Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
A COMPREHENSIVE LEGAL ANALYSIS OF CYBER
WARFARE IN THE 21ST CENTURY
Abhishek M, BA LLB, CHRIST (Deemed to be University)
ABSTRACT
The ashes of World War II ignited a never-ending arms race, innovating
technology that posse’s threat to humanity. Modern combat transcends
beyond the physical battlefield, embracing the five domains: land, sea, air,
space and the ever-evolving cyberspace. This exponential increase in scale
needs a new view of conflict, as a single strike can have global consequences.
Cyberwarfare, an unknown concept in the past, has now become a major
aspect of modern warfare, silently infiltrating critical infrastructure and
blurring the line between military personnel and civilians as they are exposed
to the digital nexus. A cyber network is a collection of two or more electronic
devices, connected together with an objective of sharing resources and
exchanging data. Users can access the data on such platforms through the
internet. Such data carrying vital information is prone to cyber threats. In a
digital era, where the world is connected through a cyber network. Threats
rise to an international degree. Although there is no definite definition for
Cyber Warfare, it can be defined as a grey zone warfare between states by
the forefront weapon as the internet to gain an advantage over an enemy state.
Cyber Warfare, unlike traditional war, is not fought using kinetic weapons
and existing laws of war do not apply to such grey zone warfare. The
International Convention on Cyber Crime, 2001 (Budapest Convention) is
recognised as the law binding on cybercrimes although there exists a source
of international law it was not effective due to its limitations. Data protection
legislations in India are experiencing various challenges and resentments
owing to the lack of a strong legislative framework. The research paper
briefly discusses the types of Cyber Warfare, its legal position in the
international community and India’s efforts to subdue cybercrimes.
Page: 4708
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
History And Evolution
Throughout history, humans have resorted to violence to achieve worldly desires. From the
swords, maces, and spears of the ancient era to the gunpowder revolution that transformed
warfare, our methods of conflict have evolved alongside our ingenuity. however, with the dust
settling from World War II, a new kind of battleground emerged. Fuelled by an ideological
arms race, the Cold War saw superpowers like the United States and the Soviet Union recognize
the growing importance of communication networks. This realization sowed the seeds of cyber
warfare, a conflict fought not with bullets and bombs, but with lines of code. While the Cold
War did not witness any large-scale cyberattacks, it mirrored the traditional arms race where
each side developed offensive and defensive cyber capabilities, creating a constant push and
pull in technological advancement1. This led to countries trying to disrupt each other’s military
communications and intelligence gathering. This dynamic continues today, with majority
nations actively developing offensive cyber weapons. The rise of the internet in the 20th century
marked a significant point in history. The world in 1998 witnessed the “Moonlight Maze”
attacks, where US hackers infiltrated Chinese military systems, which showcased the offensive
potential of cyberspace2. The recent decade has seen a significant increase in complexity. Cyber
weapons such as Stuxnet blurred the gap between digital and physical warfare, as attacks with
ransomware devastated key infrastructure. The emergence of cryptocurrency has made
cybercrime monetizable, and the possible integration of Artificial Intelligence into cyberattacks
creates horrifying future possibilities. This rapid increase demonstrates the ever-changing
nature of cyber warfare, which necessitates ongoing adaptation and creativity in security
strategies.
Definition Of Cyber Warfare
Cyber warfare refers to the use of computer networks and digital tools to attack an enemy state,
organization, or individual3. Cyber warfare can be highly targeted, allowing attackers to inflict
significant damage with minimal physical footprint. This makes it a cost-effective and
potentially deniable tool for achieving political or military objectives.
1
[Link] Editors (2023) Arms race: Definition, Cold War & Nuclear Arms, [Link]. Available at:
[Link] (Accessed: 01 October 2024).
2
Orr, Trystan. (2018) A brief history of cyberwarfare, GRA Quantum. Available at: [Link]
brief-history-of-cyberwarfare/ (Accessed: 01 October 2024).
3
James Green, Cyber warfare: A multidisciplinary analysis (1st ed. 2016).
Page: 4709
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
Cyber warfare can include a variety of operations, but these are some of the most prevalent
ones:
• Espionage: It is defined as stealing classified information or intellectual property using
digital means. This can include hacking into government or corporate networks,
installing malware, or deceiving employees into disclosing sensitive information
(phishing).
• Sabotage: It is defined as the deliberate disruption or disablement of essential
infrastructure or military systems. This might include attacks on power grids,
transportation systems, financial institutions, and weapon control systems.
