NEED A PERFECT PAPER? PLACE YOUR FIRST ORDER AND SAVE 15% USING COUPON:

Discussion 2 Journal of Conflict & Security Law � Oxford University Press 2016; all rights reserved. For permissions, please e-mail: journals.permissions@

Discussion 2 Journal of Conflict & Security Law � Oxford University Press 2016; all rights reserved.
For permissions, please e-mail: journals.permissions@

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

Discussion 2 Journal of Conflict & Security Law � Oxford University Press 2016; all rights reserved.
For permissions, please e-mail: journals.permissions@oup.com
doi:10.1093/jcsl/krw013
Advance Access published on 18 September 2016
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cyberspace, Terrorism and International Law

David P. Fidler*

Abstract

Governments have long worried about terrorists using the Internet to launch

cyberattacks, spread propaganda, recruit and radicalise individuals and raise

funds. However, the Islamic State’s exploitation of social media has caused a

crisis and generated questions about international law’s role in addressing terror-

ism in cyberspace. This article analyzes international law in connection with po-

tential terrorist cyberattacks and terrorist use of cyber technologies for other

purposes. International law is not well positioned to support responses to terrorist

cyberattacks, but the lack of such attacks to date undermines incentives for states

to develop international law against this threat. In terms of terrorists using the

Internet and social media for propaganda, radicalisation, recruiting and fundrais-

ing, the crisis caused by the Islamic State’s online activities has not created con-

sensus strong enough to support a prominent role for international law in

countering cyber-facilitated terrorism.

1. Introduction

The Internet’s global emergence has long produced worries about terrorism in

cyberspace. In the USA, President Bill Clinton feared terrorist cyberattacks

against critical infrastructure in the late 1990s,1 and, reacting to the San

Bernardino shootings in December 2015, politicians demanded action against

terrorist exploitation of social media.2 Despite two decades of concerns, states

have not developed much international law addressing terrorism in cyberspace.
New developments, such as anxieties about terrorist use of encryption3 and

* James Louis Calamaras Professor of Law, Indiana University Maurer School of Law;
Adjunct Senior Fellow for Cybersecurity, Council on Foreign Relations; and Chair,
International Law Association Study Group on Cybersecurity, Terrorism, and
International Law. dfidler@indiana.edu. Section 3 of this article draws on the ILA
Study Group’s work.

1 Presidential Decision Directive/NSC-63 (The White House, Washington, 22 May
1998) 5http://fas.org/irp/offdocs/pdd/pdd-63.htm4 accessed 30 August 2016.

2 DP Fidler, ‘Cyber Policy after the Paris and San Bernardino Terrorist Attacks’ (Net
Politics, 8 December 2015) 5http://blogs.cfr.org/cyber/2015/12/08/cyber-policy-after-
the-paris-and-san-bernardino-terrorist-attacks/4 accessed 20 March 2016.

3 ‘Cyber-Security: The Terrorist in the Data’ The Economist (London, 29 November 2015)
5www.economist.com/news/briefing/21679266-how-balance-security-privacy-after-paris-at-
tacks-terrorist-data4 accessed 20 March 2016.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Journal of Conflict & Security Law (2016), Vol. 21 No. 3, 475–493

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

military cyberattacks against terrorist online capabilities,4 are unlikely to gen-

erate new international law. Explaining this reality requires understanding that

certain terrorist uses of information and communication technologies (ICTs)

have not materialised, while others confound states in ways that produce little

consensus about how to respond.

This article analyzes the international legal landscape of terrorism in cyber-

space in order to explain how it emerged, what it includes and whether changing

international law in this context is appropriate and feasible. After considering
preliminary issues for international law in the relationship between terrorism

and cyberspace (Section 2), the article examines international law in connection

with terrorists launching cyberattacks (Section 3). It then explores the interna-

tional legal implications of cyber-enabled terrorist activities, such as spreading

propaganda and radicalisation (Section 4). What emerges is a conundrum—pro-

spects for international law are least apparent where terrorism in cyberspace has

become a global crisis.

2. Terrorism, Cyberspace and International Law: Preliminary
Considerations

After the Cold War, governments fretted that terrorists would weaponise nu-

clear, biological, chemical and cyber technologies. These concerns arose with

global technological dissemination and with shifts in terrorist motivations to-

ward inflicting large-scale death and damage on civilians. Within high-tech ter-
rorism, cyber technologies are distinct because they are:

. more accessible, cheaper, less risky and more malleable than nuclear, bio-
logical and chemical materials; and

. offer ways to attack across a spectrum of consequences, gather intelli-
gence, communicate in planning and conducting operations, spread propa-

ganda, engage in ‘virtual’ criminal activities and raise financial resources.

