Ryan Patterson


Cyberspace has developed into an indispensable aspect of modern society, but not without risk. Cyber attacks have increased in frequency, with many states declaring cyber operations a priority in what has been called the newest domain of warfare. But what rules govern? The Tallinn Manual on the International Law Applicable to Cyber Warfare suggests existent laws of war are sufficient to govern cyber activities; however, the Tallinn Manual ignores fundamental problems and unique differences between cyber attacks and kinetic attacks. This Article argues that several crucial impediments frustrate placing cyber attacks within the current umbra of warfare, chiefly the problems of attribution, categorizing uses of force under the jus ad bellum, and compliance with the armed-conflict principles of distinction and proportionality and the law of neutrality. Consequently, identifying a victim-state’s recourse becomes risky and problematic. For the vast majority of cases, this Article proposes departing from the warfare paradigm and suggests states pursue alternative remedial approaches. By domestically prosecuting cybercrimes, seeking reparations for violations of non-intervention, and enhancing national cybersecurity, states can effectively mitigate cyber attacks without the risks and obstacles associated with treating cyber attacks as warfare.