Autonomous cyber capabilities – that is, cyber capabilities able to operate without real-time human intervention – are currently being researched and developed by several states as a result of the increasing use of artificial intelligence and autonomy in the military domain. Whereas these capabilities are expected to be mainly employed to respond to malicious cyber operations, their use for defensive purposes raises some legal challenges that deserve to be explored. This paper seeks to analyse whether autonomous cyber capabilities can be used in compliance with international law to respond to malicious cyber operations using unilateral measures of self-help. After briefly introducing the notion of autonomous cyber capabilities and their current state of technological development, this paper will consider whether autonomous cyber capabilities can be used in compliance with the law regulating self-defence, countermeasures, plea of necessity and retorsions. As will be shown, their potential use in circumstances precluding wrongfulness (i.e., self-defence, countermeasures and plea of necessity) is highly problematic, as autonomous cyber capabilities seem to be currently unable to identify the objective and subjective element of the malicious cyber operation (whether it amounts to an internationally wrongful act and whether it is attributable to a state), and to calibrate their response in the light of the principles of necessity and proportionality. Yet, it will be suggested that states may still cautiously use autonomous cyber capabilities to carry out acts of retorsion.

Autonomous cyber capabilities and unilateral measures of self-help against malicious cyber operations

Marta Stroppa
2023-01-01

Abstract

Autonomous cyber capabilities – that is, cyber capabilities able to operate without real-time human intervention – are currently being researched and developed by several states as a result of the increasing use of artificial intelligence and autonomy in the military domain. Whereas these capabilities are expected to be mainly employed to respond to malicious cyber operations, their use for defensive purposes raises some legal challenges that deserve to be explored. This paper seeks to analyse whether autonomous cyber capabilities can be used in compliance with international law to respond to malicious cyber operations using unilateral measures of self-help. After briefly introducing the notion of autonomous cyber capabilities and their current state of technological development, this paper will consider whether autonomous cyber capabilities can be used in compliance with the law regulating self-defence, countermeasures, plea of necessity and retorsions. As will be shown, their potential use in circumstances precluding wrongfulness (i.e., self-defence, countermeasures and plea of necessity) is highly problematic, as autonomous cyber capabilities seem to be currently unable to identify the objective and subjective element of the malicious cyber operation (whether it amounts to an internationally wrongful act and whether it is attributable to a state), and to calibrate their response in the light of the principles of necessity and proportionality. Yet, it will be suggested that states may still cautiously use autonomous cyber capabilities to carry out acts of retorsion.
2023
File in questo prodotto:
File Dimensione Formato  
Autonomous cyber capabilities and unilateral measures of self-help against malicious cyber operations .pdf

accesso aperto

Tipologia: PDF Editoriale
Licenza: Copyright dell'editore
Dimensione 846.5 kB
Formato Adobe PDF
846.5 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11382/560832
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
social impact