Some thoughts on cyber deterrence and public international law

Abstract

The mention of a potential preventive US reaction with extremely powerful cyber weapons against the possibility of a cyber threat brings back memories of the early deterrence discussions with regard to nuclear weapons. What deterrence basically comes down to is making clear to any potential opponent that if you dare to attack me, you may expect, at a minimum, a reply in kind that will be devastating to your potential. It also includes the message that even if attacked my capacity to make such a reply will be preserved in a guaranteed second strike, so a first strike will not give any advantage. With regard to nuclear weapons the ICJ considered deterrence but did not conclude that the threat or use of nuclear weapons, which was the deterrent threat, was contrary to public international law in cases where the survival of the state was at stake. This is the reason to see whether indeed a parallel can be drawn between the deterrent strategies in the nuclear realm and a perceived cyber attack by a state in cyberspace and projected generic (preventive) replies by states to such threats, or attacks. Is such a deterrent strategy viable? Would importing deterrence in the cyber realm improve cyber security? And how does public international law qualify such deterrent strategy (is it in accordance with public international law)? These and other legal questions are prompted by the technological developments in the digital area that have created the possibilities for its use as new weapons.