Examining Cyber Interference:

Does it Constitute Armed Attack under Jus Ad Bellum?

Eula Maye Celaine C. Perturbos

I. Introduction

The damage brought about by cyber interference have become more real

than a mere pigment of the imagination. It is also worthy to note that cyber

interference has become a global threat as it is capable of putting a state’s

national security at risk.1 It affects not only the conduct of state affairs, but even

the individual rights of the citizens as well. Needless to say, its impact in the

society as well as its publicity has made cyber interference a significant issue in

modern foreign policy-making.

Despite the gravity of damage that cyber interference can cause, there is

very little that people know about cyber interference and the laws that govern

the same. Apparently, it is even valid to ask whether there is really a law that

addresses cyber interference and whether an international treaty among nations

would better address the threats of cyber interference than merely relying on

domestic law. Another problem dealing with cyber interference is the apparent

vagueness as to the different types of interference which includes cyber-attack

and cyber warfare. Nevertheless, there are legal authorities that have taken the

measure to give clarity on the matter and to give us a guideline on how to address

the same.

1
Hathaway, Oona A. and Crootof, Rebecca, “The Law of Cyber Attack” (2012). Faculty Scholarship Series, Paper
3852.
 It is therefore the aim of the author of this paper to establish what cyber

interference is and to examine the law on cyber interference in the Philippines

and in the global context. Moreover, it is also the aim of this paper to lay down

the difference between cyber-attack and cyber warfare based on the definitions

provided by legal luminaries on international law.

II. Defining Cyber-Attack and Cyber Warfare

a. What is Cyber-Attack?

The first challenge dealing with the issue of cyber interference is defining

and distinguishing cyber-attack and cyber warfare. It is also of paramount

importance to determine the scope of each type of cyber interference. This is an

important step for uniformity in subsequent literatures and even for students of

law to use the right word according to their proper context.

One of the most cited definitions of cyber-attack is the one provided by

Richard A. Clark, a government security expert.2 Clark defines cyber-attack as

“actions by a nation-state to penetrate another nation’s computers or networks

for the purposes of causing damage or disruption.”3

The most apparent problem with Clark’s definition of cyber-attack is the

fact that it only puts liability to a nation-state, while excluding other non-state

parties that might penetrate another nation’s computers.4

2
RICHARD A. CLARKE & ROBERT K. KNAKE, CYBER WAR: THE NEXT THREAT TO NATIONAL SECURITY AND WHAT TO
DO ABOUT IT (2010)
3
Id at 2
4
CLARKE & KNATE Supra note 2
 In an attempt to provide a more expansive definition of cyber-attack, the

Shanghai Cooperation Organization proposed a means-based approach to it. The

Organization views cyber-attack as “one that includes the use of cyber-

technology to undermine political stability.” It even went further to define

“information war” as a form of “mass psychologic[al] brainwashing to destabilize

society and state, as well as to force the state to take decision in the interest of

an opposing party.”5 The Organization has also clarified that the information

herein disseminated should be harmful to “social and political, social and

economic systems, as well as spiritual, moral and cultural spheres of other

states.”6

b. What is Cyber-Warfare?

Although cyber-attack and cyber-warfare have been used interchangeably

in some legal literature, there is actually a very thin line that differentiates the

two terms. Cyber-attack covers a wider range of cyber interference, while cyber-

warfare is a type of cyber-attack that would likely constitute an armed attack.

Essentially, the basic characteristics of cyber-warfare include the following

elements: a.) The objective must be to undermine the function of a computer

network; b.) It must have a political or national security purpose; and c.) The

effects must be equivalent to an “armed attack,” or activity must occur in the

context of armed conflict.7 Nevertheless, even the concept of cyber-warfare is still

subject to international debate.

5
SHANGHAI COOPERATION AGREEMENT
6
Id
7
Hathaway, Oona A. and Crootof, Rebecca, “The Law of Cyber Attack” (2012). Faculty Scholarship Series, Paper
3852.
 Can cyber-attack constitute an armed attack and, thus, be considered

cyber-warfare? If one state commits acts amounting to cyber-attack, can the

injured state retaliate by declaring war against the erring state? Is it justified to

use physical force in retaliation against a non-physical type of attack?

