The United States views any cyber-attack that results in death, injury or destruction as implicitly triggering the self-defense rule. Claiming that cyberspace is not â€œlaw-free,â€ State Department legal adviser Harold Koh said the U.S. will abide by international law and take proportionate actions that wonâ€™t harm individuals.
Although countries in the United Nations have adopted and shared these views, Koh noted that others didnâ€™t, and referenced China as having a veto stand. Both the Defense Department and the White House have contingency plans in case of cyber-attacks, but Kohâ€™s speech at the U.S. Cyber Command at Fort Meade is the first time an official took a clear stance.
â€œIn our view, there is no threshold for a use of deadly force to qualify as an â€˜armed attackâ€™ that may warrant a forcible response,â€ Koh said. â€œWe see law not as a straitjacket but as . . . a body of â€˜wise restraintsâ€™ that make us free.â€
Koh emphasized the U.S. will act in self-defense if a cyber-attack violates international law or causes direct harm to individuals. Hacking that results in planes crashing or causes nuclear power plants to melt down will constitute an act of violence.
While some nations consider an â€œarmed attackâ€ a powerful enough incentive to trigger a self-defense response, Koh believes cybercrime resulting in human casualties should be considered equally significant.