Small Wars Journal

Cyber-ia: The Ethical Considerations Behind Syria’s Cyber-War

Wed, 03/22/2017 - 6:17am

Cyber-ia: The Ethical Considerations Behind Syria’s Cyber-War

Arthur Deegan, Yasir Kalid, Michelle Kingue and Aldo Taboada


In August 2013, the New York Times reported on a pro-Assad group conducting a sophisticated operation amid the Syrian Civil War (Shih & Menn, 2013). Special operatives under the guise of anonymity and secrecy were probing their enemies, stalking them to pinpoint their target’s locations. Unlike most covert forces, these particular agents were not crawling on their hands and knees, hiding through brush and peering through rifle scopes— they were miles away from their targets, tracking them behind a computer screen. Phrases like “Twitter hack,” (Shih & Menn, 2013) “ Hunting for Syrian Hackers,” (Perlroth, 2013) “Obama hacked,” (Dwyer, 2013) and “Syria’s online troops” (Assir & Watkins, 2013) all began appearing in major news headlines, as word from Syria made its way to the western media outlets. The Syrian Civil War had gone digital, broaching the use of the internet as a new theater of military operations.

Ethical contradictions and opinions regarding warfare are no new subjects. For centuries, philosophers and academics have debated the concerns and responsibilities in warfare. Civil warfare, along with unconventional warfare like terrorism, further muddles the discussion. Scholars continually debate which acts, if any, states and factions can perform against a militiaman, whose uniform may not be any different from an ordinary citizen caught in the middle of the conflict.    

As the world saw in the various iterations of the 2011 Arab Spring, including Syria, or the 2013 Ukrainian Euromaidan demonstrations, technology continuously grows in its role connecting populations during a civil protest. As is often the case with critical infrastructure, access to the internet has been handicapped during the civil war, but not altogether eliminated. Despite government forces’ attempts to disable access via denial of service attacks (DoS), rebels have found ways to access the internet in government-held areas.

After the initial protests in 2011, President Bashar Al Assad’s country fell into chaos, with a distinct fracture between pro and anti-government camps. As any civil war shows, there are rarely two clean sides. Within the anti-government forces, different groups with various religious and secular ideologies emerged. As the rest of the Arab Spring turned to summer and fall around the Middle East, war raged on in Syria, enticing some countries and foreign entities to enter on various sides and provide monetary, military, technical, and logistic support. The different factions did not take long to strike one another outside the scope of conventional warfare, as a pro-government faction known as the Syrian Electronic Army (SEA) conducted DoS attacks on rebel-held territories, affecting military combatants and civilians alike.

This research’s main purpose is to analyze the various academic arguments regarding cyber-warfare. In doing so, the paper will draw on sources discussing the traditional ethical understanding of warfare, ethics regarding unconventional warfare, and other quasi-military operations such as crime and espionage. This research will try to only address the conduct of states, not private companies. This topic could fill volumes on a shelf; to keep the discussion brief, the discussion will only dissect certain aspects of cyber-warfare in Syria. Attribution is one of the main challenges in discussing cyber-war; this will help our selection as we will only examine incidents where perpetrators can be assigned blame without reasonable doubt. This research is not meant to be a final answer to the ethical intricacies of cyber-warfare. Rather, this work is a synthesis of ethical understandings derived from known cyber-attacks during the Syrian Civil War. By addressing complications of civil wars, the current legality of cyber-wars, discussing ethical cyber-warfare, and proposing ideas to remedy issues within cyber-warfare, we will conclude with providing a base so that legal minds may produce better, more encompassing, universal definitions of cyber-warfare and cyber-attacks. As well as legislation that applies to both interstate and intrastate conflicts.

Note on Civil Wars

Before going any further into the aspect of cyber-warfare, the discussion will benefit from a brief input on civil war. Civil wars are not a rare or new phenomenon. South Sudan, the newest state, suffered many years from internal violence. Ethiopia, Eritrea, Somalia, Colombia, and many other nations deal with “states” within internationally accepted borders vying for power or autonomy. From a historical standpoint, the civil war that is going on in Syria, most resembles the Spanish Civil War (Ajami, 2012). This is not a simple Faction-A against Faction-B scenario. There is a single, internationally recognized government that is supported by various non-government states fighting against multiple factions that may or may not support one another. Unfortunately, Civil Wars touch everyone in the country, making it difficult to identify friend from foe and combatant from non-combatant.

