Abstract
The increasing reliance on digital technology has transformed the nature of modern conflict, with cyber-attacks becoming a significant threat to civilian infrastructure. The vulnerability of critical infrastructure to cyber threats poses significant challenges to national security, economic stability, and human life. This research paper explores the challenges and opportunities in protecting civilian infrastructure from cyber threats in the age of cyber conflict.
The paper examines the current level of cyber security measures in place to safeguard civilian infrastructure, including the use of firewalls, intrusion detection systems, and encryption. It also focuses on the effectiveness of incident response strategies and the importance of international cooperation and information sharing in responding to cyber-attacks.
The paper asserts that a comprehensive approach to safeguard civilian infrastructure from cyber threats requires a combination of technological, policy, and human factors. The paper emphasizes the importance of cyber security awareness and training programs, physical security measures, and a national cyber security strategy.
The paper concludes by highlighting the challenges posed by cyber conflicts, various case studies, the measures that can be taken to avoid challenges, the urgent need for governments, industry leaders, and civil society to work together to develop and implement effective strategies for protecting civilian infrastructure.
Keywords: cyber conflict, civilian infrastructure, power grid, international humanitarian law
Introduction
The increasing reliance on digital technologies has transformed the nature of modern conflict, with cyber operations becoming an integral component of military strategy. However, this shift poses significant risks to civilian infrastructure, which is often vulnerable to cyber-attacks. The consequences of such attacks can be devastating, disrupting essential services, and causing civilians to be at risk
Civilian infrastructure, such as power grids, water supply systems, healthcare facilities, and transportation networks, is increasingly relying on digital technologies, making it an ideal target for cyber operations in armed conflicts.
The impact of cyber-attacks on civilians’ infrastructure can be devastating, leading to significant harm to civilians, including loss of life, injury, and displacement. The 2015 cyber-attack on Ukraine’s power grid, which left millions without electricity, disrupted healthcare services, and caused widespread economic damage.
International humanitarian law, also known as the laws of war, seeks to regulate the conduct of armed conflicts and protect civilians and civilians from the consequences of war. However, the implementation of IHL in the cyber domain is still in its infancy, and the existing legal framework is facing significant challenges in addressing the complexities of cyber warfare.
However, the question arises that how can we define a “cyber-attack” under IHL? Whether cyber conflict constitutes an armed conflict? What are the duties of states and non-state actors to prevent and respond to cyber-attacks on civilian infrastructure?
This discussion will delve into the protection of civilian infrastructure in the age of cyber conflict from an IHL perspective, exploring the existing legal framework, the challenges posed by cyber warfare, and the need for new solutions to ensure the protection of civilians and civilians’ infrastructure in the digital battlefield.
Research Methodology
This study utilizes a doctrinal approach to examine the application of International Humanitarian Law in protecting civilian infrastructure during cyber conflict. The methodology integrates a comprehensive literature review, a deep analysis has droned from secondary sources like journals, case studies and websites to thoroughly understand the challenges posed by cyber conflicts in protecting civilians’ infrastructure.
Review Of Literature
International Humanitarian Law and Cyber Warfare
Schmitt and Vihul (2017): “Tallinn Manual 2.0” a comprehensive guide to IHL in cyber warfare. This document outlines how international law applies to cyber warfare, offering guidelines on distinguishing between military and civilian targets.
ICRC (2019): “IHL and Cyber Operations” a report exploring the application of IHL to cyber operations. IHL principles, such as distinction and proportionality, apply to cyber warfare, but their interpretation and application are challenging in the cyber context.
Protection Of Civilian Infrastructure
NATO (2018): “Protecting Critical Infrastructure from Cyber Threats” a report on NATO’s approach to protecting civilian infrastructure. UNODA (2019): “Cybersecurity and the Protection of Critical Infrastructure” a study on international efforts to protect civilian infrastructure.
This review of literature provides a comprehensive overview of cyber-attacks and civilian infrastructure covering its definition, challenges, legal framework, and case studies that form the foundation for understanding the intersection of international humanitarian law and cyber warfare, particularly in relation to the protection of civilian infrastructure.
What is Cyber Warfare/ Conflict?
Cyber warfare/ conflict typically referred to as a cyber-attack or series of attacks that target a country. It has the potential to disrupt government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life.
