' ' - ' ' - NotaBene.ru
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Editorial collegium > Peer-review process > Policy of publication. Aims & Scope. > Article retraction > Ethics > Online First Pre-Publication > Copyright & Licensing Policy > Digital archiving policy > Open Access Policy > Article Processing Charge > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

MAIN PAGE > Back to contents
International Law

The Problem of Defining a Cyber Attack

Shinkaretskaya Galina Georgievna

Doctor of Law

Chief Scientific Associate, Institute of State and Law of the Russian Academy of Sciences

119019, Russia, g. Moscow, ul. Znamenka, 10

Other publications by this author










Abstract: The author discusses problematic aspects in terms of developing a definition of a cyber attack. It is noted that such illegal actions capable of disabling nuclear centrifuges, air defense systems and electrical networks, etc., undoubtedly pose a serious threat to national security. In fact, in their destructive power, cyber attacks are approaching armed action. There are no treaties or other normative documents in international law that can regulate international cooperation in the prevention and limitation of cyber attacks. A new comprehensive legal framework, both at the domestic and international levels, is needed to counter cyberattacks more effectively. The importance of using theoretical and legal developments in the field of information security in law-making activities is fixed. International efforts to regulate cyberattacks should begin with an agreement on the definition of cyberattack, cybercrime and cyberwarfare. This would lay the foundation for expanding international cooperation in the field of information exchange, evidence collection and criminal prosecution of persons involved in cyber attacks, and more importantly, for a new international legal act on cyber attacks. The author presents some recommendations for further improvement of legal measures to counteract epistemological wars.


cyber attacks, information systems, cyber technology, cybercrime, prevention of cyber attacks, national security, computer networks, Internet, information law, international legal regulation

This article is automatically translated. You can find original text of the article here.

The XXI century has opened a new page in international crime, namely, hacker attacks have become almost an everyday phenomenon, first as a means of robbing accounts and accounts of citizens, and then as a means of hostile influence on the computer networks of one state from another in order to make changes, destroy or damage them. There is evidence that approximately more than thirty countries have the appropriate capabilities [25, p. 1023]. Since modern management systems of any state in transport, energy, healthcare, etc. always include computer networks, a hacker attack on such networks becomes extremely malicious [14, p. 35].

Attacks on computer systems have been attempted many times in our century; the most notable in scale and demonstrativeness was the attack on Iran's centrifuges in 2010, which is attributed to Israel [26]. The instrument of this attack was the so-called Stuxnet computer worm". A few months later, the entire population of Burma was disconnected from the Internet before the first national elections in the country in twenty years [18]. Nowadays, many attacks directed directly against States or their bodies are recorded annually.

Unfortunately, international cooperation in the field of countering cyberattacks is hampered by absolutely insufficient international legal regulation. Achieving the organizational and legal regime of information security is a difficult task [11, p. 45; 17, p. 36-37; 16, p. 11]. At the same time, it should be understood that threats to information security are the flip side of the use of information technologies [15, p. 129].

To date, there are almost no relevant legal norms in international law that would contribute to countering cyber attacks on the Internet. One of the difficulties is the lack of an agreed definition of a cyberattack, which makes it difficult for specialists from different countries to come to some common recommendations. The new concepts and terms do not have a clear correspondence in different languages and are translated so far only approximately: "cyber attacks" and "cyber war" ("cyberattacks cyber attacks" and "cyber-tactical" or "computer wars"). The unfriendly actions they denote against computer control systems are often called "information attacks" ("information attacks") or "information wars" ("information wars").

Meanwhile, the presence of a limited and verified object of regulation in any branch of law is an indispensable condition for its effectiveness.

So far, only some doctrinal proposals can be considered. One of the most frequently cited definitions was made by the American international security specialist Richard Clark: "The actions of one state to infiltrate computers or networks of another country in order to cause damage or violation" [19, p. 6]. Former CIA Director Michael Hayden spoke of cyberwarfare as a deliberate attempt to disable or destroy another country's computer networks [22]. However, these definitions do not distinguish between cybercrime, cyberattack and cyberwar, so they may be applied too widely.

