This blog recently discussed whether international mechanisms exist to award damages caused by potential cyberwars. And now it appears that a cyberwar actually is taking place with respect to Ukraine.
Press accounts have been rampant in terms of the turmoil over Crimea, Russia, and Ukraine. And while there have been possible threats of physical force, there also have been reports of disruption of mobile communications as a result of distributed denial of service (DDoS) attacks.
The Christian Science Monitor reports that 42 cyberattacks hit Ukrainian government websites during Crimea's vote to secede from Ukraine and join Russia. On top of that, there reportedly has been defacement of some Ukrainian state-run news websites and social media outlets, with pro-Russian propaganda replacing their original content.
And before that, "cyberspies" reportedly targeted certain Ukrainian computer systems.
Do the above types of activities amount to cyber crimes or do they verge into the realm of armed conflict?
In and of themselves, these activities do not appear to constitute armed conflict. However, if these cyber activities escalate such that they are supporting violent efforts, then they could be deemed part of an armed conflict. In that event, the international law of armed conflictcould come into play.
The law of armed conflict seeks to protect persons who are not participating in hostilities, and governs the methods of warfare between combatants. The law of armed conflict derives from the Geneva Conventions, the Hague Conventions, treatises, case law, and customary international law.
An ultimate goal of the law of armed conflict is to limit the destructive effect of warfare and to lessen human suffering.
Will the law of armed conflict in service of this goal be brought to bear when it comes to Ukrainian DDoS attacks and related cyber activities? We shall see.