John Burns on the Payroll? The Hidden Business Risks of Globalized Warfare and Shifting Geopolitics

Bradley Intelligence Report

Client Alert


History is replete with examples of civilians supporting one or more parties to a war, and at times participating directly in combat. While doing so may have exposed them to significant individual risk, it rarely if ever brought their employers or businesses into the crosshairs. Not so anymore.  Owing to the increasingly globalized, digitally interconnected character of warfare, civilians no longer need to grab a weapon and join the front lines of battle to participate in or impact conflicts raging halfway around the world. From individual hactivists to multinational corporations like CISCO and Starlink, private actors are stepping increasingly closer to, if not directly on, the modern battlefield. This expanding scope of conflict and novel participation raises an array of business risks that companies are neither attuned to, nor equipped to effectively navigate.

John Burns: Bushwacker to National Celebrity

Of the 1,328 monuments dotting the historic, rolling hills of the Gettysburg National Military Park, one of the 40 statutes honoring individuals stands apart from the rest. Just west of town on Stone Avenue stands the memorialized effigy of John Burns, the so called “Hero of Gettysburg.” Unlike the thousands of others who fought and died at Gettysburg, the bloodiest battle ever fought on U.S. soil, Burns was not a soldier in either of the clashing armies. On July 1, 1863, Burns was a civilian resident of Gettysburg — a veteran of the War of 1812 well into his 70s who chose to respond to the sound of the guns and help repel the invading Confederate forces.

The initial amusement of the officers and soldiers of the Iron Brigade — the first Union element to engage with the advancing Confederates — at seeing this elderly gentleman present with his rusty musket, quickly gave way to respect as he fought calmly and bravely on that first day of the battle. From the perspective of the Confederate forces, Burns was simply another target marked for lethal engagement, which was perfectly consonant with the law as it stood then and today.  Although wounded three times, death was not in the cards for Burns that day.

As the Iron Brigade began falling back to higher ground east of town, Burns fell into the hands of the enemy. As a “bushwacker,” or in today’s terms, an unprivileged belligerent, Burns was subject to summary execution by the rules of the day; a fate he narrowly escaped having thrown off his weapon and ammunition and convincing his captors that he had gotten caught up in the crossfire when seeking medical aid for his wife. He was released, survived his wounds, and quickly achieved celebrity status for his feats. 

The Risks of Civilian Participation in Hostilities     

John Burns was not the first, nor would he be the last, civilian to take up arms in conflict. In today’s parlance, he would be considered what is known in international law as a civilian direct participant in hostilities — a moniker that carries with it specific and potentially deadly implications.  Although the modern laws of war seek to shield civilians from the risks of combat, the protections the law affords are not absolute. Civilians that participate in a conflict can jeopardize both their life and liberty. Not only might their actions run afoul of the domestic criminal and regulatory regimes of their own and intermediary states (e.g., arms export and sanctions regimes or neutrality-based laws prohibiting support to warring parties), the states engaged in the conflict might also consider their actions unlawful and sanctionable. Additionally, and perhaps of greater consequence, the combatant forces of those states might target them lethally, with legal justification for doing so.

Strictly speaking, the laws of war do not explicitly prohibit civilian participation in hostilities.  Nevertheless, doing so does carry with it significant legal and practical risks. First, engaging in certain conduct during and related to hostilities can result in civilians forfeiting their presumptive immunity from direct attack that the law of war provides, i.e., they can be lethally targeted if and for such time as they participate directly in the hostilities. In addition, the attacking force is relieved of its general obligation to consider and avoid incidental harm to those civilians when striking other targets.  Second, unlike combatants, civilians have no right to directly participate in hostilities and so, if captured, are not entitled to any immunity from prosecution under the laws of the capturing state. Yet as consequential as the direct-participation caveat is, the dividing line between direct and indirect participation, i.e., what specific conduct operates to strip civilians of their protection against attack, is notoriously inexact. 

