Cyber warfare and the advent of computer network operations have forced us to look again at the concept of the military objective. The definition set out in Article 52(2) of Additional Protocol I – that an object must by its nature, location, purpose or use, make an effective contribution to military action – is accepted as customary international law; its application in the cyber context, however, raises a number of issues which are examined in this article. First, the question of whether data may constitute a military objective is discussed. In particular, the issue of whether the requirement that the definition applies to ‘objects’ requires that the purported target must have tangible or material form. The article argues on the basis of both textual and contextual analysis that this is not required, but it contends that it may prove to be useful to differentiate between operational- and content-level data. The article then examines the qualifying contribution of military objectives such as their nature, location, purpose or use, and questions whether network location rather than geographical location may be used as a qualifying criterion in the cyber context. The final part of the article addresses the question of whether the particular ability of cyber operations to effect results at increasingly precise levels of specificity places an obligation on a party to an armed conflict to define military objectives at their smallest possible formulation – that is, a small piece of code or component rather than the computer or system itself. Such a requirement would have significant implications for the cyber context where much of the infrastructure is dual use, but the distinction between civilian objects and military objectives is a binary classification.
Computer network operations and ‘rule-with-law’ in Australia
