Columbia International Affairs Online: Policy Briefs

CIAO DATE: 08/2014

Political Neutrality and National Responsibility in Cyber Conflict

Jason Healey

September 2012

Atlantic Council


Since the Internet makes us all neighbors, more nations are likely to be affected by conflicts in cyberspace than in the air, land, or sea. Nations are increasingly looking to limit potential cyber conflicts using the same devices that have limited more traditional wars: treaties, conventions, and norms. One of the most important global norms has been a state’s rights to remain neutral in response to international conflict, as guaranteed by the Hague Convention. But because of the nature of engagement and conflict in cyberspace, it is still unknown how well the old agreements will hold up, and what must be reinvented.

As Internet protocols themselves route cyber attacks through any number of neutral countries, cyber conflicts are usually not so destructive as to obviously trigger international law. This may also render the identity or nationality of belligerents uncertain. Legal norms based on the Hague Convention will likely be less useful than were a modified norm of political neutrality where nations should come under political pressure to take reasonable steps to stop cyber attacks, regardless of whether the responsibility is codified in a formal treaty. The problem of defining political neutrality in cyber conflict may well give rise to new norms of international engagement. If so, the “not my problem” excuse will no longer be acceptable.

This Issue Brief discusses neutrality in cyber space, giving an extended example of how different nations become more responsible for attacks on another nation, which illustrates how four criteria (Severity, Obviousness, Stoppability, and Duration) seem to be critical. Last, the brief explores how “commercial neutrality” on the rights and obligations of companies which have built and own most of cyberspace, may be more important than the neutrality of nations.