As combat travels from a distant front to citizens’ doorsteps, people are forced to choose sides — fighting unenthusiastically for one side or the other, oftentimes pressed into service. Those that are not immediately pressed into service often find themselves in non-combat roles to the side the region falls under control. For example, many people in Raqqa that were not immediately executed by the Islamic State in Iraq and Syria (ISIS) were forced, by threats of persecution and even death, to either fight for them or work in some capacity to further their cause. For the various factions and Syrian government fighting ISIS, these victims of war are all ethically permissible targets, both for conventional and cyber-war, as long as it helps weaken ISIS and help them with their consequentialist approach. In conventional warfare, opponents may not view someone pressed into service making bombs in the same way they vie a zealot leading attacks against an opponent’s position.

SEA’s DoS attacks on Syrians can be viewed in cyberspace in this context (Smith-Spark, 2013). The intention of the attack was to deny internet access to members of opposition groups that were located amongst the city. Pro-government forces’ consequentialist approach of denying internet access would prevent the rebels from keeping up to date with news of government movement in the country and status of international intervention, at the expense of the masses. It would also disable the rebels capability to establish contact with their allies and coordinate their military operations. Also caught in the DoS attack were innocent civilians who used the internet to contact their loved ones in other parts of the country and the world or seek avenues for evacuation or news of how to better their lives. While an efficient use of hampering any combatant activity, this restriction also prevented the ability for innocent citizens to peacefully, legally, and legitimately protest.

The involvement of civilians would usually go against Just War Theory. If there are such blurred lines between non-combatant and combatant, as well as the forced service, what sort of capability does the state, in this case, SEA, have to attack with surgical precision? Moreover, when the possibility exists where all participants could in some way be supplementing the opposition’s war effort, even though it can only be assumed, should they have to exercise such accuracy? Or, should they at least limit what type of attacks they can perform?

What is Cyber-war?

The broad term cyber-attack conjures too many ideas and understandings not to be defined in this paper, let alone the greater debate regarding the ethical execution of such attacks. The discussion regarding ethically permissible actions in cyber-war requires a definition.

Brian Orend provides an excellent description as, “an attempt to use the internet or advanced computer technology to harm the fundamental interests of a political community substantially.” (2014, p.3). The most important parts of this definition are threefold: clarification of domain, goal of cyber-attacks, and who may commit cyber-attacks.

First, the definition explains the domain in which cyber-warfare may be conducted—the use of the internet and advanced technology. Modern weapon systems that use sophisticated technology could fall into this category. For example, a mobile weapons system on an armored vehicle may have a computer automatically calculate for changes in pressure, wind speeds at launch and target locations, and other variables that affect a projectile’s trajectory. However, considering that the system doesn’t usually have the connection to an open internet and is often a closed system, it is safer to assume that an attack like this would fall under a conventional attack as opposed to a cyber-attack. Likewise, if a rebel group uses a drone controlled over the internet is it also a cyber-attack?  Even though they are using the internet and some advanced computer technologies, we will rule this out. If a rebel group had the resources to create a reliable satellite infrastructure capable of secure communications, like countries often possess to control their drones, they would certainly do so. They are using the internet as a means to an end, not as an end itself. However, if somehow the group was identifying targets through IP traffic and striking them with the same type of drone, we could call this a cyber-attack since the goal was virtually locating a target based on their internet traffic.

