{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:20:26Z","timestamp":1775470826008,"version":"3.50.1"},"reference-count":46,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2016,3,14]],"date-time":"2016-03-14T00:00:00Z","timestamp":1457913600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,3,14]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The increasing number of cyber attacks has transformed the \u201ccyberspace\u201d into a \u201cbattlefield\u201d, bringing out \u201ccyber warfare\u201d as the \u201cfifth dimension of war\u201d and emphasizing the States\u2019 need to effectively protect themselves against these attacks. The existing legal framework seem inadequate to deal effectively with cyber operations and, from a strictly legal standpoint, it indicates that addressing cyber attacks does not fall within the jurisdiction of just one legal branch. This is mainly because of the fact that the concept of cyber warfare itself is open to many different interpretations, ranging from cyber operations performed by the States within the context of armed conflict, under International Humanitarian Law, to illicit activities of all kinds performed by non-State actors including cybercriminals and terrorist groups. The paper initially presents major cyber-attack incidents and their impact on the States. On this basis, it examines the existing legal framework at the European and international levels. Furthermore, it approaches \u201ccyber warfare\u201d from the perspective of international law and focuses on two major issues relating to cyber operations, i.e. \u201cjurisdiction\u201d and \u201cattribution\u201d. The multi-layered process of attribution in combination with a variety of jurisdictional bases in international law makes the successful tackling of cyber attacks difficult. The paper aims to identify technical, legal and, last but not least, political difficulties and emphasize the complexity in applying international law rules in cyber operations. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 The paper focuses on the globalization of the \u201ccyber warfare phenomenon\u201d\u00a0by observing its evolutionary process from the early stages of its appearance until today. It examines the scope, duration and intensity of major cyber-attacks throughout the years in relation to the reactions of the States that were the victims. Having this as the base of discussion, it expands further by exemplifying \u201ccyber warfare\u201d from the perspective of the existing European and International legal framework. The main aim of this part is to identify and analyze major obstacles that arise, for instance in terms of \u201cjurisdiction\u201d and \u201cattribution\u201d in applying international law rules to \u201ccyber warfare\u201d. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 The absence of a widely accepted legal framework to regulate jurisdictional issues of cyber warfare and the technical difficulties in identifying, with absolute certainty, the perpetrators of an attack, make the successful tackling of cyber attacks difficult. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 The paper fulfills the need to identify difficulties in applying international law rules in cyber warfare and constitutes the basis for the creation of a method that will attempt to categorize and rank cyber operations in terms of their intensity and seriousness.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-12-2014-0081","type":"journal-article","created":{"date-parts":[[2016,2,25]],"date-time":"2016-02-25T10:03:20Z","timestamp":1456394600000},"page":"38-52","source":"Crossref","is-referenced-by-count":12,"title":["Cyberoperations and international humanitarian law"],"prefix":"10.1108","volume":"24","author":[{"given":"Kosmas","family":"Pipyros","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lilian","family":"Mitrou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dimitris","family":"Gritzalis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Theodoros","family":"Apostolopoulos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121703532122600_b1","doi-asserted-by":"crossref","unstructured":"Berson, T.\n and \n Denning, D.\n (2011), \u201cCyber warfare\u201d, \n IEEE Security & Privacy\n , Vol. 9 No. 5, pp. 13-15.","DOI":"10.1109\/MSP.2011.132"},{"key":"key2020121703532122600_b2","doi-asserted-by":"crossref","unstructured":"Blank, S.