Manipulating control systems, planting harmful malware, or conducting denial-of-
service assaults to overwhelm a system are all potential tactics.
• Disinformation campaigns involve spreading incorrect or misleading information in
order to create confusion, destroy trust, and manipulate public opinion. This can be
accomplished by manipulating social media, hacking news websites, or creating phony
online personas to promote propaganda.
• Denial-of-Service (DoS) attacks include overwhelming a website or server with traffic,
rendering it unreachable to genuine users. This may impair critical services such as
online banking, government websites, and communication platforms.
• Data manipulation: It refers to tampering with or manipulating data for a variety of
purposes. This could include stealing financial information, influencing election results,
or interrupting scientific research.
The practical distinction between cyber terrorism and information warfare is that cyber
terrorism is about inflicting fear and harm to everyone nearby, whereas information warfare
has a specific objective in a conflict (ideological or declared). Information warfare is well
defined as a planned attack by nations or their agents against information and computer
systems, computer programs, and data that result in enemy losses. In addition to these phrases,
law enforcement authorities frequently refer to the problem of cybercrime. Cybercrime is a
crime perpetrated with the use of information technology. We must note that the physical
manifestations of cyber terrorism, information warfare, and cybercrime frequently resemble
Page: 4710
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
one another.
Assume that someone gains access to a hospital's medical database and changes the medicine
of a pro-business, anti-environmental leader at a Fortune 100 company to one to which he or
she is critically allergic, as well as removing the allergy from his or her digital record. The
nurse gives the medicine, and the patient dies. So, what definition applies? The solution is not
in the mechanics of the occurrence, but in the intent that motivated the individual's actions. If
it was done on purpose, for example, as a result of strained relations between these two people,
it would be both murder and a cybercrime. If the executor later announces that he or she is
willing to execute similar acts if their demands are not met, this could be classified as cyber
terrorism. If the operations were carried out by an agent of a foreign power, they could be
classified as information warfare. The distinction between these phrases is critical because
there are non-technological concerns and solutions that will influence any approach for
addressing cyber warfare and cyber terrorism. The most crucial part of cyberattacks with
physical implications is understanding the attacker's objective.
Stuxnet
In 2010, a highly complex computer worm was revealed called the Stuxnet. This state-
sponsored cyber weapon was made with an aim to stop Iran’s nuclear enrichment program,
specifically targeting the centrifuges which were used in separating the fissile isotopes used in
development of nuclear weapons. Stuxnet was capable enough to influence industries by
taking control of its industrial control system (ICS) and could be used to cause destruction in
the physical realm. This demonstrated the growing threat and everchanging nature of cyber
warfare.4
Although the official responsibility for Stuxnet remains unclear, a plethora of evidence suggests
that the United States and Israel worked together on the operation. The complexity of the
operation, the accuracy with which Iranian nuclear facilities were targeted, and the technology
needed to develop a weapon of that kind all suggest state involvement.5
The Stuxnet attack had a significant impact on Iran's nuclear program, allegedly slowing
uranium enrichment processes for several years. It sparked a global debate on the legality and
4
Samuli Haataja, ‘Cyber Attack and International Law on Use of Force’. (2018)
5
Ibid, Chapter 4.
Page: 4711
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
ethics of cyber warfare. There is presently no established international law governing
cyberattacks, making it hard to hold criminals accountable. Furthermore, the likelihood of
unanticipated consequences and heightened hostilities between states causes serious concern.
The Stuxnet attack highlights the importance of international cooperation in developing
standards and guidelines for cyber warfare. These standards should address attribution,
proportionality, and the targeting of civilian infrastructure. Furthermore, international
frameworks are required to encourage responsible state behaviour in cyberspace and set
consequences for malevolent activity, the international community must collaborate to
establish organizations and laws that promote peace and stability in cyberspace.
International Laws
United Nations Charter
Walter Benjamin, a German philosopher distinguishes between two forms of violence: law
making violence and law preserving violence. Law making violence is the violence evident in
the establishment of legal order, where as on the other hand refers to violence used to preserve
legal order.6 International law therefore is concerned particularly with the violence associated
with war and its containment through and within positive law.
