¹ Tallinn Manual on the International Law Applicable to Cyber Warfare (Michael N. Schmitt ed., 2013) [hereinafter Tallinn Manual 1.0]; Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Michael N. Schmitt ed., 2017) [hereinafter Tallinn Manual 2.0]. A “cyber operation” is defined in Tallinn Manual 2.0 as “the employment of cyber capabilities to achieve objectives in or through cyberspace.” Tallinn Manual 2.0, at 564. The term “cyber operation” is narrower from the term “cyber activity,” which the Manual defines as “any activity that involves the use of cyber infrastructure or employs cyber means to affect the operation of such infrastructure.” Id.

² A “cyber-attack” is defined in Tallinn Manual 2.0 as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.” Tallinn Manual 2.0, supra note 1, at 415 (Rule 92). The U.S. Director of National Intelligence (DNI) defines “cyber-attack” more broadly as “a non-kinetic offensive operation intended to create physical effects or to manipulate, disrupt, or delete data.” See Statement for the Record Worldwide Threat Assessment of the U.S. Intelligence Community Senate Select Committee on Intelligence, at 1, Mar. 12, 2013, available at https://www.dni.gov/files/documents/Intelligence%20Reports/2013%20ATA%20SFR%20for%20SSCI%2012%20Mar%202013.pdf.

³ Schmitt, Michael N., International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed, 54 Harv. Int'l L.J. 13, 36 (2012)Google Scholar.

⁴ See, e.g., The White House International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World (May 2011), available at https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf; The DoD Cyber Strategy (Apr. 2015), available at https://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf; China's International Strategy of Cooperation on Cyberspace (Mar. 2017), available at http://www.xinhuanet.com/english/china/2017-03/01/c_136094371.htm; Secrétariat Général de la Défense et de la Sécurité Nationale, Strategic Review of Cyber Defense (Feb. 2018), available at http://www.sgdsn.gouv.fr/uploads/2018/03/revue-cyber-resume-in-english.pdf; The National Cyber Security Strategy 2016 to 2021 (Nov. 1, 2016), available at https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021.

⁵ See, e.g., Jeremy Wright, the UK Attorney General, Speech Delivered at Chatham House, London: Cyber and International Law in the 21st Century (May 23, 2018), available at https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century. See also Harold H. Koh, Legal Adviser, U.S. Dep't of State, Speech delivered at USCYBERCOM Inter-Agency Legal Conference at Fort Meade, Maryland: International Law in Cyberspace (Sept. 18, 2012), available at http://www.harvardilj.org/wp-content/uploads/2012/12/Koh-Speech-to-Publish1.pdf.

⁶ Ann Väljataga, B ack to Square One? The Fifth UN GGE Fails to Submit a Conclusive Report at the UN General Assembly, Incyder News (Sept. 1, 2017), at https://ccdcoe.org/back-square-one-fifth-un-gge-fails-submit-conclusive-report-un-general-assembly.html.

⁷ Fleck, Dieter, Searching for International Rules Applicable to Cyber Warfare—A Critical First Assessment of the New Tallinn Manual, 18 J. Conflict & Security L. 331, 335 (2013)CrossRefGoogle Scholar; Ashley Deeks, Tallinn 2.0 and a Chinese View on the Tallinn Process, Lawfare (May 31, 2015), at https://www.lawfareblog.com/tallinn-20-and-chinese-view-tallinn-process; Kilovaty, Ido, Cyber Warfare and the Jus ad Bellum Challenges: Evaluation in the Light of the Tallinn Manual on International Law Applicable to Cyber Warfare, 5 Nat'l Security L. Brief 91, 108 (2014)Google Scholar.

⁸ Kirsten E. Eichensehr, Book Review: Tallinn Manual on the International Law Applicable to Cyber Warfare, 108 AJIL 585, 588 (2014).

⁹ Tallinn Manual 2.0, supra note 1, at 330 (Rule 69) (“A cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force.”).

¹⁰ Id. at 375 (Rule 80) (“Cyber operations executed in the context of an armed conflict are subject to the law of armed conflict.”).

¹¹ Id. at 20.

¹² Id. at 21.

¹³ See, e.g., Adam Segal, Axiom and the Deepening Divide in US – China Cyber Relations, Net Pol. - Council For. Rel. Blog (Oct. 29, 2014), at https://www.cfr.org/blog/axiom-and-deepening-divide-us-china-cyber-relations.

¹⁴ Michael Schmitt, Tallinn Manual 2.0 on the International Law of Cyber Operations: What It Is and Isn't, Just Security (Feb. 9, 2017), at https://www.justsecurity.org/37559/tallinn-manual-2-0-international-law-cyber-operations.

¹⁵ See infra Part IV.

¹⁶ Check, Terence, Book Review: Analyzing the Effectiveness of the Tallinn Manual's Jus ad Bellum Doctrine on Cyber-conflict: A NATO-centric Approach, 63 Clev. St. L. Rev. 495, 511 (2015)Google Scholar; Gary Corn, Tallinn Manual 2.0 – Advancing the Conversation, Just Security (Feb. 15, 2017), at https://www.justsecurity.org/37812/tallinn-manual-2-0-advancing-conversation; Boer, Lianne JM, Restating the Law “As It Is”: On the Tallinn Manual and the Use of Force in Cyberspace, 5 Amsterdam L. Forum 4, 6 (2013)Google Scholar.

¹⁷ See Nominations of Gen. Paul J. Selva, USAF, for reappointment to the Grade of General and to be Commander, U.S. Transportation Command; and VADM Michael S. Rogers, USN, to be Admiral and Director, National Security Agency/Chief, Central Security Services/Commander, U.S. Cyber Command: Hearing Before the Armed Services Committee of the United States Senate, 113th Cong. 506 (2014), available at https://www.congress.gov/113/chrg/shrg93919/CHRG-113shrg93919.pdf (Rogers asserts that criteria used for assessing cyberspace events are classified).

¹⁸ Id. at 507 (Rogers: “It is likely that other nations will assert and apply different definitions and thresholds for what constitutes a use a force in cyberspace, and will continue to do so for the foreseeable future.”).

¹⁹ Corn, supra note 16; see also Schmitt, Michael N. & Watts, Sean, The Decline of International Humanitarian Law Opinio Juris and the Law of Cyber Warfare, 50 Tex. Int'l L.J. 189, 223, 230 (2014)Google Scholar.

²⁰ Kessler, Oliver & Werner, Wouter, Expertise, Uncertainty and International Law: A Study of the Tallinn Manual on Cyberwarfare, 26 Leiden J. Int'l L. 793, 809 (2013)CrossRefGoogle Scholar.

²¹ Ingber, Rebecca, Interpretation Catalysts in Cy berspace, 95 Tex. L. Rev. 1531, 1534–35 (2017)Google Scholar; PoKempner, Dinah, Squinting Through the Pinhole: A Dim View of Human Rights from Tallinn 2.0, 95 Tex. L. Rev. 1599, 1602 (2017)Google Scholar.

²² Corn, supra note 16.

²³ Tallinn Manual 2.0, supra note 1, at 330 (Rule 69).

²⁴ Kilovaty, Ido, Virtual Violence – Disruptive Cyberspace Operations as “Attacks” Under International Humanitarian Law, 23 Mich. Telecomm. & Tech. L. Rev. 113, 146 (2016)Google Scholar; Dinniss, Heather A. Harrison, The Nature of Objects: Targeting Networks and the Challenge of Defining Military Objectives, 48 Isr. L. Rev. 39, 54 (2015)Google Scholar; Adm. James Stavridis, Incoming: What is Cyber Attack, SIGNAL (Jan. 1, 2015), available at https://www.afcea.org/content/?q=node/13832. But see Deeks, supra note 7 (reporting on a speech by Prof. Huang ZhiXiong from Wuhan University, China, who criticized the Rules for introducing too low of a threshold).

²⁵ Ido Kilovaty, Violence in Cyberspace: Are Disruptive Cyberspace Operations Legal Under International Humanitarian Law?, Just Security (Mar. 3, 2017), at https://www.justsecurity.org/38291/violence-cyberspace-disruptive-cyberspace-operations-legal-international-humanitarian-law.

²⁶ See Fleck, supra note 7, at 336; Kilovaty, supra note 7. at 116.

²⁷ Tallinn Manual 2.0, supra note 1, at 21; Schmitt, supra note 3, at 20.

²⁸ Kubo, Mačák, Military Objectives 2.0: The Case for Interpreting Computer Data as Objects Under International Humanitarian Law, 48 Isr. L. Rev. 55, 78 (2015)Google Scholar; Dinniss, supra note 24, at 54.

²⁹ Kilovaty, supra note 25. For further information on psychological cyber warfare, see Marco Roscini, Cyber Operations and the Use of Force in International Law 240–42 (2014).

³⁰ A parallel concern arising under IHL involved the imprecise definition under the rules of what constitutes collateral harm to cyberattacks. Kilovaty, supra note 24, at 146 (criticizing Rule 113).

³¹ Note, however, that some commentators and governments dispute the distinction offered by the International Court of Justice (ICJ) in the Case Concerning Military and Paramilitary Activities in and Against Nicaragua (Nicar. v. U.S.), Judgment, 1986 ICJ Rep. 14 (June 27) [hereinafter Military and Paramilitary Activities], between “use of force” and “armed attack” (pursuant to which, according to the Court, only the latter, aggravated forms of the use of force, would justify self-defense action). See Collin Allan, Was the Cyber Attack on a Dam in New York an Armed Attack?, Just Security (Jan. 8, 2016), at https://www.justsecurity.org/28720/cyber-attack-dam-armed-attack.

³² Kilovaty, supra note 7, at 115. But see Peter Pascucci & Kurt Sanger, Why a Broad Definition of “Violence” in Cyber Conflict Is Unwise and Legally Unsound, Just Security (Mar. 8, 2017), at https://www.justsecurity.org/38536/broad-definition-violence-cyber-conflict-unwise-legally-unsound.

³³ Afek, Sharon, Cyber-attacks – Legal Contours: Application of International Law Rules to Cyber Wars, 5 Eshtonont – Nat'l Security C. Res. Ctr. 17 (2013)Google Scholar (Hebrew), available at http://maarachot.idf.il/PDF/FILES/4/113504.pdf.

³⁴ Kilovaty, supra note 7, at 111.

³⁵ See, e.g., Anderson, Troy, Fitting a Virtual Peg into a Round Hole: Why Existing International Law Fails to Govern Cyber Reprisals, 34 Ariz. J. Int'l & Comp. L. 135 (2017)Google Scholar.

³⁶ Tallinn Manual 2.0, supra note 1, at 339 (Rule 71) (“A State that is the target of a cyber operation that rises to the level of an armed attack may exercise its inherent right of self-defense. Whether a cyber operation constitutes an armed attack depends on its scale and effects.”).

³⁷ The experts were, for example, divided on whether the 2010 Stuxnet operation met the required scale and effect to warrant self-defense. Id. at 342.

³⁸ Tallinn Manual 2.0, supra note 1, at 111 (Rule 20).

³⁹ Id. at 120, 127.

⁴⁰ Corn, supra note 16.

⁴¹ Eichensehr, supra note 8, at 587 (noting that the very notion of anticipatory self-defense in international law remains controversial).

⁴² Tallinn Manual 2.0, supra note 1, at 17 (Rule 4).

⁴³ Id. at 20. The experts were divided as to whether harmful operations falling short of permanent non-functionality, such as introduction of malware, destruction of data, creation of open doors, and temporary loss of functionality (e.g., distributed denial of service attacks), violate sovereignty per se. Id. at 21. Most, though not all, experts were also willing to extend the sovereignty rule to operations calculated to disrupt essential government service, which occurred or manifested themselves outside the victim state's territory. Id. at 23.

