Inside Cyber Warfare - Jeffrey Carr [43]
State responses to transnational terrorist attacks further support recognition of a duty to prevent cyber attacks under customary international law. After the 9/11 terrorist attacks, states across the world condemned terrorism as a threat to international peace and security, and provided various forms of support to the United States in its war against Al Qaeda. Ensuring that terrorism will forever be legally recognized as a threat to international peace and security, the Security Council passed Resolution 1373, which reaffirmed that acts of international terrorism are threats to international peace and security and called on states to work together to prevent and suppress terrorism. The resolution further directed states to “refrain from providing any form of support” to terrorists through act or omission, to “deny safe haven” to those who commit terrorist acts, and “afford one another the greatest measure of assistance in connection with criminal investigations...[or] proceedings” related to terrorism.
The international community’s response to terrorism does not directly define customary international law regarding cyber attacks, but it is persuasive on several fronts. First, it shows that states have a duty to prevent threats to international peace and security. Second, it demonstrates that passive acquiescence to threats to international peace and security will not be tolerated. Finally, it demonstrates that states must work together to prevent and suppress threats to international peace and security. The more cyber attacks resemble terrorism, the more easily they will fit into the paradigm constructed to deal with transnational terrorism. However, no matter their purpose, cyber attacks represent a threat to international peace and security and should be dealt with like other recognized transnational threats.
Numerous UN declarations about international crime also support recognizing the duty to prevent cyber attacks. These declarations urge states to take affirmative steps to prevent nonstate actors from using their territory to commit acts that cause civil strife in another state.[25] Furthermore, these declarations also support the duty of states to cooperate with one another to eliminate transnational crime, which lends credence to the duty to cooperate with victim-states during the criminal investigation and prosecution of cyber attacks.[26]
Focusing specifically on cyber attacks, states have made declarations themselves, and used the UN General Assembly to make numerous declarations about the importance of preventing cyber attacks. For instance, the UN General Assembly has called on states to criminalize cyber attacks[27] and to deny their territory from being used as a safe haven to conduct cyber attacks through state practice.[28]
The General Assembly has also called on states to cooperate with each other during the investigation and prosecution of international cyber attacks.[29] Even China’s Premier Wen Jiabao has admitted that China should take firm and effective action to prevent all hacking attacks that threaten computer systems.
Furthermore, states are starting to recognize the threat that cyber attacks pose to international peace and security, with some states and the General Assembly directly recognizing cyber attacks as a danger to international peace and security.[30] These declarations