Securing Cyber Space: The Obligation of States to Prevent Harmful International Cyber Operations

The paper argues that the obligation of States to prevent harmful international activities perpetrated within their territory, or any other area under their exclusive control, applies to activities conducted in cyber space. Thus, a State is bound by an obligation to prevent detrimental cyber conduct committed from its territory or transiting through its territory, or any other area under its exclusive control, when it knows or should have known of the conduct, when the conduct contradicts the rights of another State, and when it may cause or is causing serious harm. Where a State is aware or should have been aware of the misuse of its territorial cyber infrastructure, the State must attempt to prevent or to react to the harmful transboundary operation, applying all reasonable measures. The content of the obligation of due diligence to prevent damaging cross-border cyber activities depends on the economic, financial and human resources of the State. The paper concludes that the obligation to preclude harmful international cyber operations constitutes only a first step in securing information and communication technology and should be sustained and improved by the introduction of a treaty on cyber security.