Article 2(4) of the United Nations Charter prohibits the threat or use of force and calls on all
Members to respect the sovereignty, territorial integrity and political independence of other
States7. This article contains many principles, such as; Principle of non-intervention: ‘it
involves the right of every sovereign state to conduct its affairs without outside interference’.8
The principle is derived from customary international law. The ICJ elucidates the important
element of coercion, which defines, and indeed forms the very essence of, prohibited
intervention, is particularly obvious in the case of an intervention which uses force.9
‘Force’ as envisaged in article 2(4)
Black’s law Dictionary defines force as, ‘power, violence or pressure directed against a person
6
Walter Benjamin, Critique of violence (reflections), On Violence 268–285 (2007).
7
U.N. Charter art. 2(4).
8
Case Concerning Military and Paramilitary Activities In and Against Nicaragua (Nicaragua v. United States of
America), at para 202 (1986).
9
Ibid, at para 205.
Page: 4712
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
or thing.10 The UN Charter or any instrument subsequently adopted within the international
community does not have any qualifications as to the type of ‘force’. Questions arise due to
this ambiguity in the law. However, the general interpretation of the term ‘force’ is limited to
‘armed force’ (‘equipped with a weapon’11). The UN Charter was of course drafted in the 1940s
in an era where means of violence were through bombs, rifles, aircrafts, etc which were
engaged in the second world war. The law however must be interpreted as years pass by.
Does use of Non-Conventional weapons amount to ‘use of force’ under article 2(4):
Clausewitzian strategic theory begins with the notion that all battles throughout history have
certain features; for example, the essence of war itself does not vary, although warfare, or the
methods by which wars are carried out, is always changing.
12
In other words, the modern warfare takes place in a different terrain and methods of violence
is reformed. William Boothby adopts the position that a cyber weapon is defined by its violent
consequences - where a means of cyber-attack is ‘designed, intended or used, in order to have
violent consequences, that is, to cause death or injury to persons or damage or destruction of
objects’13. Article 2(4) is an effects-based prohibition. The generally accepted interpretation of
Article 2(4) is that only those interventions that produce physical damage will be regarded as
an unlawful use of force.14 cyber operations resulting in physical damage or injury will almost
always be regarded as a use of force.15 The majority of analysts disagree with this stringent
interpretation due to the possible destabilizing effects of cyber operations on a broad spectrum.
Countries are calling for a new convention to control cyber activities, citing alleged flaws in
Article 2(4).16
Convention on Cybercrime Budapest, [Link].2001
Adopted in 2001 under the auspices of the Council of Europe. The convention is aimed at
criminalising cyber-crime through a common criminal policy in the interest of peaceful usage
10
Bryan A. Garner & Henry Campbell Black, Black’s Law Dictionary (9th ed. 2009).
11
Ibid, at 123.
12
Von Clausewitz, C. On War (1997) (J. J. Graham, Trans.). Wordsworth Editions.
13
William H. Boothby, Methods and Means of Cyber Warfare (2013), US NAVAL WAR College. 89 INT’L L.
STUD. 387 (2013)
14
Russell Buchan, ‘Cyber Attacks: Unlawful Uses of Force or Prohibited Interventions?’ (2012) 17 Journal of
Conflict and Security Law 212, at 219-221.
15
Andrew. C. Flotz, ‘Stuxnet, Schmitt Analysis, and the Cyber “Use-of-Force” Debate’, 2012.
16
Clarke and Knake, 219–255; Hollis, “Why States Need an International Law for Information Operations,” 1053;
and Silver, 78.
Page: 4713
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
of technology. The Convention in its core calls for all sectors along with governments to
actively participate, an international collaboration of nations and private sectors to combat
against cyber-crime. Among its many interests it also aims to protect personal data, individual
privacy, smooth operations of transaction of data, etc.
75 countries worldwide have ratified the convention and 20 countries are invited to accede.
Members of the Cybercrime Convention Committee share information and experience, assess
implementation of the Convention, interpret the Convention through Guidance Notes, or
prepare templates for mutual assistance requests and other tools to facilitate the application of
the treaty to counter cybercrime more effectively.17 The Convention on Cybercrime has also
received significant opposition for its specific provisions that fail to protect the rights of
persons and nations, as well as its overall inadequacies in ensuring a criminal-free
cyberspace.18 Since the crime is borderless, jurisdiction of crime becomes a crucial question to
which the convention fails to address. The Budapest Convention through its Article 32b allows
for transborder access to data and thus infringes on national sovereignty19, creating a privacy
issue among nations. In consideration of the backlashes of the Convention India among other
nations, however abstained from signing the treaty.
