Authored By: Meet Agarwal
Bennett University
Introduction: –
The next world war may not be fought with guns and missiles, but with code, algorithms and invisible attacks that can cripple the entire nation in seconds. Such warfare is known as “Cyberwarfare.”
Cyberwarfare is a series of strategic cyberattacks against a nation-state that cause significant harm. This harm could include the disruption of vital computer systems, up to loss of life. Cyberwarfare is typically defined as a set of actions by a nation or organization to attack countries or institutions’ computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks. And the hope is that effective cyber threat intelligence tools can reduce the harm done by these attacks.
Concept and Evolution:
Traditional War (Conventional): A military conflict between nation-states involving kinetic weapons (tanks, aircraft, soldiers) aimed at defeating the opponent’s armed forces and seizing territory.
Cyber War (Cyber Warfare): Actions by a nation-state or international organization to cause damage, disruption, or destruction to another nation’s digital infrastructure, computer systems, or networks.
Traditional war takes place on land, sea, or air, whereas cyberwar occurs within the digital infrastructure and computer networks. Traditional combat uses kinetic weapons (guns, tanks, missiles), whereas cyberwarfare uses non-kinetic digital weaponry (viruses, malware, DDoS attacks). Traditional war aims to destroy armed forces; cyber warfare aims to create strategic paralysis by disabling capabilities, but still, after all these many differences, we can see that the line between traditional and Cyber warfare is thinning, and the best example for this is the recent conflict, which is still going on (as of the date of writing) between The United States of America and The Islamic Republic of Iran where we can observe that Iran shot down U.S. drone which is a physical attack but the U.S. instead of also launching physical attack responded with a cyber-attack where the U.S. targeted Iranian missile control systems and digital infrastructure. This raises an important question for us: “Is hacking an act of war?” or “Is disabling electricity equal to bombing?” which shows how thin the line has remained between an action to be considered as a War Crime.
Legal Framework:
Cyber warfare is legally complex because of its Unique Features, such as: –
1) No physical boundaries
2) Instant attack across countries
3) Hard to identify the attacker (attribution problem)
4) Involves both state and non-state actors.
JUS AD BELLUM (Law Governing Use of Force): –
There are several provisions according to the UN charter to supervise Cyber Warfare, such as: –
1) Article 2(4)- Prohibition of Use of Force: It states that if there is the use of Force against a state by another state and the force has affected the state physically and caused damage to it, such as causing nuclear meltdown or disabling air trafficking systems will be considered as illegal use of force.
2) Article 51- Right to Self-Defense: When a cyber-attack causes death, destruction, or a severe impact on infrastructure will be considered as “armed attack”, and the state to which harm is caused can respond with force as well.
3) UN Security Council Powers: It states that the UN Security Council can act if cyber-attacks threaten peace and can impose sanctions and Authorize force, even for the cyber threat below “war level.”
4) Principle of Sovereignty and Non-Intervention: It states that States can not interfere in another state’s affairs.
STATE RESPONSIBILITY: –
A state is responsible only if the attack is attributable to it, but the problem here is that Cyber-attacks are hard to face because such attacks use fake IP and use botnets, which make its attribution extremely difficult.
Geopolitical Angle: –
Cyberwarfare is not just a legal issue, but a tool of global power politics. In simple terms, it can be said that countries use cyber capabilities to gain strategic, economic, and political advantage without engaging in direct war. Earlier, global power was measured by Military strength and territory, but now Cyber capability is also considered one of the important criteria to measure the power of a country.
What is the Role of economies (Major Powers)?
United States: The United States is a cyber superpower that promotes the open internet model.
[Open internet model is a principle where Internet Service Providers (ISPs) treat all data equally, allowing users unrestricted access to users, and services without discrimination].
The United States uses offensive cyber capabilities, high-tech surveillance systems and also has tech dominance in the global economy through tech giants such as Google, Microsoft, etc., which provides the US with the upper hand in the global economy.
Talking about the US’s legal position, the US supports the application of existing international law but uses a flexible interpretation for strategic advantage.
China: China is also a superpower, which is also considered a strong cyber power, but unlike the US, China focuses on state control over the internet; it uses Cyber espionage, data control and digital sovereignty as its strategy to dominate the global economy.
