27 January 2025, NIICE Commentary 9912
Abhinav Dhakal & Mira Rai
Cyber warfare involves digital attacks by nation-states or organizations aimed at disrupting, damaging, or compromising the computers, networks, or critical infrastructure of another nation. The rise of the internet has changed how we live, work, and communicate, but it has also created new vulnerabilities. Critical infrastructure such as power grids, financial systems, healthcare networks, and transportation systems now rely on interconnected digital networks. This dependence makes the system prime targets for cyber adversaries. A successful cyber attack on any of these systems can lead to widespread disruption, financial losses, theft of sensitive data, physical damage to infrastructure, reputational harm, military vulnerabilities, long-term national security risks, and a loss of privacy. Increasing interconnectedness also increases the threat of cyber attacks grows, affecting not just individual organizations but entire sectors of society. There are several forms of cyber attacks including; Denial of Service (DoS) and Distributed Denial of Service (DDoS) , Malware and Ransomware, Advanced Persistent Threats (APTs) and Data Breaches and Espionage.
History of Cyber Attack
The 2007 cyber attacks on Estonia marked a pivotal moment in cyber warfare history, where DDoS attacks after political dispute with Russia targeted government institutions, banks, and businesses. In similar fashion in 2008, during the Russia-Georgia conflict, cyber operations were integrated with military actions, with networks. The 2010 Stuxnet worm which was allegedly developed by the USA and Israeli intelligence targeted Iran’s nuclear program which was the first known instance of cyber warfare causing physical damage. Since 2010, the ongoing Israel-Iran cyber conflict has seen both , highlighting the growing significance of cyber warfare in modern geopolitical struggles.
Anticipated Future of Warfare
In the future, cyber attacks and misinformation campaigns will become central to warfare, shifting the battlefield from traditional physical confrontations to the digital realm. Cyber warfare will increasingly target critical infrastructures with the potential to disrupt entire nations without a single shot being fired. These attacks can cause widespread economic damage, destabilize governments, and compromise national security, making them powerful tools of modern conflict. At the same time, misinformation will play a crucial role in manipulating public opinion and creating chaos within societies. Disinformation campaigns, spread through social media and digital platforms, will be used to influence elections, incite social division, and destabilize political systems. The blending of cyber attacks with misinformation will make it harder to distinguish between truth and deception, intensifying the impact of digital warfare. However the future landscape, the ability to control information and defend against cyber threats will be as critical as military strength, fundamentally reshaping how wars are fought and how nations prepare for conflict.
An example of misinformation and disinformation in the form of a cyber attack occurred during the 2016 U.S. presidential election, when to spread false stories and divisive content. Misinformation included false claims about voting procedures to confuse or discourage voters, while disinformation involved the deliberate spread of fabricated stories to discredit candidates. This was supported by cyber attacks such as the hacking of the Democratic National Committee (DNC), where selectively leaked emails were used to damage the reputation of the Democratic candidate. This combination of cyber tactics and false narratives were designed to disrupt the election and undermine public trust.
International laws regarding Cyber Warfare.
With the increasing occurrences of cyber attacks, the international community is yet to adopt a framework to govern the rules that a state has to follow in this new arena of warfare. In terms of determining legality of cyber warfare, international law issues particularly with the jus ad bellum and the jus in bello norms. The jus ad bellum from the UN charter is that body of law which governs the resort by states to force in their international relations. Cyber operations qualifying as a “use of force” fall under the general prohibition of Article 2(4) of the UN Charter and may trigger an international armed conflict. Operations below this threshold, while potentially violating the principle of non-intervention could serve as lawful counter measures against lesser wrongful acts. Also, Cyber operations deemed an “armed attack” justify the victim state exercising its inherent right to self-defense, including the use of force otherwise prohibited by the Charter. Lastly, If cyber operations are classified as a “threat to the peace,” “breach of the peace,” or “act of aggression,” the UN Security Council can intervene with measures, including military force, to restore international peace, regardless of how the operations are categorized under Articles 2(4) and 51 of the Charter.