Second, Orend (2014, p.3) continues to state the goal of cyber-attacks: espionage, disinformation, and sabotage. These categories give little technical difficulty to execute, as an act of espionage and disinformation can be performed by malware developed by one person or small groups. This definition contrasts with the beliefs of Neil C. Rowe (as cited in Lucas, 2016, p.12) and George R. Lucas (2016, p.11), who argue that only large states can conduct cyber-warfare due to the necessary resources. He cites the Stuxnet attack, explaining those attacks require not only coding skills but also test equipment, like Siemens centrifuge systems to study their weaknesses. This point of view is a problematic way to classify the potential actors in cyber-warfare. Cyber-attacks and cyber-wars can be conducted without these resources, although their absence might constrain the nature, scope, scale and/or sophistication of the attacks to some degree. In Syria, for instance, rebel groups are fighting in traditional war zones with equipment that is neither sophisticated nor modern. Kalashnikov rifles are the primary weapon for many rebel fighters, supplemented not by technologically innovative weapons systems, but rather Soviet-era remnants and improvised artillery. Their lack of resources puts them in no less of a war than between two superpowers. Therefore, Lucas’s description fails to grasp that a cyber-attack, no matter how simple, can still bear a heavy brunt on the enemy, by targeting its resources, finances, logistics, intelligence and even propaganda, to win the war of hearts and minds, and demoralize enemy combatants.  It all depends on the nature, scope and potential scale of the cyber-attack.

Lastly, the definition addresses the confusion regarding cyber-warfare’s similarities with cyber-crime. The key difference between cyber-warfare and cyber-crime boils down to a key problem when scholars and professionals try to attempt many aspects of cyber ethics—attribution. As Orend states in the definition, the goal of a cyber-attack is to harm the fundamental interests of a political community substantially. For instance, under this definition we are using, the Syrian Electronic Army’s hacking of F.C. Barcelona’s Twitter may not immediately be a cyber-attack, but only a cyber-crime (Orr, 2014). However, the reason for making the club a target was due to their sponsor—Qatar Airways, wholly owned by the government of Qatar. Due to Qatar’s political support of rebel factions over Assad’s regime, SEA attempted to generate negative publicity so Qatar Airways might lose flight revenue or even, a loftier goal, F.C. Barcelona revoke Qatar Airways’s sponsorship. The intended loss was not to Barcelona but rather the state of Qatar in the hopes to substantially harm the country’s major source of revenue. An important delineation to make between cyber-warfare from traditional warfare is that they are hardly the same. Despite the sharing of term “warfare,” cyber-warfare more closely resembles espionage than combat. It involves infiltration, stealth, stealing, and manipulating. There is an element of surprise in many attacks, like DDoS, that resemble more to the unconventional guerilla war, hit and run tactics. Most importantly, unlike conventional war, cyber-war is almost never declared or announced prior to attack. To prevent further confusion and promote policy development, it would be wisest to amend Orend’s definition to: “an attempt from one political state actor to use the internet/advanced computer technology to substantially harm the fundamental interests of another political state actor.” This would rule out the possibility of including forms of political dissent like hacktivism.

There are times where a cyber-attack can fall into a clear act of war. This would agree with Lucas’s ideas of cyber-warfare, where there is a direct loss of physical property or life. The analogy between a rifle and an advanced weapon system buckles under this as both can result in the destruction of property or life. However, the availability, and intentions of a rebel group using a Kalashnikov and a phishing scam keeps the analogy alive. Furthermore, due to the relative popularity and simplicity of the term, cyber-warfare and cyber-attacks are a better blanket term for Orend’s amended definition presented in the previous paragraph.

Legality of Cyber-warfare

Fortunately, from an international perspective of governance, there are already laws in place to rule on any cyber-attack. According to the United Nations, “International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible [Information and Communication Technologies] environment.” (A/68/98, para. 19).  However, during the Russian Federation’s 2014 conference on cyber-warfare and international law, Laurent Gisel, International Committee of the Red Cross legal advisor said that there are no internationally understood definitions regarding cyber-warfare (Russian Federation: Conference on information security, cyber-warfare and international law, 2014). This statement creates a contradiction of sorts—how can an international body apply the law to an event that is not agreed upon? For someone to shoot another in cold blood is a blatant act of murder—an objectively understood taking of a human life. Therefore, a legal definition of cyber-warfare must be created.

