Hostile Cyber Operations between States in International Law
Summary
“I extend my highest praise for this book. It is a great, panoramic source of insight into the subject of hostile cyber operations between States in public international law. This new phenomenon creates questions on application of existing laws and potential new ones. The author skillfully lays out current challenges and possible future developments.”
– Prof. Dr. habil. Dr. h.c. mult. Karol Karski
Head of the Department of Public International Law
Faculty of Law and Administration
University of Warsaw, Poland
Excerpt
Table Of Contents
- Cover Page
- Title Page
- Copyright Page
- Dedication
- Contents
- List of Figures
- List of Tables
- Foreword
- Preface
- Introduction
- Chapter 1
- Cyberspace and cyber operations—definitional scope of the concepts and their contextualization in Public International Law
- 1.1 Introduction
- 1.2 Cyberspace—range of definitions and their legal impact
- 1.2.1 Definitions of cyberspace proposed by States and leading international experts
- 1.2.2 Infrastructure, data, and social dimensions of cyberspace
- 1.2.3 Cyberspace as the new domain of State interactions and warfare
- 1.3 Cyber operations—range of definitions and their legal impact
- 1.3.1 Hostile cyber operations between States as Unfriendly Acts
- 1.3.2 Status of espionage in the context of hostile cyber operations
- 1.3.3 State Sovereignty as the guiding principle in assessing hostile cyber operations in Public International Law
- 1.4 Current global trends in the area of cyberspace and hostile cyber operations
- 1.5 Conclusion
- Chapter 2
- History of the international legal framework regulating cyberspace
- 2.1 Introduction
- 2.2 The international legal framework regulating telecommunication before the internet
- 2.2.1 Agreements regulating telegraph as the foundation of the international legal system on telecommunication
- 2.2.2 The impact of the Titanic’s sinking on the forward-expanding mandate of the UN ITU
- 2.2.3 The central role of the UN ITU as the international body regulating telecommunication
- 2.3 Genesis of the internet
- 2.3.1 Evolution of ARPANET
- 2.3.2 Establishment of the unique international system regulating the internet
- 2.4 Development of the public international norms on cyberspace
- 2.4.1 Efforts to establish international legal oversight over the internet
- 2.4.2 Efforts to establish norms regulating conduct of States in cyberspace
- 2.4.3 The role of non-State entities in developing the international legal framework regulating cyberspace
- 2.4.4 The role of soft law in developing the international legal framework regulating cyberspace
- 2.5 Future evolution of the international legal framework regulating cyberspace
- 2.6 Conclusion
- Chapter 3
- Typology of hostile cyber operations between States which are Internationally Wrongful Acts
- 3.1 Introduction
- 3.2 Overview of the legal typology of international hostile cyber operations
- 3.3 Hostile cyber operations below the threshold denoting Internationally Wrongful Acts
- 3.3.1 Cyber espionage as the main type of Unfriendly Acts in cyberspace
- 3.3.2 Determining the threshold beyond which cyber espionage becomes an Internationally Wrongful Act
- 3.4 Hostile cyber operations that constitute a Violation of Sovereignty
- 3.4.1 Evolution of the term Violation of Sovereignty in Public International Law
- 3.4.1.1 Violation of Sovereignty as an operational norm in Public International Law
- 3.4.1.2 Ambiguity about the scope of the term Violation of Sovereignty
- 3.4.1.3 Aiding and abetting by a State as a Violation of Sovereignty
- 3.4.2 Application of the term Violation of Sovereignty in cyberspace
- 3.4.2.1 Criteria for qualifying a hostile cyber operation as a Violation of Sovereignty
- 3.4.2.2 Violations of Sovereignty that penetrate ICT infrastructure and those that do not
- 3.5 Hostile cyber operations that constitute a Prohibited Intervention
- 3.5.1 Evolution of the term Prohibited Intervention in Public International Law
- 3.5.1.1 International treaties regulating the issue of Prohibited Intervention
- 3.5.1.2 Difference between an Intervention and Interference
- 3.5.1.3 Principle of Non-Intervention as an erga omnes rule of Public International Law
- 3.5.1.4 Criteria for qualifying an act of a State as a Prohibited Intervention
- 3.5.1.5 Application of the term Domaine Réservé in the context of Prohibited Interventions
- 3.5.2 Application of the term Prohibited Intervention in cyberspace
- 3.5.2.1 Contextualizing the definition of Prohibited Intervention in cyberspace
- 3.5.2.2 Evolution of the scope of Sovereign Matters in the cyber context
- 3.5.2.3 Prohibited Interventions with the element of Use of Force in cyberspace
- 3.5.2.4 Does the victim State have to be aware it is being targeted with a Prohibited Intervention?
