Introduction
The increased frequency ofcyberattacks intoday’s world poses serious threats to thesafety andsecurity ofnations. As nations try to figure out how to defend themselves from cyberattacks, thelegal implications ofcyberwarfare andcountermeasures have become important fields ofstudy. This research sheds light onnumerous areas ofinternational law by exploring thelegal implications andissues involved with various parts ofcountermeasures incyberwarfare. Identifying thepeople or organisations responsible forcyberattacks is amajor obstacle to resolving theproblem (Etzioni & Rice, 2015). Correctly attributing cyberattacks is essential fordeveloping efficient countermeasures. But attribution ofit is difficult because ofthenature oftheinternet, which allows foranonymity andtheadoption ofsophisticated tactics to conceal identities. This research revisits theexisting legal frameworks andproposes techniques to establishing responsibility when it comes to attributing cyberattacks inthecontext ofcountermeasures.
Proportionality as it relates to defences against cyberwarfare is another important topic covered inthis research. The application ofproportionality inevaluating theextent andseverity ofcountermeasures is becoming increasingly important as nations respond to cyberattacks. Given theasymmetric nature ofcyber operations andthebroad collateral harm they can do, thelegal rules forestablishing theproportionality ofcountermeasures need to be carefully examined (Roscini, 2014). Existing legal standards andconcepts are examined inthis research, as well as their relevance to cyber countermeasures. International collaboration is essential intheface ofincreasingly complex andtransnational cyber threats. This research looks at thelegal structures andprocedures that promote international collaboration intheface ofcyberattacks. The exchange ofinformation, coordination ofactions, anddevelopment ofeffective measures to counteract cyber threats all need cooperation between governments.
This research also examines theadvantages anddisadvantages ofinternational cooperation inthefield ofcyber countermeasures by examining existing international legal instruments andcooperative channels. While states are thedominant participants incyberwarfare, cybercriminals andhacktivist organisations have emerged as significant players as well (Buchan, 2012). That’s why this research evaluates thedifficulties ofholding non-state actors accountable forcyberattacks andexamines thelegal remedies accessible to nations forresponding within thebounds ofinternational law. Concerns about thepossible violation offundamental human rights, such as theright to privacy andfreedom ofspeech, emerge as nations engage indefensive or offensive cyber operations. To find amiddle ground between national security concerns andthepreservation ofindividual rights, this research investigates thelegal frameworks andconcepts regulating thejunction ofcyber countermeasures andhuman rights. In addition, this research analyses theparameters within which nations may legitimately conduct pre-emptive cyber operations to either prevent or discourage cyberattacks (Hollis & Finnemore, 2016).
This research investigates thelimits andpolicies ofpre-emptive cyber countermeasures by examining thecurrent rules ofanticipatory self-defence andtheir relevance inthecyber countermeasure. The research also investigates thenecessity ofdue diligence as acriterion forgovernmental accountability incyber countermeasures andexamines thenorms andduties imposed onnations fordeciding thelegitimacy oftheir cyber countermeasures, andsheds light onthepotential repercussions andremedies forgovernments that engage inillegal cyber activities. The difficulties ofdefining, verifying, andregulating cyber weapons are also explored inthis research andit looks at thestandards forusing cyber weapons inthecontext ofcountermeasures, as well as thelegal frameworks andprospective procedures fordisarming or limiting offensive cyber capabilities (Liivoja & Väljataga, 2021). Additionally, thelegal frameworks governing intelligence actions incyberspace are investigated, along with thebounds ofacceptable espionage, therange oflegitimate state interests, andthepossible influence oninternational relations. This research argues that understanding oflegal implications anddifficulties ofcyber intelligence collection can be improved by this approach (Putman & Albright, 2018).
In addition, this research investigates how cybersecurity safeguards might aid inthesafety ofpopulations, vital infrastructure, andhumanitarian efforts intimes ofwar. By doing so, it sheds insight onthepossible roles andduties ofstates andnon-state actors inpreserving cyberspace during wars by investigating thelegal requirements ofstates andthepotential synergies between cybersecurity andinternational humanitarian law. Finally, theresearch looks into thedifficulties andlegal precedents ofasserting jurisdiction over illegal cyber actions. Examining thejurisdictional challenges that arise from cross-border cyber operations, data localisation, andtheextraterritorial implementation ofnational laws, this research finally examines thepossibilities forinternational legal collaboration (Andrew & Bernard, 2021). This research intends to further theestablishment oflegal frameworks andnorms governing countermeasures incyberwarfare by exploring these many andunder-researched areas ofinternational law aspiring to deal with thedifficulties andambiguities ofcyber threats andto further theknowledge ofthelegal consequences ofthis changing landscape (Knowles & Thomas, 2016).
Three significant research questions will be explored inthis research. Firstly, theauthor will investigate how thelegality andillegality ofcyberattacks are classified under international law andtreaties, andwill compare andcontrast how these classifications are used invarious jurisdictions andsettings. Secondly, existing legal frameworks andtechniques used by governments andinternational organizations to respond to andmitigate cyberattacks will be examined, andpotential limits oftheapproaches ofcyber countermeasures as well as self-defence strategies will be identified andexplored from aninternational law perspective. Thirdly, given thedynamic nature oftheglobal digital ecosystem, this research will seek to explore ways inwhich international law andinstitutions could be better leveraged or altered to meet thegrowing problem ofcyberattacks.
Furthermore, this research concerns unexplored questions relevant to thelegal consequences ofcyber countermeasures that are complex andmultidimensional, necessitating anall-encompassing research technique to answer them. To give athorough examination ofthetopic, this research will combine qualitative research methodologies with doctrinal approaches. Scholarly publications, books, legal texts, case law, andinternational legal instruments will all be reviewed as part ofthis research (Wren & Wren, 1986). Insight into thevarious cyber countermeasures’ legal frameworks, philosophies, andarguments will be gained from these sources. The legal implications ofcountermeasures, attribution difficulties, andparticular cases ofcyberattacks will all be examined through case studies. There will be anexamination ofhow various legal systems andinternational cooperation mechanisms deal with cyberattacks (Van Hoecke, 2011). To determine what works andwhat may be improved, this research will compare andcontrast key international treaties, agreements, andcooperative approaches taken so far. To clarify thelegal standards, norms, andprinciples controlling themany components ofcyber countermeasures, theauthor will perform adoctrinal study ofinternational legal instruments such as treaties, customary international law, andpertinent legal principles (Watkins & Burton, 2013).
To answer theresearch questions, this research will also need theinterpretation andapplication oflegal rules andprecedents. The focus ofthis research has been narrowed to thedifficulties andlegal implications ofdeveloping responses against cyberattacks. The author’s knowledge andexperience inthis continuously developing field are theprimary limitations ontheresearch (Tyler, 2017). Despite these limitations, it is expected that this research will make asignificant addition to theknowledge ofthelegal consequences anddifficulties ofcyber warfare countermeasures.
1. Challenges Relating to Legality or Illegality ofCyberattacks
1.1. Attribution Conundrum ofCyberattacks
Since cyberattacks frequently leave no evidence, attribution ofthese offences may be achallenging andtime-consuming operation (Tsagourias & Farrell, 2020). Attribution refers to thesteps used to identify acyberattack’s origin. According to Michael Schmitt (2013), cyberattack attribution is adifficult andcomplicated problem. Responsibility forcyberattacks cannot be determined by thelegal system. However, there are avariety oflegal frameworks andinnovative approaches that can help inattributing cyber attacks. Adopting these models andprocedures can help states deal with cyber threats more effectively. According to Michael Schmitt, it is difficult to establish liability intheevent ofa cyberattack due to theabsence ofa uniform legal framework. However, using innovative techniques andlegal frameworks can improve nations’ abilities to identify cyber assaults anddevelop effective countermeasures (Schmitt, 2013). This indicates that juridical instruments currently exist that can aid with attribution intheevent ofcyber emergencies. James A. Lewis argues that identifying theperpetrators ofa cyberattacks is acrucial first step inresponding to acatastrophic event incyberspace. Taking appropriate legal, diplomatic, or military response is difficult if theperpetrators cannot be identified. The anonymity oftheinternet andthedifficulties ofacquiring proof make it difficult to pin down who is behind cyberattacks. However, several options exist forimproving theattribution ofcyberattacks. States may strengthen their defences against cyber threats by employing these methods andresources (Lewis, 2018). This suggests that there are viable approaches to enhancing attribution processes, notwithstanding thedifficulties.