⁴⁴ See Memorandum from Jennifer M. O'Connor, Gen. Counsel of the Dep't of Def., International Law Framework for Employing Cyber Capabilities in Military Operations (Jan. 19, 2017), discussed in Watts, Sean & Richard, Theodore, Baseline Territorial Sovereignty and Cyberspace, 22 Lewis & Clark L. Rev. 803, 859–63 (2018)Google Scholar. The approach taken in the 2017 Memorandum stands in tension with the traditional approach of the United States to cyberattacks as potentially constituting a violation of sovereignty. U.S. Dep't of Def., Office of Gen. Counsel, An Assessment of International Legal Issues in Information Operations 19 (2d ed. 1999), available at http://www.au.af.mil/au/awc/awcgate/dod-io-legal/dod-io-legal.pdf. The document presented the pillars of the Department of Defense (DoD) legal policy regarding what it then called a computer network attack (CNA) or information operations and nowadays, “cyberwarfare” and “cyber-attacks.” For instance, it provided that “any unauthorized intrusion into a nation's computer systems would justify that nation at least in taking self-help actions to expel the intruder and to secure the system against reentry. An unauthorized electronic intrusion into another nation's computer systems may very well end up being regarded as a violation of the victim's sovereignty. It may even be regarded as equivalent to a physical trespass into a nation's territory … .”

⁴⁵ Wright, supra note 5. For a discussion of the implications of the speech, see Gary Corn & Eric Jensen, The Technicolor Zone of Cyberspace – Part I, Just Security (May 30, 2018), at https://www.justsecurity.org/57217/technicolor-zone-cyberspace-part; Gary Corn & Eric Jensen, The Technicolor Zone of Cyberspace – Part II, Just Security (June 8, 2018), at https://www.justsecurity.org/57545/technicolor-zone-cyberspace-part-2.

⁴⁶ Corn, supra note 16. See also Corn, Gary P. & Taylor, Robert, Sovereignty in the Age of Cyber, 111 AJIL Unbound 207 (2017)CrossRefGoogle Scholar (presenting the sovereignty as a principle approach). See the responding article by Schmitt, Michael N. & Vihul, Liis, Respect for Sovereignty in Cyberspace, 95 Tex. L. Rev. 1639 (2017)Google Scholar (describing the evolution in the legal position of the DoD, and presenting support in state practice and opinio juris for sovereignty as a rule). See also Spector, Phil, In Defense of Sovereignty, in the Wake of Tallinn 2.0, 111 AJIL Unbound 219 (2017)CrossRefGoogle Scholar.

⁴⁷ Tallinn Manual 2.0, supra note 1, at 43 (Rule 7) (“The principle of due diligence requires a State to take all measures that are feasible in the circumstances to put an end to cyber operations that affect a right of, and produce serious adverse consequences for, other States.”).

⁴⁸ Fleck, supra note 7, at 338.

⁴⁹ Tallinn Manual 2.0 supra note 1, at 44–45; Eichensehr, supra note 8, at 586.

⁵⁰ Tallinn Manual 2.0, supra note 1, at 111 (Rule 20) (“A State may be entitled to take countermeasures, whether cyber in nature or not, in response to a breach of an international legal obligation that it is owed by another State.”); see also id. at 113.

⁵¹ Corn, supra note 16; Kilovaty, supra note 7, at 119–20. For a defense of the position of the Manuals in this regard, see Schmitt, Michael N., In Defense of Due Diligence in Cyberspace, 125 Yale L.J. Forum 68 (2015)Google Scholar.

⁵² Andrew Keane Woods, The Tallinn Manual 2.0, Sovereignty 1.0, Lawfare (Feb. 8, 2017), at https://www.lawfareblog.com/tallinn-manual-20-sovereignty-10.

⁵³ Schmitt, Michael N., The Notion of “Objects” During Cyber Operations: A Riposte in Defiance of Interpretive and Applicative Precision, 48 Isr. L. Rev. 81, 82 (2015)Google Scholar.

⁵⁴ Id. at 108. See also Schmitt, Michael N., The Law of Cyber Warfare: Quo Vadis?, 25 Stan. L. & Pol'y Rev. 269–99 (2014)Google Scholar; Kilovaty, supra note 7 at 115 (calling in this regard for reexamination of the exclusion of political and economic coercion from the scope of use of force prohibited by Article 2(4) of the UN Charter).

⁵⁵ Cf. Mark T. Peters, Cashing in on Cyberpower: How Interdependent Actors Seek Economic Outcomes in a Digital World 87 (2008) (claiming that millions of potential cyberattacks occur on a daily basis).

⁵⁶ See, e.g., Ghappour, Ahmed, Tallinn, Hacking, and Customary International Law, 111 AJIL Unbound 224 (2017)CrossRefGoogle Scholar.

⁵⁷ The CSIS and the CFR are among the world's leading think tanks in the field of defense and national security studies. James G. McGann, 2017 Global Go To Think Tank Index Report, at 96 (University of Pennsylvania Scholarly Commons, 2018). See Significant Cyber Incidents Since 2006, CSIS, at https://www.csis.org/programs/cybersecurity-and-governance/technology-policy-program/other-projects-cybersecurity (The full list includes incidents since 2006, focusing on cyberattacks on government agencies, defense and high-tech companies or economic crimes, entailing losses of more than a million dollars.). See also Cyber Operations Tracker, CFR, at https://www.cfr.org/interactive/cyber-operations.

⁵⁸ Tallinn Manual 2.0, supra note 1, at 330–38 (Rules 69–70).

⁵⁹ Tallinn Manual 2.0, supra note 1, at 168–74 (Rule 32). See also Pun, Darien, Rethinking Espionage in the Modern Era, 18 Chi. J. Int'l L. 353, 359–68 (2017)Google Scholar (presenting the conflicting approaches regarding the legality of espionage activity under international law); Ohlin, Jens David, Did Russian Cyber Interference in the 2016 Election Violate International Law?, 95 Tex. L. Rev. 1579 (2017)Google Scholar.

⁶⁰ Evron, Gadi, Battling Botnets and Online Mobs: Estonia's Defense Efforts During the Internet War, 9 Geo. J. Int'l Aff. 121 (2008)Google Scholar; Herzog, Stephen, Revisiting the Estonian Cyberattacks: Digital Threats and Multinational Responses, 4 J. Strategic Security 49 (2011)CrossRefGoogle Scholar; Ian Traynor, Russia Accused of Unleashing Cyberwar to Disable Estonia, Guardian (May 17, 2007), at https://www.theguardian.com/world/2007/may/17/topstories3.russia; Peter Finn, Cyber Assaults on Estonia Typify a New Battle Tactic, Wash. Post (May 19, 2007), at http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122.html.

⁶¹ John Markoff, Before the Gunfire, Cyberattacks, N.Y. Times (Aug. 12, 2008), at http://www.nytimes.com/2008/08/13/technology/13cyber.html; Noah Shachtman, Top Georgian Official: Moscow Cyberattacked Us – We Just Can't Prove It, Wired (Nov. 3, 2009), at https://www.wired.com/2009/03/georgia-blames; Korns, Stephen W. & Kastenberg, Joshua E., Georgia's Cyber Left Hook, 38 Parameters 60 (2009)Google Scholar; Eneken Tikk, Kadri Kaska, Kristel Rünnimeri, Mari Kert, Anna-Maria Talihärm & Liis Vihul, Cyber-attacks Against Georgia: Legal Lessons Identified (NATO Cooperative Cyber Defense Centre of Excellence, 2008).

⁶² Farwell, James P. & Rohozinski, Rafal, Stuxnet and the Future of Cyber War, 53 Survival 23 (2011)CrossRefGoogle Scholar; Collins, Sean & McCombie, Stephen, Stuxnet: The Emergence of a New Cyber Weapon and its Implications, 7 J. Policing, Intelligence & Counter Terrorism 80 (2012)CrossRefGoogle Scholar; Kim Zetter, An Unprecedented Look at Stuxnet, the World's First Digital Weapon, Wired (Mar. 11, 2014), at https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet.

⁶³ International Law Commission, Identification of Customary International Law, Conclusion 6(2), UN Doc. A/CN.4/L.908 (2018) (text of the draft conclusions as adopted by the Drafting Committee on second reading).

⁶⁴ Id., Conclusion 10(2).

⁶⁵ Id., Conclusion 10(3).

⁶⁶ See, e.g., Michael Byers, Custom, Power and the Power of Rules: International Relations and Customary International Law 156 (1999); Tullio Treves, Customary International Law, in Max Planck Encyclopedia of Public International Law, para. 79 (2006).

⁶⁷ See Vienna Convention on the Law of Treaties, Art. 31(3)(b), May 23, 1969, 1155 UNTS 331.

⁶⁸ Adam Samson & Matt Egan, Chase, NYSE Websites Targeted in Cyber Attacks, Fox Business (Sept. 19, 2012), at https://www.foxbusiness.com/features/chase-nyse-websites-targeted-in-cyber-attacks; Nicole Perlroth & Quentin Hardy, Bank Hacking Was the Work of Iranians, Officials Say, N.Y. Times (Jan. 8, 2013), at http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html.

⁶⁹ Sealed Indictment, United States v. Fathi, 16 Cr. 48 (S.D.N.Y. Jan. 21, 2016), available at https://www.justice.gov/usao-sdny/file/835061/download.

⁷⁰ U.S. Dep't of Justice Press Release, Manhattan U.S. Attorney Announces Charges Against Seven Iranians For Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector on Behalf of Islamic Revolutionary Guard Corps-Sponsored Entities (Mar. 24, 2016), at https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-seven-iranians-conducting-coordinated.

⁷¹ Id.; see also Indictment (U.S. v. Fathi), supra note 69.

⁷² Mark Thompson, Iranian Cyber Attack on New York Dam Shows Future of War, Time (Mar. 24, 2016), at http://time.com/4270728/iran-cyber-attack-dam-fbi. See also Perlroth & Hardy, supra note 68.

⁷³ Iran Cyber Police Uncovers Hacking of US Bank, Mehr News Agency (Jan. 20, 2013), available at http://www.payvand.com/news/13/jan/1182.html.

⁷⁴ Id.

⁷⁵ U.S. Dep't of Justice Press Release, supra note 70.

⁷⁶ See Indictment (U.S. v. Fathi), supra note 69.

⁷⁷ U.S. Dep't of Justice Press Release, supra note 70. The U.S. attorney general stated: “[W]e will not allow any individual, group, or nation to sabotage American financial institutions… .” The assistant U.S. attorney for Manhattan added: “These were no ordinary crimes, but calculated attacks by groups with ties to Iran's Islamic Revolutionary Guard and designed specifically to harm America and its people.” The head of the FBI promised that: “By calling out the individuals and nations who use cyber-attacks to threaten American enterprise, as we have done in this indictment, we will change behavior.”

⁷⁸ Ellen Nakashima, US Rallied Multinational Response to 2012 Cyberattack on American Banks, Wash. Post (Apr. 11, 2014), at https://www.washingtonpost.com/world/national-security/us-rallied-multi-nation-response-to-2012-cyberattack-on-american-banks/2014/04/11/7c1fbb12-b45c-11e3-8cb6-284052554d74_story.html?utm_term=.ba23ea798108.

⁷⁹ Id.

⁸⁰ Id.

⁸¹ Id.

⁸² Michael Riley & Jordan Robertson, FBI Probes if Banks Hacked Back as Firms Mull Offensives, Bloomberg News (Dec. 30, 2014), at https://www.bloomberg.com/news/articles/2014-12-30/fbi-probes-if-banks-hacked-back-as-firms-mull-offensives (reporting on ongoing FBI investigation to find out if someone from the targeted banks hacked back Iranian servers). See also the follow-up report of Eric Chabrow, The Case Against “Hack-Back,” Bank Info Security (Jan. 6, 2015), at https://www.bankinfosecurity.com/case-against-hack-back-a-7759 (presenting the main arguments against hacking back by private victims); Nicholas Schmidle, The Digital Vigilantes Who Hack Back, New Yorker (May 7, 2018), at https://www.newyorker.com/magazine/2018/05/07/the-digital-vigilantes-who-hack-back (reporting that at least one of the targeted banks resorted to hacking back).

⁸³ Nakashima, supra note 78.

⁸⁴ Thompson, supra note 72.

