Technology is becoming increasingly complicated, interconnected, and harder to control.[1] Cars, airplanes, medical devices, financial transactions, and electricity systems rely heavily on computer software more than ever before. The growing complexity makes it more difficult than ever—and more imperative than ever— to use social, political, and legal tools to help shape the development and design of technology.[2]

Governmental and non-governmental institutions have failed to adequately address cyber warfare by foreign powers. Unlike combat with bullets and bombs, cyberwarfare is waged almost entirely with stealth and deception, making it hard to know when and where it's occurring, or whether full-scale cyber war is on the horizon.[3] Even disinformation campaigns, such as Russia's targeting the 2016 U.S. presidential election, can be considered a softer but still damaging type of cyberwarfare.[4]

Russia, along with Iran, China, and the U.S., is among the world's leading practitioners of cyberwarfare state-on-state hacking to gain strategic or military advantage by disrupting or destroying data or physical infrastructure.[5] In late 2020, Russian-based cybercriminals caused two of the most destructive cyberattacks in recent history, accessing 10 U.S. government agencies, including the Department of Homeland Security and the Department of Commerce.[6] Most recently, the Russian-Ukrainian conflict has been accompanied by a rash of cyberattacks from all sides, as hackers with a wide range of allegiances take up digital arms,[7] illustrating the increasing importance of digital attacks as part of hybrid warfare.[8]

One gray area of cyber warfare pertains to Article 5 of the NATO (North Atlantic Treaty Organization) treaty that states an "armed attack" against one or more parties in Europe or North America shall be considered an attack against them all.[9] If one ally is under attack, the others will respond with necessary action, including armed force, "to restore and maintain the security of the North Atlantic area."[10] Whether cyberattacks are considered "armed attacks" has not been determined.

NATO has said the alliance would consider whether to invoke Article 5 in response to a cyberattack "on a case-by-case basis,"[11] and that the impact of significant malicious cumulative cyber activities might be considered an "armed attack" in certain circumstances but is a political decision for NATO Allies to make.[12] U.S. Senate Intelligence Committee Chairman Mark Warner commented that no clear guidelines exist on how the United States would respond to cyber warfare.[13] "The West may have wanted strategic ambiguity in this area, and that may still be the right choice," he added.[14]

Still, the United States is not oblivious to the issues surrounding cyber warfare and is believed to have carried out defensive cyberattacks.[15] Moreover, in 2013, the U.S. Air Force designated six cyber tools as weapons normalizing military cyber operations to keep up with rapidly changing threats in the age of virtual war.[16] Similarly, some have even considered whether a "cyber weapons" classification should be included in the Second Amendment's right to bear arms.[17]

In conclusion, cyberattacks are a threat we will need to contend with in the decades to come. In fact, U.S. intelligence officials have warned that cyberattacks have supplanted terrorism as the top threat to the country.[18] In just minutes, a single cyberattack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyze our critical infrastructure, undermine our democracies, and cripple our military capabilities.[19] Accordingly, we must use social, political, and legal tools to establish clear guidelines and help prepare us for the future.

Nathan Shultz is a staff member of Fordham International Law Journal Volume XLV.

This is a student blog post and in no way represents the views of the Fordham International Law Journal.
—

[1] See Josephine Wolff, How Is Technology Changing the World, and How Should the World Change Technology?, Global Perspectives (Aug. 24, 2021), https://doi.org/10.1525/gp.2021.27353.

[2] See id.

[3] See Laurence Arnold, Cyberwar: How Nations Attack Without Bullets or Bombs, Bloomberg News (May 11, 2018), https://www.bloomberg.com/news/articles/2018-05-11/cyberwar-how-nations-attack-without-bullets-or-bombs-quicktake.

[4] See id.

[5] See id.

[6] See Luke Barr & Josh Margolin, DHS warns of Russian cyberattack on US if it responds to Ukraine invasion, ABC News (Jan. 24, 2022), https://abcnews.go.com/Politics/dhs-warns-russian-cyberattack-us-responds-ukraine-invasion/story?id=82441727.

[7] See William Turton, The Fog of Cyberwar Descends on Ukraine and Russia, Bloomberg News (Mar. 2, 2022), https://www.bloomberg.com/news/articles/2022-03-02/online-cyberattacks-in-russia-ukraine-show-digital-and-physical-future-of-war.

[8] See id.

[9] See North Atlantic Treaty art, 5, Apr. 4, 1949, 63 Stat 2241, 34 U.N.T.S 243.

[10] Id.

[11] Press Release, Brussels Summit Communiqué, N.A.T.O Press Release 086 (June 14, 2021) https://www.nato.int/cps/en/natohq/news_185000.htm.

[12] See James Pearson & Jonathan Landay, Cyberattack on NATO could trigger collective defense clause – official, Reuters (Feb. 28, 2022), https://www.reuters.com/world/europe/cyberattack-nato-could-trigger-collective-defence-clause-official-2022-02-28/.

[13] See id.

[14] Id.

[15] See Andrea Shalal-Esa, Six U.S. Air Force cyber tools designated as 'weapons', NBC News (Apr. 9, 2013), https://www.nbcnews.com/tech/tech-news/six-u-s-air-force-cyber-tools-designated-weapons-flna1c9277187. The United States is widely believed to have co-developed the Stuxnet computer virus that was used to attack an Iranian uranium enrichment facility. See id.

[16] See id.

[17] See Ian Urbina, Hacker Tactic: Holding Data Hostage, N.Y. Times (June 21, 2014), https://www.nytimes.com/2014/06/22/sunday-review/hackers-find-new-ways-to-breach-computer-security.html. The idea of a right to cyber arms has nothing to do with what you can carry or buy when it comes to computers or code but how you use those tools and where you draw the line between offense and defense in the virtual world. See Josephine Wolff, The Right to Bear Denial-of-Service Attacks, Slate (June 24, 2014), https://slate.com/technology/2014/06/second-amendment-right-in-the-cyber-world-is-it-necessary.html.

[18] See Shalal-Esa, supra note 15.

[19] See Jens Stoltenberg, NATO will defend itself, NATO (Aug. 27, 2019), https://www.nato.int/cps/en/natohq/news_168435.htm.