Information Operations Violates Protocol I
Escalating trends starting in the Coalition Gulf War and bearing fruit in the NATO Yugoslavia War bring to center stage the combination of infrastructural warfare tactics and modern weapons. When it is viewed in light of recently published US military doctrine on Information Operations (IO), it is clear that the lethal combination of technology and infrastructural targeting is accepted practice for the United States military not only during times of open hostility but, more critically, in times of peace as a political compellence strategy. Lt. General Michael C. Short, commander of the air war in Kosovo, shed light on the attitude within the US military in the The New York Times, 18 June, 1999: "Had airmen been in charge it would have been done differently, but that's water under the bridge," he said. "I felt that on the first night, the power should have gone off, and major bridges around Belgrade should have gone into the Danube, and the water should be cut off so that the next morning the leading citizens of Belgrade would have got up and asked, "Why are we doing this?" and asked Milosevic the same question."
NATO stopped short of this direct terror campaign but it did bomb electric systems and other vital civilian infrastructure including a television station which caused the death of journalists which violated Protocol I's protection of journalists. General Short's statement sends a clear signal that, at the highest levels of the United States military command, such behavior is believed to be acceptable and his is not an isolated view.
Earlier in the year, another American General discussed the American strategy for Information Operations (IO) which Joint Publication 3-13 describes as most effective in periods prior to open hostility and as targeting civilian computer, telecommunications, financial, and electric distribution system with high-tech methods such as Electronic Magnetic Pulse (EMP) guns, computer intrusions, viruses, and other IO means.
"The Joint Warfare Analysis Center down at Navy Dahlgren (Va.) is a national resource," explained Major General Bruce A. "Orville" Wright, Deputy Director for Information Operations, Joint Chiefs of Staff, at a Defense Colloquium on Information Operations. "They can tell you not just how a power plant or a rail system is built, but exactly what is involved in keeping that system up and making that system efficient."
"One of the terms I've learned from these guys is SCADA--Supervisory Control and Data Acquisition," he continued warming to the subject. "If you have that acronym in the IO business, you are well ahead of the fight. SCADA basically is the computer control for a power system or railroad or sewer system or water system. We rely more and more on those kinds of systems as potential targets, and sometimes very lucrative targets, as we go after adversaries."
These statements must be viewed within a historical perspective to understand their out-of-step views with international law. Civilian protection during times of hostilities has been a focus of both customary law and international treaty starting in 1863 with the Lieber Rules and then continuing with the 1868 St. Petersburg Declaration, 1922 Hague Rules of Air War, 1938 Resolution of the League of Nations Protection of Civilian Population Against Bombing From the Air in Case of War, the 1956 XIXth International Conference of the Red Cross Draft Rules for the Limitation of the Dangers Incurred by the Civilian Population in Time of War, and the Geneva Conventions of 1949.
At the start of a new millennium, three ideas shine through from 140 years of modern treaty work. First, the means and methods to wage war are not unlimited. Second, technology has increased man's ability to cause massive civilian damage; therefore, treaties protecting the civilian population have become the focus of the Laws of War. Third, jus cogen (rules that may not be negotiated by a state) has been extended to the Laws of War, and jus ad bellum (the right to resort to war) and jus in bello (the method of war) have taken a secondary role to international and customary law.
The next logical step is a comprehensive review of Information Operations weapons and tactics and which places them in a context of Protocol I which is additional to the 4th Geneva Convention of 1949. This task should be shared by the United Nations and the International Committee of the Red Cross.
The United Nations jurisdiction is established by its history of human rights protection and specifically by United Nations Resolution 3384--10 November 1975--which proclaims:
"All states shall refrain from any acts involving the use of scientific and technological achievement for the purposes of violating the sovereignty and territorial integrity of other states, interfering in their internal affairs, waging aggressive wars, suppressing national liberation..."
In terms of treaty support to examine the new weapons of Information Operations, Protocol I provides the most direct reference in Article 36--New Weapons:
"In the study, development, acquisition or adoption of a new weapon, means or method of warfare, a High Contracting Party is under obligation to determine whether its employment would in some or all circumstances be prohibited by this Protocol or by any other rule of international law applicable to the High Contracting Party."