⁸⁵ Mike Masnick, DOJ's Tone Deaf Criminal Charges Against Chinese Hackers Helps No One, Opens US Officials Up To Similar Charges, Techdirt (May 20, 2014), at https://www.techdirt.com/articles/20140520/05303727288/dojs-tone-deaf-cri (criticizing the DOJ's decision to file charges against Chinese hackers, and predicting that the United States would never put its hands on the defendants).

⁸⁶ Committee on Oversight and Government Reform, The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation? (2016), available at https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf.

⁸⁷ The stolen data included personal files of 4.2 million former and current employees, security clearance investigation information on 22.1 million individuals, and biometric data of 5.6 million individuals.

⁸⁸ Ian Tuttle, Cyber Disaster: How the Government Compromised Our Security, Nat'l Rev. (Sept. 9, 2016), at http://www.nationalreview.com/article/439869/opm-hack-house-oversight-committee-report.

⁸⁹ Ellen Nakashima, Chinese Government Has Arrested Hackers it Says Breached OPM Database, Wash. Post (Dec. 2, 2015), at https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opm-database/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html?utm_term=.65fd5ee72a90.

⁹⁰ Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Wash. Post (July 9, 2015), at https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/?utm_term=.655600c9d982.

⁹¹ David Boyer, Obama Says US Must Boost Cyber Defenses, Stops Short of Blaming China for Hacking, Wash. Times (June 8, 2015), at http://www.washingtontimes.com/news/2015/jun/8/obama-says-us-must-boost-cyber-defenses.

⁹² Hearing Before the Subcommittee on East Asia, the Pacific, and International Cyber Security Policy of the Committee on Foreign Relations – United States Senate, International Cybersecurity Strategy: Deterring Foreign Threats and Building Global Cyber Norms, at 15, 114th Congress, 2d Sess., May 25, 2016, available at https://www.govinfo.gov/content/pkg/CHRG-114shrg28853/pdf/CHRG-114shrg28853.pdf.

⁹³ David Welna, In Data Breach, Reluctance to Point the Finger at China, NPR (July 2, 2015), at http://www.npr.org/sections/parallels/2015/07/02/419458637/in-data-breach-reluctance-to-point-the-finger-at-china.

⁹⁴ Boyer, supra note 91. President Obama, when asked about the OPM hack in a press conference, refrained from leveling specific accusations against any specific actor, and presented his general view on current cyberoperations: “[B]oth State and non-state actors are sending everything they've got at trying to breach these [U.S.] systems. In some cases, it's non-state (actors) engaging in criminal activity and potential theft. In the case of state actors, they're probing for intelligence or, in some cases, trying to bring down systems in pursuit of their various foreign-policy objectives.”

⁹⁵ Brendan I. Koerner, Inside the Cyber-Attack that Shocked the US Government, Wired (Oct. 23, 2016), at https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government (referring to a wealth of evidence, ranging from IP addresses to telltale email accounts and a remote-access tool commonly deployed by Chinese-speaking hacking units on computers used by foes of China's government. Those footprints indicate that the hackers were tied to China, and that, in addition, the operation does not have any financial or commercial motive, but rather appears to serve the needs of intelligence services. Finally, the hack required professional human resources at a scale only governmental authorities are likely to have.).

⁹⁶ Michael D. Shear & Scott Shane, White House Weighs Sanctions After Second Breach of a Computer System, N.Y. Times (June 12, 2015), at https://www.nytimes.com/2015/06/13/us/white-house-weighs-sanctions-after-second-breach-of-a-computer-system.html. See also Tim Maurer, Cyber Mercenaries: The State, Hackers, and Power 56 (2018).

⁹⁷ Ellen Nakashima, Chinese Hack of Federal Personnel Files Included Security-Clearance Database, Wash. Post (June 12, 2015), at https://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html?utm_term=.9ea58a001b11.

⁹⁸ Nakashima, supra note 89. Interestingly, President Trump informally attributed the OPM hack to China during a phone interview to the New York Times in January 2017, in which he said: “China, relatively recently, hacked 20 million government names. How come nobody even talks about that?” This statement might relate to Trump's efforts to minimize the significance of Russian cyber operations, which allegedly influenced the presidential election. See Michael D. Shear & David E. Sanger, Putin Led a Complex Cyberattack Scheme to Aid Trump, Report Finds, N.Y. Times (Jan. 6, 2017), at https://www.nytimes.com/2017/01/06/us/politics/donald-trump-wall-hack-russia.html?_r=0.

⁹⁹ Chris Strohm, Hacked OPM Data Hasn't Been Shared or Sold, Top Spy-Catcher Says, Bloomberg Pol. (Sept. 28, 2017), at https://www.bloomberg.com/news/articles/2017-09-28/hacked-opm-data-hasn-t-been-shared-or-sold-top-spy-catcher-says.

¹⁰⁰ Id.

¹⁰¹ David E. Sanger, US Decides to Retaliate Against China's Hacking, N.Y. Times (July 31, 2015), at https://www.nytimes.com/2015/08/01/world/asia/us-decides-to-retaliate-against-chinas-hacking.html?mcubz=0.

¹⁰² Nakashima, supra note 90, (citing, inter alia, Rep. Adam Schiff stating that if the United States blurs the line between economic spying and foreign intelligence spying, “we risk undermining the fight against economic theft”).

¹⁰³ Strohm, supra note 99.

¹⁰⁴ Tallinn Manual 2.0, supra note 1, Rules 32, 89. See also Pun, supra note 59.

¹⁰⁵ Dianna Cahn, Effects of OPM Data Breach Are Far-Reaching, Gov't Tech. (July 13, 2015), at http://www.govtech.com/security/Effects-of-OPM-Data-Breach-Are-Far-Reaching.html; Joseph Marks, Greatest Damage from OPM Breach Was to Government's Reputation, NextGov (Apr. 10, 2017), at https://www.nextgov.com/cybersecurity/2017/04/greatest-damage-opm-breach-was-governments-reputation/136902; Michael Adams, Why the OPM Hack Is Far Worse Than You Imagine, Lawfare (Mar. 11, 2016), at https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagine; Kristin Finklea, Michelle D. Christensen, Eric A. Fischer, Susan V. Lawrence & Catherine A. Theohary, Cyber Intrusion into U.S. Office of Personnel Management: In Brief, Cong. Res. Serv. Rep. (2015), available at https://digitalcommons.ilr.cornell.edu/key_workplace/1440; Ian Brown, I maging A C yber S urprise : H ow M ight C hina U se S tolen OPM R ecords to T arget Trust?, War on the Rocks (May 22, 2018), at https://warontherocks.com/2018/05/imagining-a-cyber-surprise-how-might-china-use-stolen-opm-records-to-target-trust.

¹⁰⁶ See, e.g., Stavridis, supra note 24.

¹⁰⁷ FBI and Secret Service Investigating Las Vegas Casino, Hacker5 Magazine (Feb. 28, 2014); Las Vegas Sands Sites Hacked as Posts Criticize CEO Sheldon Adelson's Politics, Postmedia (Feb. 12, 2014).

¹⁰⁸ Tony Capaccio, David Lerman & Chris Strohm, Iran Behind Cyber-attack on Adelson's Sands Corp., Clapper Says, Bloomberg (Feb. 26, 2015), at https://www.bloomberg.com/news/articles/2015-02-26/iran-behind-cyber-attack-on-adelson-s-sands-corp-clapper-says.

¹⁰⁹ Jose Pagliery, Iran Hacked an American Casino, US Says, CNN Tech (Feb. 27, 2015), at http://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html.

¹¹⁰ Gary Leupp, A Chronology of the Sony Hacking Incident, Counterpunch (Dec. 29, 2014), at http://www.counterpunch.org/2014/12/29/a-chronology-of-the-Sony-hacking-incident.

¹¹¹ Id.

¹¹² Choe Sang-Hun, North Korea Warns US Over Film Mocking Its Leader, N.Y. Times (June 25, 2014), at https://www.nytimes.com/2014/06/26/world/asia/north-korea-warns-us-over-film-parody.html?mtrref=www.google.co.il&gwh=B3B3453BC13185E0E57B63F83177166B&gwt=pay&assetType=nyt_now.

¹¹³ It turned out that, early in June 2014, SPE's CEO consulted with Bruce Bennett, a senior defense analyst in Washington DC, asking his advice on whether or not to preserve the movie's final scene, in which the head of the North Korean leader is blown up by U.S. CIA agents. Although cutting or changing the final scene might have eased the North Koreans’ fury, Bennett's recommendation was to keep the film as it was, hoping that a movie “about the removal of the Kim family regime and the creation of a new government by the North Korean people” would “start a real thinking” among South and North Koreans who would watch it. That recommendation was supported by “very senior” U.S. government officials. See id.; Leupp, supra note 110; William Boot, Exclusive: Sony Emails Say State Department Blessed Kim Jong-un Assassination in “The Interview,” Daily Beast (Dec. 17, 2014), at http://www.thedailybeast.com/exclusive-sony-emails-say-state-department-blessed-kim-jong-un-assassination-in-the-interview.

¹¹⁴ Boot, supra note 113.

¹¹⁵ A Breakdown and Analysis of the December, 2014 Sony Hack, RBS (Dec. 5, 2014), at https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack. See also Alex Altman & Zeke J. Miller, State Department Insists North Korea Behind Sony Hack, Time (Dec. 31, 2014), at http://time.com/3651171/sony-hack-north-korea-fbi/?xid=time_readnext.

¹¹⁶ David E. Sanger & Michael S. Schmidt, More Sanctions on North Korea After Sony Case, N.Y. Times (Jan. 2, 2015), at https://www.nytimes.com/2015/01/03/us/in-response-to-sony-attack-us-levies-sanctions-on-10-north-koreans.html (questioning the speediness of the FBI conclusions). See also A Breakdown and Analysis, supra note 115 (questioning attribution of the breach by the FBI to North Korea).

¹¹⁷ Leupp, supra note 110 (arguing that North Korea does not have the advanced technological capability required to conduct such a destructive hack). See also Paul, New Clues in Sony Hack Point to Insiders, Away from DPRK, Security Ledger (Dec. 28, 2014), at https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk.

¹¹⁸ Operation Blockbuster: Unraveling the Long Thread of the Sony Attack, Novetta (Feb. 2016), available at https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf.

¹¹⁹ White House Press Release, Statement by the Press Secretary on the Executive Order Entitled “Imposing Additional Sanctions with Respect to North Korea” (Jan. 2, 2015), available at https://obamawhitehouse.archives.gov/the-press-office/2015/01/02/statement-press-secretary-executive-order-entitled-imposing-additional-s.

¹²⁰ Sanger & Schmidt, supra note 116.

¹²¹ Kim Zetter, Evidence Suggests the Sony Hackers Are Alive and Well and Still Hacking, Wired (Dec. 2, 2016), at https://www.wired.com/2016/02/evidence-suggests-the-sony-hackers-are-alive-and-well-and-still-hacking.

¹²² Operation Blockbuster, supra note 118.

¹²³ Oliver Laughland & Dominic Rushe, Sony Pulling The Interview Was “a Mistake” Says Obama, Guardian (Dec. 20, 2014), available at https://www.theguardian.com/us-news/2014/dec/19/obama-sony-the-interview-mistake-north-korea.

¹²⁴ See U.S. Dep't of State Press Release, Condemning Cyber-Attacks by North Korea (Dec. 19, 2014), at https://2009-2017.state.gov/secretary/remarks/2014/12/235444.htm.

¹²⁵ White House Press Release, Remarks by the President in Year-End Press Conference (Dec. 19, 2014), available at https://obamawhitehouse.archives.gov/the-press-office/2014/12/19/remarks-president-year-end-press-conference. See also Sean Sullivan, Obama: North Korea Hack “Cyber-vandalism,” Not “Act of War,” Wash. Post (Dec. 21, 2014), at https://www.washingtonpost.com/news/post-politics/wp/2014/12/21/obama-north-korea-hack-cyber-vandalism-not-act-of-war/?utm_term=.a295316b9b98.

¹²⁶ Id. See also Michael B. Kelley & Armin Rosen, The US Needs to Stop Pretending the Sony Hack Is Anything Less Than an Act of War, Business Insider (Dec. 15, 2014), at http://www.businessinsider.com/sony-hack-should-be-considered-an-act-of-war-2014-12. The Business Insider story cited David Aitel, a former NSA research scientist, who opined that cyberattacks should be considered an act of war even when they do not meet the required threshold which might justify a military response and that once it has become known which nation should be held accountable, the United States must respond, at least with a firm diplomatic reaction, while considering additional measure in cyberspace, such as attacking targets of the adversary or shutting down the Internet for a while).

¹²⁷ White House Press Release, supra note 119.

¹²⁸ Sanger & Schmidt, supra note 116; Sony Cyber-attack: North Korea Faces New US Sanctions, BBC News (Jan. 3, 2015), at http://www.bbc.com/news/world-us-canada-30661973. On September 6, 2018, the Department of Justice unsealed an indictment against Park Jin-Hyok, a North Korean citizen, charged with conspiracy to conduct multiple cyber operations, including the Sony hack. U.S. Dep't of Justice, Office of Public Affairs Press Release, North Korean Regime-Backed Programmer Charged with Conspiracy to Conduct Multiple Cyber Attacks and Intrusions (Sept. 6, 2018), at https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and.

¹²⁹ Chris Strohm, North Korea Web Outage Response to Sony Hack, Lawmaker Says, Bloomberg Pol. (Mar. 17, 2015), at https://www.bloomberg.com/politics/articles/2015-03-17/north-korea-web-outage-was-response-to-sony-hack-lawmaker-says. See also Francesca Chambers, Lucy Crossley & Alexandra Klausner, North Korea's Internet Is Shut Down AGAIN After Losing Connectivity for Nine Hours Yesterday, Daily Mail (Dec. 23, 2014), at http://www.dailymail.co.uk/news/article-2885359/North-Korea-s-internet-shut-losing-connectivity-nine-hours-yesterday.html.

¹³⁰ Sanger, supra note 101.

¹³¹ The facts described below are partial and subject to ongoing investigations by the Senate Select Committee on Intelligence (SSCI) and by Robert Mueller, a special counsel appointed by the deputy attorney general to investigate the Russian interference in the presidential election and related matters. The information presented here about the DNC hack is based mainly on Dmitri Alperovitch's blog. Alperovitch is the CTO of CrowdStrike. See Dmitri Alperovitch, Bears in the Midst: Intrusion into the Democratic National Committee, CrowdStrike (June 15, 2016), at https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee. It should be noted that there are other narratives of the incident, such as the theory reported by Patrick Lawrence, A New Report Raises Big Questions About Last Year's DNC Hack, Nation (Aug. 9, 2017), at https://www.thenation.com/article/a-new-report-raises-big-questions-about-last-years-dnc-hack.

¹³² See Alperovitch, supra note 131.

¹³³ See Pascal Brangetto & Matthijs A. Veenendaal, Influence Cyber Operations: The Use of Cyberattacks in Support of Influence Operations, in Cyber Power 113, 114 (N. Pissanidis, H. Rõigas & M. Veenendaal eds., 2016), available at https://ccdcoe.org/cycon/2016/proceedings/08_brangetto_veenendaal.pdf.

¹³⁴ Matthew Cole, Richard Esposito, Sam Biddle & Ryan Grim, Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election, Intercept (June 5, 2017), at https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election.

¹³⁵ Intelligence Community Assessment (ICA), Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytical Process and Cyber Incident Attribution (Jan. 6, 2017), available at https://www.intelligence.senate.gov/sites/default/files/documents/ICA_2017_01.pdf.

¹³⁶ Cole, Esposito, Biddle & Grim, supra note 134; see the authentic document dated May 5, 2017, available at https://www.documentcloud.org/documents/3766950-NSA-Report-on-Russia-Spearphishing.html#document/p1.

¹³⁷ Cynthia Mcfadden, William Arkin & Kevin Monahan, Russians Penetrated US Voter Systems, Top US Official Says, NBC News Pol. (Feb. 8, 2018), at https://www.nbcnews.com/politics/elections/russians-penetrated-u-s-voter-systems-says-top-u-s-n845721.

¹³⁸ Michael Isikoff, Obama Cyber Chief Confirms “Stand Down” Order Against Russian Cyberattacks in Summer 2016, Yahoo News (June 20, 2018), at https://www.yahoo.com/news/obama-cyber-chief-confirms-stand-order-russian-cyberattacks-summer-2016-204935758.html. See also Russia Election Interferenc e, C-Span, (Senate Intelligence Committee Hearing, June 20, 2018), at https://www.c-span.org/video/?447328-1/obama-administration-officials-testify-russia-election-interference.

¹³⁹ Andrew Blake, Russian Hackers Likely Scanned Election Systems in all 50 States During 2016 Race: Obama Cyber Czar, Wash. Times (June 21, 2018), at https://www.washingtontimes.com/news/2018/jun/21/russian-hackers-likely-scanned-election-systems-al.

¹⁴⁰ ICA, supra note 135.

¹⁴¹ Senate Select Committee on Intelligence (SSCI), Initial Findings (July 3, 2018), available at https://www.burr.senate.gov/imo/media/doc/SSCI%20ICA%20ASSESSMENT_FINALJULY3.pdf.

¹⁴² Id. Following the DNC Hack, the then DHS Secretary Jeh Johnson decided in January 2017 to designate the nation's electoral systems as federally protected critical infrastructure.

¹⁴³ See Alperovitch, supra note 131.

¹⁴⁴ The claim of “typical disorder” appears to us as somewhat implausible. It is more likely that intentional disorder was created in order to obfuscate the situation and divert suspicions from Russian Intelligence.

¹⁴⁵ Alperovitch, supra note 131.

¹⁴⁶ Ellen Nakashima, Cyber Researchers Confirm Russian Government Hack of Democratic National Committee, Wash. Post (June 20, 2016), at https://www.washingtonpost.com/world/national-security/cyber-researchers-confirm-russian-government-hack-of-democratic-national-committee/2016/06/20/e7375bc0-3719-11e6-9ccd-d6005beac8b3_story.html?utm_term=.4d8ae7360f6c. See also Sam Thielma, DNC Email Leak: Russian Hackers Cozy Bear and Fancy Bear Behind Breach, Guardian (July 26, 2016), at https://www.theguardian.com/technology/2016/jul/26/dnc-email-leak-russian-hack-guccifer-2.

¹⁴⁷ Kevin Poulsen & Spencer Ackerman, EXCLUSIVE: “Lone DNC Hacker” Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer, Daily Beast (Mar. 22, 2018), at https://www.thedailybeast.com/exclusive-lone-dnc-hacker-guccifer-20-slipped-up-and-revealed-he-was-a-russian-intelligence-officer.

¹⁴⁸ U.S. Dep't of Homeland Security Press Release, Joint Statement, the Department of Homeland Security & Office of the Director of National Intelligence on Election Security (Oct. 7, 2016), at https://www.dhs.gov/news/2016/10/07/joint-statement-department-homeland-security-and-office-director-national.

¹⁴⁹ See ICA, supra note 135.

¹⁵⁰ Id. at 1.

¹⁵¹ Nick Gass, Putin on DNC Leak: “Does it Even Matter Who Hacked this Data?,” Politico (Sept. 2, 2016), at http://www.politico.com/story/2016/09/putin-interview-dnc-hack-227668.

¹⁵² See Joint Statement, supra note 148.

¹⁵³ Louis Nelson, Obama Says He Told Putin to “Cut It Out” on Russia Hacking, Politico (Dec. 16, 2016), at http://www.politico.com/story/2016/12/obama-putin-232754 (What Obama was concerned about was the potential of “hamper[ing] the vote counting [an]d affect[ing] the actual election process itself.”).

¹⁵⁴ William M. Arkin, Ken Dilanian & Cynthia McFadden, What Obama Said to Putin on the Red Phone About the Election Hack, NBC News (Dec. 20, 2016), available at https://perma.cc/5CKG-G5XC.

¹⁵⁵ Nelson, supra note 153.

¹⁵⁶ Id.

¹⁵⁷ See ICA, supra note 135, at 3.

¹⁵⁸ Russia Election Interference, supra note 138, at 36:17–37:00 (testimony by Ambassador Victoria Nulland, former assistant secretary of state for European and Eurasian affairs).

¹⁵⁹ William M. Arkin, Ken Dilanian & Cynthia McFadden, CIA Prepping for Possible Cyber Strike Against Russia, NBC News (Oct. 14, 2016), at www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636.

¹⁶⁰ President Obama himself adopted similar language, saying: “I think there is no doubt that when any foreign government tries to impact the integrity of our elections … we need to take action. And we will—at a time and place of our own choosing. Some of it may be explicit and publicized; some of it may not be.” Scott Detrow, Obama on Russian Hacking: “We Need to Take Action. And We Will,” NPR (Dec. 15, 2016), at http://www.npr.org/2016/12/15/505775550/obama-on-russian-hacking-we-needto-take-action-and-we-will.

¹⁶¹ See Arkin, Dilanian & McFadden, supra note 159.

¹⁶² Id.

¹⁶³ Id.

¹⁶⁴ The “red phone” is a confidence-building measure for communication, upgraded by Obama and Putin in 2013. It is to be activated in urgent and very sensitive situations.

¹⁶⁵ See Arkin, Dilanian & McFadden, supra note 154.

¹⁶⁶ See Nelson, supra note 153.

¹⁶⁷ Erik Lipton, The Perfect Weapon: How Russian Cyberpower Invaded the U.S., N.Y. Times (Dec. 13, 2016), at https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html.

¹⁶⁸ Exec. Order No. 13757, Dec. 28, 2016, “Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities,” 82 CFR 1 (2016), available at https://obamawhitehouse.archives.gov/the-press-office/2016/12/29/executive-order-taking-additional-steps-address-national-emergency.

¹⁶⁹ White House Press Release, Presidential Statement on Actions in Response to Russian Malicious Cyber Activity and Harassment (Dec. 29, 2016), available at https://obamawhitehouse.archives.gov/the-press-office/2016/12/29/statement-president-actions-response-russian-malicious-cyber-activity.

¹⁷⁰ Id. See also Rebecca Crootof, The DNC Hack Demonstrates the Need for Cyber-Specific Deterrents, Lawfare (Jan. 9, 2017), at https://www.lawfareblog.com/dnc-hack-demonstrates-need-cyber-specific-deterrents (“Despite this being the strongest public action the United States has ever taken in response to a cyberoperation, many are bemoaning its inadequacy. The U.S. actions have been derided as ‘too little, too late,’ ‘confusing and weak,’ and ‘insufficient.’ However, this seemingly insufficient reaction may have been informed by international law; the United States might have responded to the DNC hack as it did because international law did not permit it to do more.”).

¹⁷¹ U.S. Dep't of Justice Press Release, Grand Jury Indicts Thirteen Russian Individuals and Three Russian Companies for Scheme to Interfere in the United States Political System (Feb. 16, 2018), at https://www.justice.gov/opa/pr/grand-jury-indicts-thirteen-russian-individuals-and-three-russian-companies-scheme-interfere.

¹⁷² Id.

¹⁷³ Indictment, United States v. Internet Research Agency LLC, Case No. 1:18-cr-00032-DLF (D.C. Cir., Feb. 18, 2018), available at https://www.justice.gov/opa/press-release/file/1035562/download.

¹⁷⁴ Id., para.2.

¹⁷⁵ Jon Swaine & Marc Bennetts, Robert Mueller Charges 13 Russians with Interfering in US Election to Help Trump, Guardian (Feb. 17, 2018), at https://www.theguardian.com/us-news/2018/feb/16/robert-mueller-russians-charged-election.

¹⁷⁶ See U.S. Dep't of Justice Press Release, supra note 171; Matt Apuzzo & Sharon LaFraniere, 13 Russians Indicted as Mueller Reveals Effort to Aid Trump Campaign, N.Y. Times (Feb. 16, 2018), at https://www.nytimes.com/2018/02/16/us/politics/russians-indicted-mueller-election-interference.html.