III. Survey of Cases Involving Cyber Attack

One of the most popular and highest-profile cyber-attack in recent times

is the notorious interference of Russia in the 2016 U.S. elections. Analysts have

determined the four major ways how a Russian cyber espionage team called

“Cozy Bear” or “A.P.T. 29”8 interfered with the said election which includes theft

of information, hacking into voting systems, selective dissemination of

information and propaganda campaigns.9

It was noted that Vladimir Putin has publicly accused Hilary Clinton as

the one responsible for the instigation of protest in Moscow in 2011 and

encouraging anti-Russian revolts in the 2003 Rose Revolution and 2004 Orange

Revolution.10 Needless to say, Russia’s interference in the 2016 U.S. election was

Putin’s tit-for-tat response.

Another notable cyber-attack happened in 2010 wherein the entire

population of Burma was deprived of Internet connection preceding Burma’s first

national election after twenty years.11 And the perpetrator? A computer “worm”

which was then called Stuxnet and which appears to have been authored by a

8
David E. Sanger and Scot Shane, Russian Hackers Acted to Aid Trump in Elections, N.Y. Times (Dec. 9, 2016)
9
Van De Velde, Jacqueline, The Law of Cyber Interference in Elections (May 15, 2017).
10
Eric Lipton, David E. Sanger and Scott Shane, The Perfect Weapon: How Russian Cyberpower Invaded the U.S.,
N.Y. Times (Dec. 13, 2016)
11
Burma Hit by Massive Net Attack Ahead of Election, BBC News (Nov. 4, 2010)
number of people all over the globe and tested by the Americans and Israelis.12

The most disturbing fact about Stuxnet is the fact that it is the very first

computer virus that is capable of targeting and destroying industrial systems

including power grids and facilities.13

In 2016, misinformation campaign or what is colloquially called as “fake

news” affected the Italian elections.14 La Stampa, an Italian newspaper, reported

that false information against Prime Minister Renzi was spread through blogs,

social media accounts and websites.15 As it turned out, Renzi did lose the

election, which put a serious threat in the country’s stability and vulnerable

banking sector.16

In all these instances, it is very apparent that cyber-attack has a

devastating effect to a state’s national security and may even dictate its political

and economic conditions. Following Russia’s election-hacking, then President

Barack Obama expressed his sentiments and promised that the U.S. will deliver

a “proportional response.”17 Nevertheless, the concept of “proportional response”

is very vague considering that the international law does not have a specific or

direct mechanism addressing cyber-attack.

IV. Can Cyber-Attack be Used as a Ground for War?

Laws That Govern Cyber Interference

12
The Stuxnet Worm: A Cyber-Missile Aimed at Iran, ECONOMIST BABBAGE, see also Jonathan Fildes, Stuxnet
Worm “Targeted High-Value Iranian Assets,” BBC News (September 23, 2010)
13
Fildes, Supra
14
Jason Horowitz, Spread of Fake News Provokes Anxiety in Italy, N.Y. Times (Dec. 2, 2016)
15
Ivana Kottasova, Did Fake News Influence Italy’s Referendum? CNN (Dec. 5, 2016)
16
Matteo Renzi’s Referendum Defeat Risk Italy Political Crisis, BBC (Dec. 5, 2016)
17
Scott Detrow, Obama on Russian Hacking: “We Need to Take Action. And We Will.” National Public Radio (Dec.
15, 2016)
 Under the United Nations Charter, a state can rightfully and legally use

force against another state when the three thresholds are present: first, there

must be an act which constitutes the “use of force” under the UN Charter18;

second, the acts must constitute “armed attack” under the UN Charter19; third,

the acts of the state are violations of international law or customary international

law wherein the subject state may resort to countermeasure.

a. Use of Force

The United Nations Charter sets a limitation on a state’s ability to use

force. Article 2(4) of the UN Charter provides that “all Members shall refrain in

their international relations from the threat or use of force against the territorial

integrity or political independence of any state, or in any other manner

inconsistent with the Purpose of the United Nations.” This provision was

intended to set a strict prohibition on the use of armed force against another

state and to set a high threshold to a state’s right to use force. Nevertheless,

when the conduct of another state reaches the said threshold of “use of force”,

then the law of armed conflict is put into perspective. Stated otherwise, the victim

state is now legally entitled to go to war.20

With the parameters set by law, questions now arise as to what type of

acts would reach such threshold to entitle a state to use force and subsequently

go to war. Accordingly, most commentators would assess the acts of a state as

to whether direct physical injury and property damage resulted from a cyber-

18
United Nations Charter, Article 2(4)
19
United Nations Charter, Article 51
20
Michael N. Schmitt, “Attack” as a Term of Art in International Law: The Cyber Operations Context, in 4 th
International Conference on Cyber Conflict 283, 286.
attack.21 Some of the most commonly referred examples of cyber-attack that

