Since the United States first began thinking about international law and cyberspace in the 1990s, it has been clear to us that international law applies to what States do in cyberspace, just as it does to what they do in other domains. When I say international law, I mean all of it treaties, of course, but also customary international law, which develops over time through State practice and opinio juris. Customary international law encompasses many of the fundamental rules that underpin our understanding of what States may or may not lawfully do.
The question is how to interpret and apply the law to the ways new technology is used. But some other States, notably Russia, questioned whether any law applied to activities in cyberspace, suggesting there needed to be an entirely new legal regime. Twenty-five years later, Russia is still making versions of this argument. But the broader landscape has changed enormously. States are actively discussing at the United Nations (UN) and elsewhere how international law applies in cyberspace and, particularly since 2016, many have issued public statements on how they interpret its application to cyber activities.
Discussions of international law are part of the overall effort to promote responsible State behavior in cyberspace. Over the past twenty-five years, States have made tremendous progress in developing common understandings of how international law applies to what they do in cyberspace. Continuing these discussions and working to implement the framework of responsible State behavior in cyberspace will serve to further the shared goal of the United States and other UN Member States to promote international peace and security everywhere.
Full article can be found here.