AuthorZhu, Lixin

    Critical Information Infrastructure (CII) is the basic layer of the Internet, and its safe and continuous operation is the basis of network security. (4) In recent years, crimes against critical information infrastructure have become more frequent and present a trend of transnational attacks. International cooperation to protect critical information infrastructure and jointly manage cyberspace crimes has become the best way to solve this international problem. In this governance process, international law principles, norms or maxims that have been widely recognized or formed should be respected. They are also the basic platform for cooperation and construction of governance models. International law principles such as the Charter of the United Nations, the Five Principles of Peaceful Coexistence, and other international legal norms also provide ideas and a basic normative framework for network governance. (5) Therefore, the best choice to solve the problem is to construct a win-win network security global community of common destiny, and to regulate the crime of Critical Information Infrastructure from the perspective of international law.


    In early April 2018, the African Coast-Europe (ACE) submarine cable was cut, disrupting access to parts of Sierra Leone and the national network of Mauritania, which went "offline" for two full days. (6) Attacks on the power grid become even more frequent. Venezuela's persistent power cuts in recent years have taken a huge toll on the country. (7) Venezuela's blackout is not the first time a critical information infrastructure has been attacked with a significant impact. Other similar incidents include Iran's Stuxnet and Ukraine's power grid blackout. From Iran to Ukraine to Venezuela, cyber attacks on a country's critical information infrastructure have become an important issue in terms of cyber crime, cyber attack and defense.

    China's National Cyberspace Security Strategy, released in December 2016, pointed out that

    Networks and information systems have become critical infrastructure and even nerve centres for the entire economy and economic society. When they suffer from attacks and destruction, or major security incidents occur, it will lead to paralysis of critical energy, transportation, telecommunication and financial communication, finance infrastructure, etc., resulting in disastrous consequences and gravely harming national economic security and the public interest. (8)

    Information security is facing a complex and severe situation. Once security problems occur in basic information networks and important information systems, they will directly threaten national security, social stability and economic development. In response to this transnational challenge and extremely serious social problem, the international community has begun its efforts to sanction international crimes.


    From the perspective of international law, our research proposes that CII related international crimes can be divided into two categories: "Wartime" and "Peacetime." "Wartime" includes crimes of violating peace, war crimes and crimes against humanity. "Peacetime" includes terrorist crimes and computer crimes. (9) The consensus of the international community on these criminal acts is the legal basis for international cooperation to protect CII.

    There are international crimes related to CII in wartime:

    1. Crimes Against Peace refers to the criminal act of planning, preparing, launching or carrying out an aggressive war, including the threat or use of force against the territorial integrity or political independence of any country, or any other network action that is inconsistent with the purpose of the United Nations. (10) The United Nations Charter also has related prohibitions. (11) Therefore, if the scale and consequences of cyber operations against CII reach a certain level, CII attacks may constitute crimes against peace.

    2. War Crimes refers to the criminal acts that violate the laws and customs, including maltreating or killing prisoners, hostages, laborers, plundering property and destroying cities and towns. It also includes cyber attacks that do not target legitimate targets, as well as unrestricted attacks against legitimate targets and civilians or civilian objects. (12) It is difficult to distinguish between civilian targets and military targets for CII attacks. Therefore, a CII attack is very likely to constitute an indiscriminate war crime.

    3. Crimes Against Humanity can occur before and during war and refers to the killing, extermination, enslavement and other inhumane acts of any civilian, including causing excessive harm or unnecessary suffering. (13) In addition, international law also prohibits starvation of civilians as a method of cyber warfare, and prohibits the use of cyber operations to engage in retaliation against the following objects: (1) prisoners of war; (2) detained civilians; (3) people who have lost combat effectiveness; (4) medical personnel, equipment, transportation vehicles. (14) If a cyber attack on CII confines civilians to starvation, or actually leads to retaliation against the above four categories of objects, it may also constitute a crime against humanity.

      There are the international crimes related to CII in peacetime:

    4. Computer Crimes under the Convention on Cybercrime. (15) In order to combat transnational crime, in November 2001, the 26 European Union member states of the European Commission and government officials from 30 countries including the United States, Canada, Japan and South Africa signed the Convention on Cybercrime in Budapest. (16) The Convention on Cybercrime became the world's first international convention against cyber crime; it also has a series of relevant regulations concerning crimes against CII.' (7) The Convention on Cybercrime also specifies the general principles' (8) of international cooperation, which has played an important guiding role in our cooperation in combating cyber crime.

    5. Terrorism Crime. After 9/11, international legislation on terrorist crimes was strengthened. Attacks on critical information infrastructure constitutes terrorist acts and are penalized by relevant laws against terrorism. Numerous legal documents' (9) indicate that cyber attacks on CII constitute terrorist crimes and violate a country's domestic criminal laws, thereby further triggering international criminal cooperation against terrorist crimes. For example, on June 15, 2001, six countries signed the Shanghai Convention on Combating Terrorism, Separatism and Extremism. (20) At the 12th ASEAN Summit in 2007, ASEAN countries signed a legally binding document in the region - the ASEAN Convention on Counter-Terrorism. (21) These international conventions against terrorism have laid the foundation of international law for international cooperation in combating terrorist crimes against CII.


    The interconnectedness and globalization of networks has presented cybersecurity issues with the protection of critical infrastructure, which is the core challenge faced by all countries in the world today. In this context, international organizations and many countries have always paid attention to the construction of national critical infrastructure and critical information infrastructure protection strategies, legislation and organizational systems. (22) Countries have similar strategic intentions for the protection of critical information infrastructure, and all emphasize the importance of protecting critical infrastructure through international cooperation. (23) At the same time, major countries have established a system of priority protection for critical infrastructure in legislation and adopted periodic protection measures. Based on the past experience in international criminal crime cooperation, these joint...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT