Abstract Unintended damage to non-military targets is typically straightforward to characterize and weigh against anticipated benefits because of well-established definitions, technical assessments, and legal conventions. In a kinetic military context, collateral damage occurs when a hostile action causes physical or property damage to a civilian target. However, collateral effects caused by cyber operations lack formal recognition when they are limited to electronic data, information technology and computing systems, whether caused by conventional military operations, or the result of law enforcement, or private sector operations. Even though there may be tangible consequences stemming from the loss or destruction of data, conventional norms are ill equipped to formally recognize them. Uniquely in the cybersecurity context, tactical operations may have broad systemic “collateral” effects on other important policy priorities that must be accounted for. In short, we lack a clear conceptual vocabulary for cyber operations for both the military operations, as well as for non-military operations, where many cyber activities occur. This research examines this discontinuity by first examining conventional military definitions of “cyber operations,” “collateral damage” and international norms governing operations conducted by lawful participants against military targets. It then examines a number of important similarities and differences between conventional and cyber operations as they relate to damage and injury. Finally, it introduces other contexts for considering collateral damage in the cyber realm, and the way in which other legal and strategic regimes have handled the concept, providing specific examples of these outcomes and guidance for how to think about collateral damage in a range of contexts.
[1]
Ola.
No. 17512. Protocol additional to the Geneva Conventions of 12 August 1949, and relating to the protection of victims of international armed conflicts (Protocol I). Adopted at Geneva on 8 June 1977
,
2000
.
[2]
Frédéric Siordet,et al.
Geneva Convention Relative to the Treatment of Prisoners of War
,
1953,
American Journal of International Law.
[3]
B. Buchanan,et al.
Attributing Cyber Attacks
,
2015
.
[4]
Jon R. Lindsay,et al.
Stuxnet and the Limits of Cyber Warfare
,
2013
.
[5]
Michael N. Schmitt,et al.
Tallinn Manual on the International Law applicable to Cyber Warfare: prepared by the International Group of Experts at the Invitation of the NATO Cooperative Cyber Defence Centre of Excellence
,
2017
.
[6]
Jennifer Daskal.
The Un-Territoriality of Data
,
2015
.