With regard to jus in bello, cyber warfare raises interesting challenges concerning the application of existing international humanitarian law (IHL) norms. The International Committee of the Red Cross (ICRC) has expressed concern about cyber warfare due to the vulnerability of cyber networks and the potential humanitarian costs of cyber attacks. One of the ICRC’s key roles is to remind all parties to a conflict that they must take constant care to spare civilians. Wars have rules and limits that apply just as much to cyber warfare as they do to rifles, artillery, and missiles. Assessing the legality of new weapons is in the interest of all States, as it helps ensure that their armed forces act in accordance with international obligations. Article 36 of the 1977 Protocol I, additional to the Geneva Conventions, requires each State party to ensure that any new weapons it deploys or considers deploying complies with IHL. This principle is also emphasized in the Tallinn Manual. Furthermore, at the 28th International Conference of the Red Cross and Red Crescent in 2003, States party to the Geneva Conventions called for a “rigorous and multidisciplinary review” of new weapons, means, and methods of warfare to ensure that the law’s protective framework keeps pace with technological developments. The use of cyber operations in armed conflict is a prime example of such rapid technological advancements, underscoring the need for continuous legal and ethical scrutiny.
The law of neutrality cyberwarfare activities,shows how computer networks, particularly the Internet, may be routed through many territories, hence complex problems regarding law of neutrality arise. The questions arise as to whether belligerents can lawfully use the telecommunications infrastructure of neutral states for the purpose of cyberattacks, and what the responsibilities of “neutral” states are with regard to non-state belligerents conducting attacks from within or through its territory or infrastructure.
In addition, from a regional level like NATO as well article 5 of the NATO treaty is to be applied to cyberwarfare activities regarding International law where the NATO Cooperative Cyber Defense Centre of Excellence (NATO CCD COE) invited a group of experts in order to create a manual governing cyberwarfare. Even if the manual (so called “ Tallinn Manual on the International Law Applicable to Cyber Warfare, 2013”) which though is not an official NATO document and expresses the view of the experts and not the views of NATO CCD COE, its sponsoring nations, or NATO, it is a very important attempt to study cyberwarfare based on customary and conventional international law and to propose some clear rules of conduct which is likely to significant contribute to international law regarding cyberwarfare.
Resolutions
Cyber warfare has transformed contemporary conflicts and significantly impacted national security and essential infrastructure. Nation-states and international organizations increasingly use computer systems, networks, and technology to attack and disrupt other nations’ critical functions, often targeting government systems, financial networks, and civilian infrastructure. Cyberwarfare can cripple critical infrastructure, spread disinformation, and damage economies on a scale comparable to physical attacks.
While Cyber warfare presents considerable challenges for governments, businesses, and individuals by employing tactics such as phishing, ransomware, and malware. Consequently, governments must prioritize cybersecurity by enacting and enhancing international laws to create an efficient legal framework. While some issues can be addressed through interpretations of existing norms, others remain unresolved due to the complexity of cyber operations, difficulties in target classification, and their structural differences from kinetic warfare. The international community must adopt a unified approach to cyber warfare to uphold fundamental principles like the use of force, self-defense, and the UN’s conflict-resolution role. As cyberwarfare evolves, updates to international law may become necessary to maintain peace and minimize collateral damage. In the absence of new norms, adherence to International Humanitarian Law principles is essential to mitigate the risks and consequences of cyberattacks.
Meanwhile, Organizations and corporations focus on training employees, adopting robust security measures, and safeguarding essential systems. Individual users play a crucial role by practising safe online behaviours, using updated antivirus software, and remaining vigilant against potential cyberattacks. Addressing these evolving threats requires global cooperation, education, and proactive strategies to ensure national and international security.
Abhinav Dhakal is a Research Intern at NIICE and is currently pursuing his Bachelor’s degree in Development Studies from Kathmandu University, Nepal. Mira Rai is a Research Associate at NIICE and is currently pursuing her PhD in Political Science and International Relations from Ewha Woman’s University, Seoul, South Korea.