While values may or may not be unique to a culture, perspective often is. Estonia claimed that Russia’s DoS attack was an act of war; NATO disagreed and chose not to intervene militarily. To address the confusion, a NATO-led effort to academically construct guidelines for what constitutes cyber-warfare documented their results in the Tallinn Manual, a non-binding document applying existing law to cyber-warfare (Schmitt, 2013, p.1). This document was the product of a three-year project by twenty renowned international law scholars and practitioners. Interestingly, this Western-backed document was written mostly without consultation from Russia and China, superpowers in both the virtual and real world (Lucas, 2016, p. 32). Due to the neglect, there is still the absence of an internationally understood and mutually agreed upon definition of cyber-warfare, as well as a distinction from cyber-crime. A Utilitarian would argue that the West is only looking out for their own interests and fear that opposing powers might get some leverage, should they be included in the discussion. The West’s polarizing move to formulate an aggressive counter attack policy in the form of the Tallinn Manual under NATO only serves to escalate the race to weaponize cyberspace. It reaffirms the role of cyber capabilities in the future both for vying superpowers and those with few military resources to develop their capacities. 

Despite the abundance of International Humanitarian Law (IHL) that could be applied to a cyber-attack and cyber-warfare, it will be near impossible to legally address any cyber-attack in an international tribunal without a universal definition. Efforts need to be made on an international level to define what a cyber-attack can be legally and for what purposes. There will always be a way to manipulate or overlook vagueness in legislation; with such an abstract concept such as cyber-warfare, lawmakers may never be able to define it completely. However, this known limitation cannot hamper international efforts to draft a globally accepted definition. The United Nations must look beyond a NATO-centric thought process to define cyber-warfare as loosely or as tightly as they deem necessary so that going forward, countries can be held accountable for their actions.

Ethical Cyber-warfare

Over the past six years, new research has flooded academia regarding cyber-warfare on a greater level, as Lucas would suggest while neglecting the type of cyber-warfare plaguing Syria. Authors, including Randall Dipert (2010, p. 400-406), provide information on when it is ethically permissible to use cyber-warfare or traditional warfare to retaliate against the enemy. It proves a useful template to help guide this work as well. Without identification of a group’s level of political aspirations or perceived intent, it would be impossible to indict them on charges related to cyber-war, needing instead to lean on charges relating to cyber-crime. For now, this is an essential and inescapable problem tying into attribution. Regardless, this is a solid starting point to demonstrate that since the internet and technology allow for blurred lines of citizen, combatant, and spy, many parties may conduct cyber-warfare ethically to protect their state’s interests.

As seen in Syria, realistic cyber-warfare will consist more and more of acts that look like espionage than an assault on a physical property with an immediate loss of life. An example is when the Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans in mid-2013 (Arthur, 2014). The threat group stole hundreds of documents hacking Skype chat sessions. These chat sessions contained plans and logistics of the Syrian opposition’s attacks on Assad’s forces. The victims of these attacks were opposition members, media activists, and humanitarian aid workers located in Syria and the region.

Jeffrey Tiel and Tony Pfaff (2004, p.6) argue that being a citizen of a nation gives implied consent to be a target for espionage. We can translate this into a cyber-combat scenario by stating that if you are near a war zone and you have an internet connection, you are consenting to be an ethical target of the least dangerous modes of cyber-warfare. Tiel and Pfaff explain that this level in the physical world is intelligence gathering—we can extend that to the virtual world by hacking a computer to use background processes. In Syria, these are people that just want to live their life and are not vocal for either side, but having given implied consent to be targets of cyber-attacks like the 2013 Skype hacks, making them ethical under Pfaff and Tiel’s logic.

The next level of possible targets are persons that are in knowledge of critical information without knowing its value or plan to use it (Pfaff & Tiel, 2014, pp. 6-9). These targets are also giving implied consent and are permitted more direct and calculated cyber-attacks—not because they are intentionally choosing to, but because someone else has elected to place them in harm’s way. An example of this would be a mother whose son went to fight with a rebel faction. If the opposition learns that her son is the enemy, it would not be permissible to attempt and gain access to her personal information to freeze her bank account or render her computer inoperational. However, it would be permissible to monitor her emails and or Skype calls to find where they were being received, hoping to lead to a location of her son and in turn his division’s position. Alternatively, locating the mother and inflicting harm on her might give them the leverage to stop her son.