These attributes have provoked questions about what ‘cyber terrorism’

means,5 questions that did not arise with terrorism involving weapons of mass

destruction (WMD). These questions converged with other controversies. States
have not agreed on a definition of ‘terrorism’, opting to define criminal offences

in specific contexts as part of addressing terrorist threats.6 This outcome reflects

4 DP Fidler, ‘Send in the Malware: U.S. Cyber Command Attacks the Islamic State’
(Net Politics, 9 March 2016) 5http://blogs.cfr.org/cyber/2016/03/09/send-in-the-mal-
ware-u-s-cyber-command-attacks-the-islamic-state/4 accessed 20 March 2016.

5 CA Theohary and JW Rollins, Cyberwarfare and Cyberterrorism: In Brief
(Congressional Research Service, 27 March 2015) 5http://fas.org/sgp/crs/natsec/
R43955.pdf4 accessed 20 March 2016.

6 B Saul, Defining Terrorism in International Law (OUP 2008).

476 David P. Fidler

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

a desire by many states to retain discretion over what terrorism means and how

to respond to it. Governments have used this discretion in characterising oppos-

ition to their policies, legitimacy and power as terrorism—behaviour criticised

for repressing dissent, violating human rights and degrading prospects for demo-

cratic governance.7

The multifunctional nature of cyber technologies provides ammunition for

defining ‘cyber terrorism’ narrowly and broadly. States worried about the do-

mestic political consequences of Internet access tend to favor broad definitions

of cyber terrorism. Conversely, the legitimacy of many cyber activities supports

defining cyber terrorism narrowly—as terrorist attacks perpetrated through

ICTs. Spreading propaganda and radicalising people through social media by

the so-called Islamic State are cyber-enabled forms of terrorism that fall be-

tween these narrow and broad definitions. Islamic State propaganda can terror-

ise civilians by spreading fear through execution videos, incite terrorist violence

by radicalising people, and inspire support by depicting efforts to build the

caliphate.8

This relationship between terrorism and cyberspace means the range of inter-

national legal issues it touches is complex. Terrorists have always used new

technologies, but policymakers did not single out, for example, ‘mobile phone

terrorism’. The Internet’s impact has been more transformative. Similarly,

approaches to preventing terrorists from weaponising other technologies do

not work in the cyber context, which forces policy to pursue other strategies

to thwart terrorist interest in cyber weapons.

Despite the implications of terrorism’s relationship with cyberspace, the applic-

able international law consists mainly of rules not developed for the challenges

ICTs present. These legacy rules mean terrorist use of ICTs does not occur in a

legal void. However, the trajectory of terrorism in cyberspace casts harsh light on

international law and forces policymakers to ask whether they need to develop it

to address terrorism in cyberspace effectively. Reform would confront challenges,

including disagreements about how to define terrorism, lack of consensus on what

key legal principles mean, and political competition over issues—such as Internet

governance—not specific to terrorism. These challenges limit what might be pos-

sible in making international law more responsive to terrorism in cyberspace.

3. Cyberattacks by Terrorists and International Law

Preventing, protecting against and responding to terrorist attacks preoccupy

counter-terrorism policy. The same is true for potential terrorist use of ICTs

7 Office of the UN High Commission for Human Rights, Human Rights, Terrorism, and
Counter-Terrorism (Fact Sheet No 32, 2008) 5www.ohchr.org/Documents/
Publications/Factsheet32EN.pdf4 accessed 20 March 2016.

8 C Winter, The ‘Virtual’ Caliphate: Understanding Islamic State’s Propaganda Strategy
(Quillium Foundation 2015).

Cyberspace, Terrorism and International Law 477

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

to attack cyber-enabled infrastructure, facilities or services. Fear of terrorist

cyberattacks has grown as dependence on ICTs deepened and as the skills

and means to launch such attacks disseminated.9 However, terrorists have not

shown much interest in, or abilities to undertake, cyberattacks. Whatever else

explains this state of affairs, international law deserves no credit for it.