The application of Article 36 is extremely important to this discussion because Protocol I does not currently mention IO as a method of attack and second, the definition of attack may need altering. Article 49 (3) reads:
"The provisions of this Section apply to any land, air or sea warfare which may affect the civilian population, individual civilians or civilian objects on land."
Although the IO tactics against physical infrastructure may look similar to land or air warfare, it is not specifically stated so in the treaty. This also ties in with the treaty's definition of attack:
"Attack means acts of violence against the adversary whether in offense or in defense."
The cogent issue boils down to one of semantics. Is a computer intrusion an attack? Is sending a logic bomb to disable a nuclear power plant an attack? The United States has used the popular media to denounce computer system intrusions as attacks; therefore, can it be assumed that the attack concept extended to IO is now universal? An examination of Protocol I for IO capabilities can clarify this point.
The key starting point is creating a modern definition of civilian versus military infrastructure. This has become an important issue in a world were much of the military telecommunications traffic passes over civilian networks, and it is difficult to separate electric power production from civilian and military targets. For this reason, it is best to look at this issue as three separate categories.
First, there is infrastructure that is, without dispute, dedicated to military usage. This includes roads, electric production at isolated army bases, and other well defined military objects. These items have never been in question. It is the second area that may be a gray area. This is the area of civilian roads, telecommunications, computer networks, electricity distribution, and water systems that may also feed military installations.
Article 50--Definition of Civilians and Civilian Population offers a method to solve this problem. It states:
(1) In case of doubt whether a person is a civilian that person shall be considered to be a civilian. It continues in (3) The presence within the civilian population of individuals who do not come within the definition of civilians does not deprive the population of its civilian character.
A revision could build on both items (1) and (3). All infrastructure should be considered civilian if it has mixed usage and this is supported by item (3) which, although written to apply to people, may give a hint as to future direction. An appropriate paraphrase may be the following:
The presence of military traffic or usage of civilian infrastructure should not deprive that specific piece of infrastructure from civilian protection and should be assumed to be civilian.
Finally, it is the third area of civilian infrastructure of financial systems, medical systems, food distribution, and media production and distribution systems that should be completely off limits to IO tactics. This prohibition should include physical attacks, system intrusions to include virus and worm production, and psychological warfare.
This third area should include all satellite, paging, and wireless systems as well as radio, television, and internet broadcast systems. In addition, the Protocol should protect all neutral communications nodes such as internet routers on third-party soil, submarine cables, microwave links, and satellite transponders and ground stations. In a mirror of the earlier rule in planning military operations, it should be assumed that targeting all such systems would lead to uncontrollable, systemic failures in the third-party systems; therefore, they should be exempt from targeting.
Article 54--Protection of Objects Indispensable to the Survival of the Civilian Population--may also be applicable to this area. There has been significant discussion in the United States about IO encompassing attacks on financial markets, automatic teller machines, toll road metering systems, mass transit systems to create a panic in the civilian population in the hopes of realizing the dreams of political compellence urged by General Short.
This type of strategic planning should be banned under Article 54 which states:
(2) It is prohibited to attack, destroy, remove or render useless objects indispensable to the survival of the civilian population, such as foodstuffs, agricultural areas for the production of foodstuffs, crops, livestock, drinking water installations and supplies and irrigation works, for the specific purpose of denying them for the sustenance value to the civilian population or to the adverse party, whatever the motive whether in order to starve out civilians, to cause them to move away, or for any other motive.
A convention dealing with IO weapons and usage should address the specific issue of indispensable infrastructure to the civilian population in a highly technological dependent society. It should clearly draw a connection between telecommunications and electric systems to modern healthcare systems and determine and define issues of incidental damage versus targeted damage to the civilian environment.
Continuing with this train of targeting thought, a number of military strategists have described IO attacks on medical record systems that need to be discussed and classified in an updated Protocol I examination. Article 14--Limitations on requisition of civilian medical units may be applicable because it provides guarantees that the needs of the civilian population should be satisfied.