\n (2008), \u201cWeb war I: is Europe\u2019s first information war a new kind of war?\u201d, \n Taylon & Francis Online Journal\n , Vol. 3 No. 2, pp. 227-247.","DOI":"10.1080\/01495930802185312"},{"key":"key2020121703532122600_b8","unstructured":"Council Directive\n (2008), \/114\/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection [2008] OJ L 345\/75."},{"key":"key2020121703532122600_b9","unstructured":"Council of Europe\n (2009), \u201cCybercrime and Internet Jurisdiction\u201d, Convention on Cybercrime, European Treaty Series 185, Project on Cybercrime, 23.11.2001, Council of Europe, Budapest."},{"key":"key2020121703532122600_b13","unstructured":"European Commission\n (2007), \u201cOn promoting data protection by privacy enhancing technologies (PETs) (Communication) COM\u201d, 228 final."},{"key":"key2020121703532122600_b14","unstructured":"European Commission\n (2009), \u201cOn critical information infrastructure protection, protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience (Communication) COM\u201d, 149 final, Brussels, 30. 03.09."},{"key":"key2020121703532122600_b16","unstructured":"European Commission\n (2013), \u201cCyber security Strategy of the European Union: an open safe and secure cyberspace\u201d, Joint Communication to the European Parliament, the Council, The European Economic and Social Committee and the Committee of the Regions, JOIN, 1 Final, Brussels, 7.2.2013."},{"key":"key2020121703532122600_b17","doi-asserted-by":"crossref","unstructured":"Farwell, J.\n and \n Rohozinski, R.\n (2011), \u201cStuxnet and the future of cyber war\u201d, \n IISS, Survival: Global Politics and Strategy\n , Vol. 53 No. 1, pp. 23-40.","DOI":"10.1080\/00396338.2011.555586"},{"key":"key2020121703532122600_b18","unstructured":"Finklea, K.\n and \n Theohary, C.\n (2015), \u201cCybercrime: conceptual issues for congress and US Law Enforcement\u201d, Congressional Research Service Report, available at: www.fas.org\/sgp\/crs\/misc\/R42547.pdf (accessed 18 May 2015)."},{"key":"key2020121703532122600_b19","unstructured":"Gaycken, S.\n (2010), \u201cThe necessity of (some) certainty \u2013 a critical remark concerning Matthew Sklerov\u2019s concept of \u2018active defense\u2019\u201d, \n Journal of Military and Strategic Studies\n , Vol. 12 No. 2, available at: www.jmss.org\/jmss\/index.php\/jmss\/article\/view\/293\/304 (accessed 12 February 2013)."},{"key":"key2020121703532122600_b22","unstructured":"Kassner, M.\n (2009), \u201cGhostnet: why it\u2019s a big deal\u201d, available at: www.techrepublic.com\/blog\/it-security\/ghostnet-why-its-a-big-deal\/1339\/ (accessed 2 October 2013)."},{"key":"key2020121703532122600_b25","unstructured":"Mudrinich, E.\n (2012), \u201cCyber 3.0: the department of defense strategy for operating in cyberspace and the attribution problem\u201d, \n The Air Force Law Review\n , Vol. 68, pp. 167-205."},{"key":"key2020121703532122600_b28","doi-asserted-by":"crossref","unstructured":"O\u2019Connell, M.\n (2012), \u201cCyber security without cyber war\u201d, \n Journal of Conflict & Security Law\n , Vol. 17 No. 2, pp. 187-209.","DOI":"10.1093\/jcsl\/krs017"},{"key":"key2020121703532122600_b30","unstructured":"Pipyros, K.\n , \n Mitrou, L.\n , \n Gritzalis, D.\n and \n Apostolopoulos, T.\n (2014), \u201cA cyber attack evaluation methodology\u201d, Proceeding of the 13th European Conference on Cyber Warfare and Security, Greece, pp. 264-270."},{"key":"key2020121703532122600_b31","unstructured":"Roberts, P.\n (2012), \u201cLeading US banks targeted in DDoS attacks\u201d, available at: http:\/\/nakedsecurity.sophos.com\/2012\/09\/27\/banks-targeted-ddos-attacks\/ (accessed 2 October 2013)."},{"key":"key2020121703532122600_b32","unstructured":"Sang-Hun, Ch.\n (2013), \u201cComputer networks in South Korea are paralyzed in cyber attacks\u201d, available at: www.nytimes.com\/2013\/03\/21\/world\/asia\/south-korea-computer-network-crashes.html?pagewanted=all\n\t\t\t\t\t&\n\t\t\t\t_r=0 (accessed 2 October 2013)."},{"key":"key2020121703532122600_b33","doi-asserted-by":"crossref","unstructured":"Schmitt, M.