¹⁷⁷ Indictment, United States v. Netyksho, Case No. 1:18-cr-00215-ABJ (D.C. Cir., July 13, 2018), available at https://int.nyt.com/data/documenthelper/80-netyksho-et-al-indictment/ba0521c1eef869deecbe/optimized/full.pdf?action=click&module=Intentional&pgtype=Article.

¹⁷⁸ U.S. Dep't of the Treasury Press Release, Treasury Sanctions Russian Cyber Actors for Interference with the 2016 U.S. Elections and Malicious Cyber-Attacks (Mar. 15, 2018), a t https://home.treasury.gov/news/press-releases/sm0312. See also Ellen Nakashima, Trump Administration Hits Russian Spies, Trolls with Sanctions Over US Election Interference, Cyberattacks, Wash. Post (Mar. 15, 2018), at https://www.washingtonpost.com/world/national-security/trump-administration-sanctions-russian-spies-trolls-over-us-election-interference-cyber-attacks/2018/03/15/3eaae186-284c-11e8-b79d-f3d931db7f68_story.html?noredirect=on&utm_term=.f8cf97eb19d5; Donna Borak, US Imposes Sanctions Against Russian Oligarchs and Government Officials, CNN (Apr. 6, 2018), at https://edition.cnn.com/2018/04/06/politics/russia-sanctions-oligarchs/index.html.

¹⁷⁹ Raimund, Germany Blames Russia for Cyberattacks, Hacked Press (May 5, 2017), at https://hacked.press/2017/05/05/germany-blames-russia-cyberattacks; Andrea Shalal, Germany Challenges Russia Over Alleged Cyberattacks, Reuters (May 4, 2017), at http://www.reuters.com/article/us-germany-security-cyber-russia-idUSKBN1801CA.

¹⁸⁰ Kate Connolly, German Spy Chief Says Russian Hackers Could Disrupt Elections, Guardian (Nov. 29, 2016), at https://www.theguardian.com/world/2016/nov/29/german-spy-chief-russian-hackers-could-disrupt-elections-bruno-kahl-cyber-attacks.

¹⁸¹ Id.

¹⁸² Id.

¹⁸³ Russia “Was Behind German Parliament Hack,” BBC News (May 13, 2016), at http://www.bbc.com/news/technology-36284447.

¹⁸⁴ Samburaj Das, Germany Blames Russia for Parliament Hack, Hacked (May 14, 2016), at https://hacked.com/germany-blames-russia-parliament-hack.

¹⁸⁵ Connolly, supra note 180.

¹⁸⁶ Rowena Mason, Theresa May Accuses Russia of Interfering in Elections and Fake News, Guardian (Nov. 14, 2017), at https://www.theguardian.com/politics/2017/nov/13/theresa-may-accuses-russia-of-interfering-in-elections-and-fake-news.

¹⁸⁷ The UK Prime Minister's statement was issued in the wake of a significant increase in cyberoperations against UK media and telecommunication, and reports about hundreds of fake Twitter accounts and tens of thousands of other accounts tied to Russia, presumably used to influence the outcome of the referendum on the Brexit. Brexit: Russian Twitter Accounts Tweeted 3,468 Times About EU Independence Referendum, Independent (Nov. 15, 2017), at http://www.independent.co.uk/news/uk/politics/brexit-latest-russian-twitter-accounts-eu-independence-referendum-tweets-influence-result-a8055746.html. Investigations into possible Russian interference in the British democratic process have been launched recently by the UK government and Parliament. Zach Marzouk, The Intelligence and Security Committee Has Finally Reformed After the General Election, ITPRO (Nov. 24, 2017), at http://www.itpro.co.uk/security/29963/parliaments-intelligence-committee-considering-russia-investigation.

¹⁸⁸ Melissa Eddy, After a Cyberattack, Germany Fears Election Disruption, N.Y. Times (Dec. 8, 2016), at https://www.nytimes.com/2016/12/08/world/europe/germany-russia-hacking.html.

¹⁸⁹ Andrea Shalal, German Military Can Use “Offensive Measures” Against Cyber-attacks: Minister, Reuters (Apr. 5, 2017), at http://www.reuters.com/article/us-germany-cyber-idUSKBN1771MW.

¹⁹⁰ See Shalal, supra note 179.

¹⁹¹ Kate Brady, Reports: German Government Plans Cyberattack “Hackback” Ahead of Election, Deutsche Welle (Apr. 20, 2017), at http://www.dw.com/en/reports-german-government-plans-cyberattack-hackback-ahead-of-election/a-38506101.

¹⁹² Mason, supra note 186. Prime Minister May echoed in her remarks the words of President Obama, who delivered a similar response in his 2016 Presidential Statement. White House Press Release, supra note 169.

¹⁹³ Mason, supra note 186.

¹⁹⁴ Kay Armin Serjoie, Iran Investigates if Series of Oil Industry Accidents Were Caused by Cyber Attack, Time (Aug. 12, 2016), at http://time.com/4450433/iran-investigates-if-series-of-oil-industry-accidents-were-caused-by-cyber-attack.

¹⁹⁵ Iran Oil Industry Fires, Blasts Raise Suspicions of Hacking, Fox News (Sept. 22, 2016), at http://www.foxnews.com/world/2016/09/22/iran-oil-industry-fires-blasts-raise-suspicions-hacking.html.

¹⁹⁶ Id.

¹⁹⁷ Id.

¹⁹⁸ John Leyden, Hack on Saudi Aramco Hit 30,000 Workstations, Oil Firm Admits, Register (Aug. 29, 2012), at www.theregister.co.uk/2012/08/29/saudi_aramco_malware_attack_analysis.

¹⁹⁹ Jon Gambrell, Saudi Arabia Warns Destructive Computer Virus Has Returned, US News (Jan. 24, 2017), at https://www.usnews.com/news/business/articles/2017-01-24/saudi-arabia-warns-destructive-computer-virus-has-returned.

²⁰⁰ Nicole Perlroth, In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back, N.Y. Times (Oct. 23, 2012), at http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html?mcubz=0.

²⁰¹ Gambrell, supra note 199.

²⁰² Michael Riley, Glen Carey & John Fraher, Destructive Hacks Strike Saudi Arabia, Posing Challenge to Trump, Bloomberg Tech. (Dec. 1, 2016), at https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump.

²⁰³ Sewell Chan, Cyberattacks Strike Saudi Arabia, Harming Aviation Agency, N.Y. Times (Dec. 1, 2016), at http://www.nytimes.com/2016/12/01/world/middleeast/saudi-arabia-shamoon-attack.html?ref=technology.

²⁰⁴ Mahmoud Habboush, Gwen Ackerman & Michael Riley, Hack of Saudi Arabia Exposes Middle East Cybersecurity Flaws, Bloomberg Tech. (Dec. 12, 2016), at https://www.bloomberg.com/news/articles/2016-12-12/hack-of-saudi-arabia-exposes-middle-east-cyber-security-flaws.

²⁰⁵ Nicole Perlroth & Clifford Krauss, A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try, N.Y. Times (Mar., 15, 2018), at https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html. See also Rebecca Cheetham & Sébastien Heon, Triton Cyber-attack: Hackers Target the Safety Systems of Industrial Plants Score, Scor Live Blog (Mar. 6, 2018), at https://www.scor.com/en/media/news-press-releases/triton-cyber-attack-hackers-target-safety-systems-industrial-plants. See also Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker & Christopher Glyer, Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure, FireEye (Dec. 14, 2017), at https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html.

²⁰⁶ Ed Clowes, Destructive Computer Virus “Shamoon” Hits Saudi Arabia for Third Time, Gulf News Tech. (Jan. 30, 2017), at http://gulfnews.com/business/sectors/technology/destructive-computer-virus-shamoon-hits-saudi-arabia-for-third-time-1.1970590.

²⁰⁷ Threat Analysis – Industrial Control System Technical Report (Accenture Security, 2018), available at https://www.accenture.com/t20180123T095554Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Triton-Trisis-Threat-Analysis.pdf.

²⁰⁸ Perlroth & Krauss, supra note 205.

²⁰⁹ The theory that Iran has been behind the Shamoon attacks developed incrementally. See Rob Rachwald, The Significance of the Aramco Hack, IMPERVA (Aug. 23, 2012), at https://www.imperva.com/blog/2012/08/the-significance-of-the-aramco-hack; Bronk, Christopher & Tikk-Ringas, Eneken, The Cyber Attack on Saudi Aramco, 55 Survival – Glob. Pol. & Strategy 81, 96 (2013)Google Scholar, at https://doi.org/10.1080/00396338.2013.784468; David, E. Sanger & Nicole Perlroth, Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says, N.Y. Times (Apr. 15, 2015), at http://www.nytimes.com/2015/04/16/world/middleeast/iran-is-raising-sophistication-and-frequency-of-cyberattacks-study-says.html; Daniel R. Coats, Worldwide Threat Assessment of the US Intelligence Community (Feb. 13, 2018), available at https://www.dni.gov/files/documents/Newsroom/Testimonies/2018-ATA---Unclassified-SSCI.pdf.

²¹⁰ U.S. Dep't of Defense Press Release, Transcript Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security (Oct. 11, 2012), available at http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136.

²¹¹ Perlroth, supra note 200.

²¹² Solis, Gary D., Cyber Warfare, 219 Mil. L. Rev. 1, 44–49 (2014)Google Scholar (describing the operation and analyzing its legal aspects); Weissbrodt, David, Cyber-Conflict, Cyber-Crime, and Cyber-Espionage, 22 Minn. J. Int'l L. 347, 378–79 (2013)Google Scholar. See also Michelle Nicholas, Iran Says Terrorism Includes any Attack on Nuclear Facility, Reuters (Sept. 28, 2012), at https://www.reuters.com/article/us-un-assembly-nuclear-iran/iran-says-terrorism-includes-any-attack-on-nuclear-facility-idUSBRE88R13O20120928 (reporting on the Iranian Foreign Minister's speech during the UN summit stating that Iran places “special importance” on preventing nuclear terrorism targeted at is nationals and its nuclear facilities, adding that “any such act committed by a state, as certain countries continue to commit such crimes in my country, is a manifestation of nuclear terrorism and consequently a grave violation of the principles of U.N. Charter and international law”).

²¹³ Saudi Arabia Warns on Cyber Defense as Shamoon Resurfaces, Reuters (Jan. 23, 2017), at https://www.reuters.com/article/us-saudi-cyber/saudi-arabia-warns-on-cyber-defense-as-shamoon-resurfaces-idUSKBN1571ZR. See also Bill Gertz, Iran Renews Destructive Cyber-attacks on Saudi Arabia, Wash. Free Beacon (Feb. 22, 2017), at http://freebeacon.com/national-security/iran-renews-destructive-cyber-attacks-saudi-arabia.

²¹⁴ Coats, supra note 209.

²¹⁵ Perlroth & Krauss, supra note 205.

²¹⁶ Natasha Turak & Hadley Gamble, Saudi Foreign Minister Calls Iran Most Dangerous Nation for Cyberattacks, CNBC (Feb. 18, 2018), at https://www.cnbc.com/2018/02/18/iran-most-dangerous-nation-for-cyber-attacks-says-saudi-foreign-minister.html.

²¹⁷ For a discussion of the Iranian links to the war in Yemen, see Shaul Shay, Saudi Arabia and the Houthi Missile Threat, Israel Defense (Nov. 15, 2016), at http://www.israeldefense.co.il/en/node/27571.

²¹⁸ D. U. Case, Analysis of the Cyber Attack on the Ukrainian Power Grid, E-ISAC (Mar. 18, 2016), available at https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf. See also Kim Zetter, Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid, Wired (Mar. 3, 2016), at https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid.

²¹⁹ Elias Groll, Did Russia Knock Out Ukraine's Power Grid?, For. Pol'y (Jan. 8, 2016), at http://foreignpolicy.com/2016/01/08/did-russia-knock-out-ukraines-power-grid.

²²⁰ Andy Greenberg, “Crash Override”: The Malware that Took Down a Power Grid, Wired (June 12, 2017), at https://www.wired.com/story/crash-override-malware.

