To thwart a seemingly neve rending bombardment of cyberattacks, the U.S. Department of Defense recently implemented a new strategy – defending forward. This approach demands persistently engaging the enemy on a daily basis to disrupt cyber activity. Rather than waiting to be attacked, the United States is bringing the fight to the enemy. However, this strategy poses fascinating and complex questions of international law. In particular, because most defend forward operations fall within the gray zone of warfare, it remains unclear whether these operations violate the sovereignty of American adversaries or even third party nation states in whose cyberspace U.S. Cyber Command is operating. This paper proposes that defend for-ward does not violate sovereignty within international law. First, sovereignty is a principle of international law, not a rule the United States can violata. Second, American domestic law has limited defend forward operations to proportional responses to persistent cyber-attacks and threats Finally, America's chief adversaries have fundamentally different understandings of sovereignty, which reinforces the necessity and legality of defend forward. Overall, defend forward should be viewed as fitting squarely in the existing framework of international law. Whether defend forward will succeed, however, is another question
Defend Forward & Sovereignty: How America’s Cyberwar Strategy Upholds International Law,
53 U. MIA Inter-Am. L. Rev.
Available at: https://repository.law.miami.edu/umialr/vol53/iss1/4