A fascinating article about the challenges of relating traditional “just war” theory to modern cyberwarfare (e.g., the “Stuxnet” virus, which was used to hamper Iran’s nuclear program). For example, how do you translate the traditional concept of aggression, as understood by “just war” theory, to computer viruses and hacking attempts?
By the laws of war, there is historically only one “just cause” for war: a defense to aggression, as previously mentioned. But since aggression is usually understood to mean that human lives are directly in jeopardy, it becomes difficult to justify military response to a cyberattack that does not cause kinetic or physical harm as in a conventional or Clausewitzian sense, such as the disruption of a computer system or infrastructure that directly kills no one. Further, in cyberspace, it may be difficult to distinguish an attack from espionage or vandalism, neither of which historically is enough to trigger a military response. For instance, a clever cyberattack can be subtle and hard to distinguish from routine breakdowns and malfunctions.
If aggression in cyberspace is not tied to actual physical harm or threat to lives, it is unclear then how we should understand it. Does it count as aggression when malicious software has been installed on a computer system that an adversary believes will be triggered? Or maybe the very act of installing malicious software is an attack itself, much like installing a landmine? What about unsuccessful attempts to install malicious software? Do these count as war-triggering aggression — or mere crimes, which do not fall under the laws of war? Traditional military ethics would answer all these questions negatively, but in the debate over the legitimacy of preemptive and preventative war, the answers are more complex and elusive.
However, philosopher Roger Crisp argues that the ethical challenges raised by the article aren’t as challenging as we might think.