There are instances of monitoring people outside the conflict zone and the conflict itself that removes any implied consent. The refugee crisis has permeated the news for most of 2016, as a new wave of Syrian refugees floods European borders seeking a haven from the war. It is difficult to confirm whether Assad's forces are tracking these refugees—little exists in the news, and nongovernment organizations cannot confirm this due to the risk of involved parties. However, according to a FireEye 2015 report (Railton, Regalado, & Villeneuve, 2015), forces supporting the Syrian government tracked at least 22 people outside the Syrian borders. Since these citizens were neutral and could leave rather than stay in their war-torn country, they have removed themselves from the combat zone and no longer give implied consent to be monitored.

The only issue that could complicate the discussion is if an opposition fighter chose to abandon the fight and leave the country. They have removed themselves like a refugee but can still be a risk. To contextualize this more; we can make up an example. A Syrian-born ISIS fighter combating both Assad forces and Kurdish forces decides he no longer wants to fight and heads for Turkey. Even though he has removed himself from battle and left the cause, the organization he once belonged to is a threat. The Syrian government may want to monitor his movements online so they are aware when he should return to Syria. Likewise, most other nations would see a perceived threat to their country and could monitor their movements without being unethical. This logic then would extend to faction fighters as well. A Free Syrian Army soldier that also renounced their cause can leave the country. The Syrian government or the Russian government can ethically monitor this former combatant as their readmittance into Syria or entry into Russia could be for nefarious purposes.

The FireEye report denotes that some of the individuals tracked outside the country were linked to the Free Syrian Army and Islamist fighting groups, while others had no apparent affiliation (Railton, Regalado, & Villeneuve, 2015). This monitoring would have to strictly stay to known former combatants and not spread to their connections. Your neighbor’s membership in the Ku Klux Klan does not automatically make you an affiliate of the organization, despite your immediate connection that your neighbor is one. Likewise, the parent of a mass shooter does not make them a heightened security threat to commit the same atrocities.

Cyber-attacks spread much beyond unwarranted monitoring. In 2013, SEA hacked the Associated Press’s Twitter account saying the White House had been bombed and that the president had been injured (Jackson, 2013). Following this, the stock markets took a deep dive, taking days to recover. Eventually, SEA came out with a statement claiming responsibility for the act as retaliation for US support of Al Assad's opponents. When analyzing this event, SEA had ethical grounds to conduct this attack. Since the United States supplied their opposition with military equipment and advisers, they entered the conflict to a lesser extent and received a proportional attack, akin to Qatar Airways’ sponsored organizations. Whether was, in fact, intentional, the government lost some credibility and capital in turn for providing government support and equipment (that could be purchased with capital). If we analyze this event deeper, we find that the SEA may have been negligent, and in turn, unethical. When stocks crash, it does not affect the government nearly as much as its citizens. Not only that, but the nation's citizens were not the only ones to suffer from the dip in stocks. Our open market meant that Russians, Germans, Chinese, and anyone else that traded on Wall Street suffered losses from that cyber-attack. It is hardly proportional to inflict even monetary losses on neutral bystanders. This would go against United Nations Charter art. 2 para. 4, contradicting the purposes of the United Nations (U.N. Charter art. 2, ¶ 4). It may not be fair to apply international law to a non-internationally recognized power. Nedda Baker Al Barghuthi and Huwida Said (2014) note that Arab countries like Syria negate laws regarding threats and attacks on civilians. With the absence of national legislation, it is logical to at least apply an internationally accepted ruling like Article 2 para. 4 of the United Nations charter. Besides, legality does not necessarily equate to the ethics of an action.

The Assad government and its allies are not the only sides responsible for conducting cyber-attacks. During the turmoil in the region from United States forces in Iraq and the Syrian Civil War, the ISIS emerged to re-establish a Caliphate beckoning back to that of the eighth-century Umayyad Caliphate. Following ISIS’s capture of Raqqa, citizens inside the city formed Raqqa Is Being Slaughtered Silently (RSS), a group meant to publicize the brutality of the conquering force. Under the pretense of RSS acting as spies relaying information to the enemy, ISIS has used phishing scams to locate these dissidents opposed to their rule (Paganini, 2014). Posing as individuals trying to to publicize RSS's activism internationally, ISIS hackers fooled RSS members into revealing their identities and whereabouts. This subject is difficult to discuss objectively, and few would argue that ISIS’s interpretation of Sharia and the Quran is brutal. Working on the assumption that ISIS is correct, it would be imperative that they prevent information from jeopardizing their goals.

