ARTICLE 51 AND CYBER OPERATIONS: REASSESSING ARMED ATTACK, ATTRIBUTION, AND SELF-DEFENCE IN INTERNATIONAL LAW

INTRODUCTION

The ban on the use of force is the key to the modern international order of law. The general prohibition on the threat or use of force against the territorial integrity or political independence of the states in Article 2(4)¹ of the United Nations Charter is the result of a specifically post-war attempt to limit unilateral resort to force and to give precedence to collective security in the Security Council, preserving the inherent right of individual or collective self-defence in Article 51.²

The doctrine of self-defence traditionally has been designed around three interconnected limitations, which include a high threshold of gravity, attribution to a state, and exceptionality of unilateral force before a Security Council measure. However, these premises were developed in an environment in which the use of force was mostly kinetic and territorially localised and could be ascribed to identifiable military formations. The cyber activities upset all these premises. They are able to create a crippling disruption without physical damage, cross-border operations in real time, and conceal accountability by technical anonymity and by using non-state actors. Consequently, Article 51 has become one of the most disputed topics of modern jus ad bellum when it comes to cyber operations.³ This paper will state that Article 51 can be used to accommodate cyber operations, but its use should not exceed the doctrinal boundaries. The threshold of gravity specified in Military and Paramilitary Activities in and against Nicaragua⁴ must be determinative, so that only cyber-operations that are functionally identical to kinetic armed attacks can be considered armed attacks. Even though the state practice is more and more characterized by the pressure to broaden the concept of self-defence, particularly in the context of non-state actors and anticipatory action, the trend should not be confused with settled law. A more liberal interpretation is dangerous and might undermine the Charter's structural limits.

LEGAL AND CONCEPTUAL FRAMEWORK

A. Article 51 and the ICJ’s Restrictive Doctrine

Article 51 fails to specify what is meant by an “armed attack” and therefore, the interpretation of the term is left to the customary international law and judicial evolution. The basic distinction between the most grave instances and the less serious applications of force was developed by the International Court of Justice in Nicaragua,⁵ which understood that only the former were armed attacks that could be used to invoke self-defence. This restrictive approach has continually been reaffirmed by the Court. In Oil Platforms case,⁶ it stressed that despite the illegality of the use of force, the self-defence must be demonstrated lawfully through the attribution and denied the broad assertions of self-defence without clear indication of state responsibility. Also supported in Armed Activities on the Territory of the Congo.⁷ This jurisprudence is the attempt to keep Article 51 as a slim exception.

According to Christine Gray,⁸ broadening the definition of an “armed attack,” risks burying the very essence of the Charter, which is a prohibition on the use of force, but critics like Christian Tams⁹ argue that the Court is not taking into account the current security realities, including the emergence of non-state actors and asymmetric threats.

B. Cyber Operations and the Jus ad Bellum

The Charter framework is based on traditional assumptions that are challenged by cyber operations. In contrast to kinetic force, cyber operations can cause a continuum of outcomes of minor disruption to a devastating infrastructure collapse. This begs the question of whether the law should be concerned with the means used or the consequences created.

The prevailing methodology in research is effect-based. Michael Schmitt suggests that the context of cyber operations should be judged based on its outcomes, such that those that result in destruction, injury, or other similar outcomes should qualify as a use of force.¹⁰ This position has been influential and is reflected in the Tallinn Manual 2.0, which adopts a functional equivalence framework.¹¹

Nevertheless, there is a fundamental difference in doctrine: not all applications of force will amount to an armed attack.¹² This difference is vital to the integrity of Article 51. The question, then, is not whether cyber activities can be covered by the Charter, but how one can implement the existing thresholds without watering their purpose.

CRITICAL ANALYSIS

A. The Armed Attack Threshold: Functional Equivalence or Doctrinal Drift?

The key question is, can cyber operations qualify as an armed attack. Although functional equivalence is an effective analytical starting point, it has to be used wisely so that it does not drift towards doctrines.

The argument in Nicaragua is technologically neutral and, as such, can be applied to cyber contexts.¹³ Its focus on gravity gives it a principled foundation to differentiate between grave and less serious uses of force. But the use of this standard when applied to cyber operations is disputed.

