Lawyers and technical experts agree that the potential of computer network attacks is considerable, raising questions about the application of international humanitarian law and even the definition of "armed conflict" itself.
There is no specific mention of cyber warfare or computer network attacks in the Geneva Conventions or their Additional Protocols. But the principles and rules in these treaties governing the means and methods of warfare are not restricted to situations that existed at the time of their adoption. IHL clearly anticipated advances in weapons' technology and the development of new means and methods of waging war.
There can be no doubt, therefore, that international humanitarian law covers cyber warfare. In particular IW's potential to threaten and harm civilians and their means of survival during armed conflict brings it directly into the realm of IHL.
The idea of cyber warfare or computer network attack in armed conflict is very new. So much so that the discussion about its potential impact is often speculative. Cyber warfare has been defined as any hostile measures against an enemy designed "to discover, alter, destroy, disrupt or transfer data stored in a computer, manipulated by a computer or transmitted through a computer." Examples of hostile use include computer attacks on air traffic control systems, on oil pipeline flow systems and nuclear plants.
Under IHL such attacks must not be indiscriminate. They must distinguish between military targets and civilians and be proportionate and justified by military gain. In this respect, cyber warfare techniques are little different from other means of warfare.
The fact that a computer network attack during an armed conflict is not kinetic, physical or violent in itself, does not put it beyond the remit of IHL. As with other means and methods of warfare, computer network attacks against combatants and military objectives are legal as long as they are consistent with humanitarian law. However, computer network attacks open up new questions since they can be used, for example, against the enemy's production, distribution and banking systems, making the impact more difficult to judge.
The IHL principle that civilians should be protected and their livelihoods and the environment in which they live should not be targeted, provides basic guidance when faced with these new methods of warfare.
Cyber warfare adds a new level of complexity to armed conflict that may pose novel questions for IHL. As a result IHL's relevance needs to be reaffirmed as the principal body of law that can regulate such warfare. The norms in international humanitarian law covering such issues as the use of indiscriminate weapons, distinction between military targets and civilians, proportionality and perfidy, can and must be applied also to cyber warfare.