Despite years of concern, states have adopted few international instruments

addressing cyberattacks by terrorists. In countering conventional and WMD

terrorism, states negotiated treaties that define terrorist offences, require parties

to criminalise and exercise jurisdiction over the offences, and engage in law

enforcement cooperation.10 Most of these treaties apply to conventional terror-

ism, but some cover attacks involving biological, chemical and nuclear agents

that have rarely or not yet occurred.11 Of the multilateral treaties, only two on

civil aviation (which are not in force) expressly include cyberattacks.12 The only

regional terrorism agreement mentioning cyber comes from the Association of

South East Asian Nations (ASEAN). It encourages cooperation on various

forms of terrorism, including cyber terrorism,13 but the ASEAN agreement

does not include cyberattacks as a criminal offence. Similarly, United Nations

(UN) Security Council decisions that impose binding counter-terrorism duties

do not mention cyberattacks.14

Existing international law on terrorism does not apply well to possible

cyberattacks by terrorists. States could interpret certain multilateral treaties to

apply to such attacks,15 but this approach produces limited coverage under

agreements designed for noncyber forms of terrorism. Regional treaties often

use the offences defined in the multilateral agreements,16 which extends this

9 D Paletta, ‘FBI Director Sees Increasing Terrorist Interest in Cyberattacks against
U.S.’ Wall Street Journal (New York City, 22 July 2015) 5www.wsj.com/articles/fbi-
director-sees-increasing-terrorist-interest-in-cyberattacks-against-u-s-14376192974
accessed 20 March 2016.

10 UN, International Instruments Related to the Prevention and Suppression of
International Terrorism (UN 2008).

11 International Convention for the Suppression of Terrorist Bombings (adopted 15
December 1997, entered into force 23 May 2001) 2149 UNTS 256; International
Convention for the Suppression of Acts of Nuclear Terrorism (adopted 13 April
2005, not yet entered into force) 2445 UNTS 89.

12 Protocol Supplemental to the Convention for the Suppression of Unlawful Seizure of
Aircraft (10 September 2010) ICAO Doc 9959; Convention on the Suppression of
Unlawful Acts Relating to International Civil Aviation (adopted 10 September 2010,
not yet entered into force) ICAO Doc 9960.

13 ASEAN Convention on Counter Terrorism (13 January 2007)5www.asean.org/news/
item/asean-convention-on-counter-terrorism4 accessed 20 March 2016.

14 UNSC Res 1373 (28 September 2001) UN Doc S/RES/1373; UNSC Res 1540(28 April
2004) UN Doc S/RES/1540; UNSC Res 2178 (24 September 2014) UN Doc S/RES/
2178.

15 B Saul and K Heath, ‘Cyber Terrorism’ in N Tsagourias and R Buchan (eds),
Research Handbook on International Law and Cyberspace (Edward Elgar 2015)
147–67.

16 See, for example, ASEAN Convention on Counter Terrorism (n 13).

478 David P. Fidler

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

patchwork coverage into regional contexts. Security Council resolutions are

broad enough to cover terrorist cyberattacks. However, neither the Security

Council nor its Counter-Terrorism Committee (CTC)17 has focused much on

the threat of such attacks.

While cyberattacks could qualify as offences in some treaties, cyber technol-

ogies raise challenges different from terrorism involving conventional weapons

or WMD agents. The treaties apply a criminal law approach, which requires

identifying those responsible for terrorist offences. Although identifying perpet-
rators of conventional terrorism can be difficult, attribution in the cyber context

is more challenging.18 For example, the Islamic State’s so-called ‘Cyber

Caliphate’ claimed responsibility for attacking a French television station,

which French officials asserted was terrorism.19 France later indicated Russian

hackers were to blame—at which point attribution remained unclear, as did

whether the incident was terrorism.20

A second feature of cyber technologies is the range of consequences they

permit attacks to achieve—from disruption to destruction. Offences in antiter-
rorism treaties typically require the act in question to result in, or be intended to

produce, injury, death or serious property damage.21 These thresholds create the

potential for terrorists to engage in cyberattacks underneath them and not

commit a terrorist offence. The Cyber Caliphate claimed responsibility for tem-

porarily disrupting social media channels of US Central Command. The US

Government dismissed the incident as ‘cyber vandalism’.22 The USA would

never classify a biological attack by terrorists on its military as ‘bio vandalism’,

even if the attack only caused temporary, limited disruption. This incident

17 Security Council Counter-Terrorism Committee5www.un.org/en/sc/ctc/4accessed 20
March 2016.

18 N Tsagourias, ‘Cyber Attacks, Self-Defence and the Problem of Attribution’ (2012)
17(2) J Conflict & Secur L 229. On the topic of attribution in cyberspace, see K
Mač ák, ‘Decoding Article 8 of the International Law Commission’s Articles on
State Responsibility: Attribution of Cyber Operations by Non-State Actors’ (in this
volume) J Conflict & Secur L.

19 A Chrisafis and S Gibbs, ‘French Media Groups to Hold Emergency Meeting after
ISIS Cyber-Attack’ The Guardian (London, 9 April 2015) 5www.theguardian.com/
world/2015/apr/09/french-tv-network-tv5monde-hijacked-by-pro-isis-hackers4 ac-
cessed 20 March 2016.

20 J Lichfield, ‘TV5Monde Hack: “Jihadist Cyber Attack on French TV State Could
Have Russian Link” ’ The Independent (London, 10 June 2015) 5www.independent.
co.uk/news/world/europe/tv5monde-hack-jihadist-cyber-attack-on-french-tv-station-
could-have-russian-link-10311213.html4 accessed 20 March 2016.

21 The draft Comprehensive Convention on International Terrorism reflects this pattern
by defining offences as acts that cause death or seriously bodily injury, serious damage
to property, or property damage that causes major economic loss. UNGA ‘Letter
dated 3 August 2005 from the Chairman of the Sixth Committee addressed to the
President of the General Assembly’ (12 August 2005) UN Doc A/59/894, app II
(hereinafter Draft Comprehensive Convention).

22 US Department of Defense, ‘CENTCOM Acknowledges Social Media Sites
“Compromised”’ (12 January 2015) 5www.defense.gov/news/newsarticle.
aspx?id¼123956&source¼GovDelivery4 accessed 20 March 2016.

Cyberspace, Terrorism and International Law 479

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

highlights the range of consequences cyber technologies make possible and dif-

ferent perceptions about cyberattacks.

These consequences and perceptions raise questions whether certain cyberat-

tacks, such as corrupting or deleting stored data without destroying physical

property, qualify as damage in antiterrorism treaties. Such questions implicate

treaty interpretation and could generate disagreements about applying these

treaties to cyberattacks and prevent their use in responding to cyberattacks by

terrorists (assuming attribution was feasible). These problems might counsel

developing a treaty designed to address what cyber technologies enable terror-

ists to do.

Whether customary international law offers guidance with respect to terror-

ism has proved controversial. The Special Tribunal for Lebanon held customary

international law recognises a crime of international terrorism,23 the elements of

which could encompass terrorist cyberattacks.24 However, this ruling has been

criticised.25 In addition, finding evidence the decision affected state behaviour is

difficult, suggesting state practice does not support the tribunal’s reading of

custom. Hence, the tribunal’s crime of international terrorism does not provide

a strong basis in international law for addressing terrorist cyberattacks.

Beyond international law on terrorism, states could respond to terrorist

cyberattacks by applying treaties on cybercrime, transnational organised

crime, extradition and mutual legal assistance. Relying on such instruments

would run counter to state preferences for distinguishing terrorism from other

crimes. Existing cybercrime treaties are largely regional in membership with

limited numbers of parties. The Council of Europe’s Convention on

Cybercrime has the largest number of parties, but only 48 countries, predomin-

antly European, have joined.26 The UN Convention against Transnational

Organized Crime has 186 parties,27 but this regime has not focused on or

deterred cybercrime. Extradition agreements and mutual legal assistance trea-

ties (MLATs) are mainly bilateral, making their application to terrorist cyberat-

tacks dependent on the politics of bilateral relations. MLATs are difficult to use

23 Special Tribunal for Lebanon (Interlocutory Decision on the Applicable Law) STL-
11-01/I (16 February 2011).

24 ibid, para 85.
25 See, for example, B Saul, ‘Legislating from a Radical Hague: The United Nations

Tribunal for Lebanon Invents an International Crime of Transnational Terrorism’
(2011) 24(3) Leiden J Intl L 677.

26 Convention on Cybercrime (23 November 2001) Council of Europe Treaty Series No
185; Convention on Cybercrime Status (as of 16 March 2016) 5http://conventions.coe.
int/Treaty/Commun/ChercheSig.asp?NT¼185&CM¼1&DF¼20/02/2015&CL¼ENG4
accessed 20 March 2016.

27 UN Convention against Transnational Organized Crime (15 November 2000, entered
into force 29 September 2003) 2225 UNTS 209; UN Convention against Transnational
Organized Crime: Status of Ratification (as of 16 March 2016)5https://treaties.un.org/
Pages/ViewDetails.aspx?src¼TREATY&mtdsg_no¼XVIII-12&chap-
ter¼18&lang¼en4 accessed 20 March 2016.