Similarly, Gabriella Blum (Wittes & Blum, 2016) highlights that cyberattack attribution is animportant topic ininternational law. It is challenging to hold nations accountable forconduct incyberspace without attribution. The principles ofstate responsibility, due diligence, andproportionality are only afew ofthelegal frameworks that might be used to theproblem ofattributing attacks via theinternet. However, these models are intricate andtricky to put into action. More definition andagreement are needed onthelegal principles forassigning blame forcyberattacks. Blum stresses thenecessity to make nations accountable fortheir acts incyberspace andtheimportance ofattribution forinternational law. Some ofthelegal principles she discusses that can be applied to attributing cyberattacks include state responsibility, due diligence, andproportionality (Wittes & Blum, 2016). The intricacy andreal-world challenges ofimplementing these systems are also acknowledged by Blum. She stresses theimportance ofbetter defining andagreeing upon thelegal norms that regulate attribution. Attributing acyberattack to aspecific attacker may not always be easy. Attribution has far-reaching legal implications. If one country can prove that another is responsible foracyberattack, it may be able to sue theoffending nation incourt. But it may be impossible forastate to take legal action intheevent ofa cyberattack if it cannot determine who was responsible forit (Ohlinetal., 2015).
There are other innovative methods that may be utilised to attribute cyberattacks inaddition to theexisting legal frameworks. Collecting andanalysing digital evidence left behind by cyberattacks is known as cyber forensics. This data can be utilised to pin down theperpetrators ofcyber operations. The attribution ofcyberattacks can be strengthened by international collaboration. The investigation into cyberattacks can be aided by states sharing information andresources. The attribution ofcyberattacks may be further strengthened through public-private collaborations. Cyberattack data from private entities can be shared with government agencies. Governments can utilise this data to better understand andattribute cyber threats (Klimburg, 2018). As cyberattack attribution is adifficult andconvoluted problem, domestic legal systems cannot be relied upon to assign responsibility forcyberattacks. Attributing cyber assaults, however, can be aided by anumber oflegal frameworks andcreative methods. States can better respond to cyber threats by adopting these frameworks andmethods.
1.2. Accountability Challenges ofNon-State Entities
Non-state entities evading responsibility forcyberattacks present substantial difficulties inthecontemporary international law framework. International law scholars acknowledge thedifficulties inprosecuting non-state actors forcyber assaults. However, within theframework ofinternational law, governments have anumber oflegal tools to respond to such attacks. State accountability, legal countermeasures, cyber operations with specific targets, andinternational cooperation are all viable solutions (Buchanan, 2017). To meet their international legal commitments, governments must give careful consideration to thelegality andproportionality oftheir actions.
According to Michael N. Schmitt (1999), cyber operations carried out by non-state actors are subject to thesame traditional rules ofinternational law as those carried out by states, such as theconcept ofstate accountability andtheavoidance ofintervention. Schmitt emphasises that conventional norms ofinternational law might still apply to non-state entities participating incyber assaults. A state can be held liable fortheactivities ofa non-state actor by invoking theprinciple ofstate responsibility. When non-state actors conduct cyber operations from one state against another, theban ofinvolvement may also apply. According to him, one ofthebiggest obstacles to holding non-state actors responsible fortheir acts is thelack ofa clear legal framework controlling theattribution ofcyberattacks to non-state actors. To guarantee that their actions are legitimate andsuccessful, states must collaborate to build ashared understanding ofthelegal standards regulating cyber operations (Schmitt, 1999). Michael Schmitt draws attention to thedifficulty andabsence ofa clear legal framework inattributing cyberattacks to non-state actors. The term attribution describes theprocedure ofpinpointing theorigin ofa cyberattack. It is difficult to hold non-state actors accountable fortheir conduct intheabsence ofa defined legal framework. Schmitt contends that governments must work together to establish uniform legal norms forcyber activities. States’ responses to cyber threats can be successful andcompliant with thelaw if they are based onashared understanding.
Tallinn Manual 2.0also suggests that legal solutions available to states fordealing with cyber activities carried out by non-state actors include diplomatic, economic, andlegal sanctions. According to theTallinn Manual 2.0, governments have awide range ofoptions forresponding to cyberattacks by non-state actors. These forms ofrepercussions might be either diplomatic or economic or even legal innature, according to thenature oftheoffence andthecircumstances. Similarly, according to Matthew C. Waxman, targeted cyber operations have been employed by states against non-state actors to impede their operations, weaken their capabilities, andmake them pay theprice fortheir hostility. Waxman encourages theuse oftargeted cyber operations by nations to stop theoperations andresources ofnon-state entities doing hostile action. Such actions can be used to dissuade future cyberattacks by imposing penalties ontheattackers (Waxman, 2011). However, international law should be used to evaluate thelegitimacy andproportionality ofsuch measures.
1.3. Cooperation Imperative inCyberterrorism
According to theU.N. General Assembly Resolution 71/256, states should work together to ensure that all efforts to prevent anddefeat thethreat ofcyberterrorism are lawful under all applicable international treaties. The resolution passed by theGeneral Assembly also highlights thesignificance ofgovernments working together to combat terrorism, particularly cyberterrorism, while adhering to their respective commitments under international law (Mačák, 2016). Therefore, while reacting to cyber assaults by non-state actors, nations should think about international legal frameworks. According to Gabriella Blum, inany endeavour to hold non-state actors responsible, thelack ofcollaboration from other nations is afundamental challenge that must be addressed. The effectiveness ofstate responses depends onstates working together to establish cooperative mechanisms. Gabriella Blum argues that attempts to hold non-state actors responsible forcyberattacks are hindered by alack ofcooperation from other nations. When dealing with cyber threats from non-state actors, cooperation among governments is essential forgathering andsharing information, exchanging knowledge, andcoordinating operations. Blum asserts that, inorder to effectively respond to cyber threats, nations need to establish structures forcollaboration (Lewisetal., 2019). Agreements to share data, conduct combined research, andcoordinate responses are all examples ofsuch systems. States’ ability to respond to non-state actors participating incyberattacks can be strengthened by encouraging collaboration. As discussed above, attributing cyberattacks to non-state actors is not governed by any clear international law framework. This ambiguity makes it more challenging forgovernments when holding non-state actors responsible fortheir acts. It might be challenging to track down andidentify non-state actors. Even if non-state actors have been effectively ascribed to anassault, this challenge might make it hard forstates to take measures against them.
For several reasons, including political concerns andfear ofretaliation, nations may be hesitant to collaborate with other states inexamining andpunishing non-state actors. The inability to work together can make it hard forgovernments to hold non-state actors responsible fortheir behaviour. Although difficult, nations can have legal recourse when reacting to cyber assaults from non-state actors. The issue with thenon-state actor or thestate that is suspected ofharbouring thenon-state actor can be resolved diplomatically by thestate involved (Mazanec, 2015). Economic sanctions can be imposed by states oneither thenon-state actor or thestate that is allegedly providing safe haven to thenon-state actor. When responding to cyber assaults by non-state actors, states have theoption to employ military action. However, this choice should be made only when all other options have been exhausted, as it might have serious repercussions, including anincrease inaggression.
