The Evolving Face of Cyber Conflict and International Law: A Futurespective

Since the inception of the internet, criminals, non-state actors and states have leveraged the inherent insecurities and vulnerabilities of cyberspace at an ever-increasing rate and with ever-more harmful impact. Data theft, ransomware attacks and critical infrastructure disruptions, to name a few, are now near daily occurrences. Notwithstanding the immense societal risks these activities present, a growing number of states have fully embraced cyber operations as a staple of both statecraft and warfare—a reality playing out to dangerous effect in the Russia-Ukraine war. 

At the same time, until recently states have remained relatively silent on their views of how international law regulates their cyber activities. That has begun to change, however, with an increasing number of states making official pronouncements of their opinio juris, either independently or through established multilateral processes like the UNGGE and OEWG. While this is a positive trend, it has also highlighted several disparate views on critical issues and the difficulty in achieving anything more than limited clarity and consensus. What can we discern from these state pronouncements? What is the present state of the law governing state cyber activities, and where is it headed?