Cyberspace constitutes an unstable environment, featuring rapid changes in the nature of the actors using it, the technologies applied and the inter-personal, governmental and commercial interactions facilitated thereby. The global COVID-19 pandemic exponentially accelerated the trend of digitalization in various fields of life, increasing even more the dependency on cyber-infrastructure and with it the potential for harmful cyber-attacks. Traditionally, states have been cautious in invoking international law in the context of cyber-attacks, and they tended to refrain from denouncing attacks against them as violations of international law, or attributing it to other states. This state of affairs appears to be changing, however. While there are of disagreements as to the way that international law applies in the cyberspace, a common understanding had emerged about some key international law norms that apply in this field. States like Australia, France, Germany, Israel, the United Kingdom, and the Netherlands have recently articulated their legal positions on how international law applies in cyberspace. In the same vein, states who fell victim to cyber-attacks are increasingly attributing them, as an international law matter, to other states, or non-state actors. Arguably, the increased role played by international law in cyberspace constitutes a reaction to the fact that cyber-attacks become more and more frequent, and dangerous, capable of shutting down critical infrastructure, including nuclear centrifuges and water pumping facilities. This chapter will describe and critically evaluate the norms of international law which regulate cyber-operations, and discuss some of the policy considerations underlying them. Part I offers a short history of cyber-attacks. Part II presents the current international law framework governing cyber-attacks. Part III delves into the attribution challenge in cyberspace. Part IV concludes and suggests a way forward.
Read full abstract