1.4. Human Rights Concerns inCyberattacks
Human rights may also be adversely affected by cyberattacks. Cyberattacks may be used formany various purposes, including data collection without authorization, speech censorship, andsystem disruptions. Journalists, activists, andmembers ofmarginalised communities are especially susceptible to these effects. In thecontext ofcyber countermeasures, there are anumber oflegal mechanisms that control thetrade-off between national security objectives andhuman rights considerations (Kulesza & Balleste, 2015). The right to privacy andtheability to express oneself are just two ofthemany rights guaranteed by international human rights law. Even inthesake ofnational security, nations must uphold these freedoms. The law ofarmed conflict, often known as international humanitarian law, governs all armed conflicts. This law regulates theemployment ofphysical andvirtual weapons ofdestruction. Human rights may be afforded more protection at thenational level, or theapplication ofcyber countermeasures may be restricted under specific conditions. There are avariety ofmeasures states may take to guarantee that their cyber activities are inline with universal human rights principles. The right to privacy andthefreedom ofspeech are two human rights that states must uphold inthesetting ofcyber countermeasures.
Cyber countermeasures taken by states must be appropriate to theseverity ofthecyber threat. States may use any cyber countermeasures they see appropriate to accomplish this (Watt, 2021). When employing cyber countermeasures against any state or non-state actors, states must take every possible safety measure to ensure no civilians or civilian properties are harmed. Any damage caused by astate’s cyber actions must be paid for. UN Human Rights Council intheir Special Rapporteur onthePromotion andProtection oftheRight to Freedom ofOpinion andExpression expressed that human rights must be included inthedesign andimplementation ofcybersecurity policies andprocedures. It stresses theneed ofadhering to human rights standards while implementing cybersecurity measures andcountermeasures. The measures must be lawful, necessary, proportionate, andnon-discriminatory, andthey must not single out or discriminate against any particular persons or groups. In theCase ofDelfi AS v. Estonia, theECtHR has repeatedly affirmed that theright to freely disseminate anddiscuss any andall ideas, regardless ofhow well they are accepted or whether they are considered objectionable, is acornerstone ofa democratic society. The importance offree speech inademocratic society is underscored by this case (Wagneretal., 2019). It stresses that thescope ofthis freedom includes not just generally well-liked but also potentially contentious information andopinions. Therefore, even when dealing with controversial material, cyber defences should make sure this right is protected.
Also, article 19oftheICCPR states that everyone has theright to express themselves inany way they see fit, whether verbally, inwriting or print, inart, or through any other medium oftheir choosing; this includes thefreedom to seek for, receive, anddisseminate information andideas ofany type, across any andall borders. This legal provision emphasises theexpansive nature ofthis right, which encompasses thefreedom to access, consume, anddistribute information andideas inany media. The freedom ofexpression andinformation inthedigital sphere must be protected from infringement by governments. To ensure that cyber operations are conducted inaccordance with international human rights norms, aclear andcomprehensive legislative framework is required (Mihr, 2017). The accountability, monitoring, andjudicial review aspects ofthis system are essential. Before launching any kind ofcyber operation, states must first complete extensive human rights impact assessments. They have to analyse how any limits could affect rights like privacy andfreedom ofspeech, andmake sure they aren’t more severe than is absolutely required to achieve thelegitimate goals at hand. Safeguards fordue process, effective remedies forsuspected violations, andindependent andopen methods ofsupervision must be implemented. Without jeopardising legitimate security concerns, states should tell thepublic onthegoals, scope, andeffect ofcyber activities to foster openness andpublic accountability. They need to work together onaglobal scale to create guidelines forsafeguarding human rights online (Mihr, 2016). The creation ofall-encompassing norms andregulations is facilitated by working together with other governments, international organisations, andthegeneral public. States can find amiddle ground between human rights andnational security concerns by ensuring that their cyber activities are inline with international human rights norms.
2. Scopes andLimitations ofCountermeasures against Cyberattacks
2.1. Proportionality Calibration inCyber Operations
One ofthecornerstones ofinternational law is theconcept ofproportionality, which forbids theuse offorce that is disproportionate to theseverity ofthethreats. The same rule applies to cyber operations as it does to any other type ofmilitary combat. A countermeasure’s proportionality must be evaluated inlight ofthespecifics oftheattack it is designed to repel. A retaliatory tactic that causes more damage than thefirst assault is likely to be deemed disproportionate. The countermeasure ought to be exactly what is needed to stop thecyberattack. A disproportionate response is one that goes beyond what is required to stop theattack. The countermeasure should not backfire andgenerate more problems than it solves. If thenegative effects ofthecountermeasure are out ofproportion to thebenefits, then thecountermeasure is unfair. Applying theidea ofproportionality to cyber operations might be challenging due to theunique nature ofcyber activities (Dwanetal., 2022). For instance, cyber activities might have unforeseen consequences andvery hard to be traced. Cyber operations pose aunique set ofchallenges when it comes to determining theproportionality ofcountermeasures, which necessitates taking into account thespecific features ofcyberattacks andtheir consequences fortheconcept ofproportionality. Many scholars ofinternational law have shed light ontherelevance ofcurrent proportionality principles to cyber operations. According to Michael N. Schmitt, states must evaluate thepotential collateral damage to civilian objects andmeasure it against thepotential military advantage inorder to meet theproportionality standard. Schmitt stresses thenecessity to weigh themilitary advantage obtained from cyber operations against thepredicted harm to civilian objects. Cyber strikes fall under this concept ofproportionality, where governments should weigh thepossible military benefit against any collateral harm to civilian infrastructure like crucial systems or important services (Schmitt, 2012a).
According to theTallinn Manual 2.0ontheInternational Law Applicable to Cyber Operations, cyber operations that cause severe damage to essential infrastructure or casualties might be deemed anact ofwar. This suggests that while weighing thepotential outcomes ofsuch cyber operations, thecriterion ofproportionality must be employed. Damage to important infrastructure, loss oflife, or injuries to individuals are all indicators that acyber-operation has crossed theline into anact ofwar. Similarly, according to Marco Roscini (2014), aState Party to aConflict must not undertake acyberattack against acivilian object if thepredicted civilian damage or accidental injury would be disproportionate to theexpected military advantage, according to theprinciple ofproportionality. Roscini emphasises thesignificance oflimiting cyber assaults’ effects oninnocent people. When conducting acyberoperation, thepredicted harm to civilian objects or persons must not exceed theprojected military gain. This idea still holds water intherealm ofcyberwarfare (Roscini, 2014). Again, according to Christopher C. Joyner (2011), cyberwarfare must be governed by theconcept ofproportionality, which states that acombatant may not utilise force greater than thedanger posed by thearmed forces ofthestate being attacked. According to Joyner, theuse offorce incyberwarfare should be limited to what is both required andcommensurate to thedanger posed by themilitary capabilities ofthetargeted state. That means cyber operations shouldn’t do more damage than is absolutely essential to stop thecurrent threat.
Proportionality incyber operations is determined by evaluating theprojected military advantage against theanticipated harm to civilian objects, according to legal academics (Frowe, 2022). Cyberattacks are unlike any other type ofattack andmust be carefully considered within thecontext ofproportionality due to their potential to cause damage to key infrastructure or result incivilian harm. The propriety andlegality ofcyber operations inlight oftheprobable effects can be evaluated using thecurrent legal norms andprinciples relevant to proportionality inarmed engagements. States with far fewer resources than their targets are able to undertake cyberattacks. The attacker’s capabilities may be unknown or hard to predict, making it difficult to determine whether or not acountermeasure is proportionate. Complexity andunpredictability are two hallmarks ofcyber operations (Schmitt, 2011).
Due to thedifficulty inanticipating all ofthepotential outcomes, it can be challenging to determine whether or not acountermeasure is proportionate. It can be challenging to identify theorigin ofcyber assaults because they might be launched from anywhere. Because ofthis, it may be difficult to zero inontheright target foracountermeasure. Cyberattacks might be trickier to assess interms oftheir scope andseverity. Cyber assaults can inflict alot ofharm, but it can be hard to tell how much because oftheir anonymity andcomplexity. This might make it hard to judge if aresponse is appropriate given theseverity oftheattack. Cyber countermeasures may be more challenging to justify. With so many potential ways to respond to cyber threats, deciding whether or not to take protective action can be challenging. It is also challenging to determine thelikelihood that aresponse may be deemed excessive increases under certain circumstances. Cyber countermeasures may make it harder to foresee potential outcomes.
2.2. Obstacles ofGlobal Collaboration
There are avariety ofobstacles that prevent governments from working together to create legitimate cyber countermeasures. Cyber activities are not governed by any universally accepted set oflaws. This ambiguity might hinder state cooperation increating efficient countermeasures. Attributing cyberattacks to aspecific attacker is often challenging. Since nations may be unsure about whom to target intheevent ofa cyberattack, this challenge can complicate responses to such strikes (Friis & Ringsmose, 2016). There can be abroad variety ofintentional andunforeseen consequences from cyberattacks. But working together as nations to create legitimate andeffective cyber defences is essential. Both thedifficulties andthepotential solutions have been pointed out by legal experts. For example, according to Duncan Hollis (Hollis & Finnemore, 2016), theinterconnectedness ofcyberattacks andvulnerabilities necessitates international collaboration to solve theissue, since no one state can do so successfully onits own. Hollis highlights therealisation that no one state can adequately confront cyber dangers alone andtheunderlying interconnectivity incyberspace. This emphasises theneed forgovernments to work together to exchange knowledge, skills, andresources inorder to strengthen their cyber defences.
Again, according to Christopher S. Yoo, thecosts ofinformation gathering, coordination, andenforcement can be reduced, andthesuccess rate ofcybersecurity activities can be increased by thewidespread dissemination ofrelevant data onbehalf ofthestates. Yoo stresses theneed ofsharing knowledge inthefield ofcybersecurity. State-to-state information sharing procedures can improve cybersecurity while cutting expenses related with data collection andcoordination. More effective defences against cyberattacks may be achieved through theexchange ofthreat intelligence, best practises, andtechnical skills (Yoo & Blanchette, 2015). The United States International Strategy forCyberspace mandates that together with other countries, theUnited States will strengthen cyber standards based onrespect forhuman rights andendeavour to lessen thelikelihood ofconflict caused by thespread anduse ofinformation andcommunication technologies. It emphasises cooperative efforts across country boundaries to spread best practises incybersecurity andencourage accountable behaviour. By working together, nations may more easily create andexecute standards andguidelines that protect human rights while also making theinternet safer foreveryone.
Tallinn Manual 2.0also suggests thesame approach by stating that cyber defence agreements between states might lay out theprecise cooperation steps that can be taken to aid one another intheevent ofa cyberattack. When it comes to cyber countermeasures, theTallinn Manual 2.0also recommends bilateral agreements between nations. Such agreements can lay thegroundwork forsharing information andresources intheevent ofa cyber crisis or attack. Mutual trust is fostered andcyber security initiatives may be tackled more efficiently through bilateral agreements (Tsagourias, 2012). Furthermore, UN Group ofGovernmental Experts (GGE) onDevelopments intheField ofInformation andTelecommunications intheContext ofInternational Security recommends that to improve all nations’ abilities to avoid, investigate, respond to, andrecover from ICT-related incidents, governments must collaborate indesigning andimplementing capacity-building measures, including aid andcollaboration. To improve all governments’ abilities to respond to ICT-related incidents, theUN GGE stresses thenecessity ofcollaboration incapacity building, including aid andcooperation. Collaboration andcoordination among nations is greatly aided by international organisations like theUnited Nations (Henriksen, 2019).
Scholars oftheinternational law have noted thebenefits anddrawbacks ofinternational cooperation inthedevelopment oflegitimate andefficient defences against cyber threats. Cyberspace’s interconnectedness makes it imperative fornations to work together, share data, andincrease their collective preparedness. While multilateral institutions like theUnited Nations can help coordinate efforts andprovide assistance forthecreation ofstandards andcapacity-building programmes, bilateral agreements can define particular cooperation actions. Collectively, state governments may strengthen their cybersecurity capabilities andrespond to cyberattacks by using these tools. Despite thedifficulties, there are several openings forinternational cooperation onthecreation oflegitimate yet efficient cyber defences (Katagiri, 2021). It is possible forinternational organisations like theUnited Nations to facilitate cooperation between governments inorder to create efficient countermeasures. These groups can serve as ameeting place forcountries to collaborate onstrategies forcountering cyber threats. Effective countermeasure development can also benefit from bilateral agreements between governments. These pacts can serve as abasis forgovernments to coordinate their responses to cyber threats andshare information about them.
The Global Information Sharing andAnalysis Centre (GISAC) is another structure that can help encourage cooperation between governments inorder to create more effective responses (Faga, 2017). These tools can help nations coordinate their reactions to cyber threats andshare information about them. Significant obstacles exist forinternational cooperation inthedevelopment ofeffective andlegal defences against cyber threats. On theother hand, there are alot ofways inwhich people could work together. Cybersecurity is ashared responsibility, andgovernmental cooperation can lead to more robust measures ofdefence.
2.3. Legal Labyrinth ofAnticipatory Self Defence
Pre-emptive cyber operations by nations to prevent or deter impending cyber assaults are atopic ofcontinuous discussion, as are theconditions under which such operations can be legally conducted. Existing conventions andlegal frameworks concerning anticipatory self-defence are not always relevant inthecyberattacks, andthere is insufficient agreement onthis matter. The UN Charter, theICJ’s Nicaragua judgement, andcustomary international law are themost important rules andlegal frameworks pertaining to anticipatory self-defence (Dean, 2013). The use offorce against thesovereignty or territorial integrity ofa state is explicitly forbidden under theUnited Nations Charter. To counter this, Article51oftheUN Charter permits nations to use force inself-defence if they feel they are being attacked. The International Court ofJustice ruled inNicaragua Case that aperson has theright to use force inself-defence even if anassault has not yet happened. Nonetheless, theICJ emphasised that therisk ofattack had to be instant, overwhelming, andleaving no choice ofmeans, andno moment fordeliberation. The right to self-defence is also recognised under customary international law. Customary international law provides guidance inself-defense situations, although its content is not always crystal apparent. Some legal scholars maintain that nations must use every available diplomatic route to settle aconflict before resorting to force. However, there are many who argue that governments have theright to employ force inself-defence intheface ofan assault, even if diplomatic solutions to theconflict are still possible.
There is continuous discussion over whether or not current norms andlegal frameworks pertaining to anticipatory self-defence apply inthecyberattacks (Lucas, 2016). Experts are divided onwhether or not self-defence concepts can be applied to thecyber world, with some saying they can andothers saying they can’t because ofthespecial nature ofcyber assaults. The difficulty ofattributing attacks is amajor obstacle to self-defence strategies inthecyber world. In thereal world, identifying theperpetrator ofan assault is usually not too difficult. However, tracing theorigin ofan assault inthecyber realm can be tricky. This complicates theability ofnations to assess threats andexercise self-defence rights. Another issue inbringing traditional concepts ofself-defence into thecyberspace is determining how close anassault actually is. In thereal world, it’s usually easy to tell if anassault is going to happen soon. However, gauging theimminent threat ofan assault inthecyber sphere can be challenging. This complicates thequestion forgovernments ofwhether or not they have theright to exercise self-defence intheface ofan imminent threat (Levite & Perkovich, 2017).