- 3.6 Hostile cyber operations that constitute an Act of Aggression
- 3.6.1 Evolution of the terms Act of Aggression and Armed Attack in Public International Law
- 3.6.1.1 Sources of law on Acts of Aggression and Armed Attacks in Public International Law
- 3.6.1.2 Definition of an Act of Aggression in Public International Law
- 3.6.1.3 Definition of an Armed Attack in Public International Law
- 3.6.2 Application of the term Act of Aggression in cyberspace
- 3.6.2.1 Meaning of the term Use of Force in cyberspace
- 3.6.2.2 Measuring Use of Force in cyberspace
- 3.6.2.3 Can hostile cyber operation with no physical effects qualify as Use of Force?
- 3.6.2.4 The role of critical infrastructure in determining occurrence of Prohibited Use of Force
- 3.6.2.5 Accumulation of hostile cyber operations that collectively amount to Use of Force
- 3.6.2.6 Difference between Acts of Aggression and Armed Attacks in cyberspace
- 3.7 Conclusion
- Chapter 4
- Typology of hostile cyber operations between States which are not Internationally Wrongful Acts
- 4.1 Introduction
- 4.2 Conditions precluding wrongfulness of a hostile cyber operation between States
- 4.2.1 Necessity
- 4.2.1.1 Necessity in Public International Law
- 4.2.1.2 Application of Necessity in cyberspace
- 4.2.2 Force Majeure
- 4.2.2.1 Force Majeure in Public International Law
- 4.2.2.2 Application of Force Majeure in cyberspace
- 4.2.3 Distress
- 4.2.3.1 Distress in Public International Law
- 4.2.3.2 Application of Distress in cyberspace
- 4.2.4 Consent
- 4.2.4.1 Consent in Public International Law
- 4.2.4.2 Application of Consent in cyberspace
- 4.3 Acts of response to hostile cyber operations
- 4.3.1 Countermeasures
- 4.3.1.1 Countermeasures in Public International Law
- 4.3.1.2 Application of Countermeasures in cyberspace
- 4.3.2 Retorsions
- 4.3.2.1 Retorsions in Public International Law
- 4.3.2.2 Application of Retorsions in cyberspace
- 4.3.3 Self-defense
- 4.3.3.1 Self-defense in Public International Law
- 4.3.3.2 Application of Self-defense in cyberspace
- 4.4 Proposals of future forms of response to hostile cyber operations conducted by States
- 4.4.1 Humanitarian Interventions
- 4.4.2 Responsibility to Protect
- 4.4.3 Collective Countermeasures
- 4.5 Conclusion
- Chapter 5
- Jurisdiction and attribution of hostile cyber operations in Public International Law
- 5.1 Introduction
- 5.2 State practice on legal attribution of hostile cyber operations perpetrated by other States
- 5.2.1 Reasons for differential practice on attribution in cyberspace
- 5.2.1.1 Technical challenges to attributing hostile cyber operations to a State
- 5.2.1.2 Anonymity in cyberspace
- 5.2.1.3 Legal and political challenges to attributing hostile cyber operations to a State
- 5.2.2 Results of differential practice on attribution in cyberspace
- 5.2.2.1 Policy of ambiguity and plausible deniability
- 5.2.2.2 Types of attribution of hostile cyber operations utilized by States
- 5.2.2.3 Case Study—Shamoon operation against Saudi Arabia and Qatar between 2012 and 2018
- 5.2.2.4 Case Study—Cyber assault on the U.S. civil service in 2014
- 5.2.2.5 Case Study—Wannacry ransomware and disruption of public health services in 2017
- 5.2.2.6 Case Study—Pager explosion attack in Lebanon in 2024
- 5.3 Evidence requirements for legal attribution
- 5.3.1 The general framework on evidence in Public International Law
- 5.3.1.1 The burden of proof in Public International Law
- 5.3.1.2 Standards for assessing the level of required evidence
- 5.3.1.3 Admissibility of evidence obtained without consent
- 5.3.2 Application of the general framework on evidence in the cyber context
- 5.3.2.1 Transposition of the rules on burden of proof in the cyber context
- 5.3.2.2 Proposed modification to the standard for assessing the level of required evidence in the cyber context
- 5.3.2.3 Types of evidence and evidence-gathering techniques in cyberspace
- 5.3.2.4 Admissibility of evidence obtained without consent in cyberspace
- 5.4 Categories of entities, whose hostile cyber operations can be legally attributed to a State
- 5.4.1 Overview of entities to whom hostile cyber operations can be attributed in Public International Law
- 5.4.2 Attribution of actions conducted by State organs
- 5.4.2.1 Existing rules on attributing actions of State organs in Public International Law
- 5.4.2.2 Transposition of rules on attributing actions of State organs in the cyber context
- 5.4.3 Attribution of actions conducted by non-State entities under State control
- 5.4.3.1 Existing rules on attributing actions of non-State entities under State control in Public International Law
- 5.4.3.2 Transposition of rules on attributing actions of non-State entities under State control in the cyber context
