Low-Intensity Computer Network Attack and Self-Defense
International Law Studies, Forthcoming
37 Pages Posted: 1 Oct 2010 Last revised: 5 Apr 2015
Date Written: October 1, 2010
Newly created State cyber security agencies, the reality of cyber attacks, and evolutions in cyber attack strategy will have important effects on the UN Charter's security regime, specifically the law governing States' resort to self-defense. In particular, low-intensity computer network attacks (CNA) confound efforts at correlation, frustrate attribution, and often manage to remain below States' response thresholds, both technical and legal. This paper identifies effects that an emerging emphasis on low-intensity CNA will have on legal conceptions of self-defense, focusing on the doctrine's relevance to attacks by non-state actors and the threshold of "armed attack." Showcasing the 2007 Estonian and 2008 Georgian attacks, this paper suggests that emerging low-intensity CNA doctrine casts new light on cyber disruptions previously thought to be below the threshold of self-defense. More significantly, it forecasts that proliferation of low-intensity CNA will produce a complex, multipolar security environment likely to produce grim effects on what little coherence and efficacy the existing UN Charter-based doctrine of self-defense enjoys.
Suggested Citation: Suggested Citation