Abstract:
The paper examines the evolving nature of cyberattacks in the world with a comprehensive
analysis of the applicability of the existing international law framework to case studies of
cyberattacks such as the Stuxnet 2009, WannaCry Ransomware 2017, North Korean APT
threat 2016, Russia-Ukraine Cyber war 2022, etc. The paper is divided into four parts: Part A
evaluates the cyber threshold criteria under Article 2(4) and 51 of the UN Charter by
classifying cyberattacks into espionage, sabotage, and warfare. Part B evaluates the
conditions to the exercise right of self-defense and proportional countermeasures in case of a
violation of a prohibited ‘use of force’ or an ‘internationally recognized wrongful act’ with a
focus on understanding what amounts to ‘proportionality’ in such cases. The study also
considers the possibility of ‘anticipatory self-defensive’ measures by applying the Caroline test
to ‘imminent threats’ in the cyber domain. In Part C, the problem of attribution is highlighted
and the possible solutions available within the existing framework of international law, such
as the ‘principle of due diligence,’ and the ‘plea of necessity’. The study examines the
applicability of the UN Charter, ARISWA, Tallinn Manuals and customary international law
to cyberspace. In Part D, the paper evaluates the strategic responses to the threat of
sophisticated cyber weapons and argues for a combined strategy of both deterrence and
resilience.
