[Answered] Evaluate how modern cyber-kinetic hybrid conflicts challenge international humanitarian law. Analyze the bottlenecks in fixing state responsibility for state-sponsored cyber operations.

Introduction

The multi-state kinetic actions of 2026, characterized by direct conflicts involving the United States, Israel, and Iran—demonstrate that offensive cyber operations are no longer just tools of espionage; they are core components of kinetic military strikes. This shift has created an operational reality that outpaces the traditional international legal frameworks built to govern state-on-state violence.

Cyber-Kinetic Hybrid Conflicts

1. Modern warfare has moved beyond conventional battlefields into cyberspace. Recent conflicts involving Russia-Ukraine, Israel-Iran, and the US demonstrate how cyber operations now accompany missile strikes, surveillance, propaganda, and economic disruption.
2. This hybridization has exposed serious limitations in International Humanitarian Law (IHL), which was designed primarily for physical warfare.

Challenges to International Humanitarian Law (IHL)

1. Blurring Distinction Between Civilian and Military Targets: The Geneva Conventions require distinction between civilians and combatants. However, cyber infrastructure is largely dual-use. Civilian telecom systems, satellites, and cloud servers are often integrated with military networks. Cyberattacks targeting defence systems can unintentionally disrupt hospitals, airports, banking, and emergency services. Example: Ukraine power grid.
2. Abiguity in Defining Use of Force: Article 2(4) of the UN Charter prohibits the use of force, but cyber operations rarely fit traditional definitions. Malware disrupting electricity grids or financial systems may create severe economic and humanitarian consequences without physical destruction. Tallinn Manual 2.0 recognizes cyber force only when effects resemble kinetic attacks. Example: Stuxnet attack.
3. Problems of Proportionality and Collateral Damage: IHL mandates proportionality between military gain and civilian harm. Cyber operations challenge this principle because digital systems are highly interconnected. A malware attack can spread uncontrollably across borders. Civilian supply chains, healthcare, and governance systems may collapse indirectly. Example: WannaCry ransomware.
4. Weaponization of Information Ecosystems: Hybrid warfare increasingly targets public psychology and social stability. Hacking media portals, spreading disinformation, and manipulating social media influence civilian perception and democratic institutions. Such operations bypass conventional battlefield restrictions while destabilizing societies. Example: Deepfake campaigns.

Bottlenecks in Fixing State Responsibility

1. Attribution Problem: Under the International Law Commission’s Articles on State Responsibility (ARSIWA), wrongful acts must be attributable to a state. However: cyberattacks use proxy servers, encrypted routing and fake digital footprints. Even strong intelligence assessments often fail legal evidentiary standards. Example: SolarWinds breach.
2. Use of Non-State Proxies: States increasingly rely on patriotic hackers, cyber mercenaries, and criminal syndicates. Proving “effective control,” as required in the Nicaragua Case, is extremely difficult. States exploit plausible deniability to avoid international liability.
   Example: Handala hackers.
3. Absence of Binding Global Cyber Law: Unlike nuclear or chemical weapons regimes, cyberspace lacks enforceable international treaties. Budapest Convention focuses mainly on cybercrime. UN cyber frameworks remain voluntary and fragmented.
   Example: UN-GGE limitations.
4. Jurisdictional and Sovereignty Constraints: Cyber disputes rarely reach international courts because: states avoid exposing intelligence capabilities, sovereign immunity limits domestic litigation, cyber evidence is often classified. Example: Pegasus controversy.

Strategic Implications for India

1. Economic and Technological: India’s expanding digital economy, UPI ecosystem, AI systems, and smart infrastructure increase cyber vulnerabilities. NITI Aayog and CERT-In have repeatedly emphasized cyber resilience as essential for economic security. Example: DPI ecosystem.
2. National Security: India faces persistent grey-zone threats involving cyber intrusions, disinformation, and digital espionage from hostile actors. Cyber warfare now intersects with border tensions, maritime competition, and space security. Example: LAC intrusions.

Way Forward

1. Develop a Digital Geneva Convention: The international community should establish binding norms prohibiting cyberattacks on critical civilian infrastructure like hospitals, power grids, and nuclear facilities.
2. Strengthen Attribution Mechanisms: Global institutions must develop cooperative cyber-forensic mechanisms and impose “due diligence obligations” upon states hosting malicious cyber infrastructure.
3. Build India’s Cyber Resilience: India should strengthen: indigenous encryption, AI-driven cyber defence, semiconductor security, National Cyber Command, critical infrastructure isolation. Example: CERT-In expansion.
4. Promote Global Cyber Governance: India should utilize platforms like G20, QUAD, SCO, and the UN to shape equitable cyber norms balancing sovereignty, security, and accountability.

Conclusion

As states increasingly pair digital sabotage with physical strikes, international law must evolve to close these accountability gaps. Failing to establish clear, enforceable rules for cyberspace risks turning the digital domain into a lawless zone of perpetual, destabilizing conflict.