Is A Cyberattack An Act of War?

As warfare becomes increasingly digital, countries are facing a major problem: It’s hard to define when a cyberattack constitutes an act of war.

Avril Haines, a former deputy national security adviser during the Obama administration, said recently that while there are established norms around what counts as a physical act of war, those same metrics don’t exist for digital attacks.

“In the conventional world, we have a long history of rules that tell us when another country has used force, when what they do constitutes an armed attack, and therefore when we have a legal basis to respond to it in a kinetic way or in other ways,” she said during an onstage interview at the Cloudflare Internet Summit in San Francisco.

But digital attacks don’t have the same set of laws and norms around them, Haines said. That’s particularly important in the case of what she called asymmetric state-sponsored attacks, when one country is able to put a critical piece of digital infrastructure at risk without incurring the costs traditionally associated with such an action.

Another issue is that one country declaring a cyberattack an act of war means that it would then be bound by that same statement for similar situations in the future. In her view, the solution is to create an international framework that can help remove ambiguity around these issues.

Determining the seriousness of attacks isn’t an academic exercise. Consider the United States Justice Department’s indictment in 2014 of four Chinese army officers for hacking-related offenses. The American government has also blamed North Korea for a massive attack on Sony Pictures.

Haines said maritime law provides a ray of hope for nailing down international issues around cyberwar. Because the law of the sea has been so defined, it’s possible for international trade and sailing to take place.

In some cases, it’s possible to sidestep that issue when hacking and other campaigns accompany traditional military actions. Distributed denial of service attacks originating from Russia hit key websites in Georgia prior to and during a war between the two countries in 2008. The Russian government denied responsibility for the attacks.

Tech companies are also getting into the mix around cyberwar regulations. Microsoft chairman Brad Smith has been advocating aggressively on behalf of his company for a “digital Geneva Convention” establishing norms and protecting civilians.

VentureBeat

You Might Also Read: 

International Co-Operation: Challenges & Potential For Engaging In Cyberspace:

NATO Could Go To War In Response To A Cyber Attack:

Image: US DoD:

« Get Your Data Strategy On Board
Wikileaks Release Details Of Mass Surveillance In Russia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

Muninn

Muninn

At Muninn (aka Wehowsky), we specialize in mitigating potential risks within your network, providing one of the leading network detection and response (NDR) solutions on the market.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

SafeCipher

SafeCipher

At SafeCipher, we pride ourselves on being your single vendor-neutral resource for navigating the complexities of cryptographic data encryption.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.