CYIL vol. 12 (2021)

CYIL 12 (2021) PREEMPTIVE SELF-DEFENCE IN CYBERSPACE the sector of security services, electricity generation, transportation systems and against other essential assets for the functioning of a society and economy. In our digital and globalized world, a cyberattack can attain similar destructive effects and multifaceted damage as a conventional attack despite its remoteness and virtuality. This new type of weapon can operate in a totally different mode than the traditional battlefield proposes – immediacy, undetectability, and unpredictability. Coupled with the difficult traceability and anonymity of the author, the prevention and capacity to deflect the cyberattack might be arduous. In view of the possible harmful and highly destructive effects, some States claim their right to preemptive self-defence in the cyberspace. In other words, they assert the right to exercise self-defence against an imminent cyberattack, i.e. the right to act, in anticipatory self-defence, against an imminent or proximate threat 2 , without the need to wait for the actual attack to occur. New-old concept, is preemptive self-defence in cyberspace justifiable under international law? What are the preconditions for the acceptance and legal validity of such rule in international legal order? Which legal arguments do the pioneer proponents of this norm have at hand? In view of the current claims to preemptive self-defence in cyberspace (I.), it is appropriate, first, to remind the existing legal regime of self-defence in international law as laid down in the UN Charter (II.) before the validity of the argument of preemption in cyberspace is assessed (III). I. Pioneer claims for preemptive self-defence in cyberspace In view of the “necessity of international law keeping pace with the modern world”, the Attorney General Jeremy Wright QC MP presented in his speech in 2018 the UK’s position on the application of international law to cyberspace. 3 Among other legal issues, he announced that “the UK considers it is clear that cyber operations that result in, or present an imminent threat of, death and destruction on an equivalent scale to an armed attack will give rise to an inherent right to take action in self-defence, as recognised in Article 51 of the UN Charter”. 4 Already in 2013, in the Government Response to the Committee’s Sixth Report of Stevenson, K., Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health, 33 International journal for quality in health care: Journal of the international society for quality in health care (2021) No. 1; and Lallie, H. S. et als ., Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic, 105 Computers & Security (2021). For an updated list of significant cyberattacks on “government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars” since 2006, see Center for Strategic and International Studies (CSIS), Significant Cyber Incidents , Washington, D.C, available at . 2 See the definition in A more secure world: our shared responsibility, Report of the high-level panel on threats, challenges and change , UN Doc. A/59/565, 2 December 2004, para. 189. The argument of a “preventive self-defence”, on the contrary, refers to the right to act against a non-imminent or non-proximate armed attack. There is, however, a marked confusion of terms, both in practice and doctrine, deriving from the absence of a legally binding definition and important disunity of views, and the terms “preemptive”, “anticipatory”, and “preventive” are sometimes used interchangeably. 3 Attorney General Jeremy Wright QC MP, Cyber and international law in the 21st century, 23 May 2018 , Attorney General’s Office, available at . 4 Ibid .

69