\n (1999), \u201cComputer network attack and the use of force in international law: thoughts on a normative framework\u201d, \n Columbia Journal of Transnational Law\n , Vol. 37, available at: http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=1603800 (accessed 2 October 2013).","DOI":"10.21236\/ADA471993"},{"key":"key2020121703532122600_b34","unstructured":"Schmitt, M.\n (2011), \u201cCyber operations and the jus ad bellum revisited\u201d, \n 56 Villanova Law Review, \n pp. 569-606, available at: http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2184850 (accessed 2 April 2015)."},{"key":"key2020121703532122600_b35","unstructured":"Schmitt, M.\n (2014), \u201cProxy wars in cyberspace: the evolving international law of attribution\u201d, \n Fletcher Security Review\n , Vol. 1 No. 2."},{"key":"key2020121703532122600_b36","doi-asserted-by":"crossref","unstructured":"Schmitt, M.\n (2013), \n Tallinn Manual on International Law Applicable to Cyber Warfare\n , Cambridge University Press, Cambridge, available at: http:\/\/nuclearenergy.ir\/wp-content\/uploads\/2013\/11\/tallinn_manual.pdf (accessed 2 July 2013).","DOI":"10.1017\/CBO9781139169288"},{"key":"key2020121703532122600_b37","unstructured":"Shanahan, J.\n (2014), \u201cAchieving accountability in cyberspace: revolution or evolution?\u201d, \n Joint Force Quarterly, National Defence University, \n No. 73, pp. 20-25."},{"key":"key2020121703532122600_b39","unstructured":"Tikk, E.\n , \n Kaska, K.\n , \n R\u00fcnnimeri, K.\n , \n Kert, M.\n , \n Talih\u00e4rm, A.\n and \n Vihul, L.\n (2008), \n Cyber Attacks Against Georgia: Legal Lessons Identified\n , CCD COE Publications."},{"key":"key2020121703532122600_b40","unstructured":"Tikk, E.\n , \n Kaska, K.\n and \n Vihul, L.\n (2010), \n International Cyber Incidents: Legal Considerations\n , CCD COE Publications."},{"key":"key2020121703532122600_b42","unstructured":"United Nations\n (1948), \u201cUniversal declaration of human rights\u201d, available at: www.un.org\/en\/documents\/udhr\/ (accessed 2 July 2014)."},{"key":"key2020121703532122600_b43","doi-asserted-by":"crossref","unstructured":"Virvilis, N.\n and \n Gritzalis, D.\n (2013), \u201cThe big four \u2013 what we did wrong in advanced persistent threat detection?\u201d, Proceeding of the 8th International Conference on Availability, Reliability and Security, Springer, pp. 248-254.","DOI":"10.1109\/ARES.2013.32"},{"key":"key2020121703532122600_b44","doi-asserted-by":"crossref","unstructured":"Virvilis, N.\n and \n Gritzalis, D.\n (2013), \u201cTrusted computing vs advanced persistent threats: can a defender win this game?\u201d, Proceeding of 10th IEEE International Conference on Autonomic and Trusted Computing, IEEE Press, pp. 396-403.","DOI":"10.1109\/UIC-ATC.2013.80"},{"key":"key2020121703532122600_b45","doi-asserted-by":"crossref","unstructured":"Virvilis, N.\n , \n Tsalis, N.\n , \n Mylonas, A.\n and \n Gritzalis, D.\n (2015), \u201cSecurity busters: web browser security vs. suspicious sites\u201d, \n Computers & Security\n , Vol. 52, pp. 90-105.","DOI":"10.1016\/j.cose.2015.04.009"},{"key":"key2020121703532122600_b46","unstructured":"Zetter, K.\n (2010), \u201cGoogle hack attack was ultra sophisticated\u201d, New Details Show, available at: www.wired.com\/threatlevel\/2010\/01\/operation-aurora\/#ixzz0deHCunGn (accessed 2 October 2013)."},{"key":"key2020121703532122600_frd1","unstructured":"Boampong, M.\n (2013), \u201cCreating an internationally recognized code on cyber warfare\u201d, Harlem MUN, available at: http:\/\/web.hmun.nl\/wp-content\/uploads\/2013\/02\/Creating-an-internationally-recognized-code-on-cyber-warfare.pdf (accessed 20 May 2013)."},{"key":"key2020121703532122600_frd2","unstructured":"Bumgarner, J.\n and \n Borg, S.\n (2009), \u201cOverview by the US-CCU of the cyber campaign against Georgia in August 2008\u201d, available at: www.registan.net\/wp-content\/uploads\/2009\/08\/US-CCU-Georgia-Cyber-Campaign-Overview.pdf (accessed 22 May 2013)."},{"key":"key2020121703532122600_frd3","unstructured":"Cornish, P.\n , \n Hughes, R.\n and \n Livingstone, D.\n (2009), \u201cCyberspace and the National security of the United Kingdom\u201d, Chatham House Report, Royal Institute of International Affairs, London."},{"key":"key2020121703532122600_frd4","unstructured":"Council Directive (EC)\n (95\/46\/EC), of the European Parliament and of the Council of 8 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities No L 281\/31."