Internationally Wrongful Acts in Cyberspace : Allocating State Responsibility for “Below the Threshold” Cyber Operations
Teirfolk, Anna (2020)
Teirfolk, Anna
Åbo Akademi
2020
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2020110289051
https://urn.fi/URN:NBN:fi-fe2020110289051
Tiivistelmä
State cyber operations that occur during peacetime and fall below the threshold of prohibited uses of force have become commonplace. Over the past decade, it has been estimated that over a hundred states have acquired the technological capabilities to launch cyber operations against other states, causing damage to critical infrastructure, official databases, or governmental computer systems. Approximately thirty states have been accused of having conducted or supported such malicious cyber activity, a recent example being a series of alleged Russian cyber operations targeting organizations in Canada, the U.K., and the U.S. involved in the development and testing of potential COVID-19 vaccines. Moreover, since the beginning of the novel coronavirus pandemic, the World Health Organization (WHO) has reported a fivefold increase in cyber operations conducted against hospitals and other medical facilities around the world.
In the absence of a cyber-specific treaty, the applicability of international law to cyberspace is widely dependent on customary international law. Therefore, by applying existing customary rules of state responsibility, the thesis examines how cyber operations may constitute internationally wrongful acts by violating state sovereignty and the principle on non-intervention into the internal or external affairs of another state.
For state responsibility to arise, the conduct must be unlawful and attributable to a state. The majority of the official state positions and national cyber security strategies examined in the thesis affirm that state sovereignty is applicable in cyberspace. Cyber operations causing damage, injury, or a loss of functionality of another state’s governmental or private cyber infrastructure qualify as a violation of sovereignty. Furthermore, cyber operations that interfere with inherently governmental functions also amount to a violation of the target state’s sovereignty. Correspondingly, cyber operations constitute illegal interventions if they intervene in another state’s internal or external affairs by coercive means, such as altering electronic ballots to impact the outcome of another state’s election.
The classified nature of state cyber activity makes it challenging to determine the existence of opino juris and state practice. Despite technical leaps and increasing public state attribution, holding states legally responsible for their malicious cyber operations remains difficult. No state has claimed responsibility for a cyber operation or tried to publicly justify their unlawful cyber activity. States seemingly launch cyber operations with impunity, along with the knowledge or suspicion that their behavior will not trigger a response, certainly not a kinetic one. States conducting or supporting cyber operations have consistently denied the allegations or remained silent on the matter. A greater predicament is the failure of the accusing states to condemn malicious cyber operations as violations of international law, instead labelling the activity as flagrant violations of international norms or harmful conduct.
In the absence of a cyber-specific treaty, the applicability of international law to cyberspace is widely dependent on customary international law. Therefore, by applying existing customary rules of state responsibility, the thesis examines how cyber operations may constitute internationally wrongful acts by violating state sovereignty and the principle on non-intervention into the internal or external affairs of another state.
For state responsibility to arise, the conduct must be unlawful and attributable to a state. The majority of the official state positions and national cyber security strategies examined in the thesis affirm that state sovereignty is applicable in cyberspace. Cyber operations causing damage, injury, or a loss of functionality of another state’s governmental or private cyber infrastructure qualify as a violation of sovereignty. Furthermore, cyber operations that interfere with inherently governmental functions also amount to a violation of the target state’s sovereignty. Correspondingly, cyber operations constitute illegal interventions if they intervene in another state’s internal or external affairs by coercive means, such as altering electronic ballots to impact the outcome of another state’s election.
The classified nature of state cyber activity makes it challenging to determine the existence of opino juris and state practice. Despite technical leaps and increasing public state attribution, holding states legally responsible for their malicious cyber operations remains difficult. No state has claimed responsibility for a cyber operation or tried to publicly justify their unlawful cyber activity. States seemingly launch cyber operations with impunity, along with the knowledge or suspicion that their behavior will not trigger a response, certainly not a kinetic one. States conducting or supporting cyber operations have consistently denied the allegations or remained silent on the matter. A greater predicament is the failure of the accusing states to condemn malicious cyber operations as violations of international law, instead labelling the activity as flagrant violations of international norms or harmful conduct.
Kokoelmat
- 513 Oikeustiede [106]