However, there is a debate among cyber security experts regarding what kind of activity constitutes cyber warfare. The US Department of Defence recognizes that threat to national security posed by the malicious use of the Internet but does not provide a clearer explanation of cyber warfare.
Cyber warfare typically involves a nation-state perpetrating cyber-attacks on another, but in some instances, the attacks are conducted by terrorist organizations or non-state actors seeking to further the objective of a hostile nation.
Civilian Infrastructure
Civilian infrastructure refers to the objects and facilities that are not military objectives but are essential for the survival and well-being of the civilian population. Examples include hospitals and medical facilities, water and sanitation systems, food storage and distribution facilities etc. These examples illustrate the types of targets that may be involved in cyber conflict and the importance of safeguarding cyber infrastructure to prevent significant disruptions and harm to individuals and societies.
Application Of IHL To Cyber Warfare
International Humanitarian Law is a set of rules that seeks, for humanitarian reasons, to limit the effects of armed conflict. It protects those who are not, or are no longer, directly or actively participating in hostilities, and impose limits on the means and methods of warfare. International Humanitarian Law is also known as “the law of war” or “the law of armed conflict”. International Humanitarian Law is part of public international law, which is made up primarily of treaties, customary international law and general principle of law. A distinction must be made between IHL, which regulates the conduct of parties engaged in an armed conflict (jus in bello), and public international law, as set out in the charter of the United Nations, which regulates whether a state may lawfully resort to armed force against another state (jus ad bellum). The charter prohibits such use of force with two exceptions: cases of self- defence against an armed attack, and when the use of armed forces is authorised by the United Nations Security Council. International humanitarian law does not stipulate whether the commencement of an armed conflict was legitimate or not, but rather seeks to regulate the behaviour of parties once it has started.
The implementation of International Humanitarian Law on cyber conflict/ warfare is a topic of ongoing debate and development.
IHL applies to cyber-attacks that are classified as “attacks” under IHL, meaning they cause harm to individuals or objects. Cyber-attacks must distinguish between military objectives and civilian objects, and the damage caused must be proportionate to the military advantage anticipated. Parties must take precautions to avoid or minimize harm to civilians and civilians’ objects. Cyber-attacks must not cause unnecessary suffering, injury or death, and must be necessary to achieve a legitimate military objective. Civilian infrastructure and civilians’ objects must be respected and not attacked, unless they are used to combat military purposes. Prohibiting acts that cause unnecessary suffering, injury, or death prohibiting cyber-attacks that cause unnecessary harm to civilians or civilian objects (article 22 of the Hague regulation, article 12 of the First Geneva Convention). Maintaining accountability for cyber-attacks and their consequences ensuring that individuals responsible for cyber-attacks are held accountable for their actions (article 91 of additional protocol 1, article 28 of the Hague Regulations). Taking all feasible precautions to avoid or minimize harm to civilians and civilian objects, such as using precise targeting and avoiding indiscriminate attacks (article 57 of additional protocol 1, article 24 of the Hague Regulations)
By applying these principles, parties to a cyber conflict can minimize harm to civilian infrastructure and ensure respect for humanitarian law.
What Are the Duties of States and Non-state Actors?
The duties of states and non-state actors to prevent and response to cyber attacks on civilian infrastructure include:
States:
Provide protection for their own cyber infrastructure. Develop and implement cyber security policies and regulations. Establish a cyber command centre and incident response teams. Engage in international cooperation and diplomacy to combat cyber threats. Provide support and assistance to civilian entities to enhance their cyber security.
Non-state actors:
Implement effective cyber security measures to safeguard their own infrastructure. Participate in discussions with states and other stakeholders to share information and best practices. Participate in international efforts to establish norms and standards for cyber security. Encourage cyber security awareness and education initiatives. Avoid engaging in malicious cyber activities.
It is important to observe that these duties are not only legal but also ethical and moral, and both states and non-state actors have a responsibility to safeguard the integrity of the cyber domain and prevent harm to others.
Difference between Military and Civilian?
International humanitarian law requires that parties to an armed conflict must “in all likelihood distinguish between the civilian population and combatants and between civilian objects and military objectives”. International humanitarian law prohibits attacks aimed at civilians and indiscriminate attacks, such as those that target military objectives and civilians without distinction. International humanitarian law prohibits attacks that may be anticipated to cause excessive civilian harm in relation to the concrete and direct military advantage anticipated.
In the conduct of military operations, constant care must be taken to safeguard the civilian population, civilians, and civilian objects. All necessary measures must be taken to prevent, and in any event, to minimize, incidental loss of civilian life, injury to civilians and damage to civilian objects. Goods that are essential to the survival of the civilian population, civilian property and the environment are protected by specific protection.
Challenges Posed by Cyber Conflicts
Attribution: Difficulty in attributing cyber-attacks to a specific party, making it hard to hold them accountable. Evidence: Difficulty in gathering evidence of cyber-attacks and their effects, making it hard to investigate and prosecute.
Dual-use objects: Infrastructure often serves both civilians and military purposes, making it hard to distinguish between the two. Limited international cooperation: Difficulty in achieving international cooperation to address cyber conflict and protect civilian infrastructure. Evolving nature of cyber conflict: Cyber conflict is constantly evolving, making it challenging for IHL to keep pace. Coordination: Difficulty in coordinating responses to cyber-attack across different sectors and borders.
These challenges highlight the need for ongoing efforts to adapt IHL to the realities of cyber conflict and ensure the protection of civilian infrastructure.
Case Studies of Cyber Attacks on Civilian Infrastructure
Stuxnet (2010): A cyber-attack on Iran’s nuclear facilities that demonstrated the potential for cyber-attacks to cause physical damage to critical infrastructure. Zetter (2014) in “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon” provides a comprehensive overview of this incident.
Ukraine Power Grid Attack (2015): A cyber attack that caused widespread power outages, highlighting the vulnerability of power infrastructure to cyber threats. Reports by Lee, Assante, and Conway (2016) in “Analysis of the cyber-attack on the Ukrainian Power Grid” offer detailed technical and strategic insights.
WannaCry and Not Petya Ransomware Attacks (2017): These ransomware attacks healthcare systems, transportation networks, and other critical services worldwide. Greenberg (2019) in Sandworm: A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers provides a narrative of these attacks and their implications.
Whether Cyber Conflict Constitute an Armed Conflict?
The issue of Whether cyber conflict constitutes an armed conflict is a topic of ongoing debate and discussion in the fields of international law and cyber security.
Some arguments that consider cyber conflict as an armed conflict:
Violence and destruction: Cyber-attacks can cause significant harm and destruction to critical infrastructure, businesses, and individuals. Intent to harm: Cyber-attacks are often initiated with the aim of causing harm or disrupting the operations of an adversary, such as traditional armed conflict. Scale and effects: Cyber-attacks can have numerous and devastating effects, such as traditional armed conflicts. Arguments against considering cyber conflict as an armed attack Lack of physical violence: Cyber-attacks do not involve physical violence or traditional weapons, which is a key factor in armed conflict.
Difficulty in attribution: It is difficult to identify cyber-attacks by a specific actor or state, making it difficult to determine the responsibility. Gray zone: Cyber conflict often occurs in a Gray zone between peace and war, making it difficult to implement traditional legal frameworks.
The international community is still grappling with these issues, and there is no clear consensus yet on whether cyber conflict is an armed conflict. However, some international initiatives, such as Tallinn Manual, have attempted to provide guidance on the implementation of international law to combat cyber conflict.
Protective Measure to Protect Civilian Infrastructure
In the digital age, safeguarding civilian infrastructure from cyber threats requires a multi-layered approach that combines technological, legal, and policy measures. Here are some protective measures and recommendations to enhance the strength and security of critical infrastructure:
Technological Measures
Enhanced cyber practices:
The implementation of advanced security protocols utilizes firewalls, intrusion detection systems, intrusion prevention systems, and encryption to safeguard critical systems. Regular security audits and assessments conduct periodic vulnerability assessments and penetration testing to identify and address potential security weaknesses. Multi-Factor authentication utilizes MFA to access critical systems to ensure that only authorized personnel can obtain access.
Network segmentation and isolation:
Dispose critical infrastructure networks from corporate and public networks to reduce the risk of lateral movement by attackers. Air gaps physically isolate the most sensitive systems to prevent unauthorized access and cyber-attacks.
Cyber incident response and recovery:
Create and regularly update comprehensive incident response strategies to ensure quick and effective responses to cyber-attacks. Conduct regular cyber security exercises and simulations to test and improve response capabilities.
