Abstract/Summary

This article examines the classification of conflicts consisting of only cyber operations under international humanitarian law. ‘International armed conflicts’ are those that are ‘armed’ and ‘international’. The article contends that the former criterion is met when cyber operations amount to an ‘attack’ because they injure individuals or damage objects, whereas the latter requires that the operations be between or attributable to States. ‘Non-international armed conflict’ occurs when hostilities between a State and an ‘organized’ armed group reach a particular level of intensity. To be sufficiently intense, such cyber operations must be ‘protracted’; isolated incidents do not suffice. Intensity also requires that the level of violence exceed that of riots or civil disturbances. Injury or damage is not alone sufficient. Cyber operations conducted by individuals cannot qualify because they are insufficiently ‘organized’. Groups organized on-line may be assessed on a case-by-case basis, but the traditional organization criteria render it difficult for them to qualify. The article concludes that while cyber exchanges may sometimes amount to international armed conflict, classification as non-international armed conflict is problematic.