General security

Invoking Article 51 (self-defense) of the UN Charter in Response to Cyber Attacks - I

Dimitar Kostadinov
January 25, 2013 by
Dimitar Kostadinov


Among the series of problems with regard to the legal regulation of cyber attacks is how the self-defense doctrine applies to them. In itself, the self-defense notion was always an interesting subject, but now with the emergence of a new security threat posed by the development of technologies, the matter has become of a great importance. There are many unclear moments concerning the proper application of cyber attacks when it comes to self-preservation and even survival. Here are some additional questions often asked:

Which cyber attacks justifies the forceful response in accordance with Article 51 of the UN Charter?

How does the concept of anticipatory/preemptive self-defense pertain to cyber attacks?

What are feasible means against cyber attacks which do not rise to an armed attack?

When is the right moment to initiate counter action under these circumstances?

This contribution which comprises of two volumes may unravel some of the unknowns.

  1. The right of self-defense

Article 51 of the UN Charter, or the resort to self-defense comes as a legal consequence to the prohibition on the use of force (Article 2(4) of the UN Charter). Basically the use of any kind of force is unlawful with exception of two cases:

  1. As Article 39 of UN Charter stipulates, the UN Security Council may authorize collective security operations when they conclude that there is a situation of "threat to the peace, breach of the peace, or act of aggression." Speaking from strict practicality reasons, however, such an authorization has its own political implications and is often improbable to be granted timely. Over the years, we have witnessed the five permanent members of Security Council veto each other's decisions.
  2. Article 51 or the right of self-defense is the second condition which unties the use of force knot.

The right of a state to undertake a self-defense action is an inherent customary international law and it is a privilege to states. The Charter merely reaffirmed this right granted to states in interest of their survival (Graham, 2010).

It should be noted that the scope of the self-defense pursuant to Article 51 of the UN Charter does not include a response to an economic or political threat. Thus, cyber attacks which pose a lesser threat than the notion of an armed attack are excluded from the scope of the provision in question.Understandably, the word we should focus our attention on is "armed attack", not the use of force, since this is the precondition that may trigger the right to respond in self-defense (Schmitt, 1999).

Article 51 is like a back-up plan in reserve, in case that the measures taken by the Security Council or other international multilateral bodies prove themselves insufficient to provide alleviation from the scourge of aggressive "blitzkrieg" armed attacks. The self-defense measure is a condition that cannot be dispensed with and itensures some extra protection to the states in need (Schmitt, 2011). The authorization of unilateral use of force given in accordance with Article 51 is a measure safeguarding the states integrity until the international community has a chance to react. Furthermore, the states can use this inherent right of self-defense in concert, as in an alliance (Schmitt, 1999).

Article 51 reacts only to an "armed attack" and for another reason. Perhaps the drafters of the Charter have sought to narrow down the situations in which it is permissible for a unilateral use of force. Of course, this is done in favour of the community interest over the individual one. In cases of a cyber attack that is not a part or initiation to a conventional military strike, the state can legally strike back only against those attacks which are intended to cause direct physical destruction or injury. Probably the best alternative in cases not rising to an "armed attack" is resort to the Security Council, which can decide whether or not can trigger a procedure to restore the peace (Schmitt, 1999).

The International Court of Justice /ICJ/in the Nicaragua case(1986)sets out that an armed attack must rise to certain "scale and effect". Thus, minor border incidents are disregarded. Yet when an act of aggression does not reach this level, it may still be an unlawful use of force. ICJ further admits that there is an unregulated loophole between the armed attack notion and the use of force definition. Therefore, in practice, states should restrict themselves to take only measures that are lawful and non-forceful. More "decisive treatment" is possible only with the explicit authorization of the Security Council(Schmitt, 2011).

Concerns of abusing the use of force prohibition with unjustified and excessive military actions are perfectly understandable. Nevertheless, the principles of necessity and proportionality, as well as the Nicaragua Case decision, have a preclusive effect on the unlimited recourse to force (Greenwood, 2011).

2. Anticipatory/Preemtive self-defense doctrine and cyber attacks

2.1 Origin of Anticipatory/Preemptive self-defense and Imminence requirement. An implication in Bush's National Security Strategy.

The classical standard of anticipatory self-defense and the requirement of imminence were articulated in the nineteenth century by Secretary of State Daniel Webster (1906) in respect to the Caroline case. The threat, as Webster assumed, must be "instant, overwhelming, leaving no choice of means and no moment for deliberation" in order to invoke the right of a state to act in preemption.

