Article Preview
Top1. Introduction
International cybersecurity faces a great variety of challenges and questions today in diverse spheres of our existence and at all levels of our society. Cyberattacks and hybrid cyber interferences are becoming increasingly complex, sophisticated, widespread, and undetected. They target State critical infrastructure and political independence, high-value data, such as State secrets or intellectual property, undermine business and interfere with privacy rights, and lead to physical manipulation, damage, information leakage, theft and other loss. The COVID-19 transformation of the digital environment has further revealed our multifaceted vulnerabilities on all strata. The increase in the malicious use of ICTs by State and non-State actors poses a risk for all States and may endanger international peace and security. In view of the virtual nature of the cyber element transcending State sovereignties and producing cross-border effects, one of the challenges is the determination of international legal norms applicable to cyberoperations. The cyber element which ignores the traditional territorial patchwork of international community and law based on the juxtaposition of sovereign States and their jurisdictions gives rise to questions as to the rights of States to protect themselves, to interfere and counteract. Does international law apply in cyberspace and how? Which international legal rules are relevant in cybersecurity and cyberdefence and what is their applicational mode?
International community has obviously tackled such immediate questions and legal puzzles for more than a decade. Various expert groups and academic platforms have elaborated guidelines and some sectorial codes of conduct.1 For the moment, however, no common universal consensus has been achieved as to the precise applicable international legal regime, be it newly formulated norms or adjusted and confirmed existing rules. The United Nations established the Group of Government Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (hereafter “UN GGE”) which has held a number of meetings since 2004 to discuss the application of international law to cyber activities. In December 2018, the UN General Assembly established two platforms to discuss the issue of security in the use of ICTs: a new UN GGE to elaborate on this topic from 2019–21, and an Open-Ended Working Group (hereafter “OEWG”) with a similar mandate to report to the General Assembly in 2020. For the moment, a consensus has been reached that international law and the UN Charter apply in cyberspace.2
In this continued legal nescience and faced with proliferating foreign cyber threats and interferences, some States unilaterally start to define their own cyberdefence strategies – more rapid, more efficient, urgent. Is such a unilateralism lawful in international law? Can one power (re)define the international legal order of cybersecurity? Or do we just face a unilateral confirmation and an attempt of interpretation of existing legal norms of ius ad bellum, ius in bello and coercion in a cyber sphere?
France is among the pioneers that have publicized its complete national policy on the applicability of international law to cyberoperations in September 2019. The document International Law Applied to Operations in Cyberspace3 prepared by the French Ministry of the Armed Forces presents the official stand of France regarding the law applicable on cyberoperations taken during the peacetime (incl. ius ad bellum) and during an armed conflict (ius in bello). This article aims to introduce and critically analyze the part on the peace time rules, covering the regime of the recourse to the use of force, in light of current international law and developments in 2020. The French document presents a perfect application of existing international legal norms to a new space of international relations. It shows in a clear and systematic way the overall availability and applicability of existing rules anchored in the UN Charter and general international law. In addition, it proposes certain elements of interpretative adaptation and prospects for further advancement of international legal order. Besides confirming the emerging consensus on the core issues of international law of cybersecurity, France raises several challenging legal points that inevitably provoke international legal debate and are worthy of special attention.