Regulating States Cyber-Behaviour: Obstacles for a Consensus

Several indicators point to a crisis at the heart of the emerging area of international cyber security law. First, proposals of internationally binding treaties by the leading stakeholders, including China and Russia, have been met with little enthusiasm by other states, and are generally seen as having limited prospects of success. Second, states are extremely reluctant to commit themselves to specific interpretations of controversial legal questions and thus to express their cyber opinio juris. Third, instead of interpreting or developing rules, state representatives seek refuge in the more ambiguous term 'norms'. This article argues that the reluctance of states to engage themselves in international law-making has generated a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by the rapid technological development. In response, several non-state-driven norm-making initiatives have sought to fill the void, including Microsoft's cyber norms proposals and the Tallinn Manual project. The article then contends that this emerging body of non-binding norms presents states with a critical window of opportunity to reclaim a central law-making position, similarly to historical precedents including the development of legal regimes for Antarctica and nuclear safety. Whether the supposed crisis will lead to the demise of interstate cyberspace governance or to a recalibration of legal approaches will thus be decided in the near future. States should assume a central role if they want to ensure that the existing power vacuum is not exploited in a way that would upset their ability to achieve their strategic and political goals.

International Cybersecurity Law Review, 2021

This is a review of two monographs on cyber operations and international law. Published in 2020, both books discuss state-sponsored cyber operations, legal frameworks with which they could be assessed, as well as legal tools to evaluate the reactions of targeted states. Regarding low-intensity cybersecurity incidents, the two books set up frames of reference very differently. Henning Lahmann's Unilateral Remedies to Cyber Operations almost exclusively focuses on the principle of nonintervention and sets it up narrowly. François Delerue's Cyber Operations and International Law proposes applying the same principle under less strict requirements, and also proposes using territorial sovereignty as an independent assessment tool. While the two books go on to examine more or less the same set of legal tools regarding the reactions of targeted states, because of the initial difference, they offer significantly different views on these tools. Nevertheless, the combined reading of the reviewed books confirms the current state of the debate on cyber operations and international law: despite the general acceptance that international law applies to cyber operations, shared understanding to make the law operational is still lacking.

Journal of internet technology and secured transactions, 2012

The proliferation of cybercrime necessitates all internetconnected states to be involved in cybercrime regulation, not only on a national and/or transnational level but also on a global level. Although it has been stated that the internet per se and cyberspace in general are by its very nature ungovernable, most nation-states have implemented national and in some instances transnational laws to regulate the internet and cyberspace for law enforcement and national security purposes. The effectiveness of such regulation in cross-border crime commission has brought about many unsolved problems which necessitate a debate on the way forward in addressing cybercrime regulation on a global level. As illustrated in the discussion, cyberspace may very well become ungovernable if a "super-power" nation-state or a cluster of nation-states take a unilateral decision regarding which conduct constitutes permissible online conduct and subsequently try to superimpose these laws on other nation-states. It is suggested that under the auspices of the United Nations and within an international law context the following issues should be addressed: conceptualizing the term "cybercrime" in establishing for example whether it includes a cyber-attack, determining which online conduct is permissible to ensure peace and security and initiating negotiations towards a cybercrime treaty. Addressing the latter issues will constitute a starting point in the way forward in ensuring cybercrime regulation on a global level.

The International Library of Ethics, Law and Technology, 2020

Cyberspace has witnessed a 'militarisation' as a growing number of states engage in a variety of cyber operations directed against foreign entities. The rate of this militarisation has outstripped the diplomatic efforts undertaken to provide this unique environment with some 'rules of the road'. The primary mechanism for discussing possible norms of responsible state behaviour has been a series of UN Groups of Governmental Experts, which have produced three consensus reports over the last decade. The 2015 report recommended a series of principles and confidence-building measures to prevent conf1lict, but prospects for its implementation have receded as differences amongst states persist over how security concepts should be applied to cyberspace. Renewed efforts to promote responsible state behaviour will require greater engagement on the part of the private sector and civil society, both of which have a huge stake in sustaining cyber peace.

2014

State-level intrusion in the cyberspace of another country seriously threatens a state's peace and security. Consequently many types of cyberspace intrusion are being referred to as cyber war with scant regard to the legal position under international law. This is but one of the challenges facing state-level cyber intrusion. The current rules of international law prohibit certain types of intrusion. However, international law does not define which intrusion fall within the prohibited category of intrusion nor when the threshold of intrusion is surpassed. International lawyers have to determine the type of intrusion and threshold on a case-by-case basis. The Tallinn Manual may serve as guideline in this assessment, but determination of the type of intrusion and attribution to a specific state is not easily established. The current rules of international law do not prohibit all intrusion which on statelevel may be highly invasive and destructive. Unrestrained cyber intrusion may result in cyberspace becoming a battle space in which state(s) with strong cyber abilities dominate cyberspace resulting in resentment and fear among other states. The latter may be prevented on an international level by involving all states on an equal and transparent manner in cyberspace governance.