Pre-emptive cyber operations, inwhich astate proactively takes action to stop or discourage anassault, are acontentious topic ofdiscussion among experts. Existing norms andlegal frameworks relating to anticipatory self-defence are not always obvious or appropriate inthecyber sphere, andthere is no clear consensus onthis topic. According to thejudgement ofNicaragua v. United States ofAmerica (1986), acase adjudicated by theInternational Court ofJustice (ICJ), intheevent ofan invasion or other armed attack, every sovereign state has theright to employ military action to defend its territory. It reaffirms theinherent right to self-defence. The ICJ ruled that theright to self-defence includes theability to take action intheface ofan immediate threat ofviolence (Travis, 2016). The ICJ also ruled that self-defence actions including theuse offorce have to be justified.
According to Michael Schmitt, to be justified inusing force inanticipatory self-defense, it must be necessary, proportional, andused inresponse to animminent, unlawful armed attack. He suggests that anticipatory self-defence is only justified incases when theuse offorce is necessary andappropriate, thethreat ofan armed assault is imminent, andthere are no legitimate alternatives to theuse offorce1. Similarly, Bruce Schneier asserts that states must avoid engaging inpre-emptive cyber operations as they are potentially devastating andunstable. It will be harder fornations to work together to address cyber security concerns if these tensions intensify. He foresees that pre-emptive cyber operations will lead to greater disputes andmake it harder fornations to work together to address cyber security threats (Schneier, 2013). Altogether these assertions by international law scholars highlights that pre-emptive cyber operations are controversial andthelaw is still being worked out on. The legislation is still developing, andthere is no unanimous agreement onthetopic. But theimminence ofthethreat, theneed oftheuse offorce, theproportionality oftheuse offorce, andthedifferentiation between combatants andcivilians are all criteria that legal academics have highlighted as crucial to thelegitimacy ofpre-emptive cyber operations.
The dangers andrewards ofconducting pre-emptive cyber operations must be weighed against these legal constraints. Pre-emptive cyber actions carry thedanger ofsparking awider war (Ossoff, 2021). They may backfire if they harm international ties andmake it harder forgovernments to work together oncyber security. Pre-emptive cyber operations are controversial, andthechoice to use them must be taken onacase-by-case basis. The legal, strategic, andpolitical implications ofsuch operations must be carefully considered by states before they are carried out.
3. Instrumentalising International Law andInstitutions to Address Cyberattacks
3.1. Confronting theLacuna inInternational Cybersecurity Norms
The existing state ofinternational organisations is unable to deal with thecomplexity andfluidity ofcyber threats. The United Nations Group ofGovernmental Experts (GGE) is another example ofit. The GGE’s efforts to build voluntary, normative frameworks are hampered by thefact that they are consensus-based, making them slower to evolve andsometimes leading to impasse as aresult ofcompeting national interests andgeopolitical conflicts. The inability ofexisting international law to judge andexecute penalties against governments that commit or assist cyberattacks is another serious problem. Because existing enforcement procedures are mostly based onconventional conceptions ofwar, there is avacuum ininstitutional protections forgovernments that conduct hostile cyber operations. This highlights theneed foranew International Convention to define illicit cyber actions more precisely andprovide efficient mechanisms foradjudication andenforcement. Due to theever-evolving nature oftechnology, anew International Convention is also required.
Current technological advancements are outstripping theability ofexisting international law andinstitutions to respond effectively. For instance, theemergence ofquantum computing andcyberattacks driven by artificial intelligence presents new issues that are not yet accounted forby existing frameworks. A Convention with aneye onthefuture can be ofassistance by being built with adaptability andflexibility from theground up, so that it can grow andchange intandem with technology development. Moreover, theidea ofglobal collaboration highlights theimportance ofa new International Convention (Gowetal., 2019). Cybersecurity is aninternational issue that calls forconcerted effort. Different national interests andalack ofconfidence have made it difficult forexisting international entities to create considerable global collaboration. Fostering collaboration, boosting trust, andguaranteeing collective cybersecurity can all be facilitated by aglobally agreed-upon framework provided by aninternational convention. It is encouraging that existing international bodies have tried to tackle theproblem ofcyberattacks. However, due to theever-changing nature ofcyber dangers andthelimitations ofexisting international legal andinstitutional frameworks, theresponse to these risks has been inadequate thus far. A new international convention aimed at countering cyber dangers has great promise. This framework has thepotential to be transparent, all-encompassing, andflexible inorder to facilitate international collaboration, define criminal actions, andestablish enforcement procedures.
A major step toward amore secure andsafe internet would be theadoption ofsuch aconvention. When it comes to settling disputes andinterpreting international law, theInternational Court ofJustice (ICJ) andother international judicial authorities have been at theforefront (Harrison Dinniss, 2012). However, there are several obstacles to their efficiency andcompatibility indealing with cyberattacks. The ICJ must have jurisdiction over amatter to rule onit, andthis is normally accomplished with thecooperation oftheparticipating governments. However, it is challenging to establish thepeople involved andacquire their agreement incyberattacks since their origins are often unknown andthey can be organized from various jurisdictions. In making their decisions, theICJ andother comparable tribunals frequently look to precedent andestablished principles ofinternational law. Since cyberwarfare is still inits infancy, few examples may serve as guides. Given thecomplexity andnovelty ofcyber warfare, it may be challenging forthecourt to apply existing legal rules (Bucci, 2018).
Cases heard by international courts might take years to resolve due to thecomplexity ofthelaw involved. However, cyberattacks happen at breakneck speed andrequire fast response andresolution. It is difficult forthese organizations to adequately resolve cyber conflicts due to amismatch between thepace ofjudicial proceedings andthefast expanding cyber scene. There is no agreement onhow sovereignty, non-intervention, andtheuse offorce under traditional international law are to be interpreted inthecontext ofcyber operations. In 2018, UK Attorney General Jeremy Wright gave alecture inwhich he argued that acountry’s cyber infrastructure should be considered part ofits sovereign territory2. Because ofthese discrepancies, international courts may issue decisions that are at odds with one another. The United Nations Charter, theGeneva Conventions, andafew other non-binding, normative rules form thebackbone ofinternational law’s determination ofwhat is andis not permissible. The problems ofattribution, non-physical injury, andgovernmental accountability incyberspace are not easily addressed by these laws because they were written foratime before theInternet. The ease with which cyberattacks may be routed across numerous countries makes, forinstance, tracking them back to astate actor challenging when they occur. The legal evaluation ofsuch operations is further complicated by thelack ofclarity onwhat constitutes an‘armed attack’ incyberspace.
Introducing clear definitions, standards, andnorms that are tailored to thedigital realm can be made possible by anew International Convention (Nissenbaum, 2015). Existing legal frameworks present major obstacles to enacting countermeasures against cyberattacks. It is debatable whether or not governments have theright to self-defence against cyberattacks under Article51oftheUnited Nations Charter. And unlike traditional combat, there is no consensus onwhether or not such actions are necessary or proportionate incyberspace (Cornish, 2021). Clearer standards forcountermeasures might be established with thecreation ofa new International Convention that incorporates concepts ofproportionality, need, anddifferentiation specific to cyberspace. The United Nations andother already-existing international organizations have taken some important steps incombating cybercrime. However, they are not always successful because ofthings like conflicting laws andjurisdictional issues. To properly deal with cyberattacks, international law andinstitutions must be instrumentalised. To do so, however, would need extensive changes to adapt to theever-changing nature ofcyber threats andcircumvent thechallenges presented by thedigital realm. The frequency andseverity ofcyberattacks can be mitigated by theadoption ofnew international conventions that define, standardize, andenforce countermeasures.