would constitute the use of force includes operations that would trigger a nuclear

plant meltdown, opening a dam in a populated area and causing destruction,

and disabling air traffic control resulting to devastating airplane crashes.22

b. Self-Defense

Under Article 51 of the UN Charter, “nothing in the present Charter shall

impair the inherent right of individual or collective self-defense if an armed

attack occurs against a Member of the United Nations.23 This provision is

generally accepted as an exception to Article 2(4) of the Charter on the

prohibition of use of force.24 Nevertheless, some scholars interpret Article 51 of

the UN Charter as substantively narrower. This means that there are acts which

may violate the prohibition on the use of threat or force, but do not rise to the

level of an armed attack, thus do not trigger the law on self-defense.25

c. Violation of Customary International Law

The Norm of Non-Intervention forbids states from interfering in the

internal or foreign affairs of other states.26 In the case of Nicaragua vs. United

States, the Court emphasized that the Principle of Non-Intervention involves “the

right of every sovereign State to conduct its affairs without outside interference.27

21
Michael N. Schmitt, Comptuer Network Attack and the Use of Force in International Law: Thoughts on a
Normative Framework, 37 COLUM. J. TRANSNATIONAL L. 885, 913 (1999)
22
Hongju Koh, Harold, “International Law in Cyberspace” (2012). Faculty Scholarship Series. Paper 4854
23
United Nations Charter, Article 51
24
Thomas M. Franck, Recourse to Force: State Action Against threats andArmed Attacks 45-52 (2002).
25
Yoram Distein, Computer Network Attacks and Self-Defense, in Computer Network Attack and International Law
99, 100 (Michael N. Schmitt & Brian T. O’Donnell eds., 2002)
26
Philip Kunig, Intervention, Prohibition of, in MAX PLANCK ENCYCLOPEDIA OF PUBLIC INTERNATIONAL LAW par. 9, (2012).
27
Military and Paramilitary Activities in and Against Nicaragua (Nicaragua vs. United States) 1986 I.C.J.14, 181
(June 27).
Moreover, The Principle of Sovereignty is also another rule of customary

international law, which states that each nation-state has sovereignty over its

territory and domestic affairs, to the exclusion of all external powers.28

The International Court of Justice has also referred to the said principles

as a rule of customary international law after finding numerous citations,

documents, resolutions and expressions of State opinion juris on the matter.29

Needless to say, if a country interferes with the affairs of a state, then it is

considered as a violation of customary international law. The Russian cyber-

interference in the U.S. election and the cases presented above come as an

example of cyber-attack, which changed the political and economic landscape of

the countries involved. It is only logical to infer, then, that such cyber-attacks

amount to violation of the Principles of the Norm of Non-Intervention as well as

the Principle of Sovereignty.

V. Inferences

With this, confusion now arises in international law as to what “armed conflict”

means. Is it only limited to the use of firearms or does it extend to cyber-attacks?

Can a state legally go to war by reason of cyber-attack? If the physical effect of a

cyber-attack is tantamount to the effects of firing a missile, should the injured

state retaliate by declaring war against the erring state?

VI. What Qualifies as Armed Attack?

28
Ibid.
29
Ibid
 The ICJ, in the case of Nicaragua vs. U.S., had the chance to qualify armed

attack sufficient to justify a response under Article 51 of the UN Charter. The

said Court stated that attacks “must constitute the most grave forms of the use

of force.”30 Currently, there are three approaches under international law, which

may be used to determine whether an act rises to the standard set down by the

law and, thus, trigger the right of self-defense.

The first approach is the “instrument-based” approach or the classical

approach to the inquiry on armed attack.31 This approach views cyber-attack as

an armed attack only if it uses military weapons.32 For example, if a state bombs

or fires a missile to destroy computer servers or Internet cables of one country,

then the said act would amount to armed attack. As a consequence, the injured

state now has the right to declare war against the state which caused such

destruction.

The instrument-based approach finds support in the U.N. General

Assembly’s Definition of Aggression wherein “aggression” involves military

weapons or force.33 The most apparent advantage of this type of approach is the

fact that it is very direct and simple. Nevertheless, its advantage has also been

viewed by a number of scholars as its weakness, especially considering how the

definition of cyber attack attack has become more fluid. In fact cyber attack can

cause catastrophic effects even without using traditional military weapons.

