Today’s Defence members are more likely to engage the demands and dilemmas of “war in the grey zone”. The cyber domain is challenging traditional notions concerning the character of war and extending into sub-threshold contested spaces with cyber-based sabotage, surveillance, and information dominance and influence (IDI) activities.
This phenomenon is multiplying the demands and dilemmas placed on soldiers, strategists, and politicians. Action and responses are often required with minimal lead time and with less recourse to the chain of command for technical and ethical advice.
Those training as soldiers today will utilise weaponry and technology that previous generations could not dream of, and navigate ethical dilemmas we may not foresee. What are the ethical decision-making principles and processes that can guide them?
Cyber Warfare Ethics, edited by Michael Skerker and Professor David Whetham, addresses this question. Skerker is a Professor at the US Naval Academy, while Whetham is Professor of Ethics and the Military Profession at King’s College London and has been Assistant Inspector-General to the Australian Defence Force.
As editors, they combine with 13 other contributing military ethicists, including two serving military officers, to deliver a thought-provoking volume. More input from serving members would have been welcome, though they have constraints in writing freely about cyber warfare. Despite the military operators’ perspective being under-represented, this volume will be of considerable interest to those preparing and leading soldiers who operate in the “grey zone”.
Part 1 explores so-called ‘just war’ principles, questions whether cyber-attacks are equivalent to armed attack, and considers use of force in circumstances short of war. It also considers the limits that should be imposed on warfare to assure the human rights of those targeted in cyber operations.
Accepting just war principles of proportionality and discrimination – and considering how these precepts apply in vastly different contexts – can support the ethical decision-making of cyber operators in the face of newly emergent technology. Skerker observes (on page 208):
“It is true, that as a matter of fact, cyber warfare engineers have the technical means to threaten or violate [human]… rights with relative ease, potentially without reliable attribution. Yet just as it is a violation of [one’s] rights if [one] is shot by a soldier; if [one’s] local hospital is bombed; or if a foreign agent reads [one’s] diary; so too are [that same person’s] rights violated if a foreign actor does these sorts of things in a cyber operation, be it covert or overt.”
Part 2 considers whether cyber-attacks comply with just war principles and what new challenges they pose. Compliance with just war principles is important in conventional warfare but also in the complexities of asymmetric conflict. Cyber attacks can be more ethical and controlled than kinetic action with the potential for controlled distinction in the cyber realm.
Then again, they can be unpredictable, volatile, and mischievous as they can be hidden and easily affect non-combatants. Importantly, cyber-technology may be more accessible to decentralised non-state actors than traditional military hardware. The authors helpfully illustrate dilemmas when cyber can bring the same effects as kinetic action but with lower cost, lower physical risk, and instantaneous, selective, deniable, scalable, and temporary effects (albeit potentially more indiscriminate and with higher risk of misattribution and misplaced retaliation).
Contrary to the equivalence comment of the oft-quoted US official “if you shut down our power grid, maybe we will put a missile down one of your smokestacks”, these chapters demonstrate the nuance of cyber-attacks as analogous sabotage, espionage, surveillance, and psychological influence operations.
Part 3 unpacks the ethics of computing technology, automation, machine learning, and artificial intelligence. The authors explain the widely accepted principle that machines are not given final authority to take life, but they can speed up the decision-making process to use force. Moreover, they may support ethical decision-making because AI might be trained to be more morally consistent.
Humans can err, and one author helpfully offers the cautionary note that this risk may be acute when influenced by the “Dark Triad” of Machiavellianism, narcissism, and psychopathy. Machines do not get tired or angry; however, when they miscalculate (or are potentially misled) the scope for error can be far worse. The final three chapters underline the caution of the whole book concerning the ethical imperative of scrutiny and healthy scepticism as to the ethics of cyber warfare.
For teaching cyber warfare ethics, Cyber Warfare Ethics offers helpful case studies that could be usefully war-gamed with scenarios in the book. These include well-known historical examples such as Israel’s Operation Orchard cyber-sabotage of Syria’s radar to allow an attack on a nuclear reactor; Stuxnet’s targeting the Iranian nuclear program, stealing commercial patents and military technology; and ballot box interference in the 2016 US elections (and possibly the UK Brexit vote).
Other scenarios are either imagined or hypothetical possibilities that invite reflection on ethical issues. Examples include disabling emergency dispatch systems, undermining utilities infrastructure, vaccine disinformation, hacking drones or other weapons, or interfering with banking, traffic, hospital, or self-driving systems.
Cyber Warfare Ethics is likely to evoke further questions in the reader’s mind around the use of cyber-technology in modern conflict. For example, assuming military ethics training is necessary for all ranks – including the ‘strategic moral corporal’ – what would best practice military ethics training look like for learners and members of electronic warfare and cyber units?
What is the psychological effect on operators of navigating the high-pressured domain of cyber? While there has been extensive research and support for drone operators, what is needed for cyber operators to mitigate risks of moral injury? In the range of responses from outright war, to force short-of-war, to peace-making, what is the role and potency of nonviolence and how might this be expressed in the cyber domain?
For my own part as a Baptist chaplain with clear preference for avoiding violence let alone war, it is self-evident that the military potential of cyber technology must be harnessed within accepted ethical just war principles. So, when and in what ways might cyber engagement foster restraint and the mission better than spiralling violence with kinetic action?
These are contested questions in a contested space. As military operators and strategists alike struggle to understand the full implications of cyber technology within the military domain, Skerker and Whetham have assembled a helpful kaleidoscope of chapters in Cyber Warfare Ethics to address some of the most pressing issues. It is a valuable resource for civilians and military members working in the cyber realm, and those responsible for leading and training them.
An earlier version of this review was originally published in Australian Army Journal Vol XIX No 1 (2023) pp 151-154.