3.2. Need forTranslating Legal Standards to theCyberspace
Due to theunconventional nature ofcyber operations, it might be difficult to apply traditional legal standards like distinction, proportionality, andmilitary necessity incase ofcyberattacks andcyber countermeasures. For example, combatants andcivilians must be treated differently, andonly legitimate military targets should be attacked, according to theconcept ofdistinction. Because oftheanonymity andattribution issues inherent incyberspace, determining theorigin andtype ofan attack is amajor difficulty incyberwarfare. Distinction incyberspace has serious difficulties because to theoverlap between military andcivilian computer systems, networks, andinfrastructure. Again, according to theconcept ofproportionality, anattack can only be launched if theanticipated military benefit justifies therisk to people andcivilian infrastructure. Accurately assessing theprobable implications ofan attack andestimating thecollateral damage it may create is difficult inthecontext ofcyber warfare. A cyber operation’s unforeseen secondary implications andcascade impacts can be hard to foresee due to theinterrelated structure ofcomputer systems andnetworks. Moreover, to achieve legitimate military objectives, force may be used, however using excessive force is forbidden under theconcept ofmilitary necessity (Singer & Friedman, 2014). The definition ofa legitimate military aim incyberwarfare is problematic andcomplicated. In addition to conventional military targets, key infrastructure, economic systems, andinformation networks are common cyber operations. Since theimpacts ofcyber operations may reach well beyond traditional military objectives, determining when they become unnecessary is asignificant difficulty.
According to Michael Schmitt (2013), thesame distinction, proportionality, andmilitary necessity rules that apply to conventional conflict also apply to cyber warfare. He says that sides to afight must tell thedifference between civilians andcombatants andaim their strikes solely at theformer. Parties to aconflict are bound by theconcept ofproportionality to employ only thelevel offorce that is both necessary andproportional to their expected military advantage. The parties to awar are bound by theconcept ofmilitary necessity to employ no more force than is strictly required to accomplish anaim that can be justified by theuse offorce. Cyberwarfare may be viewed through thesame lens as conventional warfare, according to Michael Schmitt, who stresses theneed ofusing theconcepts ofdifference, proportionality, andmilitary necessity. He contends that intheevent ofa cyberattack, theparties involved should still identify fighters from civilians andfocus their attacks ontheformer. The principle ofproportionality dictates that only areasonable scale offorce should be employed to achieve aparticular military objective. According to theprinciple ofmilitary necessity, force should only be used when absolutely necessary to achieve alegitimate military objective. Schmitt argues that these guidelines can let nations engage incyber operations while remaining compliant with international norms (Schmitt, 2013).
Similarly, according to Professor Cordula Droege (2012), thepeculiarities ofcyber operations make it impossible to apply thetraditional criteria ofdistinction, proportionality, andmilitary necessity to cyber conflict. Cyber activities, he says, can have unforeseen implications andare sometimes hard to identify. According to Droege, nations must find novel approaches ofapplying thecriteria ofdifference, proportionality, andmilitary necessity to cyberwarfare. He argues that distinction, proportionality, andmilitary necessity might be difficult to apply to cyber operations due to their specific nature. Droege agrees that determining responsibility fortheeffects ofcyber operations may be challenging. Therefore, nations, inhis view, need to innovate inorder to adapt these ideas to cyber warfare (Droege, 2012). The complexity ofcyber operations necessitates novel approaches andconcepts. Furthermore, according to Russel Buchan (Buchan, 2012), they must be interpreted inaway that takes into account thespecial nature ofcyber operations. The impacts ofcyber operations can be both physical andnon-physical, he explains. According to Buchan, governments must exercise caution while conducting cyber operations so as not to contravene these values. Buchan suggests bringing distinction, proportionality, andmilitary necessity to cyber conflicts as ameans ofstriking afair balance. However, he does note that these notions need to be interpreted with thespecifics ofcyber operations inmind. Cyber operations may have several concrete andintangible implications, as Buchan acknowledges. Therefore, he warns against straying from thenorms ofcaution andresponsibility when conducting cyber operations (Buchan, 2012).
3.3. The Inadequacy ofTraditional Warfare Principles inCyberspace
One ofthebiggest problems with creating cyber warfare principles that are inline with traditional combat is attribution. Cyberattacks can be difficult to trace back to their source (Denardis, 2020). This is due to thefact that tracing theinitiation ofa cyberattack might be tricky insome cases. This makes it harder to hold governments responsible fortheir actions anddiscourage attacks before they happen. When adapting traditional methods ofconflict to thedigital domain, it might be difficult to rule out unintended consequences. Cyberattacks can have awide variety ofphysical andnon-physical effects. An assault onagovernment’s computer network, forinstance, may have theunintended consequence ofbringing down essential services like theelectricity grid or thewater supply. This complicates thetask ofensuring that cyber activities are reasonable andappropriate. Cyber operations are intricate andnot always easy to grasp (Winterfeld & Andress, 2013). Because ofthis, it is hard to apply theconcepts ofproportionality, differentiation, andmilitary necessity. It may be difficult to tell if acyber operation is aimed against amilitary target or acivilian population. Assessing thepossible physical andnon-physical implications ofa cyberattacks can be challenging as well.
There are anumber ofproblems that must be solved before thetraditional principles ofarmed conflict can be adapted to cyber warfare. Cyberwarfare is difficult to define precisely because ofthis. Because ofthis, it’s hard to establish universally accepted principles forconducting cyber warfare onaglobal scale. Cyber security lacks aworldwide regulatory framework. This hinders theability ofnations to work together to combat cyber threats (Whyte & Mazanec, 2018). The rate oftechnical development inthecyber sphere is really quick. This makes it challenging to adopt new laws andnorms to manage emerging cyber dangers inatimely manner. Despite theobstacles, efforts should be made to modify thenorms ofconventional combat to apply to cyber battle. Rules andconventions to control cyberwarfare are necessary due to theincreasing danger posed by it.
3.4. Complex Landscape beyond Sovereign Borders
The legal foundations defining jurisdiction over cyber actions are complicated anddeveloping, according to Michael Schmitt (2012). States have considerable leeway inselecting how they will exercise jurisdiction over cyber operations, andthere is no one international convention that tackles this issue directly, as he points out. Schmitt asserts that nations may be directed by avariety ofoverarching principles, such as theconcepts ofterritoriality, nationality, anduniversality (Schmitt, 2012b). A nation-state’s ability to regulate online behaviour inside its borders is grounded ontheidea ofterritoriality. This implies that even if thevictims ofa cybercrime are situated inanother country, theperpetrators can be brought to justice by thestate inwhich thecrime was committed (Schmitt, 2014). Nationality principle holds that acountry is liable forthecriminal acts ofits residents wherever inthewhole world, including when they are committed through theinternet. Therefore, regardless ofthelocation ofthevictims, astate can seek charges against its own nationals who commit cybercrimes. The concept ofuniversality states that any cybercrime that satisfies thedefinition ofa crime under international law can be prosecuted by any state, regardless ofwhere thecrime was done or by whom. It is possible to prosecute cybercriminals inastate even though they are not residents ofthat state if their conduct amount to crimes under international law andtheir victims are located inadifferent country (Shackelford, 2014).
But Thomas J. Holtetal. (2015) argues that there are major challenges inestablishing jurisdiction over conduct performed incyberspace. He points out thechallenges oftracing theorigin ofcyber actions andtheworldwide impact they might have. Holt highlights that, inorder fornations to exert authority over cyber activities, they need to innovate new forms ofcooperation. This is because it is sometimes difficult to determine theorigin ofa cyberattack when one is started. As aresult, it becomes more challenging to hold governments accountable fortheir conduct andto dissuade potential assaults. The possibility ofunforeseen effects is another difficulty inestablishing jurisdiction over cyber activity. The impacts ofcyber assaults, both physical andotherwise, can be rather diverse. An assault onagovernment’s computer network, forinstance, may have theunintended consequence ofbringing down essential services like theelectricity grid or thewater supply (Shackelford, 2012). This complicates thetask ofensuring that cyber activities are reasonable andappropriate. As theusage ofcyber activities grows, thedifficulties inestablishing andenforcing jurisdiction over them are only going to increase, according to Peter M. Shane (Shane & Hunker, 2013). According to him, states need to get creative inorder to deal with thedifficulties ofenforcing their authority over online activity. It is expected that thedifficulties ofexercising jurisdiction over cyber operations would increase as cyber technology develops further. To meet these difficulties, states will need to innovate new forms ofcooperation andcoordination (Shane & Hunker, 2013). They’ll also have to write up some brand-new rules forcontrolling online behaviour.
