Since cyberattacks are nonphysical, standard theories of casus belli — which typically rely on the violent and forceful nature of military means — appear inapplicable. Yet, some theorists have argued that cyberattacks nonetheless can constitute just causes for war — generating a unilateral right to defensive military action — when they cause significant physical damage through the disruption of the target's computer systems. I show that this view suffers from a serious drawback: it is too permissive concerning the (...) types of actions that generate casus belli since many essentially peaceful and non-violent mechanisms can nonetheless cause physical damage. I resolve this difficulty by developing a sovereignty-based account of casus belli and applying it to cyberwarfare. I argue that legitimate states have a constrained right to unilaterally respond with military force to unfriendly actions that bypass or overwhelm the political deliberations of the target state in order to force a change in behaviour contrary to the determinations of the people of the target state. This new account of casus belli avoids the problems of the consequence-based view by plausibly restricting the types of unfriendly action that give rise to casus belli and yet offers an attractive explanation for why some cyberattacks nonetheless do generate a potential right to a unilateral defensive response. (shrink)

Purpose This paper aims to outline how destructive communication exemplified by ransomware cyberattacks destroys the process of organization, causes a “state of exception,” and thus constitutes organization. The authors build on Agamben's state of exception and translate it into communicative constitution of organization theory. Design/methodology/approach A significant increase of cyberattacks have impacted organizations in recent times and laid organizations under siege. This conceptual research builds on illustrative cases chosen by positive deviance case selection of ransomware attacks. Findings CCO (...) theory focuses mainly on ordering characteristics of communication. The authors aim to complement this view with a perspective on destructive communication that destroys the process of organization. Based on illustrative cases, the authors conceptualize a process model of destructive CCO. Practical implications The authors expand thoughts about a digital “corporate immune system” to question current offensive cybersecurity strategies of deterrence and promote resilience approaches instead. Originality/value Informed by destructive communication of cyberattacks, this theory advancement supports arguments to include notions of disorder into CCO theory. Furthermore, the paper explains where disruptions like cyberattacks may trigger sensemaking and change to preserve stability. Finally, a novel definition of ‘destructive CCO’ is provided: Destructive Communication Constitutes Organization by disrupting and destroying its site and surface while triggering sensemaking and becoming part of sensemaking itself. (shrink)

Does it seem that with each reported state cyberattack, there comes an announcement of discovery, an attribution to one of a handful of usual suspects, some threatening language suggesting imminent retribution, and then nothing more? Increased incidence of cyberattack makes its occurrence seem simultaneously rampant in terms of publicity and minimal in terms of threat of war. If rampant, how can repeated deployment by the same actors carry no punitive consequences? How is such audaciousness tolerated? For some, a cyberattack by (...) a state is an act of war. Its prevalence suggests there must be a void somewhere that facilitates its use without consequence. Others think state cyberattack is like other internet novelties: digital malfeasance, amounting to a nuisance that naturally follows from a digital‐based existence, particularly since non‐state actors are typically involved. Yet, state‐on‐state hostilities are historically perilous on a vast scale, and there is a multilateral system for regulating the use of force in the context of war. Acts of war, even when seeming minimal in impact, are not by‐products of a digital fad, and cyberattack is now described as far more than ‘nuisance’. If anywhere, the place for clarity on hostile state cyberoperations use should be accounted for in International Humanitarian Law. Yet, in its present form, it is ambiguous if not silent on the subject, suggesting that cyberattack currently presents an advantage to perpetrating states. Does this void or these ambiguities make cyberattacks more legally advantageous to states than traditional, kinetic weaponry? I examine whether existing IHL is sufficiently adaptable to state cyberoperations through a mixed legal and theoretical approach and conclude that they do. (shrink)

The main purpose of the study is to determine the key aspects of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents. The methodology includes a set of theoretical methods. Modern government, on the one hand, must take into account the emergence of such a new weapon as cyber, which can break various information systems, can be used in hybrid wars, influence political events, pose a threat to the national security (...) of any state. As a result of the study, key elements of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents were identified. (shrink)

