Law of the horse to law of the submarine: The future of State behavior in cyberspace

States are rapidly approaching an international law crossroads in cyberspace. While many States, led by the United States, take the view that existing international law, including the law of armed conflict, is sufficient to cover cyberspace (“law of the horse”), such a view is being overtaken by reality. The Sony hack allegedly by North Korea is only the latest, and most blatant, in the long history of State activity in cyberspace. The current architecture of cyberspace makes it very attractive for States to pursue their national interests via this domain in a manner that is easily denied. With such a state of affairs persisting into the foreseeable future, it is very likely that international law will soon be sidelined or ignored by States as they seek to respond to cyber activity undertaken by other States (“law of the submarine”). With most, if not all, State-sponsored cyber activity not rising to the level of a use of force, countermeasures are one of the most viable international law tools for States to respond to State-sponsored cyber activity. Countermeasures, however, is the international law concept most at risk of being ignored by States. The customary international law of countermeasures imposes many conditions and limitations on their use, conditions and limitations that States will be inclined to ignore because they can under cyberspace's current architecture. Fortunately, the customary international law of countermeasures remains fluid enough that it can be sufficiently adapted to accommodate State behavior in cyberspace while still accounting for the international law interests underlying countermeasures.