Tobias O. Keber
Ius ad bellum electronicum? Cyberangriffe im Lichte der UN-Charta und aktueller Staatenpraxis
Archiv des Völkerrechts (AVR)
Archiv des Völkerrechts (AVR)
Volume 49 (2011) / Issue 4, pp. 399-434 (36)
36,00 € including VAT
The present article deals with cyberattacks, i.e. actions to alter, disrupt, deceive, degrade or destroy computer systems or networks or the data therein, from the perspective of the UN-Charter. As recent incidents in Estonia, Georgia and Iran showed, civilian as well as governmental network-based infrastructure is highly vulnerable to attacks perpetrated by hackers. Whereas cyber attacks carried out by private hackers count as cybercrime and are subject to the criminal jurisdiction of the affected State, cyber attacks carried out by States or attributable to them fall within the scope of public international law. Both the opinio iuris of States and the writings of legal scholars show a widespread agreement that cyber attacks can constitute an illegal intervention, a use of force, an armed attack or even an act of aggression within the meaning of the UN-Charter. This is well founded as, according to the rationale of the Charter prohibitions, it is not just the means but also the effect of an action that has to be taken into account. To determine the circumstances under which a cyber attack should be deemed to produce a similar effect to traditional use of force or an armed attack, a set of criteria has been proposed. Whereas some of these criteria may work quite well in practice, the crucial issues of localisation and attribution of cyber attacks still remain unresolved. The article analyses the various initiatives of the international community that has begun to face the challenges posed by cyber attacks. The topic is on the agenda of the General Assembly of the United Nations and a Group of Government Experts dealing with the hostile use of ICT has been installed. Progress, however, has been slow. This is due to fundamentally diverging perspectives. One group of countries, led by the Russian Federation, advocates the concept of prohibiting information weapons. This approach is not limited to computer-network-specific operations, but also includes traditional ways of communication (such as terrestrial or satellite broadcasts) and the dissemination of certain content. Another group of countries, including Germany and the USA, view the concept of cyber attack primarily from a technical, content neutral perspective. A content-focussed approach threatens to re-introduce old policy debates concerning prior consent and the free flow of information and to undo the initial progress made by the international community in developing an international framework for information technology security. The idea, to concretize general rules of international law through specific (cyber-)treaty law, should nevertheless be pursued. However, such treaty law should take into account the dynamism of technological change and the role of private actors in the development and regulation of the Internet. An involvement of the civil society and the private sector in the drafting and implementation of such treaty law (e.g. through voluntary agreements) therefore seems desirable and necessary.