Cyber War and International Law: Does the International Legal Process Constitute a Threat to U.S. Vital Interests?

Author:John F. Murphy
Position:Professor of Law, Villanova School of Law
International Legal Process: Threat to U.S. Interests? Vol. 89
Cyber War and International Law:
Does the International Legal Process
Constitute a Threat to U.S. Vital Interests?
John F. Murphy*
s the concluding speaker at the conference on “Cyber War and Inter-
national Law,” co-sponsored by the Naval War College and the United
States Cyber Command, Yoram Dinstein, Professor Emeritus at Tel Aviv
University, professed some disappointment that there had not been a more
extensive and sharper focus at the conference on “war.”
But perhaps the
limited amount of discussion of cyber “war” at the conference was a result
of the reality that the international law issues arising from the possibility of
war or armed conflict through cyber means have not been the primary
concern of States and scholars faced with the challenges of the cyber
threat. Rather, at least in the United Nations General Assembly and other
international fora, such as the International Telecommunications Union
(ITU), the threat posed by such adversaries of the United States as the Rus-
sian Federation and China seems to be an effort to adopt a global treaty
* Professor of Law, Villanova School of Law. I want to acknowledge the excellent re-
search assistance of Lori Strickler, Reference Librarian, Villanova University School of
Law; and Daria Hafner and Karrie Gurbacki, both second- year students at Villanova Uni-
versity School of Law.
. See Yoram Dinstein, Cyber War and International Law: Concluding Remar ks at the 2012
Naval War College International Law Conference, 89 INTERNATIONAL LAW STUDIES 276 (2013).
International Law Studies 2013
that would arguably allow increased regulation by the United Nationsand
perhaps the ITUthat would endanger the free flow of information on
the Internet and such basic values as privacy and freedom of speech. To be
sure, a hostile takeover of the Internet could have serious implications for
U.S. vulnerability to cyber attack and thereby amount to a serious threat to
its national security, but this is a far cry from possible revisions of the jus ad
bellum and jus in bello associated with cyber war, which is to the disadvantage
of the United States.
The title of this article poses the question whether, in the context of
cyber war and other related forms of cyber attack, the international legal
process itself may pose a threat to vital U.S. interests. Certainly, as we shall
see below, a successful effort by the Russian Federation and China to con-
clude a widely adopted global treaty authorizing the United Nations or the
ITU to regulate the Internet would constitute such a threat. Moreover, in
Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territo-
the International Court of Justice (ICJ) in an advisory opinion stated
that “Article 51 of the Charter thus recognizes the existence of an inherent
right of self-defence in the case of armed attack by one State against anoth-
er State. However, Israel does not claim that the attacks against it are im-
putable to a foreign State.”
Similarly, in Armed Activities on the Territory of the Congo,
the ICJ rejected
Uganda’s claim that it had engaged in lawful military activity in Congo’s
territory to protect itself against insurgents who had organized themselves
there to commit armed attacks against Uganda’s territory. If the Court’s
viewpoint is correct, this would have very serious implications for the right
of self-defense against cyber attacks because many, perhaps most, of such
attacks are committed by non-State actors. The problem is compounded by
the often present difficulty in determining who or what actually engaged in
the attack (the problem of attribution). Fortunately, for reasons considered
later in this article, the Court’s viewpoint, which has been subject to wither-
ing criticism, is almost surely not correct. But the primary point to take
away here is that one of the most important actors in the international legal
process, the ICJ, has adopted a legal position that greatly threatens vital
. Legal Consequences of the Construction of Wall in the Occupied Palestinian Terri-
tory, Advisory Opinion, 2004 I.C.J. 136 (July 9).
. Id. ¶ 139.
. Arme d Activities on the Territory of the Congo (Dem. Rep. Congo v. Uganda),
2005 I.C.J. 168 (Dec. 19).
International Legal Process: Threat to U.S. Interests? Vol. 89
U.S. interests, as well as those of many other States in the international
Speaking of vital U.S. interests, there have been recent developments
in cyber space that raise the issue of U.S. interests in sharp relief. These
developments involve four (apparently) State-sponsored computer viruses
with the nicknames Stuxnet, Duqu, Flame and Gauss. The goals behind the
development of these viruses vary. Stuxnet, for example, first became pub-
lic knowledge in July 2010. It has been described as “far more complex
than run-of-the mill hacker tools” and as
a self-replicating worm that targeted programmable logic controllers
(PLCs), the simple computers used to perform automated tasks in many
industrial processes. PLCs are part of industrial control systems, most
commonly referred to as Supervisory Control and Data Acquisition
(SCADA) systems. SCADA systems are critical to the modern industrial
world, controlling such things as water plants, auto manufacturing, and
electrical power grids.
According to the same commentator,
[t]he Stuxnet code showed up on computer systems around the world,
where it parked on hard drives, remaining inert if it did not find what it
was seeking. The numbers indicate it was aimed at Iran; nearly 60 percent
of reported Stuxnet infections occurred on systems in Iran. In fact, at
least one system Stuxnet was programmed to target [were] controlled cen-
trifuges critical to the production of nuclear material. It appears that
Iran’s uranium enrichment facility at Natanz was the specific target.”
In other words, the purpose behind Stuxnet was to undermine the Iranian
nuclear program which, it is believed, is designed to produce a nuclear
bomb. According to reports,
a series of Stuxnet attacks temporarily took
. For analysis and criticism of other decisions and advisory opinions of the ICJ that
arguably undermine the vital interests of States, see JOHN F. MURPHY, THE EVOLVING
6575 (2010).
. Gary D. Brown, Why Iran Didn’t Admit S tuxnet Was an Attack, JOINT FORCES
QUARTERLY, Oct. 2011, at 70, available at
. Id.
. See David E. Sanger, Obama Order Sped Up Wave of Cyberattacks Against Iran, NEW
YORK TIMES, June 1, 2012, at A1, available at

To continue reading