- 5.4.4 Attribution of actions conducted by non-State entities adopted as own by a State
- 5.4.5 Attribution of hostile cyber operations to international organizations
- 5.5 State Jurisdiction
- 5.5.1 The established norms on State jurisdiction in international law
- 5.5.1.1 Definitional scope of State jurisdiction
- 5.5.1.2 Development of the notion of open seas, seabed, and the outer space as res communis in international law
- 5.5.2 Application of the norms concerning State jurisdiction in cyberspace
- 5.5.2.1 The proposed framework on structuring State jurisdiction in cyberspace
- 5.5.2.2 The process of deterritorialization of jurisdiction in cyberspace
- 5.6 Obligation of Due Diligence in cyberspace
- 5.6.1 Historical development of the notion of Due Diligence responsibility of States
- 5.6.2 Identification of the definitional scope of the term Due Diligence obligation in the conventional realm
- 5.6.2.1 Core aspects of the definition of Due Diligence in international law
- 5.6.2.2 Duty of States to act to stop wrongful acts against other States taking place on their sovereign territory
- 5.6.2.3 Contested aspects of the definition of Due Diligence in Public International Law
- 5.6.3 Application of the notion of Due Diligence in cyberspace
- 5.6.3.1 Is Due Diligence in cyberspace a binding norm of Public International Law?
- 5.6.3.2 Duty of States to act to stop hostile cyber operations against other States taking place via ICT infrastructure within their jurisdiction
- 5.6.3.3 Tension between developed and developing States on the subject of the duty of Due Diligence in cyberspace
- 5.6.4 Due Diligence duty as an alternative solution to limitations of other ways to attribute hostile cyber operations to States
- 5.7 Potential future legal frameworks facilitating attribution of Internationally Wrongful Acts in cyberspace
- 5.8 Conclusion
- Chapter 6
- Cyberspace norms as a special regime of Public International Law
- 6.1 Introduction
- 6.2 Conceptual context of the notion of special regimes of Public International Law
- 6.3 Historical development of special regimes of Public International Law
- 6.3.1 International jurisprudence supporting the notion of special regimes
- 6.3.1.1 1923 United Kingdom v. Germany (S. S. Wimbledon) judgment by the PCIJ
- 6.3.1.2 1980 United States v. Iran (U.S. Diplomatic and Consular Staff in Tehran) judgment by the ICJ
- 6.3.1.3 1986 Nicaragua v. United States of America (Nicaragua) judgment by the ICJ
- 6.3.1.4 2000 ruling of the UN Arbitration Tribunal on the Japan Fisheries case
- 6.3.1.5 2006 Opinion by the ICJ Judge Bruno Simma
- 6.3.1.6 2006 UN ILC Report approved by a UN GA resolution titled “Fragmentation of the international law: difficulties arising from the diversification and expansion of international law.”
- 6.3.2 Framework of types of special regimes of international law
- 6.3.2.1 Structure of the framework of special regimes of international law
- 6.3.2.2 Limitations of special regimes of international law
- 6.3.2.3 Ways for special regimes of international law to emerge
- 6.4 Currently established special regimes of Public International Law
- 6.5 Application of the framework of special regimes of Public International Law in the context of cyberspace
- 6.5.1 Existing proposals of framing the emerging norms regulating cyberspace
- 6.5.1.1 Proposed rationale for a special regime of Public International Law for cyberspace
- 6.5.1.2 History of proposals of special regime of Public International Law for cyberspace
- 6.5.1.3 Lex Informatica as a proposal of a legal framework regulating cyberspace
- 6.5.2 Situating emerging cyberspace norms in the framework of special regimes of Public International Law
- 6.5.2.1 Academic debate on emerging patterns of State conduct in the cyber context
- 6.5.2.2 The current stage of development of the special regime of Public International Law covering cyberspace
- 6.6 Conclusion
- Summary
- Bibliography
- Index
Foreword
As the supervisor in the doctoral proceedings of Paul von Chamier Cieminski, I would like to share my highest praise of the research that is the foundation of this book. The author focuses on the development of international law in the area of regulating hostile cyber-attacks between subjects of public international law, primarily between sovereign entities, that is, States. This dynamically developing phenomenon creates a series of questions about application of existing legal rules in cyberspace and a potential need for new ones. Effective regulation of cyberspace may become a source of stability for the public international law system in the new technological era. Nevertheless, ineffective structuring of rules in this space at the international level may have serious negative results.