Falsifying identity to gain information is not in itself unethical as supported by a utilitarian and deontological theory—this paper earlier argued that part of a state’s duty is to identify threats to ensure a state’s security. Issues regarding RSS intentions vary from those of combatants. This conduct presents two main threats to ISIS rule in Raqqa. The first is what RSS claim as their intent of disseminating vital information to ISIS’s opponents. The second threat comes as citizens speaking out against their political control as a threat to delegitimize ISIS. Considering that RSS is not a state actor; our definition of cyber-warfare is not applicable. RSS’s goal is one of hacktivism. It could indeed be viewed as a cyber-crime, and an unethical one at that. Despite ISIS’s failure to recognize freedom of opinion, the international community does with Article 19 of the Universal Declaration of Human Rights (A/810). Even if RSS was broadcasting information that could compromise their success—tracking, punishing, and killing members of RSS would be an unproportional response to their intent and threat.

There are numerous examples of cyber-attacks like these centralized around Syria occurring frequently. At some future point, sides must answer for their actions and justify if they were ethical during this time of war. Legislators must look to this as inspiration and draw upon recommended legal recourse to draft laws so that virtual atrocities committed will be punished.


Until this point, this research has briefly addressed the policy vacuum surrounding cyber-war and discussed various instances of ethical complications with cyber-attacks. As was also mentioned above, the similarities between cyber-warfare and espionage far outnumber those between a conventional war and cyber-war. A definition and global change in the understanding of cyber-war would be beneficial to global security.

Larry May (2015, pp.9-12) does not compare cyber-warfare to espionage, but rather an embargo, calling upon an international paradigm shift. The purpose of embargos and espionage overlap somewhat. Both can be a response to fear or aggression, and both can be focused on limiting the economic capability of a state. However, embargos stop at economic limits. May explains that any damage to property or life due to an embargo is indirect. Espionage often aims to cripple a specific target intentionally. May’s analysis of the Stuxnet attack as an embargo carries weight and merit as a viable paradigm shift. Likewise, espionage and the above-explained instances of cyber-warfare also have goals to do more than just limit a market. They can aim to steal information, giving a tactical advantage to the target’s state. For this reason, espionage is a superior paradigm, but both are better alternatives than the conventional notion of warfare.

It would make sense that international bodies draft legislation to address cyber-attacks as either an act of espionage or a formal trade embargo due to the transparency involved. This legislation would have to classify various types of actions so that the accurate punitive measures, if any, can be applied to a claim from the victim towards the suspected belligerent. Additionally, legislation could be written that further punishes instances where states failing to accept attribution are handed more severe punishments than those that take responsibility or announce their intent.

One last benefit of classifying a cyber-attack as different than a traditional attack is that it diminishes a response of physical force (May, 2015, p.13). A cyber-attack is still a serious transgression eligible for punitive measures that can fall short of an armed military response. Understandably, this limit at a physical response may embolden some states to perform more cyber-attacks against opponents. It is a sophisticated approach needing refinement but is an excellent, productive start.

An immediate response which could prevent international litigation would be unilateral sanctions from the victim state against the belligerent. This response would only prove effective for large economic powers—Tuvalu’s refusal to trade with the United States would reduce American “.tv” sites but ultimately only damage themselves. Better punitive measures for a criminal cyber-attack as espionage or embargo would be trials of responsible individuals by international courts. This approach would allow for an objective, internationally recognized indictment. Depending on states’ cooperation and response, multilateral actions by the United Nations, including sanctions, would also be justifiable should trials be ineffective. A less realistic, but more proportional answer lies in reparation payments, although multiple factors must be considered such as intended and actual damages accrued. 

Addressing legal actions and measures are vital to combating future cyber-attacks after they occur. However, there is little effort being made to deter attacks from happening. In the past 20 years, the West has approached the subject with little effort to include other countries--the Tallinn Manual is a clear example of this lack of interest. The West has made little progress to accept notions or ideas that countries like Russia or China propose. China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan, and Uzbekistan reached an understanding and signed a code of conduct under the auspices of UN in 2015 (A/69/723, A/69/723 Annex I). This document contains sensible, objective clauses promoting cooperation and allow for trust to develop. Despite the practical approach, the document lacks Western nations’ signatures. 

The West’s failure to realize that keeping the virtual world unprotected at a global level for extended periods compromises the world’s security and the West’s security. Western dominance is a perception; no country or block can fully explore all scenarios in the cyber-domain. The West’s ignorance to these threats is international, not regional or polarized. Coming to a global agreement improves safety at every level. The magnitude of this problem is not an easy subject to approach. Further, these suggested measures and deterrents are ineffective without an internationally agreed understanding of cyber-attacks and cyber-warfare.


This research only begins the discussion on the policy vacuum surrounding cyber-warfare. Syria provides excellent examples of how technology and the internet are being used to advance political actors’ goals. No matter what the theater of war may be, the risk to innocents and atrocities will always remain a practical and unfortunate reality. The stage of cyberspace creates only new considerations in that so much more people are affected. At the most severe end of the spectrum, cyber-warfare can cause mass casualties. Examples like Stuxnet are best-case scenarios for cyber-attacks, where multiple countries pool together resources to neutralize a threat without loss of life or physical engagement. SEA and ISIS DoS and phishing are much more realistic possibilities that take to little time and resources to execute.

Due to their challenge, their effects, and their nature, cyber-attacks are much less an attack in the militaristic physical sense and closer to acts of espionage. Events like the Syrian Civil War illustrate the complexity in distinguishing friend from foe, as well as presenting an understanding that citizens are available for targeting of some cyber-attack just like a citizen of a nation will experience a smaller extent of a trade embargo against their country if they reside there. The more vocal and active a citizen becomes, blurring the line between complacent bystander and combatant, the greater a target they become to an enemy. The term cyber-warfare should not be synonymous with the traditional meaning of warfare and cannot carry with it a similar Just War Theory. Even though cyber-warfare is more than likely going to be the term used to classify any devious act occurring online against states during a time of conflict, it is important to realize the variety of what outcomes exist.

This ambiguity requires that states work at an international level. First, nations must agree upon what constitutes a cyber-attack. This agreement ranges from who is capable of conducting a cyber-attack, if there is a difference between a cybercrime and cyber-attack, and if it may qualify for one or the other depending on the target and intended outcome. The rulings’ decisions are not nearly as important as that they are made.

Once internationally agreed standard definitions are established, legal action can be initiated. There will come a day when the Syrian Civil War ends and involved sides will want to see that those who committed atrocities are brought to trial. Unfortunately, it seems that states will fail to realize how important these legal standards are until it becomes a larger issue affecting them specifically. States are already experiencing the first iteration of cyber-warfare. Stuxnet and the Estonian DoS attacks are only the beginning. The Spanish Civil War was a preview of the type of warfare that was seen in World War II. History is an important tool to prevent tragedies from reoccurring. Tragedies currently involving the Syrian Civil War, both in the physical and virtual world, may come back on a global level which we do not realize. Any mitigation now can prevent future economic hardship and possible loss of property and life.

Of course, deterrence is necessary, but not from a small group of leading nations, like NATO. An ideal approach should be globally inclusive deterring all nations to escalate aggressions. It should be a global body separate or under the UN, that has an international representation and signed by world powers, making it easy to transcend various spheres of influence. It should have authority forcing signees to participate, cooperate, and enforce rules on local and international telecom and information regulatory authorities. This global understanding would allow the international body to police, investigate, penalize, and order signees to act against violating states. Unfortunately, there is no sign of a similar approach that would be acceptable to the rest of the world.


Ajami, F. (2012, Oct 9). Viewpoint: Echoes of Spanish civil war in Syria. BBC News. Retrieved from

Arthur, C. (2014, Jan 2). 'Syrian Electronic Army' hacks Skype's Twitter and blog accounts. The Guardian. Retrieved from

Assir, & Watkins. (2013, Jun 09). Syria's online troops wage counter-revolutionary cyber war. Times of Oman. Retrieved from

Baker Al Barghuthi, N., & Said, H. (2014). Ethics behind Cyber Warfare: A study of Arab citizens awareness. 2014 IEEE International Symposium on Ethics in Science, Technology and Engineering. Chicago: IEEE.

