Tanya Gärtner is a research fellow with the department for IT Law & Interdisciplinary Privacy Research at the Fraunhofer Institute for Secure Information Technology SIT and National Research Center for Applied Cybersecurity ATHENE in Darmstadt, Germany. She studied law in Dresden and Münster and passed the first state legal examination before the Higher Regional Court (OLG) in Hamm, Germany. Her research focus is the international law of cybersecurity, and her previous work pertains to, inter alia, the development of a taxonomy for cyber defense in international law.
Beyond 0s and 1s – Cracking the Binary Code of Actors in Cyber Conflict
Historically, international law has focused on states as its main subjects. The usually significant differences between states and non-state actors in relation to resources and capabilities has until now led to the latter being oftentimes disregarded in international policymaking. This however does not accurately reflect current conditions in cyber conflicts. The increasing distribution of new technologies and cyber capabilities, also at the level of the individual person, has led to non-state actors claiming a greater role in confrontations within cyberspace. Some states have even been overtaken in their cyber prowess and now look to private companies, academia, or civilian groups for support in fulfilling their governmental functions, such as national defence.
For example, an increasing number of private individuals are participating in cyber conflict. In the case of the Russia-Ukraine War, this has taken on many forms, from loosely organised and decentralised “hacktivist” collectives to perhaps the most well-known group, the IT Army of Ukraine. In addition, various cyber criminals have connections to state actors and have been observed to change their goal from financial gain to political and intelligence purposes in the context of conflict. Furthermore, the industry of so-called cyber mercenaries is growing. Elsewhere, big technology companies are aiding states in hosting government data outside of their own territory. Moreover, cybersecurity researchers are commissioned to actively defend state IT infrastructure from ongoing cyberattacks.
Against this background, it becomes clear that the role of parties to a (cyber) conflict must be redefined in light of digital technologies. The forthcoming paper will attempt to deliver an updated actor mapping for this ever-changing environment.