Countering cyber threats: answers from international law

Cyber activities, particularly those of a cross-border nature, have not yet been subjected to international regulation despite the fact that cyberspace has become a strategic domain for all States. This lack puts at risk the efficacy of national defence strategies inasmuch as the decision maker remains inactive because assailed by the so-called response crises. That is the dilemma arising from the doubt that in case of a cyber threat, or cyber attack, any operative choice may lead to a violation of international law. In this scenario States are obliged to reconsider new defence strategies and theories of deterrence such as that of deterrence by denial, which is primarily based on the concept of resilience in order to reassure service continuity in the aftermath of destructive events, especially when they are unpredictable. In the silence of international law active defense strategies seem to be a sustainable legal-functional solution for the targeted State which does not wish to remain defenseless, but only if these strategies do not reach the threshold of unlawful conducts. However the reaction against in coming cyber attacks remains a tangled problem for the targeted State because if on the one hand the customary international law on direct responsibility is almost never applied, on the other hand the discipline of indirect responsibility doesn’t give any contribution to the decision maker who has to choose for a prompt option of reaction.