Israel's Deputy Attorney General for Int'l Law @RoySchondorf is currently presenting Israel's position on how Int'l Law apply in cyberspace at the Naval War College's @StocktonCenter conference on Disruptive Tech. Exciting!!!

Interpretation of Int'l law applicable to cyber ops has to take into account whether rule to be applied is domain-specific.

Prohibition of use of force is applicable to cyber domain. Self-defence is possible against armed attack by state and non-state actors using cyber means. Self-defence actions can be cyber or non-cyber.

LOAC definition of attack requires physical damage. So only if cyber operation is expected to cause physical damage it could be an attack. Impediments to functionality w/o physical damage will not amount to attacks.

General obligations applying to all military operations irrespective of their qualification as attack also apply to cyber ops. E.g. cyber ops against medical units, which applies regardless of there being an attack or not.

Objects under LOAC have always been understood as tangible things, and this is not domain specific. Therefore, deleting or disrupting data is not subject to targeting rules, unless consequences for physical objects can be presumed.

On sovereignty: cornerstone of int'l law and int'l relations. Need to distinguish between general concept of "sovereignty" and "territorial sovereignty" which is a legal rule. Need to be careful about that. CC: @h_lahmann

States have sovereign interests in protecting their networks and their data, even if stored outside of their territory! YES! I've been arguing for that at CyCon 2019!

Not clear whether out-of-territory enforcement actions in foreign networks violates the rule of territorial sovereignty.

Intervention: interference with elections or manipulating election results constitutes an intervention.

Due diligence: was included in Norms chapter of GGE Report, as at this point it time it has not emerged to be applicable to cyberspace. Mostly applicable in environmental law. CC: @ACoco_IntLaw @tdesouzadias

No opinio iuris on duty to cooperate in cyberspace which would have cristallised in a duty of due diligence.

Choice of disclosing information on attribution remains within the political discretion of the acting State.

No prior notification requirement for cyber countermeasures. May be useful in other regimes, but in cyber it would undermine the countermeasure and the need for timely action.

Well, that was exciting!