Today I stumbled upon an academic paper written by Dan Jerker B. Svantesson named “REGULATING A ‘CYBER MILITIA’ – LESSONS FROM UKRAINE, AND THOUGHTS ABOUT THE FUTURE”.
I will cite the abstract of the paper:
This Essay focuses on how international law regulates what we may term a ‘cyber militia’; that is, a group of volunteers who undertake defense-related activities in cyberspace on behalf of a State, with that State’s formal recognition, and with some degree of coordination or guidance by that State but Preprint not peer reviewed that does so outside the ambit of that State’s regular armed forces or national security structure. The Essay considers both the position of a State utilizing a cyber militia, and the position of a State from which citizens seek to volunteer for a foreign cyber militia. Further, to understand how international law may impact the type of cyber militia envisaged above, account is taken both of relevant law applying outside armed conflict and the international humanitarian law that applies in situations of armed conflict. The Essay draws upon the experiences of the Ukrainian ‘IT army’ that was quickly assembled to assist the defense of Ukraine and points to the benefits of States adopting a formally recognized cyber militia
Let’s start with the cyber militia. If I am not mistaken, “cyber militia” is the term coined by Rain Ottis from the NATO Cooperative Cyber Defence Centre of Excellence in the paper “Proactive Defense Tactics Against On-Line Cyber Militia”.
In that paper, Rian Ottis argued that “cyber militia” could cause damage on the network infrastructure and software service availability of one Country. In this paper the term was widely used to reflect on harmful effects of such group.
While initially, cyber militia meant more like an organization for offense, as in paper of Rian Ottis, in the paper of Dan Jerker, it can also represent a defensive organization. While Dan Jerker is about regulating such organizations, it isn’t certain, to me, whether that kind of organization should even exist. In the current situation, with Ukraine, it is wholly justified for Ukraine to utilize such groups to defend and harm the aggressor as the aggressor is doing such harm to Ukraine’s Internet infrastructure.
I will try to elaborate on why Internet should never be used in war. Firstly, services on Internet are civilian services and are not valid military targets. Secondly, military network infrastructure is wholly separated from the Internet and probably not accessible from the Internet. Thirdly, in warfare, there should be a line of communication available for civilians.
I am also aware that currently, we see the Internet being a ground for warfare; however, rather than regulating the status quo, I would use the momentum to push for the complete opposite. I firmly believe that every act of cyber militia should be seen as a terrorist attack. Moreover, attacking Internet services and infrastructure should be a war crime.