Collective Cyber Countermeasures? | Harvard National Security Journal

During a conference on cyber conflict, Estonian President Kersti Kaljulaid expressed concern about the growing frequency of malicious cyber operations and announced Estonia’s position on collective countermeasures. The position suggests that states which are not directly injured may apply countermeasures to support the state directly affected by a malicious cyber operation. However, the French Armed Forces Ministry published a document summarizing its views on how international law governs cyberspace and expressly rejected the option of collective countermeasures as a lawful response to breaches of international law. New Zealand took a non-committal stance on the matter. Countermeasures are non-forcible acts undertaken in response to another state’s breach of an international law obligation, available to induce the offending state to desist in its unlawful conduct and/or provide any reparations that may be due to the victim state. There are two conflicting positions on collective countermeasures: the “bilateral” approach, which asserts that an injured state may not enlist non-injured states to undertake “collective countermeasures,” and the “collectivist” approach, which suggests that a non-injured state may assist an injured state to take countermeasures or engage in countermeasures on its behalf. This article examines the merits of both positions and concludes that the issue remains unsettled as a matter of law, but the Estonian position is a reasonable one and the better of the two when applied to cyber operations.



Source link