The development path of public international law to date in the area covered by the book has had a sui generis character. Recognized norms of public international law regulating telecommunications technologies are not being applied, and State practice seems to develop in an original manner that defies regulatory patterns developed in other areas. Various aspects of this dynamic have already been analyzed in scholarly literature. However, an area that has not yet been adequately researched is the question of the status of this emerging set of norms and their application as a separate branch of public international law.
This question is the main focus of the book. For the sake of the analysis, the author relies on the formal legal model of Specialized International Legal Regimes, formulated by the UN International Law Commission. Dr. von Chamier Cieminski presents the hypothesis that the emerging system of 24norms and their application relating to hostile cyber operations between subjects of public international law has not yet achieved this status but that it is making progress in that direction. This research problem serves as the starting point for an in-depth and structured analysis of the legal criteria that must be met for the answer to turn positive down the road. The book also presents in a structured manner the developing practice of States and other subjects of international law that contribute to the movement in that direction. The analysis of the research problem in the book draws on the historical-legal and political-legal context as well as rich scholarly achievements in the subject of international legal regulation of cyberspace. The author reliably synthesizes existing research works and presents a new dimension of the issue while taking into account literature and current events. In sum, it is a great, panoramic source of insight into the subject of hostile cyber operations in public international law.
Prof. Dr. habil. Dr. h.c. mult. Karol Karski
Head of the Department of Public International Law
Faculty of Law and Administration
University of Warsaw, Poland
Preface
The book focuses on an emergent new branch of Public International Law that deals with the subject of hostile cyber operations between States (and other subjects of Public International Law). Dynamic technological development over the past decades led to the creation of cyberspace, a brand-new dimension in which States can interact, collaborate, and compete. This has given rise to an array of legal questions regarding the application of existing international rules and the need to create new ones. The analysis is structured around the core question: has this new area of Public International Law developed sufficiently to qualify as a new special regime of Public International Law?
Recognition of the emerging practices on hostile cyber operations between States as a special regime of Public International Law would create a robust framework for establishment of specialized interpretative rules and unique legal norms that apply exclusively in international cyberspace, thus accelerating development of the field. The thorough analysis of the current state of the field supports the hypothesis that the set of existing practices has not yet reached the necessary threshold for such recognition. However, the evolution of relevant State practice is moving in that direction, setting ground for achievement of the status of a special regime in the foreseeable future. The book lays out the full context of that process, highlights its outcomes, and anticipates its direction. It also structures the necessary legal criteria for achieving the status of a special regime and provides a comprehensive summary of relevant State practice, position statements by States, and relevant scientific literature that contribute to the final assessment.
26Chapter 1 explores the key legal definitions relevant for the analysis, including those of cyberspace and hostile cyber operations between States. This analysis sets the ground for the rest of the book, providing alternative definitional models and explaining their legal consequences. Chapter 2 offers a structured insight into the historical legal and international political developments that shaped the current state of the field, delineating the main factors impacting the state of regulation of cyberspace in Public International Law. The chapter concludes with a review of potential future models of regulating cyberspace that might replace the existing one. Chapter 3 engages with the question of applying the existing framework of hostile acts between States to the cyber context, analyzing cyber equivalents of categories developed in the conventional context such as: Violation of Sovereignty, Prohibited Intervention, Act of Aggression, or Armed Attack. The chapter puts emphasis on points of divergence of the application of the existing norms in cyberspace as a potential early precursor for development of a special regime. Chapter 4 explores the notion of lawful cyber hostilities between States, akin to lawful Countermeasures or UN Security Council-approved interventions, which are allowed in the conventional realm. This aspect of the analyzed subject is currently hypothetical but could become highly relevant in the future as ever more State functions and interactions take place in the cyber realm. Chapter 5 deals with one of the most challenging aspects of the field which is attribution of cyber hostilities to a responsible State. Tools developed in the conventional realm appear insufficient in the cyber context, leading to various adaptations and practices on the part of States that are the focus of this chapter. Chapter 6 synthesizes the findings from the previous chapters and provides the final verification of the hypothesis. It also offers insight into the future development of the field and what it would take for it to achieve the status of a special regime of Public International Law.
Introduction
Rarely in the history of international law does one technological advancement create a ripple effect potent enough to profoundly change the very nature of interactions between States. The development of cyberspace is a historical breakthrough of that magnitude. The meteoric rise of the internet since its inception as Arpanet back in the 1960s has remodeled the way humans experience culture, economy, politics, and even their basic social connections. Cyberspace, which emerged on the basis of the internet platform, is a completely new dimension of human interactions, whose consequences we are still learning. As of 2023, the majority of mankind has access to it and the ratio continues to rise continuously. This level of connectivity is unprecedented in the history of our species, minimizing the relevance of physical distance and exposing communities to one another like never before. Meanwhile, the technology continues to display potency, offering ever more ways for a human to immerse oneself in the digital realm.
The system of Public International Law experienced a slow start in terms of regulating this phenomenon. The reasons for that were multifold. At first, the internet emerged as a niche academic and military project, missing international policymakers’ attention. As its disruptive potential became obvious in the early 1990s, the vested interest of the United States of America to prevent international oversight that would limit its governance control over cyberspace became an important factor stymieing formation of new public international legal norms. A complex web of State interests and broader systemic developments in the international community, including a large increase of stakeholder States, have also contributed to the stalemate since 28then. The situation forced the system of Public International Law to play catch-up with rapidly progressing cyber technologies.
Creative ways to address this challenge have been deployed. The United Nations, alongside a few high-level multilateral initiatives such as the Global Commission on the Stability of Cyberspace, has put forward soft law proposals, in hope that they become binding customary law over time. Proactive States have expressed their opinio juris and demonstrated relevant practice that could catalyze development of rules if their approach were to be assumed by enough other States. Attempts are made intermittently to draft an overarching treaty that would consolidate the key international legal rules on cyberspace. However, this path proves especially challenging due to diverging interests of the main stakeholders and has failed so far.
As States grapple with the challenge of regulating cyberspace, it has become obvious that it is a source of both tremendous positive potential and serious risks. Cyberspace creates a dynamic of anonymity and plausible deniability. Hostile States and their affiliate non-State actors, such as hacker groups, can conduct operations against peaceful governments from a far-away distance with seeming impunity. The nature of attacks can be instantaneous and preparations for such hostilities are not visible using conventional means such as satellite monitoring. All this sets hostile cyber operations apart from their conventional equivalents, for which measures have been developed to identify and prevent them before they create damage. Moreover, a two-tier system has emerged with a small group of powerful high-cyber-capacity States on one side and everyone else on the other. The high-capacity States, which are mostly the leading global military powers, benefit from this imbalance. Other States struggle to mount a defensive response or even to effectively attribute cyber hostilities hurting them. Unlike for conventional operations, attribution in cyberspace requires advanced IT capacity and usually willing participation from third States through which territory hostile operations were routed, making it doubly difficult. The overall result is that of a rapidly growing volume of international cyber hostilities coupled with inadequate legal tools, essentially unfit for the novel digital context.
That is why it is essential to develop better understanding of the public international legal dynamics surrounding cyberspace. Specifically, understanding and addressing hostile cyber operations is the most urgent element of the slowly emerging cyberspace law and the main subject of this book. 29There is urgency to reduce the level of uncertainty and identify paths forward that would enable the existing system of rules and norms to be effectively applied to the cyber context, with development of additional novel norms if necessary. It has now become clear that the scale, dynamism, and impact of cyberspace are so momentous that they substantiate formation of a new branch of Public International Law, much like it happened with earlier technological frontiers. Examples include the planet’s airspace or exploration of outer space, both of which are now covered by special regimes. The broad purpose driving this book is to contribute to solving the public international legal challenge posed by cyberspace and reduce the level of related uncertainty. The specific objective is to verify the research hypothesis whether the emerging unique State practice and statements concerning cyberspace constitute a special regime of Public International Law.
The hypothesis was selected based on the current stage of development of cyberspace and the scholarly discourse on it. Decades after the internet’s creation and with a demonstrated track record of large-scale impact of State-on-State cyber hostilities, there is still no clarity on cyberspace law’s status in Public International Law. Drawing on past technological and political advancements, the framework of special legal regimes, sometimes also described as self-contained regimes, provides a specific and time-proven litmus test on the state of maturity and consolidation of a novel branch of international law. There are established international jurisprudence cases and UN General Assembly resolutions that set up the definitional terms and conditions for emergence of special regimes. There is also a rich selection of existing special regimes of varying strength to compare against emerging cyberspace law, enabling for contextualizing of the current legal trends and their likely trajectory in the future.
More broadly, the research work required to verify the hypothesis offers a cohesive and structured insight into the current state of international public law concerning cyberspace. It establishes definitions of key notions, analyzes the historical legal context, dissect positions of the main stakeholders, including the UN Security Council member States and key multilateral organizations, reviews feasibility and limitations of applying existing public legal norms in the cyber context, and identifies the emerging patterns of State practice and opinio juris that can lead to development of novel international rights and obligations pertaining solely to cyberspace. The research also delves 30into the philosophical and conceptual underpinnings of legal systems and specialized regimes and their application in the cyber context. This book rests on a wide range of diverse sources including multiple monographies, international and domestic sources of law, scientific articles in peer-reviewed academic journals, doctoral dissertations, as well as official statements by governments and international organizations. The author also conducted three library queries to complement and deepen the research at: the United Nations Library, the Library of the Faculty of Law of New York University, and the Library of the Faculty of Law of University of Warsaw.
The following methodologies are utilized in the book:
- Comparative legal methodology: Legal norms contained within the system of Public International Law were analyzed and compared given their context and status as part of various special legal regimes in order to identify their most accurate application in the cyber context. The same method was applied when assessing State practice, opinio juris, and relevant international jurisprudence cases. Cyberspace law, due to being a relatively new phenomenon, largely rests on analogy and equivalence with the norms established in the conventional real, which puts much emphasis on utilizing the comparative legal methodology as the key tool in the analysis.
- Methods of legal text interpretation: Established ways of interpretating sources of law in Public International Law provide guidance on accurate assessment of documents. These methods have been developed over centuries of State practice and treaty signing and are primarily based on the linguistic and systemic interpretation of the source text to ensure coherence within the overarching international legal system. They can be utilized to deduce and clarify the binding rules in the novel cyber context as well as provisions contained within legal documents. A special role in that regard is extended to the most qualified international scholars who provide guidance on the interpretative process, based on established law and landmark jurisprudence cases.
- Statistical analysis: This book draws on insights provided by statistical analysis to shed light on dynamics such as: proportions of international hostile cyber acts over time, distribution of State positions on international legal debates, and accretion and prevalence of State practice that 31might contributing to formation of customary legal norms concerning cyberspace. Given the early stage at which cyberspace law is at present, these statistical insights can offer guidance on the trends and possible future developments.
- Historical analysis: Utilizing the historical analysis allows for identifying trends and patterns that have developed over decades, positioning development of international cyberspace regulations during various political eras: the Cold War, the period between the fall of the Soviet Union and the 9/11 terrorist attacks, and the time since. It also allows for identifying long-term impacts of international legal processes that took place in the nineteenth and the early twentieth century, such as the establishment of the International Telegraph Union and the sinking of Titanic, on the current legal dynamics surrounding cyberspace. Drawing a wide historical arc also allows for more contextualized predictions of the future of cyberspace law.
Chapter 1 titled Cyberspace and cyber operations—definitional scope of the concepts and their contextualization in Public International Law engages with several definitions of cyberspace that currently exist in parallel. Each of them represents a different focus and reflects the interests of States that promote it. Those considerations can have tangible impact on legal classification of hostile acts and hence all these dynamics are analyzed and structured into a cohesive overview. The chapter offers an analogous analysis of related terms such as a cyber Unfriendly Act or a hostile cyber operation. In this way, Chapter 1 lays the foundation for the research work conducted in the subsequent ones.
Chapter 2 titled History of the international legal framework regulating cyberspace introduces the historical legal context that determines current challenges surrounding international public regulation of cyberspace. It explains the origins of the internet and the related vested interests that prevent new norms from forming. Moreover, it discussed the broader framework of oversight over communication technologies that has been developed as part of Public International Law and that is currently defied by the United States of America in regard to cyberspace, creating a precedent. Chapter 2 also presents the recent international efforts to structure and regulate cyberspace, including the initiatives introduced by the United Nations and States, contextualizing the legal analysis.
32Chapter 3 titled Typology of hostile cyber operations between States which are Internationally Wrongful Acts engages with the subject of application of the existing norms of the system of Public International Law in the cyber context. There exist a number of legal categories to draw on, some of them being especially relevant. These include Violations of Sovereignty, Prohibited Interventions, Acts of Aggression, and Armed Attacks. Each of these consecutive categories constitutes a progressively more severe form of an Internationally Wrongful Act than the previous one. However, nuanced adaptations of these terms are required to fit the unique context of cyberspace, such as the unique status of IT critical infrastructure and the instantaneous nature of cyber attacks. Chapter 3 dissects each of these terms, providing insights into what aspects of them are inapplicable or require special interpretation in cyberspace. Whenever such considerations are subject to a dispute within the international community, stances of key States are highlighted, including their demonstrated practice and statements.
Chapter 4 titled Typology of hostile cyber operations between States which are not Internationally Wrongful Acts deals with the question of lawful hostile cyber operations. Such a term might sound like a contradiction. However, it is a logical consequence of applying the existing framework of Public International Law in cyberspace. The framework allows for self-help measures and circumstances that preclude wrongfulness of hostile acts. There exists no general prohibition of such measures in cyberspace but adaptation of general rules in that regard remains a largely uncharted territory. A number of proposals have been put forward by States on specialized norms that would modify these rules in cyberspace, including for instance Estonia’s idea of collective legal cyber Countermeasures, possibly executed as a joint digital NATO operation. One of the biggest fears of the international community is that the scale and instantaneous nature of cyber operations, coupled with limited ability to seek redress using legal measures might lead to a destructive spiral of escalation between States, including acts of Use of Force by cyber means. Chapter 4 analyzes all those considerations in depth, presenting the likely course of development in that regard in the future.
Chapter 5 titled Jurisdiction and attribution of hostile cyber operations in Public International Law engages with one of the most complex and difficult aspects of regulating cyberspace in Public International Law which are the 33considerations on attribution, jurisdiction, and limits of State Sovereignty. The chapter explains all the main constraints and States’ positions on how those could be resolved. These constraints are mostly driven by the technical features of cyberspace such as a high level of anonymity, plausible deniability, and the need to collaborate across States in order to trace back a hostile cyber act to its source. However, some of them stem from the vested interests of main stakeholder States, which benefit from the current legal flux. Limits of State jurisdiction in cyberspace are highly problematic, as internet data traffic usually passes through a number of States without any control or insight from the States hosting the pass-through infrastructure. Should every State exert sovereign control over each and every bit of data flowing through its servers? If so, how could that even be enforced and what legal responsibility would it bestow on such a host State? There exists no clear-cut answer to this question, but Chapter 5 presents possible solutions, based on State practice and international scholars’ analysis.
Finally, Chapter 6 titled Cyberspace norms as a special regime of Public International Law brings together all the analysis conducted in this book, taking stock of the research to verify the main hypothesis whether the emerging unique State practice and statements concerning cyberspace constitute a special regime of Public International Law. In doing so, it sums up all the main State practice and statements that might give an indication as to whether unique legal norms pertaining to cyberspace are currently developing. Moreover, the chapter presents the main philosophical, methodological, and legal underpinnings of the notion of special regimes of Public International Law and applies them in the context of cyberspace. In doing so, it anticipates the inherent trade-off within special regimes of better adapting the system to a specific field on one side and making that overall system less cohesive on the other.
Taken together, the six chapters offer a deep insight into the history, present, and potential future of regulations concerning cyberspace in Public International Law. The emerging patterns help understand which direction the system might move in and what could be the main obstacles in the process. The scale of the challenge of effectively regulating cyberspace is daunting. However, if done right, the system of Public International Law can become well prepared for the digital age, developing a framework that ensures fairness and stability.
Chapter 1 Cyberspace and cyber operations—definitional scope of the concepts and their contextualization in Public International Law
1.1 Introduction
The starting point for the book has to be the definition of cyberspace as it will demarcate the its scope. Putting it in a broader context, the notion of cyberspace is the pinnacle of a rapid development of the information society that we have witnessed over the course of the twentieth and twenty-first century. This phenomenon has affected every dimension of human life, eventually impacting the shape of Public International Law and relations between sovereign States too. This novel situation creates both opportunities and challenges for the subjects of international law. One of the questions that have arisen is how to position cyberspace within the existing international legal context. While certain legal concepts can be transposed into cyberspace, there remain aspects of the digital world that escape conventional frameworks or require modifications when applied.
