PIL Discussion Group: New Challenges and New Concepts? Prepositioning and Civilian Critical Infrastructure in International Law

State-sponsored cyber prepositioning – long-term, unauthorized access to networks supporting infrastructure for essential public services – poses a growing challenge for international law. As cases such as “Volt Typhoon” illustrate, prepositioning in infrastructure like a water treatment facility offers hostile actors a vector to launch destructive cyberattacks (e.g., poisoning the water supply) in the event of a future crisis or conflict. Yet, prepositioning itself is difficult to differentiate from other cyber behaviors like espionage or persistent engagement that international law allows, or at least tolerates. In this paper, we unpack what prepositioning is, and how existing international law’s negative obligations —e.g., sovereignty, non-intervention, prohibitions on the threat and use of force, international humanitarian law, and international human rights law—are ill-suited at present to regulate it.  Likewise, we consider and dismiss alternative approaches, such as deterrence, norms, and positive international law obligations.  

Our project advances a different solution – a call for international law to codify an object-based approach to prohibit prepositioning cyber operations against a precise category of targets: civilian critical infrastructure.  We explain the value of an infrastructural approach to addressing prepositioning given the internet’s architecture, while focusing our protections not only to a particular category of technologies (e.g., those that have operational viz. purely informational functions).  We further condition our proposal to infrastructure that is civilian (viz. military) in character,  the loss of which will foreseeably lead to lethal outcomes. Drawing on analogies from international humanitarian law and infrastructural governance, we argue that protecting civilian critical infrastructure objects as such offers clearer, ex ante constraints on state behavior than efforts to reinterpret one or more existing international law doctrines. We conclude by exploring multiple pathways to codify our rule and calling for more recognition of “civilian critical infrastructure” as a legal term of art for the Digital Age.

Arun Sukumar is assistant professor of international relations at Ashoka University. He was previously an assistant professor at Leiden University, and a core member of the Hague Program on International Cybersecurity. He holds a PhD and MA in Law and Diplomacy from the Fletcher School, Tufts University, and a bachelor’s in law (BA LLB) from NALSAR University of Law, India. At Fletcher, Arun received the Leo Gross Prize for Outstanding Student of International Law. Arun is the author of Midnight’s Machines: A Political History of Technology in India (Penguin RandomHouse, 2019) which chronicled political debates in independent India around the introduction of new and disruptive technologies. Midnight’s Machines was listed among Bloomberg’s Best Books of 2020. He is the co-editor of Building an International Cybersecurity Regime: Multistakeholder Diplomacy (Edward Elgar Publishing, 2023) and Responsible Behaviour in Cyberspace: Global Narratives and Practice (Publications Office of the European Union, 2023). His research has been published in Contemporary Security Policy, Review of International Political Economy, Policy & Internet, IEEE- CyCon proceedings, Journal of Cyber Policy, and other journals. He is also a contributor to the Oxford Handbook on Cyber Security.


 

Duncan Hollis is Laura H. Carnell Professor of Law at Temple Law School, Faculty Co-Director of Temple University’s Institute for Law, Innovation & Technology, and Co-Convenor of The Oxford Process on International Law Protections in Cyberspace. His scholarship engages with issues of international law, with a particular emphasis on treaties, norms, and other forms of international regulation. He is editor of the award-winning The Oxford Guide to Treaties as well as Defending Democracies: Combatting Foreign Election Interference in a Digital Age with Dean Jens Ohlin, plus a leading U.S. textbook, International Law with Professors Allen Weiner and Chimene Keitner.  Professor Hollis is an elected Member of the American Law Institute, where he serves as an Adviser on its project to draft a Fourth Restatement on the Foreign Relations Law of the United States. From 2016-2020, he served as a member of the OAS’s Inter-American Juridical Committee, including as Rapporteur for a project on improving the transparency of State views on international law’s application to cyberspace.