlled a local dam, which was disconnected from the larger system at the time for maintenance. Because the dam itself was technically offline at the time of the hacking, the attack was inconsequential in terms of physical damage, but represented an unprecedented cyber threat to U.S. physical infrastructure.
In light of these burgeoning threats, Microsoft President and General Counsel Brad Smith introduced a new vision to a group of tech leaders last year, with the ambition to resist the disastrous effects of the full-fledged cyber war of the future. Dubbed the ‘Digital Geneva Convention’ by a Microsoft policy paper, the move is a push from tech leaders to establish the limits of cyber warfare. Now a group of major technology companies, including Microsoft, Facebook, HP and Cisco, have all pledged not to aid governments in cyber attacks that implicate civilians and/or businesses, either intentionally or as collateral damage.
Specifically, the companies have outlined explicit steps to be taken by governments. Nation-states are not to target critical infrastructure, such as hospitals or power grids, that would cause disproportionate damage to the civilian population despite military advances made. This concept of proportional response is widely accepted as a principle of existing international law. Additional examples of limitations endorsed by these companies include refraining from hacking private data of journalists or civilians involved in electoral processes, as well as refraining from proliferation of cyber weapons developed by a nation.
Despite the growing consensus on the necessity of establishing conventions on cyber warfare, some of the largest tech companies in the world have not yet joined this initiative, including Apple, Amazon, and Google. It appears that incremental progress in underway, however, and momentum is certainly on the side of the Digital Geneva Convention.
Why cyberattacks could be war crimes – World Economic Forum
Stuxnet’s Secret Twin – Foreign Policy
Cyber War Comes to the Suburbs – The New Yorker
Tech groups push ‘Geneva Convention’ to help foil cyber attacks – Financial Times
Israel and the Doctrine of Proportionality – Council on Foreign Relations
Tech Firms Sign ‘Digital Geneva Accord’ Not to Aid Governments in Cyberwar – The New York Times