Zen Chang

The proliferation of cyber-attacks has shifted the paradigm of warfare. In May 2017, the world saw the first global cyber-attack where WannaCry ransomware affected thousands of civilian infrastructures (i.e. hospitals, transport services, energy services, etc.) in over a hundred nations. The WannaCry attack is the first instance where civilian lives were directly and intentionally endangered by a piece of malicious code. However, cyber-attacks transposing itself into the kinetic realm is not a new phenomenon. In July 2010, Iran’s nuclear facilities in Natanz was hit with the Stuxnet malware (‘Operation Olympic Games’), which destroyed nuclear centrifuges and ultimately halted Iran’s nuclear ambitions. In the wake of WannaCry ransomware attack, calls have been made to codify a “Digital Geneva Convention.” Although cyberwarfares are not regulated by any international humanitarian law (‘IHL’) treaties, ‘their development and employment in armed conflict do not occur in a legal vacuum.’

This paper seeks to explore the interaction between cyberwarfare and IHL. Whilst ‘the legal principles [of IHL] applies to all forms of warfare [including] those of the future,’ how it is to apply remains contentious and subject to debate. This paper will critically analyse how the legal parameters of IHL, lex lata, apply in times of cyberwar. This paper seeks to show the nuances in cyber-IHL which military commanders, and military legal advisors, ought to take note.