This article offers a reading of internet-based activism or ‘hacktivism’ as a phenomenon that cannot be confined to the instrumental use of information technologies. It focuses on a subset of hacktivism – the distributed-denial-of-service attack for political ends – that aims at making an internet host unavailable to its intended users. Since the early 2000s these attacks have been increasingly conducted by means of botnets – networks of infected computers that send bogus requests to a target website without the consent (...) of their users. The capacity of botnets to engender a more-than-human politics is analyzed from two distinct theoretical angles. First, drawing from Deleuze and Guattari, the hacktivist DDoS is discussed as an assemblage of signifying and a-signifying components, voluntary and involuntary actions. Second, Gilbert Simondon’s notions of transindividuation and transduction allow for a conceptualization of hacktivism as a sociotechnical assemblage with a high degree of indetermination. (shrink)

Building a framework of laws around acts of war or aggression is not easy, especially in the world of international relations, where anarchy characterizes the fundamental nature of world affairs. W...

The frequency of cyberattacks has been rapidly increasing in recent times, which is a significant concern. These attacks exploit vulnerabilities present in the software components that constitute the targeted system. Consequently, the number of vulnerabilities within these software components serves as an indicator of the system’s level of security and trustworthiness. This paper compares the accuracy, trainability and stability to configuration parameters of several neural network architectures, namely Long Short-Term Memory, Multilayer Perceptron and Convolutional Neural Network. These architectures are (...) utilized for forecasting the number of software vulnerabilities within a specified timeframe for a specific software product. By evaluating these neural network models, our aim is to provide insights into their performance and effectiveness in vulnerability forecasting. (shrink)

A philosopher argues that state-sponsored cyberattacks against central military or civilian targets are always acts of war. What is this philosopher doing? According to conceptual analysts, the philosopher is making a claim about our concept of war. According to philosophical realists, the philosopher is making a claim about war per se. In a quickly developing literature, a third option is being explored: the philosopher is engineering the concept of war. On this view, the philosopher is making a proposal about (...) which concept we should have – even if it deviates from the extant concept, and even if it does not capture ‘what war really is’. The activity or method of proposing such revisionary definitions, as well as the metaphilosophical reflection on it, has become known as conceptual engineering. (shrink)

Purpose Employees may feel overwhelmed with information privacy choices and have difficulties understanding what they are committing to in the digital workplace. This paper aims to analyze the role of different thinking styles for effort reduction, such as the use of intuition, when employees make decisions about the credibility and trustworthiness of workplace information privacy issues in Slovakia. While the General Data Protection Regulation sets precise requirements for valid consent, organizations are classified as data controllers and are subject to credibility (...) judgments by their employees. Design/methodology/approach Data was collected from 230 employees in Slovakia using a survey questionnaire. Quantitative analysis using SPSS was conducted to describe employees thinking preferences when judging the credibility of information privacy in their organizations. Findings The survey participants revealed their perceived credibility and trust in personal data protection and thinking preferences. Unconscious thinking is the type of effort reduction often reported by participants, who perceive high credibility and trust in personal data protection. This study can help managers and data controllers in small- and medium-sized enterprises in reflecting about the way in which people use different thinking processes for decision-making about information privacy in their organizations. Research limitations/implications This study set out to explore how decision-making processes at the workplace relate to credibility of data practices. Focusing on the use of different types of intuition, the authors explored whether the preference for a specific decision-making style can explain the perceived credibility of data practices. The part of the workforce in the sample did not have a strict predisposition to use either intuitive or rational thinking. Practical implications The contribution provides scholars with an overview of the field of intuition, a field that is likely to grow given the challenges of digitalization for organizations, such as shitstorms, cyberattacks and whistleblowing. Originality/value The most well-known concepts from intuition research, e.g. the dual process theory, and practice are tested simultaneously, therewith contributing to the applied literature on domain-specific preferences for intuition and deliberation in decision-making. (shrink)

