U.S. to Apply Self-Defense Rule if Cyber Attacks Turn Hostile
The United States views any cyber-attack that results in death, injury or destruction as implicitly triggering the self-defense rule. Claiming that cyberspace is not “law-free,” State Department legal adviser Harold Koh said the U.S. will abide by international law and take proportionate actions that won’t harm individuals.
Although countries in the United Nations have adopted and shared these views, Koh noted that others didn’t, and referenced China as having a veto stand. Both the Defense Department and the White House have contingency plans in case of cyber-attacks, but Koh’s speech at the U.S. Cyber Command at Fort Meade is the first time an official took a clear stance.
“In our view, there is no threshold for a use of deadly force to qualify as an ‘armed attack’ that may warrant a forcible response,” Koh said. “We see law not as a straitjacket but as . . . a body of ‘wise restraints’ that make us free.”
Koh emphasized the U.S. will act in self-defense if a cyber-attack violates international law or causes direct harm to individuals. Hacking that results in planes crashing or causes nuclear power plants to melt down will constitute an act of violence.
While some nations consider an “armed attack” a powerful enough incentive to trigger a self-defense response, Koh believes cybercrime resulting in human casualties should be considered equally significant.