A Moral Response to Cyberwar

IN MAY, a ransomware virus attacked computer systems in 150 countries and impacted more than 200,000 people. Experts say it was one of the largest cyberattacks ever. Is cyberwar the new frontier? And what do we make of the claim by Microsoft president Brad Smith that this virus piggybacked off a digital weapon developed by the United States? And then there’s Russia’s alleged interference with the 2016 U.S. presidential election. If there was an interception of the American people’s right to the democratic process in order to advance Russia’s own political agenda, what is a proper response?

John B. Sheldon, a professor of cybersecurity at the School of Advanced Air and Space Studies in Alabama, defined cyberwar as “war conducted in and from computers and the networks connecting them, waged by states or their proxies against other states.” Cyberwar is not to be confused, according to Sheldon, with online espionage, digital terrorism, or other forms of cybercrime. Not every cyberattack is part of a cyberwar, nor should it be treated as such. Online weapons are cheap to make and easy to deploy; they are also primarily anonymous. And the most effective way to bring cybercriminals to justice and restore security might well be civilian-controlled internet policing, not state-led responses.

Ethicists and others have raised key questions at the heart of a moral response to cyberattacks. If the main purpose of a cyberattack is to destroy property, not people, Vanderbilt professor Larry May asked in his 2015 article, “The Nature of War and the Idea of ‘Cyberwar,’” can it properly be described as war? Defining it as such may lead to a cyber arms race. And if it is a war, then who are the cyberdiplomats to negotiate a cyber peace? Others have warned that the “uncontrollable” nature of some cyberweapons may indicate that they should be considered an “indiscriminate threat,” which would place them in a unique ethical category.

Another issue in seeking a just response to cyberattacks relates to the anonymity of most perpetrators: It is often difficult, if not impossible, for a harmed party to determine who is responsible. “When you can’t do attribution,” digital strategist Simone Petrella told a recent panel of Christian ethicists and cyberexperts in Washington, D.C., “it is very difficult to figure out what your retribution is going to be.”

What amount of harm from an online attack might trigger a conventional-war response? Bryan Hehir, a religion and politics professor at Harvard, has advocated for a large gap between a cyberattack and a conventional-weapons response. War is “at the edge of the moral universe,” he said at the D.C. event. While most panelists at the event used the traditional just war framework to assess cyberwar responses, a broader and deeper question might be: What are the things that make for cyberpeace?

Christians would argue that new forms of conflict provide an opportunity for innovative responses. “Global leaders could seek to harmonize domestic laws and expand criminal liability in a coordinated way for agreed-upon cyberthreats,” writes international relations professor Maryann Cusimano Love in Beyond Sovereignty. “This approach relies on promoting cooperation in investigations and prosecutions.” It builds a stable, sustainable legal framework that contributes to peace over time.

Every day technology embeds deeper into our lives. With that codependent relationship comes risk, as we are reminded every time a cashier asks, “Do you have a chip?” Conversations on the ethics of cyberviolence need to keep pace with technology. If Christians don’t advance ethical conversations and moral solutions, then responsibility for these decisions will be left in the hands of others.