Clerical discourse about cyber warfare obscures responsibility. Classical Islamic thought links war with responsibility. A ruler initiates war. A combatant works within certain limits. The judge assesses actions. Each of those roles has moral weight. Caliph Umar ibn al-Khattab appointed commanders, prohibited soldiers from harming civilians and destroying crops, and punished officials who violated wartime rules. Cyber warfare disrupts this structure of warfare, limits, and responsibility.
Traditional jihad permits the issuance of commands but from legitimate political authorities; it is not the clerics who command action. For example, a hadith in Sahih Muslim states that “the imam is a shield behind whom the people fight,” linking the authority to organize warfare to political leadership rather than to independent clerics.
In Iran’s cyber strategy, for example, semi-independent hacker networks filter Islamic Revolutionary Guard Corps directives.
Cyber operations change command structure and reward readings of jihad that blur identifiable authority. In Iran’s cyber strategy, for example, semi-independent hacker networks filter Islamic Revolutionary Guard Corps directives. In 2012, the Iranian regime, used Shamoon malware to destroy Saudi Aramco server data. Iran’s leaders justified the attack as an adequate response to external pressures without claiming direct responsibility. States conceal responsibility through rhetoric, proxies, and infrastructure.
Cyber operations often do not create immediate physical damage. Clerics must address whether redefining injury weakens ethical boundaries. Traditional doctrine considers indirect injury, which evaluates for the damage rather than method. For example, classical Islamic jurists condemned the poisoning of water sources because the act harmed civilians by spreading suffering beyond immediate combat. If a hack damages critical infrastructure, the question for clerics is whether that is analogous to poisoning a well, or something different.
The nature of cyber operations often obscures or divides responsibility. Attackers rely on proxies and stolen or falsified identities. Non-state actors often compound this. The Islamic State, for example, asked people to launch lone wolf cyber-attacks to hack profiles or plant propaganda.
Cyber warfare makes attribution difficult. Clerics have therefore redefined doctrine on deception, which relies on manipulation and false personas. Clerics now frame deception as part of warfare. Both state and non-state cyber operations become easier to perform, hard to track, and malleable. In Iran, clerical dictates and state policy are interchangeable. The authorities promote digital warfare as self-defense from outside interference. In Saudi Arabia, the reaction varies. The National Cybersecurity Authority champions self-control and infrastructure security. Other Saudi officials caution against cyber offensives targeting civilian populations, although this debate is itself a product of state goals, not consistent doctrine.
The fewer limitations and responsibilities for actors to enter cyber conflict, the more actors enter the field.
The doctrines of jihadist organizations are permissive. There are no state institutions to authorize operations. Jihadists seek justification, not an authority’s justification. The fewer limitations and responsibilities for actors to enter cyber conflict, the more actors enter the field. A greater number of actors, in turn, will further diminish responsibility and lower the threshold to perform an action. Religious scholars disapprove of this phenomenon and point out that the barriers to acts of thievery, deceit, and injury apply no matter the mode.
Policy solutions deal with attribution and deterrence but these tools respond only to direct threats. They do not consider the interpretation through which participation occurs.
Policymakers must recognize the importance of and assess clerical speech as they tackle cyber warfare. What matters is not just the operative, but the source from whom the operative draws inspiration and shapes his interpretations of ethics and what is permissible in war. If clerics reinforce interpretations based on accountability, they accentuate responsibility. Cyber war does not abolish morality; it simply transforms it as participants diffuse their own responsibility and the accountability that comes with it.
