The Issues with Developing an Effective Deterrent Against State Sponsored Cyberattacks

In May of 2011, the Pentagon officially determined that computer sabotage launched by an opposing country can constitute an act of war.[1] No doubt this warning, issued via official press release, was intended to establish a deterrent military threat aimed at foreign governments. The question to be answered in the coming years is whether this deterrent threat will be effective. This article will briefly explore the reasons why this attempt may fall short of actual success.

To deter is “to stop one from acting by frightening him; to discourage the performance of an act” as defined by Ballentine’s Law Dictionary.[2] The “fear” wished to be attained by the Pentagon is impeded however by the very Laws of Armed Conflict which it cites as the basis for the policy.[3] The Charter of the United Nations as agreed to by the United States in 1945 restricts the use of force by any member nation unless responding in self-defense to an armed attack.[4] The two legal questions raised under this article are (1) whether a cyberattack constitutes an “armed attack” and (2) at what point is self-defense warranted. The matter of self-defense becomes an issue as “complete or partial interruption of economic relations and of rail, sea, air, postal, telegraphic, radio, and other means of communication, and the severance of diplomatic relations” are not viewed as the use of armed force under Article 41 of the U.N. Charter.[5] In the immediate aftermath of a cyberattack, the United States would have to seek the approval of the Security Council of the U.N. in order to avoid a military engagement lacking endorsement. As such, the United States would have to persuade 9 of the 15 members of the Security Council that the cyberattack was an “armed attack” and that the attack had gone beyond the parameters of the actions listed under Article 41; while also avoiding a veto from any of the 5 permanent members (China, France, Russia, the United Kingdom, and United States).[6] The great hurdles associated with attaining approval coupled with the likely reluctance the United States would have in engaging in military conflict without U.N. endorsement may bolster any foreign state’s confidence in continuing to conduct cyberattacks so long as they are not substantial.

Even if a cyberattack prompted a military strike by the United States, the new policy undertaken by the Pentagon would be subject to the principle of the proportionality of response.[7] Under customary international law, the United States should restrain itself to a response proportional to the injury suffered.[8] This of course raises the question of just how much real world damage is proportional to damage caused via cyberattacks. Again, should a foreign state restrain its cyberattacks to levels where there is marginal real world damage, a military strike may not be justified.

Ultimately, operations in cyberspace have many advantages when examined through the framework of old laws of armed conflict. Large military forces like that of the United States cannot strike without upsetting the established standards of war and so must push for the advancement of such international law. But even if such legal advancement is made, foreign nations conducting cyberattacks still continue to enjoy the greatest benefit of this new battlefield: anonymity. Without the existence of a deterrent threat the United States will continue to be the victim of cyberattacks sponsored by foreign nations; at least until a new balance is found.

[1] Siobahn Gorman & Julian E. Barnes, Cyber Combat: Act of War, The Wall Street Journal (May 31, 2011),

[2] Ballentine’s Law Dictionary (3d ed. 1969).

[3] 1945 U.S.T. LEXIS 199 (U.S.T. 1945).

[4] Id.

[5] Id.

[6] Id.

[7] Siobahn Gorman & Julian E. Barnes, Cyber Combat: Act of War, The Wall Street Journal (May 31, 2011),

[8] Shoshana Bryen, Proportionality: Israel’s Response to Hamas Rocket Attacks Under International Law, The Jewish Institute for National Security Affairs,

Author: Vivek Mehta

A native of Jersey City, New Jersey, Vivek Mehta holds a B.A. in Business Administration with a concentration in Finance, Entrepreneurship, and Legal Studies from Drexel University. Prior to his interest in the legal field, he worked as a Property Accountant for American Financial Realty Trust and assisted in their merger with Gramercy Capital Corp. At Rutgers School of Law – Newark, Vivek’s particular interest is in civil litigation work. He is a Managing Notes and Comments Editor for the Rutgers Computer and Technology Law Journal. He is currently a Law Clerk for the Hudson County Law Department in New Jersey.

Leave a Reply

Your email address will not be published.