CHACR COMMENTARY // OCTOBER 2024
BY: Andrew Simms, Editor,
CHACR in conversation with the IT Army of Ukraine
IS THERE A NEED TO DEBUG CYBER WARFARE’S CODE OF CONDUCT?
ALL is – categorically –‘not’ fair in love and cyber warfare, insists the International Committee of the Red Cross.
Responding to the proliferation in ‘virtual’ battles being fought as part of the Russia-Ukraine war, the Geneva-based humanitarian champion last year restated the legal obligations that apply to those engaging in armed conflicts “through digital means”.
For a British Army on a mission to accelerate modernisation, the reminder of the rules of engagement – which highlighted the legitimacy of military computerised capabilities as targets – aptly underlined (as flagged in the latest edition of The British Army Review) that the Service’s battlefield toolbox must include the means to defend its cyber systems and attack those of its enemies.
However, civilians, rather than those in uniform, were the primary audience for the International Committee of the Red Cross’ proclamation.
On publishing its list of eight rules, the organisation – a threetime Nobel Prize laureate – cited concerns about the phenomenon of ‘hacktivists’ joining patriotic cyber-gangs on the grounds that they cause harm to civilian populations, either through direct targeting or incidental damage; and that they risk exposing themselves, and people close to them, to military operations.
Among the groups blurring the boundaries between civilians and combatants is the IT Army of Ukraine – a voluntary unit borne from a call-to-arms from Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, for hackers to take aim at Russian cyberspace.
“FOR A BRITISH ARMY ON A MISSION TO ACCELERATE MODERNISATION, THE REMINDER OF THE RULES OF ENGAGEMENT APTLY UNDERLINED THAT THE SERVICE’S BATTLEFIELD TOOLBOX MUST INCLUDE THE MEANS TO DEFEND ITS CYBER SYSTEMS AND ATTACK THOSE OF ITS ENEMIES”
Comprising tens of thousands of anonymous, geographically dispersed cyber operators, the IT Army has inflicted “hundreds of millions, if not billions, of dollars” worth of losses on the Russian economy.
In conversation with the Centre for Historical Analysis and Conflict Research, an official spokesperson for the group described the Red Cross’ guidelines for cyber warfare as “commendable” but countered that they “gloss over the gritty realities of warfare”.
The words that follow are those of our source, who is a member of the IT Army’s executive team, which consists of fewer than 100 individuals.
“These rules are an extension of the traditional principles of warfare, aiming to mitigate its impact on civilian populations.
The central tenet is that combat should be conducted in a way that shields civilians from any adverse effects. This includes prohibitions against targeting infrastructure serving dual civilian-military functions and stringent protections for healthcare and humanitarian missions, allowing attacks mainly on military installations, airfields and factories in hostile territories.
“An invading force often exploits a country’s civilian infrastructure, raising complex ethical dilemmas. The intertwining of military objectives and civilian infrastructure presents a challenge, making it clear that the segregation of warfare from civilian life is an impractical ideal.
“Cyber warfare mirrors these challenges, adding a layer to the conventional warfare conundrum. To effectively counter an adversary, it’s necessary to disrupt their military operations across all possible fronts, from internet connectivity to logistical support. This strategy extends beyond mere battlefield tactics, encompassing the disruption of the enemy’s production and supply capabilities, where impacting the enemy’s logistical support can be as pivotal as direct military strikes.
“The economic sanctions imposed by various democratic nations against Russia following its invasion of Ukraine exemplify this approach. These sanctions, targeting diverse sectors, are designed to cripple the economy’s ability to fund warfare. This approach raises an ethical question: if reducing a civilian population’s standard of living to hinder a country’s war efforts is acceptable, why are similar measures in the form of cyberattacks deemed unethical? The distinction between disrupting a bank’s operations through
“IF REDUCING A CIVILIAN POPULATION’S STANDARD OF LIVING TO HINDER A COUNTRY’S WAR EFFORTS IS ACCEPTABLE, WHY ARE SIMILAR MEASURES IN THE FORM OF CYBERATTACKS DEEMED UNETHICAL? THE DISTINCTION BETWEEN DISRUPTING A BANK’S OPERATIONS THROUGH CYBER MEANS AND SEVERING ITS INTERNATIONAL FINANCIAL TIES REMAINS A POINT OF DEBATE.”
cyber means and severing its international financial ties remains a point of debate.
“It is crucial to recognise that debilitating an adversary’s economy is not just an effective strategy but perhaps the only viable way to end conflicts with aggressive, irrational states. Therefore, such tactics should
“A further imbalance inherent in the current framework is its unilateral application. History seldom recounts wars where both parties equally respected international conventions. This imbalance potentially advantages the aggressor, especially in conflicts where the strong prey on the weak, potentially rendering these disparities disastrous.
“The current system of condemning and sanctioning violators is not always effective, comprehensive or sufficient to counterbalance these imbalances. A shift from a punitive model towards one that compensates those who adhere to the rules could be more effective. In the context of war, adherence to rules is not just a moral choice but an existential one. To encourage broader compliance, a paradigm shift focusing on incentivising adherence could yield more positive outcomes.
“In conclusion, while rules of engagement are indispensable, they must be grounded in the practical realities of modern warfare. In the IT Army of