Talliin manual 2.0 on International Law Applicable to Cyber Operations
The Talliin Manual 2.0 on International Law Applicable to Cyber Operations20 is a non-legally
binding study authored by a group of experts led by Micheal Schmitt at the request of the
NATO Cooperative Cyber Defence Center of Excellence located in Tallinn, Estonia. The
Tallinn Manual 2.0 plays a crucial role in shaping norms, practices, and policies related to
international law and cybersecurity. Its contributions extend beyond academia to practical
applications in statecraft, conflict resolution, and the promotion of a rules-based international
order in cyberspace. Tallinn Manual provides a thorough and careful analysis of how the jus
ad bellum and jus in bello translate to cyberspace, along with helpful descriptions of divisive
issues that remain to be resolved through state practice and debate21.
17
Cybercrime Convention Committee (T-CY) ‘The Budapest Convention on Cybercrime: benefits and impact in
practice’, Council of Europe, 13 July 2020.
18
Shalini S, March 3, 2016, ‘Budapest Convention on Cybercrime – An Overview.
19
Alexander Seger, ‘India and the Budapest Convention: why not?’, 10 August 2016.
20
Refer Schmitt, Michael N. (2013). Tallinn Manual on the international law applicable to cyber warfare.
21
Kristen Eichensehr, Review of "Tallinn Manual on the International Law Applicable to Cyber Warfare" 108
American Journal of International Law 585–589 (2014).
Page: 4714
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
Domestic Laws:
Until the mid-1990s, most trade and transactions were conducted via post, telegram, and telex.
Traders, entrepreneurs, and other professionals were able to gain from the internet due to
modern technology.
Information Technology Act 2000
The Information Technology Act, 2000 was passed by the Indian government, the first
legislation in India on technology, computers, e-communication & e-commerce. The IT Act,
2000 legalizes transactions conducted by electronic data interchange and other electronic
means of communication, sometimes known as electronic commerce transactions. Because of
a few shortcomings in the act, it sparked heated arguments, detailed reviews, and criticism. In
2009, further amendments were made to the act. The Act applies to whole of India and has
extra territorial jurisdiction, since the nature of crime being borderless, it made essential to
create a wider applicability.22
Along with the IT Act, 2000 several policies were formed such as National Cyber Security
Policy, 201323 and National Policy of Information Technology, 201224. The policies contribute
to the protection of critical infrastructure such as the air defense system, nuclear power plants,
banking systems, and many others in order to ensure India's economic stability.
National Nodal Agency (NNA) is an organization appointed by the government responsible
for all measures including research and development relating to protection of critical
infrastructure information.25 Cyber-Terrorism has also been identified under Section 66(F) of
the IT Act punishes anyone whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment for life. Cyber-crimes are also recognized and interpreted under
The Indian Penal Code, 1860. The realm of cyber-crimes evolves each day and recognition of
these crimes are crucial and due to the shortcoming of appropriate legislation, interpretation of
preexisting laws to such crimes become difficult for the judiciary.
22
Information Technology Act, 2000. § 75,
23
National Cyber Security Policy, 2013.
24
National Policy of Information Technology, 2012.
25
Information Technology Act, 2000. § 70(A)
Page: 4715
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
Cyber Warfare In Terms Of Bharatiya Nyaya Sanhita, 2023
In the modern era, organized crime has evolved beyond physical realms to exploit the digital
landscape, where cyber warfare has emerged as one of the most formidable threats. Section
111 of the Bharatiya Nyaya Sanhita (BNS)26 offers a comprehensive definition of organized
crime, extending to various unlawful activities such as kidnapping, extortion, land grabbing,
contract killing, and cybercrimes. This section emphasizes the involvement of individuals or
groups acting in concert, either as part of or in association with organized crime syndicates,
employing violence, intimidation, or coercion to gain financial or material benefits. Cyber
warfare, in this context, fits squarely into the paradigm of organized crime as it aligns with
several key elements of Section 111.
Cyber Warfare as Organized Crime
Cyber warfare refers to the use of technological means to launch attacks on the digital
infrastructure of individuals, organizations, or even states, with the intent to cause harm, extort
resources, or gain unlawful advantages. When such activities are carried out by individuals or
groups acting in concert, either domestically or internationally, they meet the criteria of
organized crime under Section 111 of the BNS. This legislation defines any continuing
unlawful activity involving violence, threats, or coercion that leads to financial or material gain
as constituting organized crime. Given the disruptive potential of cyberattacks, cyber warfare
is increasingly recognized as one of the most dangerous forms of modern organized crime.
