Published online by Cambridge University Press: 17 October 2017
Does the advent of cyber war require us to abandon the traditional ethical framework for thinking about the morality of warfare – just war theory – and develop principles specific to the unique nature of cyber attacks? Or can just war theory still provide an appropriate basis for thinking through the ethical issues raised by cyber weapons? This article explores these questions via the issue of whether a cyber attack can constitute a casus belli. The first half of the article critically engages with recent attempts to provide a new theory of just information warfare (JIW) that is supposedly better suited to the unique character of cyber war insofar as it is grounded the broader meta-ethical framework of information ethics (IE). Yet the article argues that not only is JIW fundamentally unsuitable as a way of thinking about cyber war, but (in the second half) that it is possible to develop a different account of how we can understand a cyber attack as constituting a casus belli in a way that is in keeping with traditional just war theory. In short, there is no need to reinvent just war theory for the digital age.
1 For a good survey of cyber conflict including Stuxnet and Russia’s conflict with Georgia and Estonia, see Healey, Jason (ed.), A Fierce Domain: Conflict in Cyberspace, 1986–2012 (Cyber Conflict Studies Association, 2013)Google Scholar.
2 Roger Crisp, ‘Cyberwarfare: No New Ethics Needed’, available at: {http://blog.practicalethics.ox.ac.uk/2012/06/cyberwarfare-no-new-ethics-needed/} accessed 14 August 2017; Gartzke, Eric, ‘The myth of cyberwar: Bringing war in cyberspace back down to Earth’, International Security, 38:2 (2013), pp. 41–73 Google Scholar; May, Larry, ‘The nature of war and the idea of “cyberwar”’, in Jens David Ohlin et al. (eds), Cyberwar – Law and Ethics for Virtual Conflicts (Oxford: Oxford University Press, 2015), pp. 3–15 Google Scholar; Rid, Thomas, Cyber War Will Not Take Place (Hurst & Co.: London, 2013)Google Scholar; Rid, Thomas, ‘Cyber war will not take place’, Journal of Strategic Studies, 35:1 (2012), pp. 5–32 Google Scholar.
3 See particularly Lucas, George, Ethics and Cyber Warfare: The Quest for Responsible Security in the Age of Digital Warfare (Oxford: Oxford University Press, 2017)Google Scholar. See also Barrett, Edward T., ‘Reliable old wineskins: the applicability of the just war tradition to military cyber operations’, Philosophy & Technology, 28:3 (2015), pp. 387–405 Google Scholar; Barrett, Edward T., ‘Warfare in a new domain: the ethics of military cyber-operations’, Journal of Military Ethics, 12:1 (2013), pp. 4–17 CrossRefGoogle Scholar; James Cook, ‘Is there anything morally special about cyberwar?’, in Ohlin et al. (eds), Cyberwar – Law and Ethics for Virtual Conflicts, pp. 16–36; Cook, James, ‘“Cyberation” and just war doctrine: a response to Randall Dipert’, Journal of Military Ethics, 9:4 (2010), pp. 411–423 Google Scholar; Denning, Dorothy E. and Strawser, Bradley J., ‘Moral cyber weapons’, in Luciano Floridi and Mariarosaria Taddeo (eds), The Ethics of Information Warfare (Springer: London, 2014), pp. 85–103 Google Scholar; Eberle, Christopher J., ‘Just war and cyberwar’, Journal of Military Ethics, 12:1 (2013), pp. 54–67 CrossRefGoogle Scholar; Jenkins, Ryan, ‘Is Stuxnet physical? Does it matter?’, Journal of Military Ethics, 12:1 (2013), pp. 68–79 Google Scholar. The moderate school has its legal correlative, such as the authors of the Tallinn Manual, which takes existing international law and norms surrounding jus ad bellum and jus in bello apply to cyber operations. Schmitt, Michael N. et al., Tallinn Manual on the International Law Applicable to Cyber Warfare (Cambridge: Cambridge University Press, 2013)Google Scholar.