The first official definition of a cyberattack was given in 2011 in the Handbook of Cyber Operations by the US Department of Defense: these are operations in which "electronic means are involved to gain access to information or make changes to information contained in an information system that is chosen to influence, without destroying its physical components" [21, p. 5]. In this definition, the purpose of the attack is to affect only critical systems.

A broader approach was adopted by the Shanghai Cooperation Organization, which expressed "concern about the threats associated with the possible use of new information and communication technologies and means for purposes incompatible with ensuring international security and stability in both the civil and military spheres" [7]. "Information war" is defined in the Agreement as a confrontation between two or more states in the information space with the aim of damaging information systems, processes and resources, critical and other structures, undermining political, economic and social systems, massive psychological processing of the population to destabilize society and the state, as well as forcing the state to make decisions in in the interests of the opposing side." Moreover, it defines one of the main threats to information security as the dissemination of information that harms "socio-political, social and economic systems, as well as spiritual, moral and cultural spheres of other states" [7].

Thus, the Shanghai Cooperation Organization considers it necessary to take a broad approach to the concept of cyberattack, which covers the use of cyber technologies to undermine political stability. However, some authors expressed concern that such an approach could lead to the justification of political censorship on the Internet [23]. Obviously, such concerns are based on the experience of efforts to suppress political organizations using new media in Iran, Egypt and other countries.

Let's try to analyze the individual elements that can make up the desired definition.

The term "cyberattack" implies the requirement of active behavior: either an attack or an active defense. Both active and passive defensive measures can be used for defense, but passive defense cannot constitute a cyber attack.

An attack can be carried out with the help of any action hacking, bombing, cuts, infection, and so on but to be a cyber attack, it must be aimed at undermining or disrupting the functioning of a computer network. The actions of the armed forces can be classified based on the means of attack. For example, warfare can be classified as kinetic (conventional, physical) warfare, biological warfare, chemical warfare, nuclear warfare, intelligence-based warfare, network warfare, or guerrilla warfare.

The actions of the armed forces are also determined by their purpose, for example, let's call information warfare, psychological warfare, electronic warfare and economic warfare.

Identifying a cyberattack by target is of paramount importance for two reasons. First, and most importantly, this type of definition is simply more intuitive. Using a computer network in one of the US states to control an unmanned aerial vehicle to attack a ground unit in Pakistan is not a cyber attack; rather, it is a technologically advanced conventional war. On the other hand, the use of conventional explosives to break underwater network cables that transmit information packets between continents is a cyberattack [10].

Secondly, the practice of managing the armed forces of states has shown the logic of allocating cyber forces: in addition to the traditionally existing naval, air and land forces, cyber forces have been created in states designed to operate in cyberspace [27].

An important part of the definition of a cyberattack is also its purpose - disruption of the functioning of a computer network. This can be achieved by various means: so-called worms, viruses, "Trojan Horses" are used. As a result of the attack, the operation of the computer's operating system may be disrupted, leading to network failures; or the operating system will be intact, but the accuracy of the information it processes is compromised, it will be perceived as working correctly, but it will generate incorrect responses.

The cyberattack is aimed at a computer network, that is, a system of computers and other devices connected by communication channels. Often this connection is made over the Internet, but there are also many closed networks, such as secure networks used by government agencies. It is important to keep in mind that computer networks are everywhere; they control elevators and traffic lights, regulate the pressure in water supply networks and are widely used in household appliances such as mobile phones, televisions and even washing machines. This situation creates the danger of widespread damage from a cyberattack in almost all spheres of human activity.