480 David P. Fidler

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

effectively against crimes involving digital evidence,28 which would happen with

investigating terrorist cyberattacks.

In terms of new treaty law, countries have been negotiating the proposed

Comprehensive Convention on International Terrorism since the latter half of

the1990s,29 a period corresponding to the rise of worries about terrorist cyberat-

tacks. The offence defined in the draft text is broad enough to be applicable to

cyberattacks.30 However, negotiations have not concluded after nearly 20 years,

and the possibility of terrorist cyberattacks has not catalyzed conclusion of these
talks, which remain deadlocked over issues having nothing to do with

cyberspace.

Strategies used to keep dangerous materials away from terrorists have no

counterparts when cyberattacks are the concern. States developed treaties to

protect nuclear materials in transport31 and to mark plastic explosives32 as coun-

ter-terrorism measures, and nonproliferation agreements on nuclear, biological

and chemical weapons are considered helpful in keeping WMD materials away

from terrorists. Similarly, the Security Council mandated that UN Member
States prevent terrorists from acquiring WMD materials.33 Transposing this ap-

proach to the cyber context is not promising. Unlike physical materials subject

to antiterrorism protections, cyber weapons are software code.

Attempts to block exports of certain surveillance technologies and intrusion

software to repressive governments on human rights grounds demonstrate the

difficulties and controversies that arise with restricting access to digital informa-

tion.34 Similar problems emerged with policy on handling exploitable flaws in

software not identified by the vendor or users.35 Preventing terrorists from get-
ting access to such ‘zero day’ vulnerabilities is difficult because the vulnerabil-

ities are simply information rather than material that can be physically

controlled. The best way to prevent access is to disclose and patch vulnerabilities

as they are discovered, but disclosure does not always happen because undis-

closed vulnerabilities have law enforcement, intelligence and military value.36

28 AK Woods, Data Beyond Borders: Mutual Legal Assistance in the Internet Age
(Global Network Initiative, January 2015) 5http://csis.org/files/attachments/
GNI%20MLAT%20Report.pdf4 accessed 20 March 2016.

29 UNGA Res 51/210 ‘Measures to Eliminate International Terrorism’ (17 December
1996) UN Doc A/RES/51/210.

30 Draft Comprehensive Convention (n 21).
31 Convention on the Physical Protection of Nuclear Material (adopted 26 October 1979,

entered into force 8 February 1987) 1456 UNTS 124.
32 Convention on the Marking of Plastic Explosives for the Purpose of Detection

(adopted 1 March 1991, entered into force 21 June 1998) 2122 UNTS 359.
33 Resolution 1540 (n 14).
34 Wassenaar Arrangement, List of Dual-Use Goods and Technologies and Munitions

List, WA-LIST (13) 1 (4 December 2013); K Zetter, ‘Why an Arms Control Pact Has
Security Experts Up in Arms’ Wired (New York City, 24 June 2015) 5www.wired.
com/2015/06/arms-control-pact-security-experts-arms/4 accessed 20 March 2016.

35 P Stockton and M Golabek-Goldman, ‘Curbing the Market for Cyber Weapons’
(2013) 32 Yale L & Policy Rev 101; M Fidler, ‘Regulating the Zero-Day
Vulnerability Trade: A Preliminary Analysis’ (2015) 11(2) J L & Pol Inform Soc 405.

Cyberspace, Terrorism and International Law 481

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

Further, software vulnerabilities, malware to exploit them, and skills to launch

cyberattacks are globally distributed and accessible to terrorists.

Counter-terrorism policies also emphasise protecting societies from terrorist

attacks, especially critical infrastructure. Cybersecurity thinking similarly stres-

ses ‘hardening the target’, especially cyber-enabled critical infrastructure,

against cyberattacks regardless of the source37—an ‘all hazards’ protection strat-

egy.38 Governments can often pursue this objective without international law

because most critical infrastructure is within their territorial jurisdictions.