4 Glorioso, Ludovica, ‘Cyber conflicts: Addressing the regulatory gap’, Philosophy & Technology, 28:3 (2015), pp. 333–338 CrossRefGoogle Scholar.
5 Arquilla, John, ‘Ethics and information in warfare’, in Z. Khalizad et al. (eds), The Changing Role of Information in Warfare (Santa Monica: Rand Corporation, 1999), p. 394 Google Scholar. See also Arquilla, John, ‘Twenty years of cyberwar’, Journal of Military Ethics, 12:1 (2013), pp. 80–87 Google Scholar; Bringsjord, Selmer and Licato, John, ‘By disanalogy, cyberwarfare is utterly new’, Philosophy & Technology, 28:3 (2015), pp. 339–358 Google Scholar; Dipert, Randall, ‘The ethics of cyberwarfare’, Journal of Military Ethics, 9:4 (2010), pp. 384–410 Google Scholar.
6 Cited in Walzer, Michael, Just and Unjust Wars (4th edn, Basic Group: New York, 2006), p. 62 Google Scholar.
7 May, ‘The nature of war and the idea of “cyberwar”’; Rid, Cyber War Will Not Take Place; Rid, ‘Cyber war will not take place’.
8 Taddeo, Mariarosaria, ‘Just information warfare’, Topoi, 35:1 (2016), pp. 213–224 Google Scholar; Taddeo, Mariarosaria, ‘Information warfare and just war theory’, in Floridi and Taddeo (eds), The Ethics of Information Warfare, pp. 123–138 Google Scholar.
9 Taddeo, ‘Just information warfare’, p. 216.
10 Ibid.; Dipert, ‘The ethics of cyberwarfare’.
11 Orend, Brian, The Morality of War (2nd edn, Ontario: Broadview Press, 2013), p. 176 Google Scholar.
12 To be clear from the outset, one of the arguments I am going to make against JIW is that ontological questions regarding whether or not cyber attacks are physical are simply irrelevant to assessing whether they can constitute a casus belli. Hence, while there is a live debate about the issue of cyber attacks’ (non-)physicality, which are of interest in their own right, they nevertheless do not undermine traditional JWT in the way advocates of the radical approach suggest. See Jenkins, ‘Is Stuxnet physical?’; Lucas, George R., ‘Postmodern war’, Journal of Military Ethics, 9:4 (2010), pp. 289–298 Google Scholar.
13 See also May, ‘The nature of war and the idea of “cyberwar”’.
14 See also Arquilla, ‘Ethics and information in warfare’; Barrett, ‘Warfare in a new domain’; Dipert, ‘The ethics of cyberwarfare’.
15 Floridi, Luciano, The Ethics of Information (Oxford: Oxford University Press, 2013), p. 56 CrossRefGoogle Scholar.
16 Ibid., p. 10.
17 Ibid., ch. 3; Floridi, Luciano, ‘Information ethics: its nature and scope’, in Jeroen Van Den Hoven and John Weckert (eds), Information Technology and Moral Philosophy (Cambridge: Cambridge University Press, 2010), pp. 40–65 Google Scholar; Taddeo, ‘Just information warfare’.
18 Taddeo, ‘Just information warfare’, p. 215.
19 Floridi, The Ethics of Information, p. 64.
20 Floridi, ‘Information ethics’, p. 46.
21 Floridi, The Ethics of Information, p. 6.
22 Ibid., p. 69
23 Ibid.
24 Durante, Massimo, ‘Violence, just cyber war and information’, Philosophy & Technology, 28:3 (2015), pp. 369–385 Google Scholar.
25 Floridi, ‘Information ethics’, p. 48.
26 Taddeo, ‘Just information warfare’, p. 220.
27 Floridi, The Ethics of Information, p. 70.
28 Ibid., p 67.
29 Ibid., p. 71; Floridi, ‘Information ethics’, pp. 58–9; Taddeo, ‘Just information warfare’, p. 221; Taddeo, ‘Information warfare and just war theory’, p. 133.
