Cyber attacks are effective in the past and present and will be effective in the future by increasing their potential. It is a virtual attack that seriously threatens your security. Today, those who aim to steal information from the great powers and shake the infrastructures of the targeted country increase their influence and affect the whole world. Although there is no precise definition of a cyber attack, there are many definitions. One of them is cyber-attack, which is defined as planned and coordinated attacks on information and transmission systems and critical infrastructures of targeted people, companies, institutions, organizations and governments. Cyber attacks are also seen as a form of warfare. This type of attack is different from the traditional types of attacks and wars that have kept their place from the past to the present. These new generation attacks, traditional weapon tools and systems have left their place to modern tools, namely the internet and computers, in this war.
If high technology and the necessary infrastructure are provided, it means that the ground has been prepared for cyber attacks. Even if cyberattacks are a virtual war, their impact is greater than traditional warfare, meaning they can have as much impact as conventional warfare and the entire world is likely to be affected.
When it comes to the right of self-defense in cyber wars; article 2 of the United Nations Convention is today accepted as the most basic norm regulating the ‘prohibition of the use of force’. According to the article, “All Members shall refrain from the threat or use of force in their international relations, either against the territorial integrity or political independence of any other State, or in any manner inconsistent with the purposes of the United Nations”.
There are two main exceptions to the prohibition on the use of force. According to the first exception, if the UN Security Council determines that international peace is threatened, disrupted or is an attack, and the Convention VII. Member states may resort to the use of force against another country, if they take a decision within the scope of this section. This exception is due to the fact that the UN Security Council is the main responsible and authorized body for the maintenance of international peace and security in accordance with Article 24 of the Convention. The second exception to the prohibition on the use of force is the right to self-defense. This international right, which is based on the right of states to ensure their own security, is clearly defined in Article 51 of the UN Convention, but is also a requirement of customary international law.
Accordingly, “Nothing in this Charter shall impair the inherent right of individual or collective self-defense if a member of the United Nations is the object of an armed attack, until the Security Council has taken measures necessary to maintain international peace and security. The measures taken by the members in exercising this right of legitimate defense shall be immediately reported to the Security Council. Member states will only be able to resort to the right of self-defense if they are the target of an ‘armed attack’.
In cases where the use of force reaches the level of ‘armed attack’, the conditions of ‘necessity’ and ‘proportionality’ must also be met for the use of the right of self-defense. In other words, it states that the method used to respond, which includes the use of force, should be a last resort (peaceful means have been exhausted) and that the counterforce used should be proportional to the extent of the attack.
The international use of force does not only refer to the use of kinetic, chemical, biological or nuclear weapons (conventional weapons), and any use of force, regardless of what type of weapon is used, is considered within the scope of Article 2 of the Convention. Cyber actions that occur at a level comparable to the effects of conventional weapons are also considered as ‘use of force’. However, the absence of any international treaty or judicial decision on cyber warfare makes it difficult to make a precise definition of these concepts.
At this point, it will be possible to make some inferences by considering the discussions in the doctrine and the interpretations of Tallinn experts. In 2009, the NATO Joint Cyber Defense Center of Excellence (CCD-COE) was established in Tallinn, Estonia. The International Group of Experts gathered under this center compiled the international legal norms to be applied to cyber warfare and published them in a guide they prepared. This guide is not binding, but it is the most comprehensive cyber warfare law document ever written on this subject.
Rule 11 of the Tallinn Manual evaluates cyber actions in terms of the use of force. Accordingly, a cyber operation will be evaluated in terms of its scale and effects, and if it is at a level comparable to another non-cyber conventional action, it can be considered as the use of force. A cyber operation involving the use of force or a threat to the territorial integrity or political independence of a state will be considered unlawful.
According to rule 13 of the Tallinn Manual, a state that has been subjected to a cyber operation up to the level of an ‘armed attack’ will be able to apply to the right of ‘self-defense’. Whether the cyber action in question is an ‘armed attack’ will be decided by considering the ‘size and effect’ of the action. In other words, ‘cyber-attack’ is cyber-actions that cause death or injury or cause serious destruction in a country’s critical infrastructure. Although the meaning of the death and injury expressions stipulated in the guide is clear, it is necessary to determine what the ‘critical infrastructures’ are. critical infrastructures; It can be characterized as the basic elements that sustain national security, public health or national economy. Actions against basic services that the state has to protect, such as security, food, water, transportation, banking and finance, health and energy, and which result in their destruction or inoperability are considered cyber attacks.
Author : AYŞE SELCAN AKIN
Ayşe Selcan Akın is studying in the department of International Relations at Hacettepe University. She also attends the department of Local Government at Anadolu University. She is an intern at the Foreign Policy Institute. She speaks advanced English, intermediate German, and Korean. She is interested in the fields of Security Studies, Foreign Policy, and International Law.