Academic journal article Chicago Journal of International Law

A State's Duty to Prevent and Respond to Cyberterrorist Acts

Academic journal article Chicago Journal of International Law

A State's Duty to Prevent and Respond to Cyberterrorist Acts

Article excerpt

Cyberterrorism combines two of the most prominent developments of the last twenty years: the increasing reliance on the internet's infrastructure, and the threat of international terrorism committed by non-state actors. Although multilateral treaties aim to shore up some aspects of cybercrime, and the Security Council has taken steps towards preventing terrorist acts, international law appears to lack a cohesive approach for dealing with situations where cyberspace and terrorism overlap. This Comment proposes one such approach for tackling the emergent problem of cyberterrorism.

International law has yet to articulate a satisfactory prohibition on, or definition of "terrorism." Instead, international agreements ban specific acts as inherently terrorist, although none of these bans clearly encompass cyberacts. While these agreements can be dispositive, the Security Council revealed its willingness after September 11 to identify, on an ad hoc basis, "terrorist acts." The Security Council then wrote Resolution 1373 in a way that created an international duty that commands all states to prevent and respond to terrorist acts. This Resolution should be interpreted to recognize a similar duty on all states to prevent and respond to cyberterrorist acts, whenever they are identified as such. Recognizing this duty will probably lead to negligible changes in states' preventative acts, but it should establish a fundamental and reasonable responsibility on states to cooperate in response to the inevitable cyberterrorist act.


Cyberattacks are at the forefront of international conflict. Estonia learned this in 2007 when its "paperless government" faced an extended cyberattack after upsetting Russia.' Estonia initially claimed that Russia had directed these attacks but later seemed to withdraw this claim,2 possibly because of the inherent difficulty of demonstrating the attacks were state, or state-sponsored, action. Instead, Estonia published a list of IP addresses, mosdy located in Russian territory, from where it believed the cyberattacks emanated.3 The following year, it appeared this pattern started to repeat itself when Georgia became the newest target of alleged Russian hackers responding to actual fighting between the two states.4

These cyberattacks against Estonia and Georgia appear to confirm that individuals are capable of utilizing the internet to harass states. What will happen when cyberharassment inevitably grows into cyberterrorism on a catastrophic scale? The victim states will surely strive to identify their attackers, and might calibrate their responses accordingly. But this identification will almost certainly require the cooperation of other states, including the state from where the attack originated. Such cooperation, though, may not be forthcoming merely as a matter of compassion. Instead, states might only acquiesce in providing assistance if obligated through an international law duty.5

But international law currendy recognizes no such duty as incumbent on all states. Despite the wave of cyberterrorism that seems poised to threaten world security, international law has yet to solidify an appropriate response mechanism.6 This Comment aims to advance one possible means to help states collectively withstand the ominous threat of cyberterrorist attacks.

Sections H.A. and ILB address international law's inability to formulate a workable prohibition on terrorism, leading to a focus on terrorist acts. Section ILC demonstrates that especially egregious acts can be defined as "terrorist" after they occur, and it introduces Security Council Resolution 1373, which creates binding duties upon all states to prevent and respond to "terrorist acts." Section III looks at cyberterrorist acts from a victim state's perspective, showing that state cooperation will be essential for identifying the perpetrators. It also points out that attributing cyberterrorist acts to other states will be practically impossible, thereby calling for a solution that obliges states to play a role in the realm of cyberterrorism. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.