Jurisdictional problems over cyber operations are complicated andconstantly developing. Since cyber activities are not addressed by asingle international convention, individual governments have considerable leeway inestablishing thescope oftheir own jurisdiction. However, there are anumber ofbroad principles that may be used to govern thebehaviour ofnations. These concepts include territoriality, nationality, anduniversality. There are substantial difficulties inenforcing jurisdiction over cyber activity (Roscini, 2010). The perpetrators ofcyberattacks are not always obvious, andtheir effects can be felt all around theworld. The successful exercise ofjurisdiction over cyber activities requires new forms ofcooperation between states. As theusage ofcyber activities increases, thedifficulties inexercising jurisdiction over them are likely to persist. The difficulties ofasserting state authority over online activity require states to take proactive measures. Cyber security lacks aworldwide regulatory framework. This hinders theability ofnations to work together to combat cyber threats. The rate oftechnical development inthecyber sphere is really quick (Gheciu & Wohlforth, 2018). This makes it challenging to adopt new laws andnorms to manage emerging cyber dangers inatimely manner. Cyber security challenges are not being addressed with enough international collaboration. This complicates efforts to create andimplement global standards forcyber behaviour.
Conclusion
The legal consequences anddifficulties ofcyberattacks andcyber countermeasures have been investigated inthis research. It has been highlighted how difficult it is to pinpoint theorigin ofcyberattacks andhow crucial it is to take proportionality into account when formulating cyber countermeasures. The research has also discussed theeffect ofcyber countermeasures onhuman rights, thelegal consequences ofcountermeasures against non-state actors, andthelegal foundations forinternational cooperation. In addition, it has examined thelegal parameters forpre-emptive cyber operations, thelevel ofstate accountability, thedifficulties ofdefining andverifying cyber weapons, theregulatory structures forintelligence operations, thefunction ofcybersecurity measures insafeguarding civilians andcritical infrastructure, thedifficulties ofestablishing jurisdiction over cyber activities, andtherelationship between cybersecurity andtheright to development. By incorporating these less explored issues ofinternational law framework, theresearch hopes to contribute to theformation oflegal frameworks andnorms controlling countermeasures incyber warfare, therefore promoting inclusive andsustainable growth while maintaining thepreservation ofindividual rights andinternational cybersecurity. As theglobe becomes more linked, cyber-related risks remain apressing concern that makes national borders ineffective andchallenges thelimits ofcurrent international legal systems. The ‘grey zone’ ofundefined legal principles that characterises thedigital realm makes it difficult to determine whether or not cyberattacks are actually criminal. The lack ofconsensus onagenerally enforceable definition ofcyberattacks andonhow conventional principles ofinternational law apply to these modern difficulties is asignificant lacuna inthelegal system. An entirely separate International Convention is required to address theintricacies ofthecyberspace. Existing frameworks have their limits andjurisdictional issues that aConvention similar to this may help clear up. The work is challenging, but it is necessary to maintain global stability inanera when wars are just as likely to be fought online as they are ontheground. International bodies have tried to tackle theproblem ofcyberattacks. However, aproper response has been elusive due to theever-changing nature ofcyber threats andthelimitations ofexisting international law andinstitutional frameworks. There is hope inanew international convention that aims to deal with cyber dangers. This framework has thepotential to be transparent, all-encompassing, andflexible inorder to facilitate international collaboration, define criminal actions, andestablish enforcement procedures. Such aConvention would be ahuge step forward inmaking theinternet amore secure andsafe place. Therefore, it is essential to re-evaluate andadapt thecurrent legal infrastructure, or to investigate thepossibility ofestablishing aspecific international agency, that can effectively respond to thepeculiarities ofcyber warfare.
1. Schmitt, M. (2022, 24May). The United Kingdom onInternational Law inCyberspace. EJIL: Talk! https://clck.ru/3F3MMo
2. Schmitt, M. (2022, 24May). The United Kingdom onInternational Law inCyberspace. EJIL: Talk! https://clck.ru/3F3MMo
References
1. Andrew, J., & Bernard, F. (Eds.) (2021). Human Rights Responsibilities in the Digital Age: States, Companies, and Individuals. Oxford: Hart Publishing. https://doi.org/10.5040/9781509938865
2. Bucci, S. (2018). Strategic Cyber Deterrence: The Active Cyber Defense Option by Scott Jasper. Rowman & Littlefield, 2017, 255 pp. Strategic Studies Quarterly, 12(2), 134–135.
3. Buchan, R. (2012). Cyber Attacks: Unlawful Uses of Force or Prohibited Interventions? Journal of Conflict and Security Law, 17(2), 212–227. https://doi.org/10.1093/jcsl/krs014
4. Buchanan, B. (2017). The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations. Oxford Academic. A
5. Cornish, P. (Ed.) (2021). The Oxford Handbook of Cyber Security. Oxford University Press. https://doi.org/10.1093/oxfordhb/9780198800682.001.0001
6. Dean, S. E. (2013). Cyber Defense: securing military systems and critical civilian infrastructure from an electronic. HRISQ, XIII(3), 911.
7. Denardis, L. (2020). The Internet in Everything: Freedom and Security in a World with No off Switch. Yale University Press. https://doi.org/10.2307/j.ctvt1sgc0
8. Droege, C. (2012). Get off My Cloud: Cyber Warfare, International Humanitarian Law, and the Protection of Civilians. International Review of the Red Cross, 94(886), 533–578. https://doi.org/10.1017/s1816383113000246
9. Dwan, J. H., Paige, T. P., & McLaughlin, R. (2022). Pirates of the Cyber Seas: Are State-Sponsored Hackers Modern-Day Privateers? Law, Technology and Humans, 3, 52. https://doi.org/10.5204/lthj.1583
10. Etzioni, A., & Rice, C. J. (2015). Privacy in a Cyber Age. Springer. https://doi.org/10.1057/9781137513960
11. Faga, H. P. (2017). The Implications of Transnational Cyber Threats in International Humanitarian Law: Analysing the Distinction between Cybercrime, Cyber Attack, and Cyber Warfare in the 21st Century. Baltic Journal of Law & Politics, 10, 27. https://doi.org/10.1515/bjlp-2017-0001
12. Friis, K., & Ringsmose, J. (Eds.) (2016). Conflict in Cyber Space: Theoretical, Strategic and Legal Pespectives. Routledge & CRC Press. https://doi.org/10.4324/9781315669878
13. Frowe, H. (2022). The Ethics of War and Peace: An Introduction. Routledge/Taylor & Francis Group. https://doi.org/10.4324/9781003275466
14. Gheciu, A., & Wohlforth, W. C. (2018). The Oxford Handbook of International Security. Oxford University Press. https://doi.org/10.1093/oxfordhb/9780198777854.001.0001
15. Gow, J., Dijxhoorn, E., Clare Kerr, R., & Verdirame, G. (Eds.) (2019). Routledge Handbook of War, Law and Technology. Routledge Taylor & Francis Group. https://doi.org/10.4324/9781315111759
16. Harrison Dinniss, H. (2012). Cyber Warfare and the Laws of War. Cambridge University Press. https://doi.org/10.1017/cbo9780511894527
17. Henriksen, A. (2019). The End of the Road for the UN GGE Process: The Future Regulation of Cyberspace. Journal of Cybersecurity, 5(1), 3. https://doi.org/10.1093/cybsec/tyy009
18. Hollis, D. B., & Finnemore, M. (2016). Constructing Norms for Global Cybersecurity. American Journal of International Law, 110(3), 425–479. https://doi.org/10.1017/s0002930000016894
19. Holt, T., Bossler, A., & Seigfried-Spellar, K. (2015). Cybercrime and Digital Forensics: An Introduction. Routledge. https://doi.org/10.4324/9781315777870
20. Joyner, C. C. (2011). United States foreign policy interests in the Antarctic. The Polar Journal, 1(1), 17–35. https://doi.org/10.1080/2154896x.2011.569384
21. Katagiri, N. (2021). Why International Law and Norms Do Little in Preventing Non-State Cyber Attacks. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab009