However, the need for critical infrastructure protection is producing interna-

tional cooperation and international law. Regional organisations, such as

ASEAN, the European Union (EU), and the Organization of American

States (OAS),39 and security regimes, such as the North Atlantic Treaty

Organization (NATO),40 promote cooperation on critical infrastructure protec-

tion. Within treaties that address critical infrastructure sectors—such as civil

aviation,41 maritime transport42 and nuclear safety43—international organisa-

tions are paying more attention to cybersecurity. States in different geographical

and political contexts are using international legal instruments to increase pro-

tection of cyber-enabled critical infrastructure.44 These activities are recent, so

they are not responsible for the lack of terrorist cyberattacks. Whether these

36 D Sanger, ‘Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say’ New York
Times (New York City, 13 April 2014).

37 National Institute of Standards and Technology, Framework for Improving Critical
Infrastructure Cybersecurity, Version 1.0 (12 February 2014) 5www.nist.gov/cyberfra-
mework/upload/cybersecurity-framework-021214.pdf4.

38 DP Fidler, ‘Whither the Web? International Law, Cybersecurity, and Critical
Infrastructure Protection’ (October 2015) Georgetown J Intl Aff 8.

39 CH Heinl, ‘Regional Cyber Security: Towards a Resilient ASEAN Cyber Security
Regime’ (2013) RSIS Working Paper No 263; European Commission, ‘Critical
Infrastructure’ 5http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/crisis-and-
terrorism-critical-infrastructure/index_en.htm4 accessed 20 March 2016; OAS,
‘Critical Infrastructure Protection Programs: Cyber Security’ 5www.oas.org/en/sms/
cicte/programs_cyber.asp4 accessed 20 March 2016.

40 M Edwards (ed), Critical Infrastructure Protection, NATO Science for Peace and
Security Series 116 (IOS Press 2014).

41 R Benjamin, ‘Meeting a Global Threat with a Global Response: Aviation’s
Collaborative and Multidisciplinary Actions on Cybersecurity’ (Autumn 2015)
Cyber Secur Rev 38.

42 International Maritime Organization, ‘Maritime Security’ 5www.imo.org/en/
MediaCenre/HotTopics/priacy/Pages/default.aspx4 accessed 20 March 2016.

43 International Atomic Energy Agency, Nuclear Security Plan 2014-2017 (3 August
2013) GOV/2013/42-GC(57)/19.

44 Council Directive 2008/114/EC of 8 December 2008 on the Identification and Designation
of European Critical Infrastructure and the Assessment of the Need to Improve Their
Protection [2008] OJ L/345/75; Shanghai Cooperation Organization, Agreement on
Cooperation in the Field of International Information Security (16 June 2009) 5https://
ccdcoe.org/sites/default/files/documents/SCO-090616-IISAgreement.pdf4 accessed 20
March 2016; African Union, Convention on Cyber Security and Personal Data
Protection (27 June 2014) EX.CL/846(XXV).

482 David P. Fidler

at :: on D
ecem

ber 20, 2016
http://jcsl.oxfordjournals.org/

D
ow

nloaded from

efforts produce better cybersecurity and, thus, deter attacks on critical infra-

structure remains to be seen.

Counter-terrorism policies underscore the need for resilience—the ability to

identify terrorist attacks, control the damage and recover. Cybersecurity policy

also highlights resilience as critical, and resilience informs development of na-

tional computer incident or emergency response teams and cooperation among

them. However, cooperation on cyber resilience before or after an incident

happens without international legal obligations, which mirrors international

law on terrorism. Apart from obligations on law enforcement cooperation,

antiterrorism treaties do not include duties to provide assistance to parties at-

tacked by terrorists. This state of affairs also reflects the lack of legal obligations

on states to assist countries hit by natural disasters.45 Discussion of a duty to

assist countries experiencing cyberattacks has framed the duty as a nonbinding,

or ‘soft law’, responsibility.46

This analysis of counter-terrorism activities from antiterrorism treaties to

post-attack resilience demonstrates international law is not well developed re-

garding terrorist cyberattacks. Thus, international law is a nonfactor in explain-

ing why terrorists have not engaged in such attacks. Options for strengthening

international law against terrorist cyberattacks exist, including clarification of

the applicability of certain antiterrorism treaties, protection of cyber-enabled

critical infrastructure, and negotiation of a treaty on terrorist cyberattacks.

However, the absence of attacks weakens incentives for states to tackle this

threat. International law on terrorism has largely developed through states

reacting to terrorist violence. This pattern casts doubt on whether states

would develop international law in the absence of terrorist cyberattacks. The

most promising options arise where developing international law would pay

dividends against cyber incidents regardless of their source. Strengthening

cybersecurity in critical infrastructure would protect against intrusions by ter-

rorists, spies, militaries and criminals. Unlike the disinterest terrorists have

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality