What Ethics Has To Do With the Regulation of Cyberwarfare

Cyberattacks on networks, infrastructure and databases have become part of the digital everyday life. Yet international law and the theory of just war are little help in assessing cyberattacks, while sets of rules for cyberwarfare quickly reach their limits.

Dr. Mariarosaria Taddeo believes that even the NATO Tallinn Manual, which spells out the applicability of international law in cyberspace, does not provide adequate answers to the challenges of cyberwarfare. Without considering intangible databases and networks, it fails to offer a sufficient basis for the evalution of cyberattack. International law is therefore not keeping up with the information revolution, Taddeo points out.

The definition put forth by the National Research Council in the U.S. goes a step further than the Tallinn Manual. It states that a cyberattack is still an attack even if its only casualties are databases and computer systems, without causing any physical damage. However, any such definition lowers the threshold for the state of self-defense, and is not without risks. But even in self-defense, a state must first weigh up the consequences of a war, Taddeo explains, since a war can only be legitimate if its overall consequences are positive. Yet uncertainty in cyberspace makes it almost impossible to carry out this analysis.

Who bears the moral responsibility for malicious software? Can viruses or computer systems be the object of ethical assessment? Should we grant intangible systems a stronger legal status, and defend them where necessary? Military ethics as they currently stand cannot give clear answers to these questions. Taddeo argues that just war theory and international law have been overtaken by the information revolution. She therefore calls for new theoretical foundations in ethics and security policy that do justice to the phenomenon of cyberwarfare.