Recognizing that the "instrument-based" approach has a limited

application, international scholars have rejected the same. With this, a second

30
Military and Paramilitary Activities in and Against Nicaragua (Nicaragua vs. United States) 1986 I.C.J.14, 181
(June 27).
31
Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law: Thoughts on a
Normative Framework, 37 COLUM. J. TRANSNAT’L L. 885, 909 (1999)
32
Ibid
33
Definition of Aggression
approach, as to what would constitute as armed attack, was developed and

designated as the "target-based" approach.

The second approach classifies as armed attack any form of cyber attack

that targets a sufficiently important computer system.34 It is the aim of this type

of approach to determine when a cyber attack portends imminent harm sufficient

to justify the use of anticipatory self-defense in response.35

The second approach has the benefit of allowing for aggressive protection

of critical national systems and broadly sanctions forceful self-defense, however

the said approach increases the likelihood that cyber-conflict will escalate into

more destructive conventional armed conflicts.36

The third approach is the "effects-based" approach, which classifies cyber

attack as an armed attack based on the gravity of its effects.37 The third approach

is a middle ground between the first and second approach and is a widely

accepted approach. Nevertheless, what type of effect justifies self-defense is what

makes the third approach problematic.38 For example, what type of cyber attack

justifies the use of armed attack? A cyber attack on regional electric power grids,

an attack on air traffic control systems or a cyber attack constituting election

intervention? All these types of attacks cause damage on infrastructure, civilian

death and even affects the people's exercise of their rights. But what type of

attack would warrant the use of defensive force in response?

34
Walter Gary Sharp, Sr., CYBERSPACE AND THE USE OF FORCE 129-33 (1999)
35
Duncan B. Hollis, Why States Need an International Law for Information Operations, 11 LEWIS & CLARK L. REV.
1023, 1042 (2007)
36
Richard A. Clarke & Robert K. Knake, CYBER WAR: THE NEXT THREAT TO NATIONAL SECURITY AND WHAT TO DO
ABOUT IT 6 (2010)
37
Hathaway, Oona A. and Crootof, Rebecca, "The Law of Cyber Attack" (2012). Faculty Scholarship Series. Paper
3852
38
NATIONAL RESEARCH COUNCIL, TECHNOLOGY, POLICY LAW, AND ETHICS REGARDING U.S. ACQUISITION AND
USE OF CYBERATTACK CAPABILITIES (William A. Owens et al. eds., 2009)
 VII. Remedies Under International Law

Countermeasures

Countermeasure is defined as "measures that would otherwise be contrary

to the international obligations of an injured State vis-a-vis the responsible State,

if they were not taken by the former in response to an internationally wrongful

act by the latter in order to procure cessation and reparation."39 This means that

if a State commits internationally wrongful act, the injured State has the right

to impose countermeasures. The said countermeasures, however, are limited

only to restitution, compensation and satisfaction.

Restitution pertains to the obligation to re-establish the situation which

existed before the wrongful act was committed, provided that it is not materially

impossible and does not involve a burden out of all proportion to the benefit

deriving from restitution instead of compensation.40 The responsible State is also

liable to compensate for the damage caused thereby, insofar as such damage is

not made good by restitution and which shall cover any financially assessable

damage including loss of profits insofar as it is established.41 Another form of

countermeasure is to give satisfaction for the injury caused by that act insofar

as it cannot be made good by restitution or compensation. Satisfaction may

consist in an acknowledgement of the breach, an expression of regret, a formal

apology or another appropriate modality.42

39
United Nations Responsibility of State for Internationally Wrongful Act (UN
RSIWA)
40
Art. 35 UN RSIWA
41
Art. 36 UN RSIWA
42
Art. 37 UN RSIWA
 Countermeasures may be used to address cyber attacks, however the

same can be very problematic. First, the injured State is required to identify the

attacker and the computer or network from which the attack originated.43 This

becomes a problem considering that cyber attack can be done by anyone in

different parts of the globe. Take for example the Stuxnet computer worm that

infected networks around the world. The said computer worm appears to have

many authors from around the world and was likely tested by Americans and

Israelis at the Israeli Dimona complex in the Negev desert.44 Second, responsible