Legal and Policy Measures
Strengthening international legal frameworks:
Adapt and expand existing IHL principles to provide an explicit coverage of cyber operations and the protection of civilian infrastructure.Develop and promote international treaties and norms to address cyber warfare and the protection of critical infrastructure.
National legislation and regulations:
Implement strict cyber security regulations and standards for critical infrastructure operators to ensure effective protection measures. Implement mandatory reporting requirements for cyber incidents to enhance transparency and enable coordinated responses.
International cooperation and information sharing:
Foster international cooperation through partnerships and alliances such as the NATO cooperative cyber defence centre of excellence and the global forum on cyber expertise. Create and participate in information sharing platforms to exchange information about threats and best practices among nations and industry stakeholders.
Organizational and human measures
Workforce training and awareness:
Implement regular training programs for employees to increase awareness of cyber security threats and the best practices. Provide advanced training for IT and security staff on the latest cyber security technologies and threat landscapes.
Organizational resilience and preparedness:
Develop and maintain comprehensive BCPs to maintain critical services during and after a cyber-attack. Establish redundant systems and regular data backups to reduce the impact of cyber-attacks and facilitate rapid recovery.
Public-Private partnerships:
Encourage collaboration between government agencies and private sector companies to share knowledge, resources, and intelligence regarding cyber security. Promote the adoption of industry standards and best practices for cyber security across all sectors of critical infrastructure.
Suggestions
Enhance legal frameworks: Develop and expand IHL and national laws to address the unique challenges of cyber warfare and specifically protect civilian infrastructure. Promote international cooperation: Strengthen international cooperation through treaties, alliances, and information sharing platforms to create a global response to cyber threats. Invest in advanced technologies: Provide resources to develop and deploy advanced cyber security technologies, such as AI, ML, and blockchain, to enhance the protection of critical infrastructure. Strengthen organizational resilience: Encourage organizations to implement comprehensive cyber security strategies, including regular training, incident response planning, and business continuity strategies. Increase the awareness of cyber security: implement widespread cyber security awareness programs to educate the public and the workforce about the importance of cyber security and how to mitigate risks. Standardize cyber security practices: develop and enforce standardized cyber security practices and regulations across all sectors to ensure consistent and robust protection measures.
By implementing protective measures, nations can enhance the resilience and security of their civilian infrastructure against the growing threat of cyber conflicts. This multi-faceted approach envisions a comprehensive defence strategy that utilizes technological advancements, legal frameworks, and collaborative efforts to safeguard critical services and protect civilian populations.
Conclusion
It is increasingly challenging to protect civilian infrastructure in the aftermath of cyber conflict as digital technologies become increasingly integrated into essential services. The complexity and frequency of cyber threats require a comprehensive approach to safeguard these vital systems.
Technological advancements provide robust tools for defence, such as enhanced cyber security protocols, advanced threat detection systems, and continuous monitoring. These measures, combined with regular security audits and data protection strategies, from the beginning of the defence against cyber-attacks.
Legal and policy frameworks must be developed to address the unique challenges faced by cyber warfare. Increasing international humanitarian law to explicitly cover cyber operations and developing international standards for responsible state behaviour in cyberspace are essential steps. National regulations should enforce strict cyber security standards and require the reporting of cyber incidents to ensure transparency and coordination.
Organizational resilience is equally essential. Workforce training and development programs, comprehensive incident response plans, and business continuity planning are essential for preparing organizations to effectively recover from cyber incidents. Creating a culture of cyber security in organizations ensures that cyber security is prioritized at all levels.
Public-private partnerships are a crucial factor in enhancing cyber security. The collaboration between government agencies and private sector entities facilitates the exchange of expertise, resources and intelligence. Joint initiatives and the development of common standards and best practices enhance the overall security posture of critical infrastructure.
In conclusion, the protection of civilian infrastructure in the aftermath of cyber conflict requires a multi-faceted and proactive approach. By integrating advanced technological measures, organizational strategies, and effective public-private partnerships, nations can combat cyber threats. Ensuring the security and continuity of essential services is not only a technical challenge, but a fundamental requirement for maintaining societal stability and public safety in the digital age.
BY:
Anushka Anand
Ideal Institute of Management and Technology and School of Law, GGSIPU