The Hague Program for Cyber Norms Policy Brief, 2020

This policy brief offers a comparative analysis of the positions of seven States on how international law applies to cyber operations. The scope of analysis is limited to peacetime cyber operations; questions regarding the applicability of International Humanitarian Law in cyberspace are not covered. The policy brief analyses States’ views with regard to the legal qualification of cyber operations, their attribution and the response options which States have under international law.

International Workshop at Dokuz Eylul University (Izmir, Turkey), 2020

Malicious or hostile cyber operations in interstate relations are increasingly common and are widely recognized as (un)conventional security threats. Many States undertake or sponsor cyber operations against other States. Some remain below the threshold of use of force while some may qualify as an unlawful use of force and trigger the application of the UN Charter. In both cases we need a common understanding on which rules and principles of international law apply to States' cyber conducts. In international fora such as the latest UN-mandated Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security, States are trying to define a common legal framework to apply international law in cyberspace. The paper will briefly outline the main issues concerning the interpretation and application of international law in cyberspace. It will also focus on the latest expansive theories claiming the right to anticipatory defense from imminent kinetic or cyber threats of armed attack in order to assess the impact for international law and interstate relations in the geophysical world and in the cyberspace should this modern law of self-defense became a general practice accepted as law by the international community of States. In this case, an in-depth revision of the current rules of the UN Charter on the use of force might occur in the next decades.

Cyberspace is erroneously characterized as a domain that transcends physical space and thereby is immune to state sovereignty and resistant to international regulation. The purpose of this paper is to signify that cyberspace, in common with the other four domains (land, sea, air and outer space) and despite its unique characteristics, is just a reflection of the current international system, and thereby is largely affected by the rules that characterize it. The issue of state sovereignty in cyberspace is critical to any discussion about future regulation of cyberspace. Although cyberspace is borderless and is characterized by anonymity and ubiquity, recent state practices provide sufficient evidence that cyberspace, or at least some components of it, are not immune from sovereignty. The increasing use of Internet filtering techniques by both authoritarian regimes and democracies is just the latest example of attempting to control information flows. Cyberspace is non‐territorial, but in sharp contrast to the land, sea, air and outer space, cyberspace is not a part of nature, it is human‐made and therefore can be unmade and regulated. States have continuously emphasized their right to exercise control over the cyber‐infrastructure located in their respective territory, to exercise their jurisdiction over cyberactivities on their territory, and to protect their cyber‐infrastructure against any trans‐border interference by other states or by individuals. As a result, states are filtering and monitoring cyber‐bytes. Over the past years, there is a growing number of states that is publishing national cyber‐policies and establishing cyber‐centers that aim to protect the national cyber‐infrastructure and control their citizens’ access to information. The issue of state sovereignty in cyberspace raises critical questions about the need to regulate the cyber domain and gradually reach an international cyber‐order.

This paper scrutinizes and highlights imminent need to regulate cyber terrorism pheromone in line with principle of international law. In so doing, this paper intends to ascertain legal basis to regulate cyber terrorism at international level. It explains the normative conduct by drawing on adjustments of certain member states of European Union as well as from none-European member states. Particular attention will be given as to how Kosovo has addressed cyber terrorism within its legal framework of criminal acts. The paper also addresses practical consequences of cyber terrorism in context of cyber-attacks events in attempt to establish legal basis for its prevention and punishment of cyber criminals wherever it happens. The author articulates its arguments by examining the presumed threats as a result of cyber terrorism activities, as well as based on well-known cyber terrorist behaviors and constant literature that insinuate that cyber-attacks are imminent threats. Lastly, as there is neither a particular treaty nor State practices, the author considers of utmost importance to spell out different views and statistics alluding that the need to regulate cyber terrorism in line with principle of international criminal law is a necessity.

Zeitschrift für Außen- und Sicherheitspolitik

The increasing use of digital technologies in cyberspace in the context of international conflicts has put pressure on the existing legal framework of international law. After progress in terms of norm development and clarification could be achieved through multilateral processes at the United Nations, Russia’s invasion of Ukraine cast doubt on the possibility of further breakthroughs. In light of this development, unilateral declarations of legal positions by states will gain further relevance.