State must find the countermeasure imposed as costly enough to cease its

unlawful behavior. Otherwise, countermeasures imposed may not be very

effective. With all these challenges, countermeasures offer only a partial solution

to the problem on cyber-attack.45

The United Nations

The General Assembly of the United Nations has passed several

resolutions related to cyber-attack, however these resolutions are very vague and

do not require any specific actions by U.N. members.46 The United Nations

conducted an international meeting of experts in Geneva in 1999 and sponsored

a two-phase summit in 2003 and 2005 called the World Summit on the

Information Society, but all these resulted only to little action.47

In July 2010, cyber-security specialists from fifteen countries including

major cyber-powers - United States, China and Russia -

43
Hathaway, Oona A. and Crootof, Rebecca, “The Law of Cyber Attack” (2012). Faculty Scholarship Series, Paper
3852.
44
(THE STUXNET WORM: A CYBER-MISSILE AIMED AT IRAN?, EXONOMIST BABBAGE BLOG (Sept. 24, 2010)
45
Supra, Note 43
46
Supra, Note 43
47
(G.A. Res. 54/49, at 2, U.N. Doc. A/RES/54/49 (Dec. 23, 1999). See also World Summit on the Information
Society: Geneva 2003-TUNIS 2005.)
submitted recommendations to the U.N. Secretary-General for further dialogue

among states, information exchanges on national legislation and national

information and communications technologies security strategies and

technologies, policies and best practices.48

Needless to say, these recommendations are very vague in nature and do

not completely address the issue on cyber-attack. Nevertheless, it is worthy to

note that cyber powers, including U.S. and Russia, took part in the said

initiative, which may suggest future cooperation and the possibility of coming up

with multi-lateral treaties to address cyber-attack.

North Atlantic Treaty Organization

Although NATO did very little in the 2007 cyber-attack in Estonia,49 the

said organization, nevertheless, took steps to address cyber attack in the 2008

Bucharest Summit. The summit led to the creation of two NATO Divisions

focused on cyber-attack which includes the Cyber Defence Management

Authority and the Cooperative Cyber Defense Centre of Excellence.50

There is very little that is known about Cyber Defence Management

Authority, but it is believed to possess "real-time electronic monitoring

capabilities for pinpointing threats and sharing critical cyber intelligence in real

time."51 The Cooperative Cyber Defence Centre of Excellence, on the other hand,

seeks to develop long-term NATO cyber defence doctrine and strategy. (Hughes)

48
.( U.N. Secretary-General, Report of the Group of Governmental Experts on Development in the Field of
Information and Telecommunications in the Context of International Security, 4, U.N. Doc. A/65/201 (July 30,
2010)
49
(Rex B. Hughes, NATO and Cyber Defense: Mission Accomplished?, ATLANTISCH PERSPECTEIF (April 2009)
50
Ibid
51
Ibid
Nevertheless, it is worthy to note that in the event of cyber-attack, members are

called upon to "consult together" but does not bind them to assist each other.52

V. Problems and Recommendations

Needless to say, cyber attack is a real and a growing threat, however

current international law fails to meet sufficient response to it. The law of war

can only be triggered if the cyber attack amounts to an armed attack. The current

international legal framework, on the other hand, does not provide for an

effective remedy or response against cyber attack.

There is also very little cooperation among nations to provide for a definite

solution against cyber-attack and there is also no law that obligates or mandates

each state to take actions against a state responsible for cyber attack.

Moreover, it is also apparent that there is yet no clear definition as to what

constitutes cyber attack that would warrant the use of force or trigger a state's

right of self defense.

All these challenges make each state vulnerable to cyber attack and

without proper recourse under international law. With this, several

recommendations for the international legal framework should be made.

First, the international community should have a shared definition of

cyber attack, cyber warfare and cyber interference. This would be very useful in

building a foundation for a uniformed understanding in the legal community.

Defining such terms would also be an important starting point for future

cooperation.

52
North Atlantic Treaty, Arts. 4, 5
 Second, is for states to come up with an agreement as to what type of cyber

attack would warrant the use of force by the injured state. The effects of cyber

attack can be very catastrophic to a state's national defense and for its people.

Without an appropriate response to cyber attack, any state or even non-state

actors can easily perpetrate acts that could infiltrate national systems, bring

down air control and dictate a state's political and economic affairs.

Third, states should also come up with an agreement that provides for a

"proportional response" for different forms of cyber attack, especially those that

do not constitute as armed attack. The Russian hacking of the U.S. election was

only considered as an example of espionage and not war,53 thus the United

States is only permitted to respond through their criminal law. Needless to say,

without international treaty or agreement on the matter, injured states have

limited legal response against responsible state.

53
(Yochi Dreazen, I'veSpent 15 Years Covering National Security. I've Never Seen Anything Like The Russian Hack,
VOX (Dec. 20, 2016