²²¹ Andy Greenberg, Your Guide to Russia's Infrastructure Hacking Teams, Wired (July 12, 2017), at https://www.wired.com/story/russian-hacking-teams-infrastructure. See also John Hultquist, Sandworm Team and the Ukrainian Power Authority Attacks, FireEye (Jan. 7, 2016), at https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html.

²²² Hultquist, supra note 221.

²²³ Id.

²²⁴ Andy Greenberg, How an Entire Nation Became Russia's Test Lab for Cyberwar?, Wired (June 20, 2017), at https://www.wired.com/story/russian-hackers-attack-ukraine (citing the Ukrainian President's accusation). See also Pavel Polityuk, Ukraine Points Finger at Russian Security Services in Recent Cyber-attack, Reuters (July 1, 2017), at https://www.reuters.com/article/us-cyber-attack-ukraine/ukraine-points-finger-at-russian-security-services-in-recent-cyber-attack-idUSKBN19M39P; Pavel Polityuk, Ukraine Investigates Suspected Cyber-attack on Kiev Power Grid, Reuters (Dec. 20, 2016), at https://www.reuters.com/article/us-ukraine-crisis-cyber-attacks/ukraine-investigates-suspected-cyber-attack-on-kiev-power-grid-idUSKBN1491ZF.

²²⁵ Jim Finkle, Cyber Firms Warn of Malware that Could Cause Power Outages, Reuters (June 12, 2017), at https://www.reuters.com/article/us-cyber-attack-utilities-idUSKBN1931EG.

²²⁶ See Michael B. Kelley, “Very High Level of Confidence” Russia Used Kaspersky Software for Devastating NSA Leaks, Yahoo Finance (Jan. 13, 2018), at https://finance.yahoo.com/news/experts-link-nsa-leaks-shadow-brokers-russia-kaspersky-144840962.html. See also Rohit Langde, WannaCry Ransomware: A Detailed Analysis of the Attack, Techspective (Sept. 26, 2017), at https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack (describing NSA tools such as EternalBlue and DoublePulsar, which exploit vulnerabilities in Microsoft-Windows operating system. Those tools were used in this operation, enabling the attacker to use the IP address of the computer to directly communicate with the Server Message Block (SMB) protocol and plant a backdoor to enable remote access and to facilitate control of systems by hackers who could easily install in them virus or malware.).

²²⁷ Langde, supra note 226.

²²⁸ Ryan Browne, Hackers Have Cashed Out on $143,000 of Bitcoin from the Massive WannaCry Ransomware Attack, CNBC (Aug. 3, 2017), at https://www.cnbc.com/2017/08/03/hackers-have-cashed-out-on-143000-of-bitcoin-from-the-massive-wannacry-ransomware-attack.html.

²²⁹ Nicole Perlroth & David E. Sanger, Hackers Hit Dozens of Countries Exploiting Stolen NSA's Tool, N.Y. Times (May 12, 2017), at https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?_r=0.

²³⁰ U.S. Homeland Security Advisor, Thomas Bossert, Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea (Dec. 19, 2017), available at https://www.whitehouse.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917.

²³¹ Olivia Solon, WannaCry Ransomware Has Links to North Korea, Cybersecurity Experts Say, Guardian (May 15, 2017), at https://www.theguardian.com/technology/2017/may/15/wannacry-ransomware-north-korea-lazarus-group.

²³² Ellen Nakashima, The NSA Has Linked the WannaCry Computer Worm to North Korea, Wash. Post (June 14, 2017), at https://www.washingtonpost.com/world/national-security/the-nsa-has-linked-the-wannacry-computer-worm-to-north-korea/2017/06/14/101395a2-508e-11e7-be25-3a519335381c_story.html?utm_term=.9f6ef39a5856.

²³³ Ryan Browne, UK Government: North Korea Was Behind the WannaCry Cyber-attack that Crippled Health Service, CNBC (Oct. 27, 2017), at https://www.cnbc.com/2017/10/27/uk-north-korea-behind-wannacry-cyber-attack-that-crippled-nhs.html.

²³⁴ Symantec Security Response, WannaCry: Ransomware Attacks Show Strong Links to Lazarus Group, Symantec (May 22, 2017), at https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group (describing technical findings connecting WannaCry to the Lazarus group, which was also a key player in the Sony hack and in the theft of US$81 million from the Bangladesh Central Bank, emphasizing, however, that available technical information does not yet enable to attribute the attack to a specific state or non-state actor).

²³⁵ Joel Hills, North Korean Government Behind NHS Cyber-attack, Says Microsoft Boss, ITV (Oct. 13, 2017), at http://www.itv.com/news/2017-10-13/hacking-threat-is-as-serious-as-terrorism-says-microsoft-boss. See also Brad Smith, The Need for Urgent Collective Action to Keep People Safe Online: Lessons from Last Week's Cyberattack, Microsoft Blog (May 14, 2017), at https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack.

²³⁶ U.S. Homeland Security Advisor Press Briefing, supra note 230.

²³⁷ Foreign and Commonwealth Office and Lord Ahmad of Wimbledon Press Release, Foreign Office Minister Condemns North Korean Actor for WannaCry Attacks (Dec. 19, 2017), available at https://www.gov.uk/government/news/foreign-office-minister-condemns-north-korean-actor-for-wannacry-attacks.

²³⁸ U.S. Homeland Security Advisor Press Briefing, supra note 230.

²³⁹ Browne, supra note 233.

²⁴⁰ Hills, supra note 235. See also Brad Smith, The Need for a Digital Geneva Convention, Microsoft Blog (Feb. 14, 2017), at https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention.

²⁴¹ U.S. Homeland Security Advisor Press Briefing, supra note 230.

²⁴² Foreign and Commonwealth Office and Lord Ahmad of Wimbledon Press Release, supra note 237.

²⁴³ U.S. Homeland Security Advisor Press Briefing, supra note 230.

²⁴⁴ EY – Technical Intelligence Analysis, Petya Wiper Malware Disguised as a Ransomware Attack (June 2017), available at http://www.ey.com/Publication/vwLUAssets/ey-technical-intelligence-analysis-petya-wiper-disguised-as-ransomware-attack/$FILE/ey-technical-intelligence-analysis-petya-wiper-disguised-as-ransomware-attack.pdf.

²⁴⁵ Lucian Constantin, Petya Ransomware Is Now Double the Trouble, NetworkWorld (May 13, 2016), at https://www.networkworld.com/article/3069990/petya-ransomware-is-now-double-the-trouble.html.

²⁴⁶ EY– Technical Intelligence Analysis, supra note 244, at 3.

²⁴⁷ Patrick Howell O'Neill, NotPetya Ransomware Cost Merck More than $310 Million, Cyber Scoop (Oct. 27, 2017), at https://www.cyberscoop.com/notpetya-ransomware-cost-merck-310-million.

²⁴⁸ Sam Jones, Finger Points at Russian State Over Petya Hack Attack, Fin. Times (June 30, 2017), at https://www.ft.com/content/f300ad84-5d9d-11e7-b553-e2df1b0c3220.

²⁴⁹ Nolan Peterson, Whose Cyberattack Brought Ukraine to a Shuddering Halt?, Newsweek (July 1, 2017), at http://www.newsweek.com/nolan-peterson-whose-cyberattack-brought-ukraine-shuddering-halt-630500; Ben Dixon, The Strange Failures of the Petya Ransomware Attack, Daily Dot (July 1, 2017), at https://www.dailydot.com/layer8/petya-ransomware-attack-hackers-motives-failures.

²⁵⁰ SBU Establishes Involvement of the RF Special Services into Petya.A Virus-Extorter Attack, SBU Press-Center (July 1, 2017), at https://ssu.gov.ua/en/news/1/category/2/view/3660#.eXBAf7Sa.dpbs.

²⁵¹ Ukraine State Security Service Blames Russia for the NotPetya Cyber-attack, Firstpost (July 1, 2017), at http://www.firstpost.com/tech/news-analysis/ukraine-state-security-service-blames-russia-for-the-notpetya-cyber-attack-3835341.html.

²⁵² Anton Cherepanov, TeleBots Are Back: Supply-Chain Attacks Against Ukraine, Welivesecurity (June 30, 2017), at https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine (concluding that the attack was directed against businesses in Ukraine, but the malware went out of control because its authors apparently underestimated the malware's spreading capabilities).

²⁵³ Kimberly Zenz, Is Russia or North Korea Behind Petya, the Latest Cyberattack?, Newsweek (July 7, 2017), at http://www.newsweek.com/russia-or-north-korea-behind-petya-latest-cyberattack-633410.

²⁵⁴ White House Press Release, Statement from the Press Secretary (Feb. 15, 2018), available at https://www.whitehouse.gov/briefings-statements/statement-press-secretary-25.

²⁵⁵ Id.

²⁵⁶ Sarah Marsh, US Joins UK in Blaming Russia for NotPetya Cyber-attack, Guardian (Feb. 15, 2018), at https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine.

²⁵⁷ Sarah Young & Denis Pinchuk, Australia Joins UK, US to Blame Russia for NotPetya, ITnews (Feb. 16, 2018), at https://www.itnews.com.au/news/australia-joins-uk-us-to-blame-russia-for-notpetya-485306.

²⁵⁸ Global Ransomware Attack Causes Turmoil, BBC (June 18, 2017), at http://www.bbc.com/news/technology-40416611.

²⁵⁹ Roland Oliphant & Cara McGoogan, NATO Warns Cyber-attacks “Could Trigger Article 5” as World Reels from Ukraine Hack, Telegraph (June 28, 2017), at http://www.telegraph.co.uk/news/2017/06/28/nato-assisting-ukrainian-cyber-defences-ransom-ware-attack-cripples.

²⁶⁰ Id.

²⁶¹ Nakashima, supra note 178.

²⁶² Articles on Responsibility of States for Internationally Wrongful Acts, in Int'l Law Comm'n Rep. on the Work of Its Fifty-Third Session, UN GAOR, 56th Sess., April 23–June 1 and July 2–August 10, 2001, UN Doc. A/56/10 [hereinafter ASR]. The ability to attribute wrongful acts or omissions to a state or to one of its agents—organs, entities, person, or group of persons—who in fact, acted “on the instruction of, or under the direction, or control of, that State in carrying out the conduct” (ASR, Art. 8), is essential for establishing state responsibility. According to the ICJ, a high threshold of “effective control” is required and mere acts of encouraging, financing, planning, and organizing do not meet that threshold. Military and Paramilitary Activities, supra note 31, at 64–65. At the same time, adopting the attack as one's own is sufficient to attribute the responsibility to the state. ASR, Art. 11.

²⁶³ See e.g., Corfu Channel (UK v. Alb.), Judgment, 1949 ICJ 4, 22 (Apr. 9).

²⁶⁴ Margulies, Peter, Sovereignty and Cyber Attacks: Technology's Challenge to the Law of State Responsibility, 14 Melbourne J. Int'l L. 496, 500 (2013)Google Scholar.

²⁶⁵ Banks, William, State Responsibility and Attribution of Cyber Intrusions After Tallinn 2.0, 95 Tex. L. Rev. 1486, 1493 (2017)Google Scholar (asserting that cyber attribution is challenging and often time-consuming when state responsibility is suspected and that “international law places States in an untenable posture in responding to cyber intrusions below the use of force level”).

²⁶⁶ Roscini, Marco, Evidentiary Issues in International Disputes Related to State Responsibility for Cyber Operations, 50 Tex. Int'l L.J. 233 (2015)Google Scholar (describing and discussing the evidentiary aspects of attribution regarding state responsibility in cyber context).

²⁶⁷ Egan, Brian, International Law and Stability in Cyberspace, 35 Berk. J. Int'l L. 169, 177 (2017)Google Scholar.

²⁶⁸ Id.

²⁶⁹ Roscini, supra note 266, at 272 (arguing that the standard of proof is not uniform for all rules applicable to cyberoperations. Whereas claims of self-defense against cyberoperations, like against kinetic attacks, must be proved with clear and convincing evidence, fully conclusive evidence is needed to prove that a litigant conducted cyberoperations amounting to international crimes, and a slightly less demanding standard seems to apply when what needs to be proved is that the state did not exercise due diligence to stop its cyber infrastructure from being used by others to commit international crimes). By contrast, see Egan, supra note 267, stating there is no legal obligation to present the evidence and the standard of proof used in specific incident, although political reasons might lead to greater transparency.