[Cyber espionage: Is the unauthorized, covert theft of classified data, intellectual property, or sensitive information from governments, organizations, or individuals using digital techniques.]
Talking about the legal position of China, China promotes the cyber sovereignty doctrine instead of free internet access, believing in the principle that each country controls its own internet.
Power struggle in Cyber space: –
Cyber warfare is part of a larger geopolitical competition, and we can observe that countries are struggling for power in the field of cyberspace, where the areas of conflict they are sharing are: 1)
1)Data control
2) AI dominance
3) Digital Infrastructure
4) Cyber espionage, which shows us that as the Global economy is growing, areas for power struggle are also changing.
What is India’s position in Cyberwarfare and International Law?
If we analyze carefully, we can observe that India’s position in Cyberwarfare and International law is “vulnerable” but also of an emerging cyber power. Right now, India is in a highly vulnerable position due to rapid digitalization as a large digital infrastructure has a high risk of exposure to cyber threats. From this, we can interpret that India is not just a participant but a major target in Cyber geopolitics too.
What is India’s Legal framework?
As core laws, India is using the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, but the key issue is that these laws primarily focus on cybercrime and data protection and do not address cyberwarfare or state-sponsored attacks, which shows that there is a legal gap in the rules on cyberwarfare response, state attribution, and the use of force in cyberspace. “India’s cyber legal framework remains largely reactive, focusing on cybercrime rather than strategic cyber conflict.”
Coming to the international legal framework, we can observe that India has a cautious and limited participation, where India supports UN initiatives and participates in global discussions, for example, working with the UN Group of Governmental Experts (GGE) and with Open-Ended Working Group (OEWG) but does not actively shape global cyber norms and also does not take leadership in international cyber law which shows us that India is a “rule follower”, not yet a “rule maker” in cyber law.
India’s cautious approach towards the international cyber framework has constrained its role in shaping the evolving legal order in Cyberspace.
India’s Strategic and Military Position: –
As of now, India is developing but has unclear capabilities. India is building cyber capabilities, including offensive cyber potential, for example, the Defense Cyber Agency (DCA). DCA is an integrated, tri-service command of the Indian Armed Forces responsible for handling cybersecurity threats and conducting offensive/defensive cyber operations.
But the problem which arises here is that India does not have any clear doctrine, no transparency and no legal clarity, which shows us that “India lacks an articulated cyberwarfare doctrine.”
India has a fragmented institutional structure which includes bodies such as CERT-In, NCIIPC, Defense Cyber Agency, but the problem that arises with such agencies is that these bodies work in isolation and have no unified command; a lack of coordination reduces their effectiveness, which also shows us that India lacks integration between civilian, military, and private cyber systems.
India’s way forward: –
Through the observation, we noticed that India’s position in the area of Cyberwarfare and International Law is Legally underdeveloped, strategically evolving, Geopolitically vulnerable and Internationally cautious.
India currently occupies a transitional position in cyberwarfare- caught between rising digital power and an underdeveloped legal and strategic framework. What India needs here is to have a dedicated cyber warfare law, a unified cyber command, clear attribution rules, alignment with international law and a stronger global participation.
Conclusion: –
Thus, it can be concluded that cyber warfare has brought to light an alarming weakness in the existing regime of international laws, i.e., its inability to cope with technological changes. It is a known fact that the existing laws, such as the UN Charter and IHL, have been extended to the cyber domain, but these laws are still inadequate, ambiguous, and ineffective. Moreover, the lack of rules on issues such as attribution, proportionality, and the test for armed attack have led to a grey area in cyber warfare, where powerful nations are taking undue advantage to further their geopolitical interests.
The lack of rules is not just a problem of inadequate regulations; rather, it is a problem of global power politics, where all the major economies are reluctant to be bound by rules to protect their strategic interests. It is an alarming problem for new global powers like India, which are faced with a major challenge in terms of internal reforms and taking a more assertive stance in global cyber governance.
Thus, it is high time to address this problem, not just in terms of amending the existing laws, but to conceptualize a new and effective body of laws that can govern cyber warfare.
Reference(S): –
Fortinet
secure word
UNIDIR
Liberty University
Carnegie Endowment for International Peace