30 Taddeo, ‘Just information warfare’, p. 221.
31 Ibid., p. 221; Taddeo, ‘Information warfare and just war theory’, p. 134.
32 Floridi, The Ethics of Information; Taddeo, ‘Just information warfare’.
33 Taddeo, ‘Information warfare and just war theory’, p. 136.
34 Durante, ‘Violence, just cyber war and information’, p. 371.
35 Floridi, The Ethics of Information, p. 131.
36 Another way of thinking about this deficiency with the IE account is via the condition of proportionality rather than just cause, as we are doing here. We might think that the reason why the virus that deletes selfies does not justify a violent response is because the principle of proportionality tells us that no armed attack could ever be a fitting response to such an inane act. That seems obviously right, but again it is unclear how this assessment can be made from the informational perspective as it requires us to make judgements as to the value and significance of the entities damaged in the attack, which we can only do from a perspective other than of the infosphere.
37 Lucas, Ethics and Cyber Warfare, p. 117; Schmitt et al., Tallinn Manual, p. 75.
38 Schmitt et al., Tallinn Manual, p. 58. See also Lucas, Ethics and Cyber Warfare, pp. 117–18.
39 Lucas, George R., ‘Permissible preventative cyberwar: Restricting cyber conflict to justified military targets’, in Floridi and Taddeo (eds), The Ethics of Information Warfare, pp. 73–83 Google Scholar.
40 Taddeo, ‘Information warfare and just war theory’, p. 136.
41 That JIW states we have a moral obligation to attack licit entities, rather than simply the right, is also a huge difference between it and traditional just war theory that would have momentous legal ramifications, and deserves much more attention than it is given in the literature.
42 Taddeo, ‘Information warfare and just war theory’, p. 132.
43 Floridi, ‘Information ethics’, p. 56, emphasis added.
44 I am indebted here to Bernard Williams’s discussion in his ‘The human prejudice’, in Moore, Adrian W. (ed.), Philosophy as a Humanistic Discipline (Oxfordshire: Princeton University Press, 2005), pp. 135–152 Google Scholar.
45 See May, ‘The nature of war and the idea of “cyberwar”’.
48 Paul Cornish et al., ‘Cyber Security and the UK’s Critical National Infrastructure’, The Royal Institute of International Affairs (Great Britain: Chatham House, 2011).
49 See, for instance, Raz, Joseph, The Morality of Freedom (Oxford: Oxford University Press, 1986)Google Scholar.
50 This helps shed some light on exactly where advocates of the radical school go fundamentally wrong in their analysis. Firstly, they wrongly assume that cyber attacks cannot be violent in ways we would familiarly recognise as such. Stuxnet should be evidence enough that this is false. But, more importantly, they are simply wrong in thinking that because a cyber attack targets computer systems that we must account for the relevant harm in terms of damage to those systems, and hence need to create a new ethical framework in which we can conceptualise harm to non-humans, rather than to the human beings whose interests they are created to serve. If we avoid making that mistake then we can see how adopting an information perspective, either as an initial ethical starting point to which an anthropocentric LoA is added or as in some sense supplementing that human perspective, adds nothing to our understanding of the wrong of a cyber attack. Focusing on the (potential) consequences to human interests of disruptions to particular critical infrastructure assets is sufficient and provides all the reason we need to resist IE’s argument that there are ‘no good reasons to stop anywhere but at the bottom’. We can stop where we need to stop.
51 See, for example, Lucas, Ethics and Cyber Warfare.
52 Cornish et al., ‘Cyber Security and the UK’s Critical National Infrastructure’.
54 Walzer, Just and Unjust Wars, ch. 10.
55 Gartzke, ‘The myth of cyberwar’; Lindsay, Jon R., ‘Stuxnet and the limits of cyber warfare’, Security Studies, 22:3 (2013), pp. 365–404 Google Scholar; Rid, Thomas and McBurney, Peter, ‘Cyber-weapons’, The RUSI Journal, 157:1 (2012), pp. 6–13 CrossRefGoogle Scholar.
56 Lucas, Ethics and Cyber Warfare.