Published Papers by Przemysław Roguski
AJIL Unbound, 2020
Two of the most pressing questions concerning international peace and security today are how to a... more Two of the most pressing questions concerning international peace and security today are how to avoid an escalation of conflicts in cyberspace and how to ensure responsible behavior and accountability of states in their use of information and communication technologies. With more than thirty states now possessing offensive cyber capabilities and cybersecurity incidents such as Stuxnet, WannaCry, and NotPetya causing significant physical effects or financial damage, there is a clear need to find a better way to manage security risks connected with the use of increasingly sophisticated cyber means by states. At present, this issue is on the agenda of two United Nations groups and is mainly addressed through a "framework for responsible behavior of states" consisting of international law, voluntary and non-binding norms, and confidence-building measures for states' use of information and communication technologies. What the current discussions do not address, however, is whether the security risks could also be regulated through an arms control and inspection regime for cyber weapons. While such a regime has been proposed by scholars, states remain skeptical or even actively opposed to efforts to impose traditional arms control measures on offensive cyber capabilities. This essay examines why a cyber weapons inspection regime is so difficult to devise. It argues that due to their nature and mode of functioning, cyber weapons significantly differ from traditional nuclear, chemical, or biological weapons, such that mechanisms established by traditional arms control treaties either will not work or will not be agreed to by states. Instead, new regulatory approaches are necessary.
12th International Conference on Cyber Conflict. 20/20 Vision: The Next Decade., 2020
This paper analyses whether international law permits collective
countermeasures against states r... more This paper analyses whether international law permits collective
countermeasures against states responsible for cyberattacks. In her opening address at CyCon 2019, Estonia’s President Kersti Kaljulaid presented Estonia’s view that ‘States which are not directly injured may apply countermeasures to support the state directly affected by the malicious cyber operation’. This view was rejected by France in its declaration of 9 September 2019 on how international law applies to cyber operations. Discussing the International Law Commission’s treatment of the legality of third-party countermeasures in its Articles on State Responsibility, the paper finds that the question was ultimately left open, given the unsettled status of customary law at that time. However, the Articles are formulated in such a way as to allow the application of lawful measures by not directly injured States, thus leaving room for developments in international law. Based on recent scholarship and examples of State practice, the paper finds that international law has indeed evolved since 2001 to permit collective countermeasures, but only insofar as third-party countermeasures against violations of collective obligations are concerned. In consequence, collective action
by non-injured States against cyberattacks violating the sovereignty of a State or constituting an intervention in its internal affairs are not permitted under international law as it stands today. Lastly, the paper discusses whether international law may recognise cyber-specific collective obligations and finds that the obligation to protect the ‘public core of the internet’ may be a good candidate for such a norm.
Just Security, 2019
This article analyses France's position on the applicability of International Humanitarian Law to... more This article analyses France's position on the applicability of International Humanitarian Law to Cyber Operations, as published in the document "Application of International Law to Cyber Operations".
2019 11th International Conference on Cyber Conflict (CyCon), 2019
The question of how to define sovereignty in cyberspace is currently one of the most contentious ... more The question of how to define sovereignty in cyberspace is currently one of the most contentious issues in international law. The traditional understanding of sovereignty is based on the assumption of exclusive control over geographically defined territory. However, the global accessibility of computer networks eliminates distance and geography as limiting factors for the exercise of power by States (and non-State actors). This creates a security dilemma: while modern ICTs allow adversaries to challenge States' exclusive authority over 'their' cyberspace, traditional notions of sovereignty appear to limit the States' ability to actively respond to these challenges in foreign networks. In this paper I argue for a 'layered' understanding of sovereignty in cyberspace. Recent international practice, including national legislation and court decisions relating to jurisdiction over transboundary activities, shows that while States stress the exclusive nature of authority and jurisdiction over the physical layer of cyberspace, the logical and social layers are open to transboundary assertions of jurisdiction. Applying these findings to the general concept of sovereignty in cyberspace, I argue that while the physical layer is covered by State sovereignty by virtue of the principle of territoriality, the logical and social layers of cyberspace may be open to the exercise of State authority based on a criterion of proximity, i.e. whenever the State can establish a genuine link with the digital objects or online personae over which authority is to be asserted.
The Hague Program for Cyber Norms Policy Brief, 2020
This policy brief offers a comparative analysis of the positions of seven States on how internati... more This policy brief offers a comparative analysis of the positions of seven States on how international law applies to cyber operations. The scope of analysis is limited to peacetime cyber operations; questions regarding the applicability of International Humanitarian Law in cyberspace are not
covered. The policy brief analyses States’ views with regard to the legal qualification of cyber operations, their attribution and the response options which States have under international law.
Online Articles by Przemysław Roguski
Papers by Przemysław Roguski
Kraków : Pałac Sztuki Towarzystwa Przyjaciół Sztuk Pięknych, 2015
Uploads
Published Papers by Przemysław Roguski
countermeasures against states responsible for cyberattacks. In her opening address at CyCon 2019, Estonia’s President Kersti Kaljulaid presented Estonia’s view that ‘States which are not directly injured may apply countermeasures to support the state directly affected by the malicious cyber operation’. This view was rejected by France in its declaration of 9 September 2019 on how international law applies to cyber operations. Discussing the International Law Commission’s treatment of the legality of third-party countermeasures in its Articles on State Responsibility, the paper finds that the question was ultimately left open, given the unsettled status of customary law at that time. However, the Articles are formulated in such a way as to allow the application of lawful measures by not directly injured States, thus leaving room for developments in international law. Based on recent scholarship and examples of State practice, the paper finds that international law has indeed evolved since 2001 to permit collective countermeasures, but only insofar as third-party countermeasures against violations of collective obligations are concerned. In consequence, collective action
by non-injured States against cyberattacks violating the sovereignty of a State or constituting an intervention in its internal affairs are not permitted under international law as it stands today. Lastly, the paper discusses whether international law may recognise cyber-specific collective obligations and finds that the obligation to protect the ‘public core of the internet’ may be a good candidate for such a norm.
covered. The policy brief analyses States’ views with regard to the legal qualification of cyber operations, their attribution and the response options which States have under international law.
Online Articles by Przemysław Roguski
Papers by Przemysław Roguski
countermeasures against states responsible for cyberattacks. In her opening address at CyCon 2019, Estonia’s President Kersti Kaljulaid presented Estonia’s view that ‘States which are not directly injured may apply countermeasures to support the state directly affected by the malicious cyber operation’. This view was rejected by France in its declaration of 9 September 2019 on how international law applies to cyber operations. Discussing the International Law Commission’s treatment of the legality of third-party countermeasures in its Articles on State Responsibility, the paper finds that the question was ultimately left open, given the unsettled status of customary law at that time. However, the Articles are formulated in such a way as to allow the application of lawful measures by not directly injured States, thus leaving room for developments in international law. Based on recent scholarship and examples of State practice, the paper finds that international law has indeed evolved since 2001 to permit collective countermeasures, but only insofar as third-party countermeasures against violations of collective obligations are concerned. In consequence, collective action
by non-injured States against cyberattacks violating the sovereignty of a State or constituting an intervention in its internal affairs are not permitted under international law as it stands today. Lastly, the paper discusses whether international law may recognise cyber-specific collective obligations and finds that the obligation to protect the ‘public core of the internet’ may be a good candidate for such a norm.
covered. The policy brief analyses States’ views with regard to the legal qualification of cyber operations, their attribution and the response options which States have under international law.