Hence, anticipatory self-defense may provide the states with a useful tool against threats of their self-existence and survival which is conditionally considered for just under two criteria: 1) the victim state must act without any deliberation and waste of time in order to avoid negative consequences

2) the attack seems unavoidable and in such a stage that there is no other meaningful alternative to resort to

More than a century later since the Caroline incident, in the wake of the terrorist attacks on September 11th, 2001, the President of the United States, George W. Bush, declared the National Security Strategy in 2002. Clearly, Bush's Doctrine is an attempt to find a solution to the changing threat posed by terrorist and rogue states. Pre-emptive strikes nowadays are a necessary method in combat, including against the cyber attacks.The traditional acceptance of the self-defense standard may turn out to be unreliable to ensure protection.

As emphasized numerous times, and also in the US National Security Strategy, the self-defense notion is challenged by the contemporary technological means and the imbalance in distribution of conventional military superiority. The new adversaries will not attempt to directly confront the advanced Western states. They most likely would try to find other way to cause harm, for example, using weapons of mass destruction (WMD) or cyber attacks. With this being so, it is perfectly normal for states to accommodate the international norms giving them protection opportunities (Schmitt, 2011).

Nevertheless, the notion of imminence and anticipatory right of defense should not be regarded too broadly, otherwise the Article 51 may lose its cohesion. If the states have a carte blanche to respond before they are actually aware whether they are under attack, this may impair the UN Charter's prohibition on the use of force. Since cyber attacks are always imminent, states may try to justify the use of force on this ground (Barkham, 2001).

Apparently, the Bush Doctrine advocated an anticipatory self-defense policy which held no value of the imminence criterion as set forth in the Caroline case. The military actions against Iraq stretched "impermissibly" the boundaries of Article 51. Likewise, the National Cyberspace Strategy may present in future an identical opportunity for preemtive strikes against dormant cyber threats (Gibson, 2004).

2.2 Peculiarities regarding the rightful timing and validity of anticipatory/preemptive self-defense

There is some level of disagreement when the scholars interpret Article 51. While some opine that the armed attack should have began and the victim should have already suffered some negative consequences before having the right to act in self-defense, others think that this premise is not necessary (Robertson, 2002).

Textually, Article 51 addresses only those situations where an armed attack is underway. The traditional customary law doctrine stipulates that an attack should be on the verge of commencement. The purpose of Article 51 is dua; on one side it should pose a restriction to uncontrollable unilateral use of force, and on the other it should provide the states with a tool that can be important for their survival against a sudden outbreak of hostilities directed towards them (Schmitt, 1999).

Nevertheless, it is well-accepted that a state need not sit idly as the enemy prepares to attack; instead, a state may defend itself once an attack is "imminent." Similar to the terrorist acts, cyber attacks are initiated without warning, making the attack impossible to define it as imminent. Often the result of the attack is noticeable within seconds after it has been launched and thus giving the victim almost no time to react properly. In the case of cyber attack, the only workable precautions that may prevent the enemy to cause grave damage to the victim's computer system are the defensive tools like an antivirus, malware software and firewalls (Schmitt, 2011).

Consequently, given the fact that cyber attacks may cause negative consequences in a matter of seconds, sometimes the only possible way to respond is via an automatic program. However, in a real situation this may prove to be fatal because such a rapid response often is inaccurate and innocent civilians may suffer (Barkham, 2001).

In regard to the anticipatory self-defense in cyber attacks, one should take into account the very nature of each particular act as the gravity of the act is defining. For example, if a hacker decides to place a logic bomb in computer system which maintains the electric grid of military border facilities, this may not be so important and pressing concern that may trigger the anticipatory right of self-defense. However, if in conjunction with the logic bomb, the aggressor has amassed military units near the border, then the potential harm from the initial cyber attack may be considerable and in this case a preemptive strike is permissible (Schmitt, 1999).

Time is the key factor of anticipatory self-defence. According to the traditional standard, there should be some temporal proximity between the actual attack and the decision to raise a counter attack. The general idea behind the anticipatory self-defense is that states must react before the aggressor if they want to stand a chance of defending themselves effectively. Perhaps the hidden agenda behind it is to provide states with more mechanisms for active defense without resorting to full scale armed intervention (Schmitt, 2011).

As to when is the most appropriate time, in terms of law moment, the answers will vary, but the classical standard recognizes "the last possible window of opportunity". There are cases when the international law requires the victim state to suffer some degree of damage before having the opportunity to initiate defensive procedures. There is a slight correlation between type of state and the use of the self-defense right. Perhaps for less advanced states, it's sometimes justified to respond preemptively. This is due to the reason that such a state is exposed to a greater danger if not taking immediate measures against a growing attack (Schmitt, 1999).

