Cyberattacks as “Armed Attacks” on the Objects of Critical Infrastructure in Light Article 5 of NATO Treaty

Abstract

In recent years, cyber security has become one of the most actively discussed topics of international law, not only because domestic and inter-State cyber security incidents have grown in number and severity, but also because of the realisation that the technical peculiarities of cyberspace create new and unique legal problems that previously have not been encountered.1 In the Wales Summit Declaration on 5 September 2014, NATO recognized that international law, including international humanitarian law and the United Nations Charter (UN Charter), applies in cyberspace. A decision as to when a cyberattack would lead to the invocation of Article 5 would be taken by the North Atlantic Council (NAC) on a case-by-case basis.2 Collective self-defense expressed in Article 5 of NATO Treaty is a well-known fundamental principle of NATO: “…an armed attack against one or more of them in Europe or North America shall be considered an attack against them all (…)”. 3 Although Article 5 of the NATO Treaty has no concept of the objects of armed attacks, cyberattacks as “Armed Attacks” can be carried out on Critical Infrastrucutre (CI), and on Critical Information Infrastructure (CII). Such objects can function for both military and civilian purposes. CI for civil purposes can be both in state and private ownership. The types of activities of such objects are important for the exercise of state functions.