Cyber-attacks take many forms, only some of which are applicable to the law of war. This Comment discusses only those attacks sponsored by a government or non-state entity that have the goal of affecting morale or gaining political advantage, or those attacks amounting to tactical strikes on state or civilian infrastructure. In that vein, this Comment proposes the adoption of a new legal framework for determining the threshold that marks a participant in such a cyber-attack as a “cyber-combatant” by adapting the framework set by the Geneva Conventions and existing custom. This definition should encompass cyber-attacks perpetrated by states, unrecognized states, and non-state groups. It should set the rules of engagement for cyber-attacks and operations conducted for political advantage, morale boost, and tactical purposes.

Whether they act on the orders or in support of States or non-state groups, those perpetrating cyber-attacks that have material effects upon the morale or infrastructure of a sovereign nation during armed conflict should be treated as “combatants” for purposes of international law, and the legality of their actions should be defined. Because the standard governing what constitutes a lawful combatant under any reasonable reading of the Geneva Conventions is muddled as applied to combatants in cyber-warfare as presently conducted, this paper takes the position that under present custom, cyber-combatants may likely be effectively considered illegal combatants under International Law.

Part II of this Comment provides a framework for defining “cyber-combatants,” reviewing the traditionally accepted definition of “combatants” under the Geneva Conventions and customary international law as restated through the Tallinn Manual on the International Law Applicable to Cyber Warfare. Part III explores the alleged cyber-operations of sovereign States, including Israel’s C4i Cyber Warfare Unit and The United States’ USCYBERCOM and its sister agencies, some or all of which may have been responsible for the Stuxnet attack on Iran; Russia’s coordinated cyber-attacks perpetrated during its war with Georgia in 2008 and in the conflict in Ukraine in 2014 and 2015; and China’s PLA Unit 61398. Part IV introduces the unique problem posed by cyber-attacks perpetrated by agents of unrecognized states and organized terrorist groups such as Al-Qaeda and ISIS. Finally, Part V concludes by proposing alternative definitions for cyber-attacks, and consequentially, cyber-combatants.