Before resorting to the self-defense option, a decision-maker should consider whether the adversary's attack corresponds to the imminence criterion as set forth by the Secretary of State Daniel Webster. With regard to the famous Caroline incident, he emphasizes on the fact that such self-defense measures are needful to ward off an instant attack that gives no time or alternative (Schmitt, 1999). The right moment for taking these self-defense measures is actually "the last feasible window of opportunity", but it should not be interpreted too broadly, thus allowing preventive strikes against opponents that do not possess the military capabilities to inflict any harm.

And even if a state demonstrates hostile behavior and readiness for a cyber attack, it is not a sufficient reason for a preemptive strikes (Schmitt, 2011). The state is required to provide some evidence about the imminence of an anticipatory armed attack. However, "in the case of cyber attacks, such a requirement would invariably be difficult to meet, if not impossible." (Graham, 2010: 91).

States that are willing to respond to a cyber attack, whether in anticipatory self-defense or not, must be ready to provide "direct" or "conclusive evidence" with regard to the source and nature of a pending attack. For example, the ICJ in the Oil Platforms case (2003) established that the United States had failed to provide an evidence to "justify its using force in self-defense." (Schmitt, 2011).

Consequently, only after the adversary has taken an actual decision for attack and there is a clear proof of that, then it is permissible for a state to launch a counter offensive. Furthermore, the circumstances surrounding the pending attack have to be such that it must be responded immediately if the victim-state is to have a chance to fend off the impact.

Hence, under the current legal framework, cyber exploitation would provide a justa causa for a preemptive strike when there is an actual cyber vulnerability and it is reported by intelligence or other reliable channels that a certain adversary is going to attack immediately (Wortham, 2012).

Coming Next:

3. Cyber attacks through the perspective of the armed attack notion

4. The type and the level of response to cyber attack. Self-defense measures. Responses other than Article 51 of the UN Charter.



Barkham, J. (2001). Information warfare and international law on the use of force.N.Y.U.J. INT'L L. & POL 57, 34.

Condron, S. (2007).Getting it right: Protecting American critical infrastructure in cyber space.Harvard Law Review, 20, 403-422.

Gibson, D. M. (2004.)A Virtual Pandora's Box: Anticipatory Self-DefenseIn Cyberspace. Retieved on 23/01/2013 from

Graham, D. (2010). Cyber threats and the law of war.Journal of National Security Law and Policy, 4, 87-104.

Greenwood, C. (2011). Self-defence. Retrieved on 23/01/2013 from

International Court of Justice (1986).Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America). Retrieved on 23/01/2013 from

International Court of Justice (2003).Oil Platforms (Iran vs. United States of America). Retrieved on 23/01/2013 from

Robertson, H. B. (2002). Self-Defense against computer network attack.I NT'L L.STUD, 76, 121-123.

Schmitt, M. (1999).Computer network attack and use of force in international law.Columbia Journal of Transnational Law, 37, 885-937.

Schmitt, M. (2011). Cyber operations and the jus ad bellum revisited. Villanova Law Review, 56, 569-606.

United Nations (1945).United Nations Charter. Retrieved on 23/01/2013 from

U.S. White House and President Bush Jr., G. (2002).The National Security Strategy of the United States of America. Retrieved on 23/01/2013 from

U.S. White House and President Bush Jr., G. (2006).The National Security Strategy of the United States of America. Retrieved on 23/01/2013 from

Webster, D. (1906). Letter from Daniel Webster, U.S. Sec'y of State, to Lord Ashbuton, British Special Minister. Reprinted in John Bassett Moore, ADiegest of International Law

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Wortham, A. (2012). Should Cyber Exploitation EverConstitute a Demonstration of HostileIntent That May Violate UN CharterProvisions Prohibiting the Threat orUse of Force?Federal Communications Law Journal, 64(3), 644-650.

Dimitar Kostadinov
Dimitar Kostadinov

Dimitar Kostadinov applied for a 6-year Master’s program in Bulgarian and European Law at the University of Ruse, and was enrolled in 2002 following high school. He obtained a Master degree in 2009. From 2008-2012, Dimitar held a job as data entry & research for the American company Law Seminars International and its Bulgarian-Slovenian business partner DATA LAB. In 2011, he was admitted Law and Politics of International Security to Vrije Universiteit Amsterdam, the Netherlands, graduating in August of 2012. Dimitar also holds an LL.M. diploma in Intellectual Property Rights & ICT Law from KU Leuven (Brussels, Belgium). Besides legal studies, he is particularly interested in Internet of Things, Big Data, privacy & data protection, electronic contracts, electronic business, electronic media, telecoms, and cybercrime. Dimitar attended the 6th Annual Internet of Things European summit organized by Forum Europe in Brussels.