Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat

83 Pages Posted: 30 Apr 2013 Last revised: 11 Apr 2015

See all articles by Paul Stockton

Paul Stockton

Sonecon, LLC

Michele Golabek-Goldman

Yale University - Law School; Harvard University - Harvard Kennedy School (HKS)

Date Written: April 29, 2013


The United States faces a growing risk of cyberterrorism against its financial system, electric power grid, and other critical infrastructure sectors. Senior U.S. policymakers note that building U.S. capacity to prosecute cyberterrorists could play a key role in deterring and disrupting such attacks. To facilitate prosecution, the federal government is bolstering its technical expertise to attribute attacks to those who perpetrate them, even when, as is increasingly the case, the perpetrators exploit computers in dozens of nations to strike U.S. infrastructure. Relatively little attention has been paid, however, to another prerequisite for prosecuting cyberterrorists: that of building a legal framework that can bring those who attack from abroad to justice.

The best approach to prosecuting cyberterrorists striking from abroad is to add extraterritorial application to current domestic criminal laws bearing on cyberattack. Yet, scholars have barely begun to explore how the United States can best justify such extraterritorial extension under international law and assert a legitimate claim of prescriptive jurisdiction when a terrorist hijacks thousands of computers across the globe. Still less attention has been paid to the question of how to resolve the conflicting claims of national jurisdiction that such attacks would likely engender. This Article argues that the protective principle — which predicates prescriptive jurisdiction on whether a nation suffered a fundamental security threat — should govern cyberterrorist prosecutions. To support this argument, the Article examines the full range of principles on which states could claim prescriptive jurisdiction and assesses their strengths and weaknesses for extending extraterritorial application of U.S. statutes to cyberterrorism. This Article also contends that if multiple nations asserted legitimate claims of jurisdiction based on the protective principle, sequential prosecutions would provide the best way to minimize potential disagreements over which nation receives precedence. Both recommendations — to utilize the protective principle for prescriptive jurisdiction and to rely on sequential prosecutions to resolve multiple jurisdictional claims — could be important components of future international agreements to address cyberterrorism.

Keywords: cyberattack, jurisdiction, conflict of laws, extraterritoriality, protective principle, prosecution, Distributed Denial of Service (DDoS), cyberspace, cyberterrorism

Suggested Citation

Stockton, Paul and Golabek-Goldman, Michele, Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat (April 29, 2013). Stanford Law & Policy Review, Vol. 25, 2014, Available at SSRN:

Paul Stockton (Contact Author)

Sonecon, LLC ( email )

633 Pennsylvania Avenue, NW
Suite 600
Washington, DC 20004
United States

Michele Golabek-Goldman

Yale University - Law School ( email )

127 Wall St.
New Haven, CT 06511
United States

Harvard University - Harvard Kennedy School (HKS) ( email )

79 John F. Kennedy Street
Cambridge, MA 02138
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics