written by- Abhivardhan


International Law is the law of nations and a perfect model and systemization of reparations. Even in the wake of Cybersecurity Laws and realms, it has presented a suitable consideration, whether is it being public or private. The intervening intentions of North Korea and the basic cybersecurity measures by the People’s Republic of China ascribe what and how the US is becoming prone to such considerations, which are itself too vague for the International Community. Even India has been suffering the same wake in its elucidatory ‘Aadhar’ policy. This article gives a briefing on how these considerations are making their own way with some special references. It also tries to critically analyze the conglomeration of International Law into a cyber legal doctrine.


Time has to change and this process is miraculous. No one can even expect this change as whenever it happens, it remains as if it is moot. So we must understand that when change comes, let us accept it wholeheartedly.

So, what is happening is interesting… China has become a great supporter of the enforcement of cybersecurity law. Prior to the enactment of the Cybersecurity Law, China already had some laws, rules, and regulations relating to information security, such as Administrative Measures for Prevention and Treatment of Computer Viruses and Administrative Measures for Hierarchical Protection of Information Security. The Cybersecurity Law, which indicates that China is increasingly focussing on cybersecurity, was adopted by the National People’s Congress (NPC) in November 2016 after a year of legislative proceedings and will come into effect on 1 June 2017[1]. The United States, in a document submitted for debate at the WTO Services Council, said if China’s new rules enter into full force in their current form, as expected by the end of 2018, they could impact cross-border services supplied through a commercial presence abroad. “China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business,” it said. “The United States has been communicating these concerns directly to high-level officials and relevant authorities in China,” the U.S. document said, adding it wanted to raise awareness among WTO members about the potential impact on trade.[2] Well, this is one idea of concern. But India has been quite exciting and filled with ecstasy to encourage the “AADHAR” Policy when the Supreme Court banged at it to make it realize that a sovereign is not just the one who enforces, but also whom, who carefully analyses things swiftly. Indian officials in charge of a controversial biometric identity scheme have filed a police complaint after a report that citizens’ personal details were being sold for as little as 500 rupees ($7.8;£5.8) online.[3]

But history has it that we have observed some very vague interventions-based accreditations. Such as there is with NATO. In response to the moving of a Soviet War Memorial, hackers began interfering with Estonian government websites through distributed denial of service attacks. Hackers defaced certain sites and redirected users to images of Soviet soldiers. This interference lasted approximately about a month, affecting several banks and newspapers. Estonian officials claimed it was the same as if a conventional military force had closed down Estonia’s ports and referred to the episode as ‘cyber-war’. The origin of the cyber-interference remains uncertain today. It was widely believed to have been instigated by Russia but experts were never able to establish this. Some argued that Estonia was attacked in a way that triggered Meeting Summary: Cyber Security and International Law the North Atlantic Treaty’s (NATO) Article 5. NATO did not respond with a counter-attack, but it did establish an internet defense facility in Estonia, called the Cooperative Cyber Defense Center of Excellence (CCDCOE). Estonia itself has now created a volunteer unit of cyber-experts akin to the US National Guard and has become a leader in determining ways to defeat online interference.[4]

The echoes of International Law via the United Nations

So this is always interesting to consider how change itself ascribes something very newer aspect of consideration. The argument must begin by reference to Article 2(4) of the UN Charter as the general rule. Article 2(4) generally prohibits the use of force except in the case of self-defense as set out in Article 51 or with Security Council authorization. The World Summit Outcome Document of 2005 restates the international community’s support for strict compliance with the Charter rules on the use of force.[5] The ICJ made similar assessments of ‘scale and effects’ of violent action in the Oil Platforms[6]case, the Wall Advisory Opinion[7] and the DRC v Uganda[8] case.

Given the anonymity of the technology involved, attribution of a cyber-attack to a specific state may be very difficult. While a victim state might ultimately succeed in tracing a cyber-attack to a specific server in another state, this can be an exceptionally time-consuming process, and even then, it may be impossible to definitively identify the entity or individual directing the attack. For example, the ‘attacker’ might well have hijacked innocent systems and used these as ‘zombies’ in conducting attacks.[9]

North Korea is too considerate to the International Community to even consider how its impacts are awful. However, this is interesting to consider that how things are to be taken for the matter of consideration. North Korea was behind the infamous WannaCry cyberattack, asserted homeland security adviser Thomas P. Bossert in Dec. 18 op-ed in the Wall Street Journal that echoes the CIA’s previously classified assessment and British government statements. And the United States, Bossert insists, will hold bad actors accountable—in this case, for the billions of dollars in harm caused by this widespread and indiscriminate ransomware attack. He cites as precedent the U.S. government actions were taken against Russian, Iranian and Chinese hackers. But curiously, other than publicly attributing WannaCry to North Korea, Bossert does not identify any specific measures of accountability being taken against Pyongyang, either by the United States or by the United Kingdom (where the WannaCry attack knocked a substantial number of National Health Service hospitals offline). Instead, Bossert suggests the U.S. government’s focus is to “call out bad behavior” and that this effort to name and shame North Korea is part of the Trump administration’s “maximum pressure strategy.”[10] So, this is an emergence towards a better phenomenon of societal and statutory openness towards an interactive web of no hoax but special representation. Within the national security and international legal communities, it is time to move past the vagaries of diplomacy and into more concrete discussions of interpretations of law and countermeasures. Both decision-makers in the Pentagon and those members of Congress tasked with oversight deserve clear guidance into how the United States should respond to cyber attacks.[11] This may be a better consideration how International Law is becoming cyber.


[1] KPMG, Overview of China’s Cybersecurity Law. Retrieved February 8, 2018 from https://assets.kpmg.com/content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecurity-law.pdf.

[2] Miles, Tom (SEPTEMBER 26, 2017). U.S. asks China not to enforce cyber security law. Retrieved February 8, 2018 from https://www.reuters.com/article/us-usa-china-cyber-trade/u-s-asks-china-not-to-enforce-cyber-security-law-idUSKCN1C11D1

[3] BBC (January 5, 2018). Aadhaar: ‘Leak’ in world’s biggest database worries Indians . Retrieved February 8, 2018 from https://assets.kpmg.com/content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecurity-law.pdf.

[4] Mary Ellen O’Connell; Louise Arimatsu; (May 29, 2012). International Law: Meeting Summary Cyber Security and International Law. Retrieved February 8, 2018 from https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Law/290512summary.pdf

[5] Ibid.

[6] Case Concerning Oil Platforms (Iran v. United States of America), 6 November 2003, cited at: http://www.iilj.org/courses/documents/CaseconcerningOilPlatforms.pdf

[7] Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory (Request for advisory opinion), 9 July 2004, Summary cited at: http://www.icj-cij.org/docket/files/131/1677.pdf

[8] Armed Activities on the Territory of the Congo (Democratic Republic of Congo v. Uganda), 19 December 2005, Summary cited at: http://www.icjcij.org/docket/index.php?sum=643&code=co&p1=3&p2=3&case=116&k=51&p3=5

[9] David E. Graham, Cyber Threats and the Law of War, Journal of National Security Law & Policy, Vol. 4,  p. 92. Also cited, Rick Lehitnen et Al., Computer Security Basics 81 (2d ed. 2006)

[10] Adams, Michael J.;  Reiss, Megan (December 22, 2017, 1:00 PM).  How Should International Law Treat Cyberattacks like WannaCry? Retrieved February 8, 2018 from https://www.lawfareblog.com/how-should-international-law-treat-cyberattacks-wannacry

[11] Ibid.

Leave A Comment