International Law and the Regulation of Cyberoperations Below the Jus Ad Bellum Threshold. An Irish Cybersecurity Perspective

Abstract

Josep Borrell, Vice President of the European Commission, set out his fears that the EU was at risk of being “always principled but seldom relevant” (2021, p. 2). International law could be said to be similarly threatened, particularly in relation to cyberoperations, in respect of which its application has been strongly challenged. While states now broadly agree that international law applies in cyberspace, how it applies remains uncertain and contested. This paper analyses why the application of international law to cyberspace has been so fraught with difficulties and considers whether international law can provide the Irish State with a means of enhancing its cybersecurity and deterring state-led cyberoperations below the threshold of armed conflict.

The paper finds that the application of international law in cyberspace is problematic due to the manifestation of cyberoperations below the jus ad bellum threshold, and the challenging geopolitical environment that inhibits agreement on the principles of the international law of cyberoperations. International law is an object of dispute (Delerue, Douzet, & Gery, 2020, p. 15) and arguments on the application of international law in cyberspace represent states’ strategic positions in the evolving geopolitical power struggle. The paper finds that, as cyberoperations are transnational, unilateral responses cannot be effective, and that small states have an interest in promoting international law and norms to create a more favourable international environment. The paper concludes that, as international law continues to exert a normative force on state behaviour, it has the potential to regulate sub-threshold cyberoperations as part of the comprehensive approach to cybersecurity.