},{"key":"key2020121703532122600_frd5","unstructured":"Council Directive (EC)\n (2002\/58\/EC), of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communication sector (Directive on privacy and electronic communications), Official Journal of the European Communities L 201\/37."},{"key":"key2020121703532122600_frd6","unstructured":"Council Directive (EC)\n (2013\/40\/EU), of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005\/222\/JHA, Official Journal of the European Union L 218\/8."},{"key":"key2020121703532122600_frd7","unstructured":"European Commission\n (2006), \u201cOn a European Programme for Critical Infrastructure Protection\u201d (Communication) COM, 786 final, OJ C126."},{"key":"key2020121703532122600_frd8","unstructured":"European Commission\n (2006), \u201cOn Fighting spam, spyware and malicious software (Communication) COM\u201d, 688 final."},{"key":"key2020121703532122600_frd9","unstructured":"European Commission\n (2013), \u201cEU Cybersecurity plan to protect open internet and online freedom and opportunity\u201d, available at: http:\/\/europa.eu\/rapid\/press-release_IP-13-94_en.htm (accessed 27 April 2013)."},{"key":"key2020121703532122600_frd10","unstructured":"Hathaway, O.\n , \n Crootof, R.\n , \n Levitz, Ph.\n , \n Nix, H.\n , \n Nowlan, A.\n , \n Perdue, W.\n and \n Spiegel, J.\n (2012), \u201cThe law of cyber-attack\u201d, \n California Law Review\n , Vol. 100 No. 4, pp. 817-886."},{"key":"key2020121703532122600_frd11","unstructured":"ISO 27001 Security\n (2013), \u201cISO\/IEC 27001: 2013 Information technology \u2013 security techniques \u2013 information security management systems \u2013 requirements\u201d, available at: www.iso27001security.com\/html\/27001.html (accessed 4 October 2013)."},{"key":"key2020121703532122600_frd12","unstructured":"Lynn, W.\n (2010), \u201cDefending a new domain: the pentagon\u2019s cyberstrategy\u201d, Foreign Affairs, available at: www.foreignaffairs.com\/articles\/66552\/william-j-lynn-iii\/defending-a-new-domain (accessed 10 April 2013)."},{"key":"key2020121703532122600_frd13","unstructured":"Morningstar, C.\n and \n Farmer, F.R.\n (2003), \u201cThe lessons of Lucasfilm\u2019s habitat\u201d, in \n Wardrip-Fruin, N.\n and \n Montfort, N.\n (Eds), \n The New Media Reader\n , The MIT Press, Cambridge, pp. 664-677."},{"key":"key2020121703532122600_frd14","unstructured":"Nowak, A.\n (2013), \u201c\n Cyberspace as a New Quality of Hazards, in National Defence University\u201d\n , \n Scientific Quarterly\n , Vol. 3 No. 92."},{"key":"key2020121703532122600_frd15","unstructured":"Obama, B.\n (2009), \u201cCyberspace policy review: assuring a trusted and resilient information and communications infrastructure\u201d, available at: www.projectcywd.org\/resources\/items\/show\/127 (accessed 6 July 2013)."},{"key":"key2020121703532122600_frd16","unstructured":"Owens, W.\n , \n Dam, K.\n and \n Herbert, S.\n (2009), \n Technology, Policy, Law, and Ethics Regarding US Acquisition and Use of Cyberattack Capabilities\n , The National Academies Press, Washington, DC, available at: www3.nd.edu\/\u223ccpence\/eewt\/Owens2009.pdf (accessed 8 July 2013)."},{"key":"key2020121703532122600_frd17","unstructured":"The Economist (2010), \u201cCyber war: war in the fifth domain\u201d, \n The Economist\n , available at: www.economist.com\/node\/16478792 (accessed 8 April 2013)."},{"key":"key2020121703532122600_frd18","unstructured":"UK Office of Cyber Security and UK Cyber Security Operations Centre\n (2009), \u201cCyber security strategy for the United Kingdom\u201d, available at: www.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/228841\/7642.pdf (accessed2 April 2012)."}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-12-2014-0081","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2014-0081\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2014-0081\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:24Z","timestamp":1753406604000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/1\/38-52\/108711"}},"subtitle":["A review of obstacles in applying international law rules in cyber warfare"],"short-title":[],"issued":{"date-parts":[[2016,3,14]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,3,14]]}},"alternative-id":["10.1108\/ICS-12-2014-0081"],"URL":"https:\/\/doi.org\/10.1108\/ics-12-2014-0081","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,3,14]]}}}