A cyberattack differs from an ordinary criminal cybercrime, as a rule, by the presence of a political goal or the goal of harming national security. Any aggressive action taken on behalf of the state in cyberspace necessarily affects national security and, therefore, is a cyber attack, regardless of whether it reaches the level of cyber warfare or not. A cybercrime committed by a non-State actor for political or national security purposes is also a cyberattack. On the other hand, cybercrime that is not committed for political reasons or for the purpose of violating national security, like most cases of Internet fraud, identity theft and intellectual property piracy, does not correspond to this last element of cyberattack and, therefore, is a simple cybercrime.

Due to the low cost and difficulty of attributing an act that prima facie has signs of a cyber attack, it is necessary to highlight such a sign of a political cyber attack as its public-legal nature. Since non-State actors may commit or may be victims of cyberattacks, it is the target, not the subject, that should distinguish a cyberattack from a simple cybercrime. Cybercrime is a broad concept that is analytically distinct from a cyberattack. Although, as in the case of the concept of cyberattack, there is no generally accepted definition of cybercrime, there is recognition of some elements of cybercrime. In particular, cybercrime is usually understood as the use of computer tools to commit an illegal act. Cybercrime is most often defined as any crime committed or committed using a computer, network or other technical device [20]. This means that cybercrime, unlike a cyberattack, is determined by its means, that is, a computer system and covers a very wide range of illegal actions. These usually include fraud on the Internet, Internet piracy, storage and distribution of child pornography on a computer and computer hacking. At the same time, the computer network remains intact, and the goal is not of a political nature. Finally, like all crimes, cybercrimes are usually understood as being committed by individuals and not on behalf of the State. An act is a cybercrime only when a non-State actor commits an act that qualifies as a criminal offense under domestic or international law.

At the moment of a cyber event, it often does not immediately become obvious what kind of phenomenon we are dealing with, and this makes it difficult to respond immediately.

The current Russian legislation [8; 9] does not yet separate cybercrimes from cyberattacks, or rather, all provisions regarding illegal acts using information technology relate to cybercrimes [12, p. 25].

It is widely believed in the doctrine of international law that international humanitarian law can be applied to cyber attacks without distinguishing cyber attacks as a special subject of regulation [13, pp. 421-430].

Indeed, there are no special rules regarding computer attacks in the current laws and customs of war. But this does not cancel the actions of international humanitarian law. The remarkable Russian scientist F.F. Martens proposed to apply in such cases the norm, which was called the "Martens clause": the absence of a contractual provision clearly prohibiting any particular behavior during an armed conflict does not mean that international law resolves it. This now generally recognized norm is included in the preamble The Hague Convention of 1899 "On the Laws and Customs of Land Warfare" and then appeared in a number of documents of international humanitarian law, including the Geneva Conventions of 1949. [1; 3; 4; 5; 6] and developed in Additional Protocol I to the Geneva Conventions: "In cases not provided for by this Protocol or other international agreements, civilians and combatants are protected and subject to the principles of international law arising from established customs, from the principles of humanity and from the requirements of public consciousness" (Article 1.2) [2]. In addition, Article 36 of the same Protocol obliges the States Parties, when studying, developing, acquiring or adopting new types of weapons, means or methods of warfare, to determine whether their use, in some or all circumstances, falls under the prohibitions contained in the Protocol or in any other norms of international law., used by them [2].

Thus, we can conclude that international humanitarian law applies to computer attacks, but the subject of regulation is not clearly defined.This opinion, in general, prevails in the scientific literature [24, p. 1149]. At the same time, until the early 2000s, it seemed sufficient to apply international humanitarian law by analogy.

Currently, taking into account the growing number and diversity of computer network users, including those carrying out hacker attacks; bearing in mind the potentially growing destructive power of cyber attacks, it is becoming increasingly necessary to adopt international regulatory documents in the field of preventing and suppressing cyber attacks. The formulation of the concept and definition of a cyber attack can be the first step towards the development of a coherent regulation.

Link to this article

You can simply select and copy link from below text field.

Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.