Cybersecurity of weapon systems: International law requirements and technical standards

Abstract

Many weapons operate within complex computerized systems, and are integrated with sensors and platforms. Armed forces rely extensively on digital battlefield management and decision support systems. Exploitation of vulnerabilities in such systems can render them unreliable or unusable, which can adversely affect national security and lead to losses of human life. This paper seeks to establish, first, whether states have an obligation under international law to take cybersecurity measures with respect to weapon systems. Second, the paper examines whether states have, to comply with their legal obligations or otherwise, set cybersecurity requirements, standards, or guidelines that apply to weapon systems, either by articulating them or referring to previously existing standards that apply to cyber-physical systems.