Cyber operations and automatic hack backs under international law on necessity

Abstract

This article examines the use of automatic hack backs under international law on necessity. Hack backs are a form of active defence measure adopted in response to cybersecurity threats that involve effects outside the victim's systems or networks designed to mitigate or prevent the cybersecurity threat. Automatic hack backs are systems that, once activated, are capable of performing these functions without direct human control. The plea of necessity under international law on State responsibility provides a basis on which States can adopt measures that would otherwise be unlawful in order to respond to cyber operations that constitute a grave and imminent against their essential interests. This article argues that the use of automatic hack backs can be justified on the basis of necessity, however, the system would need to be capable of making a range of complex assessments to ensure it meets the strict criteria required by international law. The complexity of systems capable of making these assessments carries a risk unintended effects and escalation of conflict at machine speed.