CYBER-ATTACK IN ESTONIA: A NEW CHALLENGE IN THE APPLICABILITY OF INTERNATIONAL HUMANITARIAN LAW

Abstract

This article aimed to analyze the classification of armed conflict in Estonia's cyber-attack and how the existing IHL are answering this problem, and whether those regulations are enough for future cases of cyber-attack. This article uses the normative method by comparing the Geneva Convention 1949 and Additional Protocol I 1977 with Rule 30 Tallinn Manual 1.0 and some relevant literary works, using a descriptive-analytic to explain the object comprehensively. The result shows that Estonia's cyber-attack could be classified as an International Armed Conflict, which first started as a Non-International Armed Conflict by proving attribution from Russia to Nashi Youth Group following the Overall Control in Tadic Case. The distinction between information warfare and cyber-attack is related to the physical impact, which a threshold of a cyber-attack under Tallinn Manual 1.0. It means Rule 30 of Tallinn Manual 1.0 also answered Jus ad Bellum's threshold and Jus in Bello in terms of cyber-attack. Although, this article needs some improvements regarding the limitation of this issue only focused on the Material Scope of IHL. In addition, Rule 30 of Tallinn Manual 1.0 is not legally binding because it is not one source of international law. However, it is possible for the Rule 30 Tallinn Manual 1.0 to be a new norm and becoming customary international law in the future.