Cyber-Attacks–Prevention-Reactions: The Role of States and Private Actors

Article Source: Les Cahiers de la Revue Défense Nationale, Committee for National Defense Studies, 2017.
Publication Date:
Time to Read: 2 minute read
Written By:

 Karine Bannelier

Karine Bannelier



Cyber-attacks are a growing threat to peace and security. Private actors play a leading role in ensuring that digital technologies are secure from cyber-attacks.


Policy Relevance:

Policymakers must reconsider the role of private actors in international conflict.


Key Takeaways:
  • Traditionally, States enjoy unparalleled power over private actors, but top tech companies have greater power to prevent and respond to cyber-attacks; the major role of private actors in cybersecurity will disrupt international law.
  • Policymakers should reflect on the roles of public and private actors in cybersecurity, taking into account the complexity of the problem, and the international character of cyber-attacks.
  • Under international law, each State has a duty of due diligence, the obligation to prevent its territory from being used as a base from which cyber-attacks are launched.
    • A State must protect its critical infrastructure, but should respect privacy rights.
    • A State must take reasonable measures to hinder cyber-attacks, given its technological capabilities.
    • A State must respond to other States’ requests for assistance.
  • A cyber-attack may constitute the “use of force” under international law, but no military response is justified unless the damage to the victim amounts to an “armed attack,” that is, causes damage equivalent to that done by conventional weapons.
  • Active cyber defenses include controversial retaliatory counter-measures known as reverse hacking or “hack-backs,” the retaliation of the victim of a cyber-attack against the attacker.
  • International law does not give private actors a right to conduct hack-backs even in self defense, but international law does not explicitly prohibit private actors’ hack-backs.
  • A State may authorize private actors to respond to cyber-attacks by reverse hacking, but the response should be proportionate and controlled by the State; a State may not legally give carte blanche to private firms’ hack-backs.



Théodore Christakis

About Theodore Christakis

Théodore Christakis is Professor of International and European Law at the Université Grenoble Alpes. Additionally, he is the Director of the Centre for International Security and European Studies (CESICE) and Co-Director of the Grenoble Alpes Data Institute. Professor Christakis’ research and teaching interests include international security law, international protection of human rights, cyber security law and data protection, and artificial intelligence.

See more with Theodore Christakis