²⁷⁰ Egan, supra note 267, at 177; Wright, supra note 5.

²⁷¹ Maurer, supra note 96, at 151–52 (suggesting three types of proxy relationships—delegation, under the state effective control; orchestration, looser relationship with the state, receiving funding but no specific instructions; and sanctioning, involving passive support from the state is aware and the turning of a blind eye on its part).

²⁷² Note that criminal investigations provided sufficient evidence to file charges against seven Iranian hackers linked with the Iranian government in connection with the attacks, see Indictment and U.S. Dep't of Justice Press Release, supra notes 69-70.

²⁷³ Regarding the standard of proof, see Roscini, supra note 266, at 248–54, and Egan, supra note 267, at 177. Regarding the countermeasures discussed by the administration against Iran, including destroying the attackers’ server, see Nakashima, supra note 78. Such a discussion arguably suggests a high level of confidence in the possibility to attribute the operation, directly or indirectly, to Iran.

²⁷⁴ The final results of the criminal investigation into this incident have not been published yet, but Clapper, the then director of national intelligence, had pointed the finger at Iran. See Capaccio, supra note 108.

²⁷⁵ Nakashima, supra note 78.

²⁷⁶ Id. See also Dev, Priyanka R., “Use of Force” and “Armed Attack” Thresholds in Cyber Conflict: The Looming Definitional Gaps and the Growing Need for Formal U.N. Response, 50 Tex. Int'l L.J. 379, 392 (2015)Google Scholar (arguing that the highly defensive strategy the United States adopted will do little to deter its adversaries and expose it to repeated attacks).

²⁷⁷ The first known imitation of the Stuxnet was the Shamoon malware deployed in August 2012, but there have been other copycat operations. Some are included in our case studies, for example, the Sony and Sands Casino hacks, Black-Energy 1+2, Shamoon 3+4, and NotPetya.

²⁷⁸ In the DNC hack case, it seems that the president and directors of the U.S. intelligence community did not share the same approach. Whereas the USIC joint report of October 7, 2016 attributes responsibility to Russia and calls to back up American warnings with action, the president seemed to adopt a more cautious approach, focusing solely on preventing Russia from disrupting the election process. See Nelson, supra note 153.

²⁷⁹ In the DNC hack case, the NSA released information about Russian cyber vulnerabilities to increase the risk of Russia being attacked by independent hacktivists and non-state actors, whereas in the Sony hack case the shutdown of the internet in North Korea for several hours was presumably a U.S. covert act of retaliation.

²⁸⁰ See Evanina's remarks regarding the OPM hack, cited in Strohm's report, supra note 99. See also the head of the BfV's remarks regarding the Bundestag hack, supra notes 183–84.

²⁸¹ Browne, supra note 233; Hills, supra note 235; U.S. Homeland Security Advisor Press Briefing, supra note 230. See also Pyongyang Denies Responsibility for WannaCry, Glob. Times (Dec. 21, 2017), at http://www.globaltimes.cn/content/1081511.shtml.

²⁸² William Banks, Who Did It? Attribution of Cyber Intrusions and the Jus in Bello, in The Impact of Emerging Technologies on the Law of Armed Conflict (forthcoming 2019), available at SSRN: https://ssrn.com/abstract=3191972.

²⁸³ Egan, supra note 267, at 177 (“Absolute certainty is not—and cannot be—required[;] …there is no international legal obligation to reveal evidence on which attribution is based prior to taking appropriate action.”); Wright, supra note 5 (claiming, inter alia, that there is no legal obligation on states to disclose the information on which the decision to attribute is based).

²⁸⁴ Banks, supra note 282, at 16–21; Clement Guitton, Inside the Enemy's Computer: Identifying Cyber Attackers 5 (2017).

²⁸⁵ Rid, Thomas & Buchanan, Ben, Attributing Cyber Attacks, 38 J. Strategic Stud. 4, 7 (2015)CrossRefGoogle Scholar.

²⁸⁶ Id. at 6.

²⁸⁷ See, e.g., Samuel Osborne, Salisbury Nerve Agent Attack: Sergei Skripal and Daughter were Poisoned with Novichok on Their Front Door, Independent (Mar. 28, 2018), at https://www.independent.co.uk/news/uk/crime/sergei-skripal-salisbury-poison-nerve-agent-russia-daughter-attack-novichok-front-door-home-a8278631.html.

²⁸⁸ U.S. Dep't of the Treasury Press Release, Treasury Sanctions Russian Federal Security Service Enablers (June 11, 2018), available at https://home.treasury.gov/news/press-releases/sm0410; Jim Finkle & Doina Chiacu, U.S., Britain Blame Russia for Global Cyber Attack, Reuters (Apr. 16, 2018), at https://www.reuters.com/article/us-usa-britain-cyber/u-s-britain-blame-russia-for-global-cyber-attack-idUSKBN1HN2CK.

²⁸⁹ Tallinn Manual 2.0, supra note 1, at 329 (Rule 68) (“A cyber operation that constitutes a threat or use of force against the territorial integrity or political independence of any State, or that is in any other manner inconsistent with the purposes of the United Nations, is unlawful.”); id. at 330 (Rule 69) (“A cyber operation constitute a use of force when its scale and effects are comparable to non-cyber operations rising to level of a use of force.”).

²⁹⁰ See Tsagourias, Nicolas, The Tallinn Manual on the International Law Applicable to Cyber Warfare: A Commentary on Chapter II – The Use of Force, 15 Y.B. Int'l Humanitarian L. 22 (2013)Google Scholar; Kilovaty, supra note 7, at 115–16; Kilovaty, Ido, Rethinking the Prohibition on the Use of Force in the Light of Economic Cyber Warfare: Towards a Broader Scope of Article 2(4) of the UN Charter, 4 J. L. & Cyber Warfare 210 (2015)Google Scholar (emphasizing the need to apply the prohibition on the threat or use of force to economic cyberattacks like kinetic cyberattacks). See also Kilovaty, supra notes 24–25; Fleck, supra note 7; Deeks, supra note 7.

²⁹¹ Schmitt, supra note 3, at 20; see also Tallinn Manual 2.0, supra note 1, at 331, paras. 2–3.

²⁹² Liu, Ian Yuying, State Responsibility and Cyberattacks: Defining Due Diligence Obligations, 4 Indon. J. Int'l & Comp. L. 191, 195 (2017)Google Scholar; Corn & Jensen, Part 1, supra note 45 (“the prevailing view is that most, if not all, documented cyber actions taken by states to date have fallen below the ‘use of force’ threshold”).

²⁹³ Tallinn Manual 2.0, supra note 1, Art. 71, at 342, para. 10 (“A case illustrating the unsettled nature of the armed attack threshold is that of the 2010 Stuxnet operation. In light of the damage they caused to Iranian centrifuges, some members of the International Group of Experts were of the view that the operations had reached the armed attack threshold (unless justifiable on the basis of anticipatory self-defense (Rule 73).”). See also Kilovaty, supra note 7, at 92.

²⁹⁴ Margulies, supra note 264, at 514–18.

²⁹⁵ For a debate over questions relating to the adaptability of law to cyberspace, see, e.g., Johnson, David R. & Post, David G., Law and Borders: The Rise of Law in Cyberspace, 48 Stan. L. Rev. 1367 (1996)CrossRefGoogle Scholar; Goldsmith, Jack L., Against Cyberanarchy, 65 U. Chi. L. Rev. 1199 (1998)CrossRefGoogle Scholar; Roger Brownsword, So What Does the World Need Now? Reflections on Regulating Technologies, in Regulating Technologies: Legal Futures, Regulatory Frames and Technological Fixes 23 (Roger Brownsword & Karen Yeung eds., 2008); Mireille Hildebrandt, Technology and the End of Law, in Facing the Limits of the Law 443 (Erik Claus, Wouter Devroe & Bert Keirsbilck eds., 2009); Jack Goldsmith & Tim Wu, Who Controls the Internet? Illusions of a Borderless World (2006); Lessig, Lawrence, The Law of the Horse: What Cyberlaw Might Teach, 113 Harv. L. Rev. 501 (1999)CrossRefGoogle Scholar.

²⁹⁶ See Tallinn Manual 2.0, supra note 1, Rule 69, as opposed to the flexible approach advocated by some authors. Supra note 290.

²⁹⁷ Tallinn Manual 2.0, supra note 1, at 330, para. 5; Tsagourias, supra note 290, at 21 (opining that “non-state actors, or at least those showing some form of organization, should be viewed as direct addressees of the customary rule prohibiting the threat or use of force”); Kilovaty, supra note 7, at 119–20. For the state of general international law on the matter, see Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory, Advisory Opinion, 2004 ICJ 136, 194 (July 9); Sean Murphy, Self-Defense and the Israeli Wall Advisory Opinion: An Ipse Dixit from the ICJ?, 99 AJIL 62 (2005). Cf. Statement by the President George W. Bush in his Address to the American Nation (Sept. 11, 2001), available at https://georgewbush-whitehouse.archives.gov/news/releases/2001/09/20010911-16.html (declaring that the United States came under terrorist attack before attributing the attack to any particular entity).

²⁹⁸ Tallinn Manual 2.0, supra note 1, at 331, 334. The Rules cite the Nicaragua “scale and effects” standard for categorizing a prohibited use of force as an armed attack. See Military and Paramilitary Activities, supra note 31, at 103–04.

²⁹⁹ Allan, supra note 31. While it was unlikely that the attack on the dam could have resulted in much harm at the time of the attack (as it was closed for maintenance), obtaining through a cyberoperation the capacity to interfere with it in the future, might be regarded as the first step in an act of aggression.

³⁰⁰ Tallinn Manual 2.0, supra note 1, at 333 (defining “use of force” as “acts that injure or kill persons or physically damage or destroy objects”).

³⁰¹ For a rule reflecting the “pin-prick” theory, see Tallinn Manual 2.0, supra note 1, at 342, para. 11. See also, Roscini, supra note 29, at 108–10.

³⁰² Tallinn Manual 2.0, supra note 1, at 17 (Rule 4).

³⁰³ Id. at 20. The experts were divided as to whether infringements falling short of non-functionality and which do not constitute interference in internal affairs violate sovereignty. Id. at 21.

³⁰⁴ See Corn, supra note 16; Corn & Taylor, supra note 46, at 201–11. See also Schmitt & Vihul, supra note 46, at 1649 et seq.

³⁰⁵ Jensen, Eric Talbot, The Tallinn Manual 2.0: Highlights and Insights, 48 George. J. Int'l L. 735, 743 (2017)Google Scholar (discussing whether sovereignty is a binding norm and arguing that neither of the disputed approaches—sovereignty as a rule or a principle—is universally accepted, citing former Department of State Legal Advisor Brian Egan, opining that the international community is currently “faced with a relative vacuum of public State practice”).

³⁰⁶ Tallinn Manual 2.0, supra note 1, at 21

³⁰⁷ Id. at 18.

³⁰⁸ This is consistent with the approach regarding sovereignty as a principle, see Corn & Taylor, supra note 46 (non-intervention and due diligence might be considered rules which derived from the principle of sovereignty).

³⁰⁹ See, e.g., Declaration on Principles of International Law Concerning Friendly Relations and Co-operation Among States in Accordance with the Charter of the United Nations, Principle 3, UN Doc. A/RES/25/2625 (Oct. 24, 1970).

³¹⁰ Tallinn Manual 2.0, supra note 1, at 312 (Rule 66).

³¹¹ Military and Paramilitary Activities, supra note 31, at 108.

³¹² Tallinn Manual 2.0, supra note 1, at 317, paras. 17–18. Declaration on Principles of International Law, supra note 302, clarifies that: “No State or group of States has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State… . No State may use or encourage the use of economic political or any other type of measures to coerce another State in order to obtain from it the subordination of the exercise of its sovereign rights and to secure from it advantages of any kind… .”