Dipert, R. R. (2010). The Ethics of Cyberwarfare. Journal of Military Ethics, 9(4), 384-410.

Dwyer, D. (2013, Oct 28). Obama Hacked, Syrian Group Claims Credit for Social Media Breach. ABC News. Retrieved from

Jackson, D. (2013, Apr 23). AP Twitter feed hacked; no attack at White House. BBC. Retrieved from

Lucas, G. (2016). Ethics & Cyber Warfare: Law and Order for A Lawless Frontier. Unpublished Manuscript. Oxford University Press.

Macdonald, S. (2015). Cyberterrorism and Enemy Criminal Law. In J. D. Ohlin, K. Govern, & C. Finkelstein (Eds.), Cyberwar: Law and Ethics for Virtual Conflicts (pp. 57-75). Oxford, UK: Oxford University Press.

May, L. (2015). The Nature of War and the Idea of "Cyberwar". In J. Ohlin, K. Govern, & C. Finkelstein (Eds.), Cyberwar: Law and Ethics for Virtual Conflicts (pp. 3-15). Oxford, UK: Oxford University Press.

Orend, B. (2014). Fog in the Fifth Dimension: The Ethics of Cyber-War. In L. Floridi, & M. Taddeo (Eds.), The Ethics of Information Warfare (pp. 3-24). New York: Springer International Publishing Switzerland.

Orr, J. (2014, Feb 19). al-Assad, Barcelona Twitter account hacked by supporters of Syrian president Bashar. The Independent. Retrieved from

Paganini, P. (2014, Dec 23). ISIS operates spear phishing attacks against a Syrian citizen media group. Cyber Defense Magazine. Retrieved from

Perlroth. (2013, May 17). Hunting for Syrian Hackers’ Chain of Command. New York Times, p. B1. Retrieved from

Pfaff, T., & Tiel, J. R. (2004). The Ethics of Espionage. Journal of Military Ethics, 3(1), 1-15.

Railton, J. S., Regalado, D., & Villeneuve, N. (2015). Behind the Syrian Conflict's Digital Front Lines. Milpitas, CA: FireEye, Inc. Retrieved from

Russian Federation: Conference on information security, cyber-warfare and international law. (2014, Nov 05). International Committee of the Red Cross. Retrieved from

Sanger, D. E. (2014, Feb 25). Cyberattack on Syria was Vetoed by Obama. International New York Times. Retrieved from

Schmitt, M. N. (Ed.). (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge, UK: Cambridge University Press. Retrieved from

Shih, G., & Menn, J. (2013, Aug 28). New York Times, Twitter hacked by Syrian group. Reuters. Retrieved from

Smith-Spark, L. (2013, Aug 28). What is the Syrian Electronic Army? CNN. Retrieved from

U.N. Charter art. 2, ¶ 4

U.N. General Assembly, Letter dated 9 January 2015 from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General, U.N. Doc. A/69/723. Retrieved from

U.N. General Assembly, Letter dated 9 January 2015 from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General, U.N. Doc. A/69/723, annex I (Jan. 9, 2015). Retrieved from

U.N. Secretary-General, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, U.N. Doc. A/68/98 (Jun. 24, 2013). Retrieved from

Universal Declaration of Human Rights, G.A. Res. 217A (III), U.N. Doc. A/810 at 71 (1948)

About the Author(s)

Arthur Deegan is a student in Georgetown University’s Masters in Technology Management program. This paper was originally written for his course in Ethics in Technology.

Yasir Khalid is a student in Georgetown University’s Masters in Technology Management program. This paper was originally written for his course in Ethics in Technology.

Michelle Kingue is a student in Georgetown University’s Masters in Technology Management program. This paper was originally written for her course in Ethics in Technology.

Aldo Taboada is a student in Georgetown University’s Masters in Technology Management program. This paper was originally written for his course in Ethics in Technology.