This paper focuses on the use of ‘black box’ AI in medicine and asks whether the physician needs to disclose to patients that even the best AI comes with the risks of cyberattacks, systematic bias, and a particular type of mismatch between AI’s implicit assumptions and an individual patient’s background situation.Pacecurrent clinical practice, I argue that, under certain circumstances, these risks do need to be disclosed. Otherwise, the physician either vitiates a patient’s informed consent or violates a more general (...) obligation to warn him about potentially harmful consequences. To support this view, I argue, first, that the already widely accepted conditions in the evaluation of risks, i.e. the ‘nature’ and ‘likelihood’ of risks, speak in favour of disclosure and, second, that principled objections against the disclosure of these risks do not withstand scrutiny. Moreover, I also explain that these risks are exacerbated by pandemics like the COVID-19 crisis, which further emphasises their significance. (shrink)

In this essay, I propose five principles to make U.S. nuclear deterrence policy more just and effective in the future: sever the link between the mass killing of innocent civilians and nuclear deterrence by focusing targeting on adversaries’ military power and senior political leadership, not their population; never use or plan to use a nuclear weapon against any target that could be destroyed or neutralized by conventional weapons; reject “belligerent reprisal” threats against civilians even in response to enemy attacks on (...) one's own or allied civilians; replace nuclear “calculated ambiguity” threats against biological or cyberattacks with “deterrence by denial” strategies; and work in good faith toward eventual nuclear disarmament. (shrink)

States’ capacity for using modern information and communication technology to inflict grave harm on enemies has been amply demonstrated in recent years, with many countries reporting large-scale cyberattacks against their military defense systems, water supply, and other critical infrastructure. Currently, no agreed-upon international rules or norms exist to govern international conflict in cyberspace. Many governments prefer to keep it that way. They argue that difficulties of verifiability and challenges posed by rapid technological change rule out agreement on an international (...) cyber convention. Instead, they prefer to rely on informal cooperation and strategic deterrence to limit direct conflict. In this article, I seek to rebut some of the main objections to seeking an international convention on the use of cyber weapons. While there are significant obstacles to achieving effective arms control in the cyber domain, historical experience from other areas of international arms control suggests that none of these obstacles are insurmountable. Furthermore, while most critics of cyberarms control assume that cyberspace favors offensive strategies, closer inspection reveals the dominance of cyber-defensive strategies. This in turn improves prospects for striking an effective international agreement on cyberarms control. (shrink)

This study analyzes the domestic political, economic, and social conditions in the Western Balkans that provide fertile ground for hostile and maligned actors to manipulate and exploit governments and societies with hybrid war measures, namely cyberattacks and cyber intrusions and disinformation and fake news. It begins with a review and assessment of the prevailing empirical and theoretical literature on hybrid warfare. It then describes two leading empirical indices that measure degrees of permeability and structural vulnerability that elevate or reduce (...) the risks associated with maligned and hostile interventions. The article also examines leading indicators measuring resilience levels in cybersecurity and media/information literacy, highlighting political, social, and economic vulnerabilities. It concludes by suggesting that domestic conditions in the region encourage maligned and hostile actors, especially Russia and for different reasons and to a lesser extent China and Turkey, to use hybrid measures to exploit the region. The article proposes that in addition to strengthening institutions and trust, membership in NATO and the E.U. are directly related to mitigating structural vulnerability and reducing uncertainty and insecurity in the Western Balkans. (shrink)

What will be the consequences of the criminalization of aggression? In 2010, the International Criminal Court made aggression a crime for which individuals can be prosecuted. But questions around what constitutes aggression, who decides, and, most important, how effective this legal change will be in reducing the incidence of war remain. This essay considers these questions in light of two recent books on the criminalization of aggression: Noah Weisbord'sThe Crime of Aggression: The Quest for Justice in an Age of Drones, (...) Cyberattacks, Insurgents, and Autocratsand Tom Dannenbaum'sThe Crime of Aggression, Humanity, and the Soldier. While the authors argue in favor of the efficacy of the criminalization of aggression as a means to reduce future war, it is also likely that the criminalization of aggression will reshape war in potentially profound ways. (shrink)

