The Washington Post

Cyberattacks could trigger self-defense rule, U.S. official says

Cyberattacks can amount to armed attacks triggering the right of self-defense and are subject to international laws of war, the State Department’s top lawyer said Tuesday.

Spelling out the U.S. government’s position on the rules governing cyberwarfare, Harold Koh, the department’s legal adviser, said a cyber-operation that results in death, injury or significant destruction would probably be seen as a use of force in violation of international law.

(Read Harold Koh’s remarks here.)

In the United States’ view, any illegal use of force potentially triggers the right of national self-defense, Koh said.

Cyberattacks that cause a nuclear plant meltdown, open a dam above a populated area or disable an air-traffic control system resulting in plane crashes are examples of activity that probably would constitute an illegal use of force, he said.

Koh, speaking at a conference hosted by U.S. Cyber Command at Fort Meade, laid out 10 principles that he said the United States has adopted and has shared with other countries through the United Nations. They include the position that international law applies in cyberspace, a view that not all countries accept. At least one country, Koh noted, in an apparent reference to China, has questioned this principle.

“Cyberspace is not a ‘law-free’ zone where anyone can conduct hostile activities without rules or restraint,” said Koh, a former dean of Yale Law School and a respected voice in the international law community.

Though the White House and the Defense Department have issued cyber-strategies making clear that the United States abides by international law in the cyber-realm, Koh’s speech marked the first time a senior legal official publicly addressed the topic in such explicit terms.

He said the right of self-defense potentially applies against any illegal use of force.

“In our view, there is no threshold for a use of deadly force to qualify as an ‘armed attack’ that may warrant a forcible response,” he said. He noted that some nations consider an “armed attack” as having a higher threshold before the right of self-defense is triggered.

Koh also said that in responding to an attack, an action need not be taken in cyberspace, but it must be a necessary action and one that is proportionate, avoiding harm to civilians.

He said that compliance with international law in cyberspace is part of a broader “smart power” approach to international law as part of U.S. foreign policy: “We see law not as a straitjacket but as . . . a body of ‘wise restraints’ that make us free.”

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.

The Freddie Gray case

Please provide a valid email address.

You’re all set!

Campaign 2016 Email Updates

Please provide a valid email address.

You’re all set!

Get Zika news by email

Please provide a valid email address.

You’re all set!
Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.