State cyber misconduct is on the rise, and it can be difficult to differentiate between malicious governmental cyber conduct and active cyber defense. Though some argue that cyberspace is a law-free zone, offensive cyberattacks are almost always unlawful regardless of their purpose. This Article contends that international law can provide for legal boundaries in cyberspace and analogizes cyber misconduct to government actions such as espionage. So long as conditions provided by international law (such as notice, necessity, and proportionality) are met, countermeasures to malicious cyber operations are generally lawful. Cases of urgency may be an exception to this general rule but should not involve the use of force. Moreover, a government planning to take countermeasures must have clear and convincing evidence regarding the state to whom the wrong is attributable and identify the wrongdoer with a requisite level of legal certainty. It is difficult to prove lawful use of cyber misconduct in response to cyber misconduct, but this Article contends that responses consistent with the rule of law exist.
O'Connell, Mary Ellen
"Attribution and Other Conditions of Lawful Countermeasures to Cyber Misconduct,"
Notre Dame Journal of International & Comparative Law: Vol. 10
, Article 3.
Available at: https://scholarship.law.nd.edu/ndjicl/vol10/iss1/3