In this chapter, I take up the question of whether one of the central principles of jus ad bellum – just cause – is relevant in a world in which cyberattacks occur. I argue that this principle is just as relevant as ever, though it needs modification in light of recent developments. In particular, I argue, contrary to many traditional just war theorists, that just cause should not be limited to physical attacks. In the process, I offer an improved (...) definition of cyberattack and show how some other principles of jus ad bellum constrain this widened notion of just cause. (shrink)

Cyberspace relies on information technologies to mediate relations between different people, across different communication networks and is reliant on the supporting technology. These interactions typically occur without physical proximity and those working depending on cybersystems must be able to trust the overall human–technical systems that support cyberspace. As such, detailed discussion of cybersecurity policy would be improved by including trust as a key value to help guide policy discussions. Moreover, effective cybersystems must have resilience designed into them. This paper argues (...) that trustworthy cybersystems are a key element to resilient systems, and thus are core to cybersecurity policy. The paper highlights the importance of trustworthiness for resilient cybersystems. The importance of trustworthiness is shown through a discussion of three events where trustworthiness was the target or casualty of cyberattacks: Stuxnet, hacking of communications and the Edward Snowden revelations. The impact of losing trust is highlighted, to underpin the argument that a resilient cybersystem ought to design in trustworthiness. The paper closes off by presenting a general set of policy implications arising from recognition of the interplay between trust, trustworthiness and resilience for effective cybersecurity. (shrink)

As a promising method with excellent characteristics in terms of resilience and dependability, distributed methods are gradually used in the field of energy management of microgrid. However, these methods have more stringent requirements on the working conditions, which will make the system more sensitive to communication failures and cyberattacks. As a result, it is both theoretical merits and practical values to investigate the malicious effect of cyber attacks on microgrid. This paper studies the distributed economic dispatch problem under denial-of-service (...) attacks for the microgrid, in which each generator can communicate with its neighbors and has the computational capability to implement local operation. Firstly, a DoS attack model is proposed, in which the DoS attacker intentionally jams the communication channel to deteriorate the performance of the microgrid. Then, the evolution mechanism of the dispatch system of the microgrid under different attack scenarios is adequately discussed. On this basis, an optimal attack strategy based on enumerating-search algorithm is presented to allocate the limited attack resources reasonably, so as to maximize the effect of DoS attacks. Finally, the validity of the theoretical studies about the attack effect under different scenarios and the effectiveness of the proposed enumerating-search-based optimal attack strategy are illustrated through the simulation examples on the IEEE 57-bus system and IEEE 39-bus system, respectively. (shrink)

This article assesses how autonomy and machine learning impact the existential risk of nuclear war. It situates the problem of cyber security, which proceeds by stealth, within the larger context of nuclear deterrence, which is effective when it functions with transparency and credibility. Cyber vulnerabilities poses new weaknesses to the strategic stability provided by nuclear deterrence. This article offers best practices for the use of computer and information technologies integrated into nuclear weapons systems. Focusing on nuclear command and control, avoiding (...) autonomy and machine learning is recommended as one means to reduce the existential risk of unintended nuclear conflict. (shrink)

Philosophical and ethical discussions of warfare are often tied to emerging technologies and techniques. Today we are presented with what many believe is a radical shift in the nature of war-the realization of conflict in the cyber-realm, the so-called.

Which harms and benefits should be viewed as relevant when considering whether to launch cyber-measures? In this article, we consider this question, which matters because it is central to determining whether cyber-measures should be launched. Several just war theorists hold a version of what we call the ‘Restrictive View’, according to which there are restrictions on the sorts of harms and benefits that should be included in proportionality assessments about the justifiability of going to war (whether cyber or kinetic). We (...) discuss two such views – the Just Cause Restrictive View and Rights-based Restrictive View – and find both wanting. By contrast, we defend what we call the ‘Permissive View’. This holds that all potential goods and bads should be included in proportionality decisions about cyber-measures, even those that appear to be trivial, and where the various harms and benefits are given different weights, according to their agent-relative and agent-neutral features. We argue further that accepting the Permissive View has broader implications for the ethical frameworks governing cyberwar, both in terms of whether cyberattack provide just cause for coercive responses, including kinetic warfare and cyber-responses, and whether cyber-measures should be governed by just war theory or a new theory for cyber-operations. (shrink)