The International Effort to Regulate and Criminalize Cyberattacks

Photo of Carlos A. Maycotte

It was recently revealed that the United States government has been launching cyberattacks on Iran’s nuclear enrichment program’s computer systems for years, with the purpose of delaying and obstructing the development of what U.S. intelligence believes are nuclear weapons. These attacks, launched with the help of computer experts in Israel, were mostly contained to nuclear facilities. However, in the summer of 2010, one of the “worms” developed by the U.S. and Israel – nicknamed “Stuxnet” – broke through the network and began infecting computers on the worldwide Internet, leading to calls for increased regulation of cyberattacks.

Experts believe that the weaponization of computers and attacks through the Internet could cause severe consequences on the military, financial, communications, and utility infrastructures around the world. As a result, some experts are clamoring for the increased regulation and criminalization of this conduct. These should be the focus of international treaties, they argue, in order to effectively counter both private efforts and government programs around the world.

Experts argue that this new kind of warfare has potentially devastating results and that its increased use is evident, as proved by the increasing volume of cyberattacks on Great Britain and on the United States. These attacks targeted government departments, private companies, international organizations, and enormous public corporations. Jonathan Evans, chief of Great Britain’s MI-5, warned that, “Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states,” and that “[t]he extent of what is going on is astonishing.”

The fact that many of these attacks may come from state actors provides impetus for the argument that binding international treaties precluding state actors from deploying cyberattacks should be drafted and signed forthwith. International law experts have weighed in on possible avenues for enforcement and regulation, such as provisions regarding the use of force and “armed attacks” in the UN Charter or the use of government agencies to regulate the Internet. However, these efforts have been stymied by systemic inertia, interest groups that fear governments’ power to regulate the Internet, and by the reluctance of many nations to enter into international treaties. Until all of these factors can be reconciled, vulnerabilities to cyberattacks may be easily exposed.


Fitch Law Partners LLP reports news and insights on complex litigation topics. Clients, colleagues and friends may receive The Fitch Briefs by signing up here.