Key Elements of Organized Crime and Cyber Warfare under Section 11127
1. Systematic and Coordinated Attacks: Organized crime syndicates often operate through
highly coordinated networks, and the same is true for cyber warfare. In cyber warfare,
groups of hackers or cybercriminals work in tandem to launch attacks on a large scale.
These attacks are often premeditated and executed with precision, targeting sensitive
systems such as financial institutions, government databases, or critical infrastructure
like power grids and healthcare systems. The systematic nature of these operations
reflects the same level of organization seen in traditional forms of organized crime, such
26
Bharatiya Nyaya Sanhita, 2023
27
Bharatiya Nyaya Sanhita, 2023, § 111
Page: 4716
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
as human trafficking or drug smuggling.
2. Use of Threats and Coercion: While traditional organized crime may involve physical
violence, cyber warfare employs digital means to intimidate or coerce its targets. For
example, ransomware attacks, where cybercriminals hold data hostage until a ransom
is paid, are a form of digital coercion. In such cases, the cybercriminals exploit the
victim’s vulnerability to extort financial gains or other forms of material benefit. These
methods align with Section 111, which addresses any form of violence, threat, or
intimidation used to achieve unlawful gains.
3. Material and Financial Gain: One of the fundamental goals of organized crime is the
pursuit of material and financial gain. In cyber warfare, the financial motive is clear in
cases such as data theft, financial fraud, and extortion. Cybercriminals may steal
sensitive information, such as credit card data or intellectual property, which they can
either sell on the dark web or use to extort victims. Additionally, the increasing use of
cryptocurrencies has made it easier for cybercriminals to collect ransom payments
while evading law enforcement, further aligning cyber warfare with the traditional
goals of organized crime.
4. Cross-Border Nature: Just like traditional organized crime, cyber warfare often
transcends national borders. Cybercriminals may operate from one country while
targeting institutions in another, making it difficult to trace and prosecute them under
domestic laws. This transnational nature of cyber warfare requires international
cooperation and legal frameworks to combat it effectively. Section 111 of the BNS
recognizes this complexity and allows for the prosecution of individuals or groups
involved in organized cybercrime, regardless of where they are based.
5. Exploitation of Technological Means: While traditional organized crime relied on
physical means such as violence or intimidation, cyber warfare exploits technology to
achieve its goals. Hackers use malware, phishing attacks, and other digital tools to gain
access to sensitive information or disrupt critical services. This digital dimension of
organized crime presents a unique challenge for law enforcement agencies, as
cybercriminals can carry out their activities remotely, often with a high degree of
anonymity. Section 111 of the BNS captures this evolution in crime by including
cybercrimes in its broad definition of organized crime.
Page: 4717
�Indian Journal of Law and Legal Research Volume VII Issue I | ISSN: 2582-8878
Conclusion
Cyber warfare has evolved into a complex and formidable form of conflict in the digital era,
presenting a unique set of challenges that transcend borders and traditional definitions of
warfare. As seen throughout history, technological advancements in warfare have continuously
transformed the nature of conflict, from physical combat to sophisticated digital attacks. Cyber
warfare, with its reliance on computer networks, data manipulation, and espionage, operates in
a grey zone where conventional laws of war are often inadequate.
The research highlights that while international efforts, such as the Budapest Convention, have
been made to combat cybercrimes, there remain significant gaps in the legal framework,
especially in addressing the complexity and scale of modern cyber threats. India, through its
legislative advancements like the Bharatiya Nyaya Sanhita (BNS), 2023, has taken a proactive
step in recognizing cyber warfare as a form of organized crime, providing a broader legal basis
for tackling these evolving threats.
Section 111 of the Bharatiya Nyaya Sanhita is a crucial legal instrument that recognizes the
shifting landscape of organized crime, including its manifestation in cyberspace through cyber
warfare. The section's broad definition of organized crime, which encompasses cybercrimes
committed by individuals or groups acting in concert for financial or material benefit, allows
it to address the complexities of modern cyber threats. As technology continues to evolve, so
too must legal frameworks like the BNS, which provides the necessary tools to combat
organized cybercrime and protect the interests of individuals, institutions, and the nation at
large.
In the future, both national and international legal frameworks must continue to evolve to
address the growing threats posed by cyber warfare. Cooperation among nations, clearer
definitions, and robust legal mechanisms are essential to combat the increasing sophistication
of cyberattacks. The need for ongoing adaptation and the development of innovative security
strategies cannot be overstated, as the stakes in cyberspace continue to rise, impacting
individuals, organizations, and nations alike.
Page: 4718