Certainly, providing the kind of general support that civilians typically give to their state’s war effort does not strip them of protection, otherwise the entire edifice of conflict regulation would crumble. At the same time, it is well-settled that direct participation is not limited to the obvious case of engaging in actual violence. But the precise boundaries of what has come to be known as the direct-participation-in-hostilities, or DPH rule, have been hotly debated over the last several decades, with technology-enabled modes of participation muddying the waters even further. For example, it is well-documented that in the Russia-Ukraine war, civilians are leveraging app-based technologies to collect information on Russian troop disposition and movements and passing that intelligence to the Ukrainian forces for targeting solutions — actions that most would consider as direct participation and surely place them at increased risk. Whether the cybersecurity analysts and operators working for companies aiding Ukraine by defending its digital landscape are similarly participating directly is a more nuanced question.

Unpacking these debates and the array of DPH interpretations proffered by different states and international bodies is beyond the limited scope of this article, and one must recognize that what counts as a target is ultimately in the eyes of the targeter. As the International Committee of the Red Cross has been urging in light of these developments, companies, especially in the tech space, “should monitor how their products and services — including communications infrastructure, cloud storage and cybersecurity tools — are used during war, as direct involvement in hostilities could categorize them as military targets and put their employees at risk.” With cyber operations taking an ever more prominent role in conflict, the risks of being targeted are global and not limited to kinetic consequences. 

Of course, what the legal and practical risks are in each case is fact specific. What is undeniable is that given the complexities of modern warfare and other strategic entanglements, companies can quickly find themselves enmeshed in conflicts in inadvertent or underappreciated ways that put their employees, assets, infrastructure, and leadership at risk and raise significant questions about the duties they owe to their employees and shareholders.

Additional Risks of Transacting with Warring Parties     

Since Russia’s massive escalation of its war against Ukraine in 2022, private companies, especially in the tech sector, have played a significant role in supporting Ukraine’s defenses. According to the U.S. Chamber of Commerce Technology Engagement Center:

Leading tech companies in the U.S. are leveraging their resources, capabilities, and expertise to assist Ukraine and defend its sovereignty. From detecting and preventing cyberattacks to resisting Russian misinformation, contributing tens of millions of dollars in humanitarian and in-kind aid, organizing fundraising efforts across their platforms, and highlighting resources for Ukrainians, and more, tech is stepping up to support Ukraine.

This description just scratches the surface of what has proved to be critical efforts to bolster Ukraine’s security, which should be lauded. On the flip side, thousands of companies have either curtailed operations in Russia or cut business ties all together. However, with other conflicts exploding in the Middle East and elsewhere across the globe, and the specter of confrontation with China looming, choosing sides in these actual and potential conflicts may not always be as straightforward or consistent with national interests. Individual corporate decisions to wade into these conflicts, either by altering or maintaining business relationships and practices, can quickly get crosswise with national laws and policies and have broader implications for the United States or other countries in whose jurisdictions companies operate.

Although corporate decisions about whether and how to transact with one or another warring party are generally private and independent, the blowback risks to their affiliated state(s) are real. Both practically and legally, under certain circumstances those decisions and the impacts that flow from them can be attributed directly to those states, risking unintended foreign policy and national security impacts. In some cases, states may have affirmative duties under the international law of neutrality and the principle of due diligence to prohibit or regulate private commercial or other interactions with parties to a conflict.

Whether states feel bound to intervene as a matter of international law, they often do as a matter of domestic policy, employing a variety of economic and regulatory tools to manage the risks of unwanted entanglements and to advance national interests. For example, although strictly speaking the United States has not had neutrality laws on the books since the 1930s, the U.S. currently employs a robust set of targeted sanctions and other economic measures, along with a complex array of laws, regulations and policies governing the export and re-export of commodities, software, and technologies, all with the goal of protecting and advancing national security interests. For example, since February of 2022 alone, the Department of Treasury has imposed sanctions on hundreds of individuals and entities, both Russian and non-Russian abettors of Russia’s war on Ukraine. Companies operating in the global marketplace must pay close attention to these regulatory regimes for compliance or risk potential civil and criminal penalties.

The tectonic plates of geopolitics are shifting rapidly, along with evolving notions of war, conflict, and strategic competition – with businesses frequently getting caught in the crossfire. Identifying, let alone managing, business risks across this increasingly unstable landscape will require wholesale changes in approach, starting with a recognition that the modern battlefield is no longer bounded and John Burns may be on your payroll.