Self-Defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions
Source: Council on Foreign Relations
“When does a cyber attack (or threat of cyber attack) give rise to a right of self-defense—including armed self-defense—and when should it? By “cyber attack” I mean the use of malicious computer code or electronic signals to alter, disrupt, degrade or destroy computer systems or networks or the information or programs on them. It is widely believed that sophisticated cyber attacks could cause massive harm—whether to military capabilities, economic and financial systems, or social functioning—because of modern reliance on system interconnectivity, though it is highly contested how vulnerable the United States and its allies are to such attacks.
This article examines these questions through three lenses: (1) a legal perspective, to examine the range of reasonable interpretations of self-defense rights as applied to cyber attacks, and the relative merits of interpretations within that range; (2) a strategic perspective, to link a purported right of armed self-defense to long-term policy interests including security and stability; and (3) a political perspective, to consider the situational context in which government decisionmakers will face these issues and predictive judgments about the reactions to cyber crises of influential actors in the international system.”