22. Klimburg, A. (2018). The Darkening Web: The War for Cyberspace. Penguin Books.
23. Knowles, J., & Thomas, P. A. (2016). Effective Legal Research. Sweet & Maxwell.
24. Kulesza, J., & Balleste, R. (2015). Cybersecurity and Human Rights in the Age of Cyberveillance.
25. Rowman & Littlefield. Levite, A., & Perkovich, G. (2017). Understanding cyber conflict. Georgetown University Press. https://doi.org/10.1353/book62546
26. Lewis, D. A., Modirzadeh, N. K., & Blum, G. (2019). Quantum of Silence: Inaction and Jus Ad Bellum. Harvard Law School Program on International Law and Armed Conflict. https://doi.org/10.54813/azzk2231
27. Lewis, J. A. (2018). Rethinking Cybersecurity: Strategy, Mass Effect, and States. Center for Strategic & International Studies; Rowman & Littlefield.
28. Liivoja, R., & Väljataga, A. (Eds.) (2021). Autonomous Cyber Capabilities under International Law. NATO Cooperative Cyber Defence Centre Of Excellence 2021.
29. Lucas, G. (2016). Ethics and Cyber Warfare: The Quest for Responsible Security in the Age of Digital Warfare. Oxford University Press. https://doi.org/10.1093/acprof:oso/9780190276522.001.0001
30. Mačák, K. (2016). Decoding Article 8 of the International Law Commission’s Articles on State Responsibility: Attribution of Cyber Operations by Non-State Actors. Journal of Conflict and Security Law, 21(3), 405–428. https://doi.org/10.1093/jcsl/krw014
31. Mazanec, B. M. (2015). The Evolution of Cyber War: International Norms for Emerging-Technology Weapons. University of Nebraska Press. https://doi.org/10.2307/j.ctt1d989jr
32. Mihr, A. (2017). Cyber Justice : Human Rights and Good Governance for the Internet. Springer.
33. Mihr, A. (2016). Cyber justice: cyber governance through human rights and a rule of law in the Internet. US-China Law Review, 13(4). https://doi.org/10.17265/1548-6605/2016.04.002
34. Nissenbaum, D. (2015). A Street Divided : Stories from Jerusalem’s Alley of God. St Martin’s Press.
35. Ohlin, J. D., Govern, K., & Finkelstein, C. (Eds.) (2015). Cyber War: Law and Ethics for Virtual Conflicts. Oxford University Press.
36. Ossoff, W. (2021). Hacking the Domaine Réservé: The Rule of Non-Intervention and Political Interference in Cyberspace. Harvard International Law Journal, 62(1), 298.
37. Putman, W. H., & Albright, J. R. (2018). Legal Research, Analysis, and Writing. Cengage Learning.
38. Roscini, M. (2010). World Wide Warfare – Jus Ad Bellum and the Use of Cyber Force. Max Planck Yearbook of United Nations Law Online, 14(1), 85–130 https://doi.org/10.1163/18757413-90000050
39. Roscini, M. (2014). Cyber Operations and the Use of Force in International Law. Oxford University Press.
40. Schmitt, M. (2011). Cyber Operations and the Jus Ad Bellum Revisited. Villanova Law Review, 56, 569.
41. Schmitt, M. (2012). International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed. Harvard International Law Journal, 54, 13–37.
42. Schmitt, M. N. (1999). Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework. Columbia Journal of Transnational Law, 37, 1998–1999.
43. Schmitt, M. N. (2012). “Attack” as a Term of Art in International Law: The Cyber Operations Context. In 4th International Conference on Cyber Conflict (CYCON 2012), Tallinn, Estonia (pp. 1–11).
44. Schmitt, M. N. (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge University Press. https://doi.org/10.1017/CBO9781139169288
45. Schmitt, M. N. (2014). Below the Threshold’ Cyber Operations: The Countermeasures Response Option and International Law. Virginia Journal of International Law, 54, 698.
46. Schneier, B. (2013). Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Springer.
47. Shackelford, S. J. (2012). Toward Cyber Peace: Managing Cyber Attacks through Polycentric Governance. American University Law Review. https://doi.org/10.2139/ssrn.2132526
48. Shackelford, S. J. (2014). Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. Cambridge University Press. https://doi.org/10.1017/cbo9781139021838
49. Shane, P. M., & Hunker, J. A. (Eds.) (2013). Cybersecurity : Shared Risks, Shared Responsibilities. Carolina Academic Press.
50. Singer, P. W., & Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know®. Oxford University Press. https://doi.org/10.1093/wentk/9780199918096.001.0001
51. Travis, P. (2016). We’re Going to Nicaragua: The United States, Nicaragua, and Counterterrorism in Central America during the 1980s. Journal of Terrorism Research, 7, 38. https://doi.org/10.15664/jtr.1217
52. Tsagourias, N. (2012). The Tallinn Manual on the International Law Applicable to Cyber Warfare: A Commentary on Chapter II — the Use of Force. In Yearbook of International Humanitarian Law (Vol. 15, pp. 19–43). https://doi.org/10.1007/978-90-6704-924-5_2
53. Tsagourias, N., & Farrell, M. (2020). Cyber Attribution: Technical and Legal Approaches and Challenges. European Journal of International Law, 31(3), 941–967. https://doi.org/10.1093/ejil/chaa057
54. Tyler, T. R. (2017). Methodology in Legal Research. Utrecht Law Review, 13(3), 130–141. https://doi.org/10.18352/ulr.410
55. Van Hoecke, M. (2011). Methodologies of Legal Research. Bloomsbury Publishing.
56. Wagner, B., Kettemann, M. C., & Vieth, K. (2019). Research Handbook on Human Rights and Digital Technology: Global Politics, Law and International Relations. Edward Elgar Publishing. https://doi.org/10.4337/9781785367724
57. Watkins, D., & Burton, M. (2013). Research Methods in Law. Routledge. https://doi.org/10.4324/9780203489352
58. Watt, E. (2021). State Sponsored Cyber Surveillance: The Right to Privacy of Communications and International Law. Elgar. https://doi.org/10.4337/9781789900101
59. Waxman, M. (2011). Cyber-Attacks as “Force” under UN Charter Article 2(4). International Law Studies, 43.
60. Whyte, C., & Mazanec, B. (2018). Understanding Cyber-Warfare: Politics, Policy and Strategy. Routledge. https://doi.org/10.4324/9781315636504
61. Winterfeld, S., & Andress, J. (2013). The Basics of Cyber Warfare: Understanding the Fundamentals of Cyber Warfare in Theory and Practice. Elsevier.
62. Wittes, B., & Blum, G. (2016). The Future of Violence – Robots and Germs, Hackers and Drones. Basic Books.
63. Wren, C. G., & Wren, J. R. (1986). The Legal Research Manual: A Game Plan for Legal Research and Analysis (2nd ed.). A-R Editions.
64. Yoo, C. S., & Blanchette, J.-F. (2015). Regulating the Cloud. MIT Press. https://doi.org/10.7551/mitpress/9780262029407.001.0001
