Scholars have spent considerable effort determining how the law of war (particularly jus ad bellum and jus in bello) applies to cyber conflicts, epitomized by the Tallinn Manual on the International Law Applicable to Cyber Warfare. Many prominent cyber operations fall outside the law of war, including the surveillance programs that Edward Snowden has alleged were conducted by the National Security Agency, the distributed denial of service attacks launched against Estonia and Georgia in 2007 and 2008, the 2008 Stuxnet virus designed to hinder the Iranian nuclear program, and the unrestricted cyber warfare described in the 1999 book by two Chinese army colonels. Such conduct is instead relegated to the law of espionage and is thus governed almost entirely by domestic law. The absence of an overarching international law solution to this problem heightens the importance of technological self-protective measures.
Yoo, Christopher S., "Cyber Espionage or Cyberwar?: International Law, Domestic Law, and Self-Protective Measures" (2015). Faculty Scholarship. 1540.
Communications Law Commons, Communication Technology and New Media Commons, Computer and Systems Architecture Commons, Computer Law Commons, Defense and Security Studies Commons, International Relations Commons, Internet Law Commons, Military, War, and Peace Commons, National Security Law Commons, Policy Design, Analysis, and Evaluation Commons, Public Law and Legal Theory Commons, Science and Technology Law Commons, Science and Technology Studies Commons, Systems and Communications Commons