Other strategists have suggested attacks on military medical records by changing blood-types and other vital medical information to cause additional casualties and create confusion. This type of planning is a clear violation of the 4th Geneva Convention and Protocol I. Article 12:
1. Medical units shall be respected and protected at all times and shall not be the object of attack. Any discussion of IO methods should update the protection afforded to wounded personnel. It should be clearly defined as to the level of protection afforded to medical records or databases containing quantities and types of medical supplies.
The final two areas under review deal with two very important items in relationship to Protocol I and IO:
Targeting of Dangerous Forces
Article 56--Protection of works and installations containing dangerous forces--was a major stumbling block for the United States in ratifying Protocol I. Judge Abraham D. Sofaer, legal advisor, US Department of State explained the position of the United States government on 22 January 1987.
"The study," Sofaer explained referring to a Joint Chiefs of Staff assessment of Protocol I, "concluded that Protocol I is militarily unacceptable for many reasons. Among these are the Protocol unreasonably restricts attacks against certain objects that traditionally have been considered legitimate targets." The dangerous forces that the United States wanted to preserve the right to attack and destroy included dams, dykes, and nuclear electrical generating stations. Fortunately, 135 other nations disagreed with the US position. Any discussion of IO and Protocol I should include the information systems of these facilities that were so aptly described by General "Orville" Wright.
Attacks on dams could take the form of a system intrusion of the water flow and release system of a dam so that in a rainy season it released water at an improper rate; therefore, the dam would not have released enough water to hold the accumulation of the rainy season and would overflow causing the loss of human life and economic destruction to an adversary.
Other attacks could be as simple as seizing control of the flood gates at a dam which would have the same affect as described above. The discussion of nuclear facilities should seem obvious. There can be any number of scenarios; an IO attack could destroy or damage a nuclear power plant or affect the temperature of water released into a fresh water stream. Once again, any discussion of IO and Protocol I should be expanded to this area.
Finally, meeting the provisions of Article 57 should play a vital role in any IO treaty under the colour of Protocol I. Section 57 (ii) states:
Those who plan or decide upon an attack shall: (ii) Take all feasible precautions in the choice of means and methods of attack with a view to avoiding, and in any event to minimizing, incidental loss of civilian life, injury to civilians and damage to civilian objects.
An expectation of limitation and control should be the final barrier to IO weapons because it builds on Article 51 (4):
Indiscriminate attacks are prohibited. Indiscriminate attacks are: (b) Those which employ a method or means of combat which cannot be directed at a specific military objective. (c) Those which employ a method or means of combat the effects of which cannot be limited as required by this Protocol. IO attack planning should have knowledge of the complete infrastructure not just isolated systems. Without this systemic view, damage could cascade from one system to another and violate the requirement of limited attacks at only specified military systems. This statement holds true because of the interconnected nature of the modern infrastructure and Protocol I discussions should either acknowledge that this provision may not apply to IO weapons or clearly state the level of responsibility for the attack planner in the event of incidental loss of civilian life, injury to civilians and damage to civilian targets.
Article 57 2 (b) may prove the most difficult in a compliance mode.
"An attack shall be canceled or suspended if it becomes apparent that the objective is not a military one or is subject to special protection or that the attack may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated."
It is the requirement to cancel or suspend certain types of IO attacks that will cause problems with Protocol I compliance. For example, internet or network worms or viruses have demonstrated an ability to spiral out of control in related and unrelated systems. In an interconnected world, this may cause damage to vital civilian systems that were not directly targeted. Once it was determined that a vital (non-targeted) civilian system was affected it is very difficult, if not impossible, to withdraw or stop the worm or virus. In essence this creates a form of weapons use treaty that was not intended by this protocol.
It is the opinion of the Centre for Infrastructural Warfare Studies (CIWARS) that the governments of the world have already entered into an IO arms race, and it is only a matter of time before this type of capability will proliferate to guerrilla or terrorist groups. By extending this work to Protocol II as well, which extends the provisions of Protocol I to non-international conflicts and could include guerrilla groups, which have a significant history of infrastructural warfare, the human rights work started in the last millennium will be maintained and advanced.
William Church Centre for Infrastructural Warfare Studies (CIWARS) Email: [email protected]