³¹³ Restricting freedom of choice in political affairs could further constitute a breach of the human rights of individuals within a state. International Covenant on Civil and Political Rights, Art. 25, Dec. 16, 1966, 999 UNTS 171: “Every citizen shall have the right and the opportunity, … (b) To vote and to be elected at genuine periodic elections which shall be by universal and equal suffrage and shall be held by secret ballot, guaranteeing the free expression of the will of the electors.”

³¹⁴ See supra note 187; Eric Auchard, Macron Campaign Was Target of Cyber Attacks by Spy-Linked Group, Reuters (Apr. 24, 2017), at https://www.reuters.com/article/us-france-election-macron-cyber/macron-campaign-was-target-of-cyber-attacks-by-spy-linked-group-idUSKBN17Q200; Sumi Somaskanda, The Cyber Threat To Germany's Elections Is Very Real, Atlantic (Sept. 20, 2017), at https://www.theatlantic.com/international/archive/2017/09/germany-merkel-putin-elections-cyber-hacking/540162; Nick Allen, Dutch Spies “Caught Russian Election Hackers on Camera,” Telegraph (Jan. 26, 2018), at https://www.telegraph.co.uk/news/2018/01/26/dutch-spies-caught-russian-election-hackers-camera.

³¹⁵ Tallinn manual 2.0, supra note 1, at 312.

³¹⁶ See White House Press Release, supra note 169.

³¹⁷ Koh, Harold Hongju, The Trump Administration and International Law, 56 Washburn L.J. 413, 450 (2017)Google Scholar (“even if the Russians did not actually manipulate polling results, illegal coercive interference in another country's electoral politics—including the deliberate spreading of false news—constitutes a blatant intervention in violation of international law”); Ohlin, supra note 59, 1595–98 (suggesting that influence operations could be considered as a violation of the self-determination rule); Egan, supra note 267, at 172.

³¹⁸ Ohlin, supra note 59, at 1592 (noting “there are substantial impediments to concluding that Russian hacking … constituted illegal coercion,” but that it depends on factual elements). It may be noted that it took more than a year after the 2016 U.S. elections to uncover the relevant evidence needed to file criminal charges against Russian nationals and to attribute direct responsibility to Russia for their activities.

³¹⁹ Id. at 1594 n. 60 (citing Egan remarking that: “[A] cyber operation by a State that interferes with another country's ability to hold an election or that manipulates another country's election results would be a clear violation of the rule of non-intervention.”).

³²⁰ ICA, supra note 135.

³²¹ Cole, Esposito, Biddle & Grim, supra note 134.

³²² Mcfadden, Arkin & Monahan, supra note 137; Indictment (U.S. v. Internet Research Agency), supra note 173. See also Russia Election Interference, supra note 138.

³²³ Wright, supra note 5.

³²⁴ Kilovaty, Ido, Doxfare – Politically Motivated Leaks and the Future of the Norm on Non-intervention in the Era of Weaponized Information, 9 Harv. Nat'l Security J. 149, 157–59, 174–77 (2018)Google Scholar (describing a disruption process of “doxfare,” an operation undertaken by state-sponsored groups with a view to intruding networks and computers, gathering non-public data and leaking it at a chosen timing to influence the victim state's internal or external affairs).

³²⁵ Tallinn Manual 2.0, supra note 1, at 313, para. 3.

³²⁶ Id. at 30 (Rule 6) (“A State must exercise due diligence in not allowing its territory, or territory or cyber infrastructure under its governmental control, to be used for cyber operations that affect the rights of, and produce serious adverse consequences for, other States.”).

³²⁷ Id. at 36.

³²⁸ Report of Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, at para. 28(e), UN Doc. A/70/174 (2015) (emphasis added).

³²⁹ Jensen, supra note 305, at 745 n.45.

³³⁰ Maurer, Tim, “Proxies” and Cyberspace, 21 J. Conflict & Security L. 383 (2016)CrossRefGoogle Scholar.

³³¹ Jensen, Eric Talbot, Cyber Sovereignty: The Way Ahead, 50(2) Tex. Int'l L.J. 275, 299 (2015)Google Scholar (asserting that the duty to monitor is controversial as it compromises potential human rights obligations). See also Jensen, Eric Talbot, Cyber Deterrence, 26 Emory Int'l L. Rev. 773, 810, 824 (2012)Google Scholar (citing President Obama stating: “Our pursuit of cybersecurity will not—I repeat, will not include—monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties … .”).

³³² Tallinn Manual 2.0, supra note 1, at 43.

³³³ The OPM hack and the Sony hack were launched from Chinese territory and the Bundestag hack was launched from Russian region. None of the three attacks was attributed to the host state, which might suggest some hesitation in relying on constructive knowledge as basis for claiming attribution.

³³⁴ It is noteworthy in that regard that most of the Tallinn experts were of the view that states may respond to an armed attack with an act of self-defense even if the attacker is a non-state actor. Tallinn Manual 2.0, supra note 1, at 345, paras. 18–19 (the majority of the IGE concluded it is state practice relying on the international community resolutions regarding the 9/11 attack). See also Jupillat, Nicolas, Armed Attacks in Cyberspace: The Unseen Threat to Peace and Security that Redefines the Laws of State Responsibility, 92 U. Det. Mercy L. Rev. 115, 122 (2015)Google Scholar (claiming that self-defense must remain an answer to armed attacks carried out by states only, but open to lowering the threshold of state responsibility to deter states hiding behind proxies).

³³⁵ Colonel Gary Corn, a legal advisor of the U.S. Cyber Command, and Professor Eric Talbot Jensen have claimed that, so far, all U.S. reactions to cyberoperations directed against it were in the form of retorsions. Corn & Jensen Part 1, supra note 45.

³³⁶ According to the ASR, resort to countermeasures depends on several factors, including intent to induce compliance, prior notification, limits on application to fundamental international law norms, and proportionality. ASR, supra note 262, Arts. 49–54. Note that the UK attorney general has doubted whether there is a need to present a notification before engaging in cybernetic countermeasures. Wright, supra note 5 (“The one area where the UK departs from the excellent work of the International Law Commission on this issue is where the UK is responding to covert cyber intrusion with countermeasures. In such circumstances, we would not agree that we are always legally obliged to give prior notification to the hostile state before taking countermeasures against it.”).

³³⁷ Nakashima, supra note 78.

³³⁸ Pascucci, Peter P., Distinction and Proportionality in Cyberwar: Virtual Problems with a Real Solution, 26 Minn. J. Int'l L. 419 (2017)Google Scholar (discussing difficulties in implementing proportionality and distinction rules in cyberspace).

³³⁹ See White House Press Release, supra note 254.

³⁴⁰ Pasucci, supra note 338, at 461 (“In cyberwar, the application of the principles of distinction and proportionality fail to adequately provide protection of the civilian population because the definitions and current application are based upon the historical application to kinetic warfare.”). See also Duncan Hollis, Re-thinking the Boundaries of Law in Cyberspace: A Duty to Hack?, in Cyber War: Law and Ethics for Virtual Conflicts 129 (J. Ohlin, Kevin Govern & Claire Finkelstein eds., 2015) (criticizing the insistence of relying on analogy while rejecting more appropriate non-analogous solutions); Crootof, Rebecca, Autonomous Weapon Systems and the Limits of Analogy, 9 Harv. Nat'l. Security J. 51 (2018)Google Scholar (emerging technologies create more and more situations where no analogy to other existing areas of law application will be appropriate).

³⁴¹ Egan, supra note 267, at 179–80.

³⁴² Report of the UN Group of Governmental Experts, supra note 328.

³⁴³ See, e.g., G7 Declaration on Responsible States Behavior in Cyberspace, Apr. 11, 2017, available at https://www.mofa.go.jp/files/000246367.pdf. See also Taddeo, Mariarosaria, Deterrence by Norms to Stop Interstate Cyber Attacks, 27 Minds & Machines 387 (2017)CrossRefGoogle Scholar.

³⁴⁴ See, e.g., White House, Fact Sheet: President Xi Jinping's State Visit to the United States (Sept. 25, 2015), available at https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states (containing agreement on IP theft and cybersecurity).

³⁴⁵ See, e.g., Posner, Eric A. & Goldsmith, Jack, Further Thoughts on Customary International Law, 23 Mich. J. Int'l L. 191, 193 (2001)Google Scholar.

³⁴⁶ Koh, supra note 317, at 418.

³⁴⁷ One may note in this regard that Brian Egan, the U.S. State Department's previous legal adviser, criticized the relative silence of states regarding cyberoperations, arguing that it increases uncertainty which “could give rise to misperceptions and miscalculations by States, potentially leading to escalation and, in the worst case, conflict.” Egan, supra note 267, at 172.

³⁴⁸ Cf. Waxman, Matthew C., Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4), 36 Yale J. Int'l L. 421, 424 (2011)Google Scholar.

³⁴⁹ Sullivan, supra note 125.

³⁵⁰ White House Press Release, supra note 169 ; Egan, supra note 267, at 172.

³⁵¹ For a discussion of the legal implications of lack of a legal explanation for recent uses of forces in Syria, see Marko Milanović, The Syria Strikes: Still Clearly Illegal, EJIL: Talk! (Apr. 15, 2018), at https://www.ejiltalk.org/the-syria-strikes-still-clearly-illegal. The exception to the trend of not providing a legal explanation for recent interventions in Syria is the UK Prime Minister's Office, Syria Action – UK Government Legal Position (Apr. 14, 2018), available at https://www.gov.uk/government/publications/syria-action-uk-government-legal-position/syria-action-uk-government-legal-position.

³⁵² Sullivan, supra note 125.

³⁵³ See, e.g., Hersch Lauterpacht, The Development of International Law by the International Court 387 (1958, 1982 reprint).

³⁵⁴ See generally Stone, Randall W., Informal Governance in International Organizations, 8 Rev. Int'l Org. 121 (2013)Google Scholar.

³⁵⁵ The Final Act of the Conference on Security and Cooperation in Europe, Aug. 1, 1975, Part X, 14 ILM 1292 (1975).

³⁵⁶ Joint Comprehensive Plan of Action, at pmbl., July 14, 2015, available at https://www.state.gov/documents/organization/245317.pdf.

³⁵⁷ Thomas Giegerich, Retorsion, in Max Planck Encyclopedia of Public International Law 983 (2011).

³⁵⁸ Corn & Jensen Part 1, supra note 45.

³⁵⁹ For a discussion of international law governing espionage, see Pun, supra note 57; Asaf Lubin, Espionage as a Sovereign Right Under International Law and Its Limits, 24 ILSA Q. 22 (2015–2016).

³⁶⁰ See supra notes 101 and 102.

³⁶¹ For an exposition of the idea of establishing an international attribution agency, see Smith, supra note 240.

³⁶² For a discussion, see Hurd, Ian, Is Humanitarian Intervention Legal? The Rule of Law in an Incoherent World, 25 Ethics & Int'l Aff. 293 (2011)Google Scholar.

³⁶³ UN Charter Art. 2(3).

³⁶⁴ Väljataga, supra note 6.

³⁶⁵ See, e.g., Tim Jordan, Cyberpower: The Culture and Politics of Cyberspace and the Internet 1 (1999); Kücklich, Julian Raul, Virtual Worlds and their Discontents Precarious Sovereignty, Governmentality, and the Ideology of Play, 4 Games & Culture 340 (2009)CrossRefGoogle Scholar.

³⁶⁶ Adams, Jackson & Albakajai, Mohamad, Cyberspace: A New Threat to the Sovereignty of the State, 4 Mgmt. Stud. 256, 256–57 (2016)Google Scholar (depicting “the virtual nature of the cyberspace implies dematerialization (everything is paperless), detemporalization (instant communication), and deterritorialization (breaking the geographical boundaries and distances) of online activities and interactions”).

³⁶⁷ Charles Arthur, Internet Regulation: Is It Time to Rein in the Tech Giants?, Guardian (July 2, 2017), at https://www.theguardian.com/technology/2017/jul/02/is-it-time-to-rein-in-the-power-of-the-internet-regulation.