Defend Forward and Cyber Countermeasures
Published by The Lawfare Institute
in Cooperation With
When a state suffers an internationally wrongful act at the hands of another state, international law allows the injured state to respond in a variety of ways. Depending on the nature, scope, and severity of the initial wrongful act, lawful responses can range from a demand for reparations in response to a low-level violation to a forcible act of self-defense in response to an armed attack. Countermeasures offer an additional way for a state to respond to an internationally wrongful act. Countermeasures are acts that would in general be considered internationally wrongful but are justified to address the wrongdoing state’s original international law violation. The goal of countermeasures is to prompt the wrongdoing state to cease its legal violation. The countermeasures regime can help deter international law violations ex ante and mitigate those violations ex post, offering an avenue by which states can—at least in theory—de-escalate disputes.
As states increasingly employ cyber tools to commit hostile acts against their adversaries, countermeasures are poised to play a growing role in interstate relations. Many interstate activities in cyberspace fall below the use of force or armed attack threshold but nevertheless may violate international law and warrant responses from the targeted states. Understanding when and how states lawfully may deploy countermeasures and which customary limits govern the use of countermeasures is critical for states operating in the cyber arena, not only to understand their own options when injured, but also to anticipate the responses that their cyber activities may trigger from other states.
This essay explores the role that countermeasures can play in the U.S. cyber strategy known as Defend Forward, which calls for U.S. forces to “disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” The United States appears to believe that most, if not all, of the Defense Department’s (DOD’s) activities under this strategy are consistent with international law. But it is possible that some of DOD’s activities might be legally controversial, particularly because the content of some customary international law norms, such as the norm of nonintervention, is both vague and contested. As a result, it is worth evaluating whether and when DOD might be able to defend such actions as countermeasures under international law.
The essay first explains the international law of countermeasures and examines how it has been interpreted in the cyber context. It finds that because some traditional legal requirements of countermeasures do not apply naturally to cyberspace, states are developing a lex specialis of cyber countermeasures. The essay then considers how the U.S. government could justify as cyber countermeasures certain actions taken under the Defend Forward strategy and do so in ways that do not appear unlawful to other states. It concludes by identifying how key actors can develop the law of cyber countermeasures in a direction consistent with Defend Forward.