EVALUATING THE "IMMINENCE" OF A CYBER ATTACK FOR PURPOSES OF ANTICIPATORY SELF-DEFENSE

For a state to lawfully use force in anticipation of a cyber attack, the prospective attack must rise to the level of an "armed attack" under Article 51 of the United Nations Charter, and it must be "imminent." While there is broad agreement that some cyber attacks will satisfy Article 51's "armed attack" requirement, the question of how to evaluate whether such an attack is "imminent" based on an analysis of the technology of cyber weapons has received little attention. This Note applies existing theories of imminence to the technological aspects of how cyber weapons are developed and launched, providing considerations for determining when the "last possible window" to stop a prospective cyber attack is likely to close or whether it has already passed. In providing this analysis, this Note also demonstrates that, contrary to a not-uncommon assumption, prospective cyber attacks may be detectable well in advance of an adversary executing the code. Indeed, the more likely a cyber attack is to constitute an "armed attack," the more likely it is that the attack can and will be detected in advance. For a decisionmaker who must authorize force in anticipation of such a cyber attack in the United States, the President correctly determining when the "last possible window" will close may be a decision between peace, legal war, or illegal war.