Targeting data in armed conflict Interpreting international humanitarian law’s fundamental notions of ‘attack’, ‘object(ive)’ & ‘damage’ against the effects of cyber operations

This thesis aimed to clarify the extent to which cyber operations directed against data during armed conflict could be subjected to the targeting principles and rules concerning attack (art. 49 Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts, 8 June 1977. Hereafter API.), military objectives (art. 52(2) API) and damage (art. 57 API).
Findings indicated that cyber operations leading to ‘violent effects’ such as the termination of combat action of an adversary, enforced or coercive changes and severe illness and mental suffering amongst the civilian population, are subjected to the targeting rules and principles of API, in so far as the targeted data fulfilled the criteria of Art. 52(2) API to constitute a military objective.
If the data in question does not fulfil those criteria but can be understood to consist of data that is susceptible to damage or destruction, and has a key-position in civilian life, that data could be interpreted evolutively as a civilian object in the sense of Art. 52(2) API.
Lastly, damage and more specifically collateral damage, interpreted evolutively, consists of physical and non-physical effects brought about through cyber operations which either impact functionality in a serious manner or, that in the contextual circumstances of a specific situation, would lead to the type of human suffering which API intends to minimise.