When it was created, the Internet was launched as a classified military experiment, but nowadays it is a widely used tool that has a multitude of purposes. Recent cyberattacks on Saudi Arabia’s state oil company Saudi Aramco, the Qatari gas firm RasGas, and denial-of-service attacks on some major U.S. banks come as evidence that the battlefield is shifting from a three-dimensional to a linear front, and this tendency may also result in an overall drastic change of warfare standards. In spite of the obvious improvement of life standards which this technological revolution brought, the great dependency on computers may open a new page of warfare conduct. Because international law is hampered by constraints imposed before the advent of cyberattacks, one of the most significant challenges today is withstanding this rapid advance of computer technology.
Similar to the terrorist acts, cyberattacks are initiated without warning, and often the result of the attack is noticeable within seconds after it has been launched, thus giving the victim almost no time to react. Usually, the level and type of response to the use of force is determined more or less by the extent of the impact of the initial strike. A cyberattack directed against a minor target that is not meant to cause grave consequences, such as death/injury or destruction/damage, would most probably not be viewed as an armed attack. Moreover, the state’s prerogative to respond to the use of force in self-defense is regulated by the necessity and proportionality tenets:
The principle of necessity justifies a more decisive action when all peaceful means are exhausted and there are no further options to settle the conflict any other way than through the use of forceful methods.
The proportionality tenet regulates the quantity of the countermeasures used. They must be proportional and adequate to those used in the initial attack made by the aggressor.
The probability of grave cyberattacks imposes an obligation to policymakers to generally reconsider the manner in which they conduct the protection of computer networks and devices, especially those which are an underlying segment of a critical national infrastructure. Taking into account the significant damage of the cyberattacks on Saudi Aramco, RasGas, and the U.S. banks, the international community must realize completely the fact that grave cyberattacks are not myth, but reality, and that more decisive measures regarding this threat are needed.