ACADEMIC ARTICLE SUMMARY
Cyber-Attacks–Prevention-Reactions: The Role of States and Private Actors
Article Source: Les Cahiers de la Revue Défense Nationale, Committee for National Defense Studies, 2017.
Publication Date:
Time to Read: 2 minute readWritten By:
Theodore ChristakisTAP Scholar
Karine Bannelier
Search for the full article on Bing
ARTICLE SUMMARY
Summary:
Cyber-attacks are a growing threat to peace and security. Private actors play a leading role in ensuring that digital technologies are secure from cyber-attacks.
POLICY RELEVANCE
Policy Relevance:
Policymakers must reconsider the role of private actors in international conflict.
KEY TAKEAWAYS
Key Takeaways:
- Traditionally, States enjoy unparalleled power over private actors, but top tech companies have greater power to prevent and respond to cyber-attacks; the major role of private actors in cybersecurity will disrupt international law.
- Policymakers should reflect on the roles of public and private actors in cybersecurity, taking into account the complexity of the problem, and the international character of cyber-attacks.
- Under international law, each State has a duty of due diligence, the obligation to prevent its territory from being used as a base from which cyber-attacks are launched.
- A State must protect its critical infrastructure, but should respect privacy rights.
- A State must take reasonable measures to hinder cyber-attacks, given its technological capabilities.
- A State must respond to other States’ requests for assistance.
- A cyber-attack may constitute the “use of force” under international law, but no military response is justified unless the damage to the victim amounts to an “armed attack,” that is, causes damage equivalent to that done by conventional weapons.
- Active cyber defenses include controversial retaliatory counter-measures known as reverse hacking or “hack-backs,” the retaliation of the victim of a cyber-attack against the attacker.
- International law does not give private actors a right to conduct hack-backs even in self defense, but international law does not explicitly prohibit private actors’ hack-backs.
- A State may authorize private actors to respond to cyber-attacks by reverse hacking, but the response should be proportionate and controlled by the State; a State may not legally give carte blanche to private firms’ hack-backs.
QUOTE
TAGS
About Theodore Christakis
Théodore Christakis is Professor of International and European Law at the Université Grenoble Alpes. Additionally, he is the Director of the Centre for International Security and European Studies (CESICE) and Co-Director of the Grenoble Alpes Data Institute. Professor Christakis’ research and teaching interests include international security law, international protection of human rights, cyber security law and data protection, and artificial intelligence.
