recommended reading

U.S. official says cyberattacks can trigger right to self-defense

Amy Walters/

Computer and network attacks can be classified as armed offensives that trigger the right of self-defense, State Department legal advisor Harold Koh said at a conference this week.

His statements articulate the beginning of a legal framework that will underpin U.S. government policy in cyberspace as it accelerates its drive to develop and procure increasingly aggressive computer tools to play both offense and defense in the digital realm.

A cyber-operation that results in death, injury or significant destruction would likely be viewed as a use of force in violation of international law, Koh said. Hypothetical examples would include computer sabotage designed to cause nuclear plant meltdowns or paralyze air-traffic control systems. Koh made his statements at a conference hosted by U.S. Cyber Command at Fort Meade, Md.

The thinking behind Koh’s words has been brewing over the last two years. When Deputy Defense Secretary William J. Lynn III announced in 2010 that the Pentagon was ready to add cyberspace as a domain of warfare to sea, land, air and space, in conjunction with the creation of the U.S. Cyber Command, he was subtly signaling that the U.S. would be prepared to act in self-defense if its networks were attacked.

Koh added that the U.S. adopts the stance that international law applies in the digital realm and cyberspace is not a ‘law-free’ zone where anyone can conduct hostile activities without rules, the Post reported.

(Image via Amy Walters /

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.