At the same time, the international community, including States and other subjects of international law, does not speak in unison on the matter. Conflicting interests and approaches have resulted in a state of flux that stokes ongoing uncertainty. The legal definitions of cyberspace and hostile cyber operations sit at the center of that flux. In this chapter, I aim to clarify various positions in that regard, their origin, and their potential consequences in the field of Public International Law. By contextualizing these dynamics and providing scholarly commentary, I offer better understanding of the extent of the Sui Generis character of public international rules regulating cyberspace and of the direction in which this evolution is heading.
361.2 Cyberspace—range of definitions and their legal impact
1.2.1 Definitions of cyberspace proposed by States and leading international experts
A review of various positions taken by governments, leading legal scholars, and the European Commission on the question of what constitutes cyberspace reveals far-ranging differences in perception of the term with potential profound legal consequences. However, before we delve into them, it is worth taking a step back and considering the origin of the term and its evolution before the advent of the digital era. The word cyber derives from the ancient Greek word kubernētēs (κυβερνᾶν), meaning a ship steersman.1 It evolved into the French word cybernetique, first denoting the art of navigating, and then more generally governing.2 In the twentieth century, it inspired a U.S. mathematician Norbert Wiener to transpose the idea into the English language. In 1948, he defined the term cybernetics as a “theory or study of communication and control.”3 It became popular in the fields of IT and engineering where the notion of using scientific methods to navigate and control the physical world reflected well the technological aspirations.4 The term was not only used by scientists though. It made its way into popular culture and became a widely used concept in the nascent Sci-Fi movement.5 Cyber became a prefix added to existing words in order to lend them an aura of futuristic flair. This phenomenon laid ground for the emergence of the term cyberspace. It appeared for the first time in the 1982 Sci-Fi novel “Burning Chrome” by William Gibson. Two years later, 37in his most popular book “Neuromancer” he defined cyberspace, through a characters’ dialogue, as: “Graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data.”6
While far-removed from the legal world, the novel gave rise to a heated debate about humanity’s digital future and captured well with the term cyberspace the substance of internet-based data systems that by the 1980s were already taking shaping. Gibson’s vision of a data network that feels like an immersive space, qualitatively different from physical reality, still resonates and its echo is present in legal definitions proposed by both States and legal scholars.
1982 was a fitting moment to bring the subject to the general public’s attention as the Arpanet, the internet’s forbear, was already being developed in California, extending its branches to various U.S.-based universities. As it turned out, cyberspace was much less abstract than it might have seemed at the time. The following years and decades brought a rapid development and scaling-up of the Arpanet into the global network that we are familiar with nowadays. Chapter 2 describes in detail the international legal impacts of internet’s evolution but for the sake of discussing the notion of cyberspace itself, it is important to introduce the formal definition of internet, which unlike cyberspace is a technical and specific term—internet is a global network of interconnected computers using standardized communication protocols for information exchange, enabled by electromagnetic processes.7 A very consistent set of definitions of the internet, encapsulated in the sentence earlier, can be found in domestic legal codes across States, for example, the U.S.-American one.8
The original novel-based and futuristic definition of cyberspace was disconnected from the actual legal, political, and technological context of 38the late 1980s and the early 1990s. The internet was still in its rudimentary, nascent form and its development toward becoming a space for more complex forms of communication and collaboration was gradual. However, as that became the case eventually, the need to define this new type of space, a cyber space, emerged. The government of the United States, the birthplace of the internet, was the first subject of international law to attempt developing a formal definition of cyberspace. In 2010, U.S. Department of Defense defined it as: “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”9
Details
- Pages
- 592
- Publication Year
- 2026
- ISBN (PDF)
- 9783631930489
- ISBN (ePUB)
- 9783631942093
- ISBN (Hardcover)
- 9783631930458
- DOI
- 10.3726/b23137
- Language
- English
- Publication date
- 2026 (February)
- Keywords
- Public International Law Cyber operations Cyber attack Cyberspace Internet attacks Hacking Territorial integrity Principle of Sovereignty Principle of Non-Intervention Principle of Territorial Integrity Act of Aggression Armed Attack ICANN
- Published
- Berlin, Bruxelles, Chennai, Lausanne, New York, Oxford, 2026. 592 pp., 19 fig. b/w, 6 tables.
- Product Safety
- Peter Lang Group AG
