This panel was convened at 9:00 am, Thursday, April 10, by its moderator, Eric Greenwald of the White House National Security Staff, who introduced the panelists: Joseph Lorenzo Hall of the Center for Democracy & Technology; Alexandra Perina of the Council on Foreign Relations; Michael N. Schmitt of the U.S. Naval War College and the University of Exeter; and Shu Wenqi of the Law School of Renmin University of China. *
REMARKS BY ALEXANDRA H. PERINA ([dagger])
On the question of whether the international law doctrine of countermeasures is available in the cyber context, the answer is a resounding yes--at least theoretically. There is now widespread agreement that existing international law applies to state cyber activities, a perspective that the United States has advocated for some time, (1) and was endorsed in the UN Group of Governmental Experts Report (hereinafter GGE Report) finalized last June, reflecting the views of many of the major cyber powers, including Russia, China, and the UK, in addition to the United States and others. (2) That recognition is an important first step in developing common understandings about the law applicable to cyber activities, but it is really only a starting point to the much tougher work of mapping out how international law applies.
The theme of this year's Annual Meeting is "The Effectiveness of International Law," and our topic fits perfectly within that theme, for whether the law of countermeasures will contribute to the effectiveness of international law in peacefully managing international disputes with a cyber dimension and in shaping state cyber-conduct remains, in my view, an open question. I agree with Mike Schmitt that countermeasures may offer an important legal tool for states facing harmful cyber activity that falls below the level of an armed attack, and may therefore decrease the incentives for states to inflate their characterizations of cyber attacks as "armed attacks" to which they may respond in self-defense. (3) But state cyber conduct and countermeasures both remain fairly murky areas of practice. Invocation of countermeasures in the cyber context could develop the law in important ways in both of these areas; it remains to be seen whether states will choose to do so.
The law of state responsibility permits a state that is subject to an internationally wrongful act to take countermeasures--the suspension or non-performance of its own legal obligations--against the state responsible for the injury, for the purpose of inducing a return to compliance with the law. (4) A fundamental predicate for a lawful countermeasure is an...