Schmitt argues that the functional equivalence approach implies that the cyber activity that have similar effects as kinetic attacks, such as paralyzing vital infrastructure, should be classified as armed attacks.¹⁴ The proposal is convincing where there are physical destruction or loss of life. The challenge, however, is how to establish whether non-physical harms e.g. extreme economic disruption or disruptive interference are also eligible. A wider meaning will dilute the difference between the use of force and an armed attack. Just as Marco Roscini points out, it would be quite a stretch to stretch the threshold to encompass non-destructive harms in order to make the law of self-defence lawful.¹⁵

Likewise, Tom Ruys points out that it would be a big stretch to make the threshold insignificant, so that Article 51 can be given an exceptional character. Recent scholarship reinforces this caution. Roos proposes that cyber actions can only be considered armed attacks in cases where their effects are similar to the most serious types of force observed in Nicaragua.¹⁶ This is a sound doctrine. It maintains the line between various degrees of coercion and permits the incorporation of really serious cyberattacks.

Based on this, the superior opinion is that only cyber actions that cause death or injury or any substantial destruction of physical assets, or effects, that are analogous, should be considered armed attacks. Other minor types of cyber activity (espionage, data theft and economic disruption) should not be subjected to the Article 51 threshold.

B. Attribution in Cyberspace: The Weakest Link

The issue of attribution constitutes one of the greatest difficulties in the implementation of Article 51 to cyber operations. The ICJ standard of effective control, in Nicaragua and reiterated in Application of the Genocide Convention,¹⁷ demands a high standard of state involvement prior to the act of non-state actors being ascribed to a state. This criterion is hard to meet in cyberspace.

Distributed infrastructure, deliberate obfuscation, and multiple actors are typical of cyber operations. Tsagourias identifies the difference between technical and legal attribution and adds that determining who carried out an attack is not always sufficient to determine responsibility by a state.¹⁸ To explain these challenges, some scholars and states have proposed that the attribution standards should be relaxed.

Nonetheless, this method is questionable. Reduction of the evidentiary standard will lead to the legitimisation of the use of force on the basis of uncertain or disputed evidence, which will raise the risk of escalation. The analysis of non-state cyberattacks presented by Mattsson highlights the strain on the existing doctrine but does not warrant its repeal.¹⁹

The continuation of attribution challenges, however, implies that most cyber actions, albeit detrimental, are not subject to Article 51. The best course of action is then to uphold a tight set of standards of attribution whilst acknowledging their constraining influence. This affirms the unique quality of self-defence and promotes the utilisation of other forms of legal response.

C. Non-State Actors and the Unwilling-or-Unable Doctrine

The problem of non-state actors is one of the most debatable in law of self-defence. Although Article 51 does not expressly demand state authorship, the International Court of Justice has not explicitly approved a general right of self-defence against non-state actors who are not attributable. The interpretation of post-9/11 Security Council resolutions, especially SC Res 1368 and 1373 have been viewed as acknowledging such a right.²⁰ But this interpretation is not uncontroversial.

The doctrine of “unwilling or unable” attempts to defend the use of force on the territory of another state by the state that cannot or will not stop attacks by non-state actors.

Ashley Deeks gives a systematic formulation of this doctrine, concentrating on necessity, proportionality and a prior request where possible.²¹ However, it is not yet firmly established as Customary International Law, and has come under a lot of criticism.

The doctrine is even more problematic in the cyber context. This lack of a definite territorial nexus, coupled with the inability to find the responsible actors, compromises its integrity. Besides, it will pose a danger of establishing a self-assessing criterion whereby states will make unilateral decisions on when another state has defaulted in its duties.

Based on this, the doctrine of “unwilling-or-unable” must be viewed as controversial and implemented only in extraordinary situations with severe cyberattacks and convincing evidence.

D. Anticipatory Self-Defence in the Cyber Context

Debates on anticipatory self-defence have been rekindled by cyber operations. The Caroline correspondence formulation of the classics entails necessity as being “instant, overwhelming, leaving no means of choice.”²²

It is especially hard to detect imminence in cyberspace. Cyber capabilities may be pre-staged and launched in later phase and there may be a blur between preparation and attack. Daniel Bethlehem recommends a more adaptable approach to imminence, considering the characteristics of the threat and the capabilities of the attacker.²³

This is realistic in terms of the operation, but it runs the risk of extending anticipatory self-defence to preventive action. Such expansion is discouraged by Mary Ellen O-Connell who points out that it is necessary to keep a strict understanding of imminence in a cyberspace setting where uncertainty reigns.²⁴ In the cyber context, where uncertainty is pervasive, a strict interpretation of imminence is essential.

