Matt Waxman has just published a new cyber paper that’s well worth reading. The piece picks up on an earlier article of Matt’s that explored when states might treat cyber-attacks as “force” or “armed attacks” under the U.N. Charter.
In this piece, Matt takes up from three angles (legal, strategic, and political) the issue of when cyber-attacks might (or should) give rise to a right of armed self-defense. This is a refreshing approach; much existing writing on cyber tends to reflect either a legal perspective or a strategic perspective, without considering the relationship between the two.
Matt’s piece examines what Harold Koh and other U.S. government officials recently have said about applying jus ad bellum principles in light of some of the special features of cyber-attacks (such as likely attribution issues and high levels of secrecy among many actors). Among the things Matt discusses are the advantages to policymakers of having a relatively clear legal framework in place, which allows those policymakers to better predict other states’ responses to their decisions and develop in advance viable reactions to cyber attacks. He also observes that policymakers should be aware of the costs of eroding normative constraints on war in the cyber context, as that erosion may flow back into non-cyber contexts.
One of Matt’s points is that lawyers who work in this area need to understand how states’ thinking on policies and military doctrines with respect to cyber-attacks necessarily will reflect their broader national goals. He notes, “[A]ny legal approach that fails to account for the strategic and political dynamics of cyber attacks is unlikely to survive early encounters with those realities.”