Legal Framework of Cyber Attacks.

Well, now, I’ll talk about the legal framework of cyber-attacks, as well as the efforts and
advances international organizations have done on this topic.
It’s important to remark that most international agreements have not proceeded beyond the
stage of discussing future strategies.

1.-First, the United Nations: In 1999, The Geneva International Meeting tried to grasp the
security implications of emerging technologies.
 In 2002 the General Assembly did a resolution for further consideration and
discussion of information security.
 In 2010, major cyber powers (US, China and Russia) gave a set of
recommendations to the UN Secretary General for building an international
framework for security and stability for the new technologies.
 Art 2 (4): ensures States to refrain the use of force against another country, and
article 51 specifically says that self-defense only applies on an ‘armed attack’.
 Different Interpretations.

2.-NATO (North Atlantic Treaty Organization)

 In May 2007, Estonia became the world’s first victim of a coordinated cyber-attack
against a nation state, following a dispute with Russia over the relocation of a
Soviet-era war memorial.
 After the 2007 cyber-attack on Estonia and 2008 Bucharest Summit. NATO created
a division focused on Cyber-attacks in Tallin.
 The main targets have been the websites of: the Estonian presidency and its
parliament, almost all of the country's government ministries, political parties,
three of the country's six big news organizations, two of the biggest banks; and
firms specializing in communications.
 Cooperative Cyber Defense Centre of Excellence: aspires to advance the
development of long term NATO cyber defense doctrine and strategy

3.- Council of Europe

 Signing of Budapest Convention on Cybercrime 2001 : promulgated “a common
criminal policy aimed at the protection of society against cybercrime,” primarily
through legislation and international cooperation
 The United States ratified the Convention in 2006.
 Regulates offenses in confidentiality, computer data and systems, particular illegal
access, data interference, and system interference.
 The reach of the Convention is limited because of the number of countries that
have ratified it (57). Not China or Russia.
Cyber hostilities below the armed attack category are prevalent on the international sphere.
Countermeauses are an acceptable response under international law. Temporarily lawful
actions undertaken by an injured state in response to another state’s internationally
wrongful conduct. They can be understood as non-violent reprisals that previously
considered illegal became legal in response of an offense done from another state.

Countermeasure: The customary international law of countermeasures governs how states

may respond to international law violations that do not rise to the level of an armed attack
International Law Commission
Article 22. Countermeasures in respect of an internationally wrongful act.