E. The Structural Risk: Normalising Force

The Charter system is under threat due to the cumulative growth of Article 51 in reaction to cyber threats. Cyberspace is defined by low-level hostility on a continuous basis. When this form of activity is re-defined as an armed attack, then the ban on force will be undermined.

It is thus necessary to have a restrained interpretation. The law should not be subjected to the temptation of adapting by expanding only but maintain substantial levels. It is the preservation of self-defence as an exception that is the integrity of the international legal order.

CONCLUSION

The law of self-defence presents a real challenge in relation to cyber operations, but does not require a fundamental redefinition of Article 51. The current doctrinal framework, especially the gravity threshold created in the state of Nicaragua, can still resolve these issues. The restrictive interpretation is normatively required and legally sound. It upholds the difference between the use of force and the armed attack, has high standards of attribution, and it avoids the undermining of the Charter system.

The future of self-defence in cyberspace does not lie in broadening Article 51, though, but in its disciplined application. The law needs to evolve, but in a way that does not disregard its original restrictions.

Citations

1. ¹ Charter of the United Nations (adopted 26 June 1945, entered into force 24 October 1945) 1 UNTS XVI arts 2(4), 51.
2. ² Malcolm N Shaw, International Law (9th edn, CUP 2021).
3. ³ Russell Buchan and Nicholas Tsagourias, Regulating the Use of Force in International Law: Stability and Change (Edward Elgar 2021).
4. ⁴ Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America) (Merits) [1986] ICJ Rep 14. 3 Public International Law Internal-IV PRN-23010126228
5. ⁵ Ibid at 4.
6. ⁶ Oil Platforms (Islamic Republic of Iran v United States of America) (Judgment) [2003] ICJ Rep 161.
7. ⁷ Armed Activities on the Territory of the Congo (Democratic Republic of the Congo v Uganda) (Judgment) [2005] ICJ Rep 168.
8. ⁸ Christine Gray, International Law and the Use of Force (4th edn, OUP 2018).
9. ⁹ Christian J Tams, ‘The Use of Force against Terrorists’ (2009) 20 European Journal of International Law 359. 4 Public International Law Internal-IV PRN-23010126228
10. ¹⁰ Michael N Schmitt, ‘Computer Network Attack and the Use of Force in International Law’ (1999) 37 Columbia Journal of Transnational Law 885.
11. ¹¹ Michael N Schmitt (ed), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (CUP 2017).
12. ¹² Tom Ruys, ‘Armed Attack’ and Article 51 of the UN Charter (CUP 2010). 5 Public International Law Internal-IV PRN-23010126228
13. ¹³ Nicaragua (n 4). 5 Public International Law Internal-IV PRN-23010126228
14. ¹⁴ Schmitt (n 11).
15. ¹⁵ Marco Roscini (2010) 14 Max Planck Yearbook of United Nations Law 85.
16. ¹⁶ S Roos (2025). 6 Public International Law Internal-IV PRN-23010126228
17. ¹⁷ Application of the Convention on the Prevention and Punishment of the Crime of Genocide (Bosnia and Herzegovina v Serbia and Montenegro) (Judgment) [2007] ICJ Rep 43. 6 Public International Law Internal-IV PRN-23010126228
18. ¹⁸ Nicholas Tsagourias (2012) 17 Journal of Conflict and Security Law 229.
19. ¹⁹ F Mattsson (2024). 7 Public International Law Internal-IV PRN-23010126228
20. ²⁰ SC Res 1368 (2001); SC Res 1373 (2001). 7 Public International Law Internal-IV PRN-23010126228
21. ²¹ Ashley S Deeks (2012) 52 Virginia Journal of International Law 483. 8 Public International Law Internal-IV PRN-23010126228
22. ²² Caroline correspondence (1837).
23. ²³ Daniel Bethlehem (2012) 106 American Journal of International Law 770.
24. ²⁴ Mary Ellen O’Connell, ‘The Myth of Preemptive Self-Defense’ (2002) ASIL Task Force Papers. 8 Public International Law Internal-IV PRN-23010126228