Increasing and worthwhile attention has been paid to applying existing international law to the cause of enhancing global cybersecurity. The bulk of this research, though, has been focused on leveraging international humanitarian law to regulate the conduct of cyber warfare. Yet much of this work is largely theoretical given how exceedingly rare it is for a cyber attack to cross the armed attack threshold. The bulk of the cyber risk facing the public and private sectors lies in the arena of cybercrime and espionage. More scholars have been applying international law ‘below the threshold’ to these issues, but much more work remains to be done. For example, perhaps surprisingly, relatively little attention has been paid to leveraging private international law to the cause of mitigating cyber risk. This Article seeks to address this omission by offering a roadmap that synthesizes and extends work in this field by drawing from cybersecurity due diligence, bilateral investment treaties, and customary international law along with underexplored realms of public international law including the Vienna Convention on Diplomatic Relations, lesser studied global commons regimes, and Mutual Legal Assistance Treaties. The time is ripe for a fresh look at existing international legal tools that would help us better manage the multifaceted cyber threat. Only then can an accounting be made of gaps to be filled in by norms, custom, and perhaps one day, new accords.
Download the paper from SSRN.