Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?

The Internet Patrol - Patrolling the Internet for You

You can share this, including by text message!

  • Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?


Most people are familiar, at least in name, if not content, with the Hague and Geneva conventions, even if only from hearing the terms on Hogan’s Heros. Along with outlining how enemy prisoners can and can’t be treated, they are intended, in part, to help protect civilians during times of war, by outlining rules of war – rules for the etiquette of war, if you will – despite that seeming a blatant oxymoron. Some of these rules rise to the level of law, and violations of these laws are considered “war crimes”, and the leaders of countries who don’t follow the rules can be tried in an International War Crimes Tribunal. The big question right now is whether cyberwar, and related cybercrimes, fall under the governance of these rules, and whether they should.

And we’re not just talking about hacking into government computers by the governmental agents of hostile governments. As NPR’s Tom Gjelten explains, “The emergence of electronic and cyberwar-fighting capabilities is the most important military development in decades…”

With the security of nations ever-increasingly dependent on computers, and computer-controlled technology, this discussion and any ensuing clarifications and (dare we hope) agreements can’t come too soon. Even right now, ambiguity borne of the relationship of current mores, rules, and laws coming up against the differences and nuances of “cyberwar” provides a frightening glimpse into the potential.

For example, under traditional rules of war, if a country suffers an armed attack from another country, the attacked country has the right to declare war against their attacker. But what if that “armed attack” is against the country’s computer network? What if the “arms” are themselves computers, attacking the target country’s computers?

Then too, the purpose of and motive behind the attack are factors to be considered before one can say whether the attack can be viewed as an act of war, or can be retaliated with an act of war. Is the purpose of the cyberattack to spy on a computer network, or to take the network down? Both are arguably wrong, arguably bad. But one is “espionage as usual”, the other a more traditional “attack”.

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?

Earlier this week it was revealed that Ronald Noble, the Secretary General of Interpol, had his identity stolen and duplicated on Facebook. The perpetrators were using the forged Facebook accounts in an effort to use social engineering to glean information.

“One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red,” explained Noble, who called cyber crime “the most dangerous criminal threat we will ever face.”

But how to distinguish between petty cyber crime, espionage, and war acts?

Says Harvard Professor Jack Goldsmith, “If nations don’t know what the rules are, all sorts of accidental problems might arise. One nation might do something that another nation takes to be an act of war, even when the first nation did not intend it to be an act of war.”

Then there is that whole issue of minimizing civilian casualties.

For the most part, cyberattackers not only don’t care whether they also take down civilian computer systems, but even if they did care, for the most part whether a system is in part or in whole “civilian” is almost unknowable.

Just because an initial cybertarget hangs off a .gov (goverment) or .mil (military) or even .edu (educational institution) domain doesn’t mean that it doesn’t have civilian components.

And what about people connected to a government system from their personal computers? Does a hostile country have to ensure that they only attack the banking system during non-business hours so as to not damage customers’ computers? For that matter, is a national banking system considered civilian or govermental? Where do you draw the distinction?

Goldsmith explains that “Computers don’t always have signs over them that say, ‘I’m a military target’ .. ‘I’m a civilian target,” adding that “Also, the two things are intermixed. Ninety to ninety-five percent of U.S. military and intelligence communications travel over private networks.”


For now, the boundary lines are unclear, and there are no easy answers. Unfortunately the lines are unlikely to become clear until they’ve been crossed, again and again.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?

Get notified of new Internet Patrol articles!

You can share this, including by text message!

  • Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?

One thought on “Should Cyberwar Have to Follow the Geneva Convention and the Rules of Engagement?

  1. Heard an interview on NPR yesterday pointing out that the real issue is how different countries define “cyberwar”… countries like Russia and China deem information that is negative about their regimes as cyberwar. Real problem in getting consensus on how to control “cyberwar”.

Leave a Reply

Your email address will not be published. Required fields are marked *