Cyber-attacks have been causing massive upheavals in the world with rippling effects to various domains which are affected by the cyber world. Economies, demand-supply chains, legislation among other fields are all concerned with the upheaval. Countries are seeing cyber attacks as the future of an evolved form of warfare and as a result of which are emphasizing more on building their cyber capabilities. This emerging attention that cyberattacks are gaining requires some legislative structure on the international platform for it to be addressed and since there are no international laws or conventions centred around cyberattacks in particular. This means, given the lack of any comprehensive treaties, legal experts lean on other conventions to deal with this matter. It’s a space in legal literature which will be evolving in the next few years purely out of necessity. Questions such as, ‘whether cyber-warfare should be illegalised as it also has overbearing losses and indirect fatalities and if yes then in which manner should it be carried out?’ are being asked. The complexity begins at the first step with regards to categorising illegal computer codes and innocent computer codes which are almost always indistinguishable. This is the reason why a different approach is inevitable when it comes to dealing with cyber-warfare.
The word ‘cyberattack’ is used more and more frequently in newspapers and books. It has become a familiar word in common parlance but legally, very few scholars have attempted to restrict its scope to specified subjects of law. It is important to point out that the existing legal framework is incapable and inept at handling cyber-warfare and needs drastic changes to make them more suitable for the 21st century. A most important idea that we need to grapple with is how this warfare isn’t conducted in the physical realm. This becomes an important subject of discussion because most nations have denied putting cyber attacks in the same category as physical attacks because of lack of any direct physical consequences. This allows them to dodge any sort of liability under Article 51 of the United Nations Charter.
“Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if an armed attack occurs against a Member of the United Nations until the Security Council has taken measures necessary to maintain international peace and security.”
The most appropriate method of determining as to when a cyber attack should be compared to a physical attack is to assess the indirect physical consequences. If it results in physical destruction, it should be categorised under the same bracket. Article 2(4) of the United Nations Charter says the following:
“..member States shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State, or any other manner inconsistent with the Purposes of the United Nations”.
An additional piece of customary law which complements the functioning of the above-mentioned law is the restraint that is imposed on a State from intervening into the internal matters of another State (‘Declaration on Principles of International Law Concerning Friendly Relations and Cooperation Among States’ GA Res 25/2625). The International Court of Justice has opined that whenever an interference takes any form of threat or force, the customary law of non-intervention should come into play.