Retorsion as a Response to Ongoing Malign Cyber Operations

If a state has experienced a malicious cyber act that violates international law, it may implement proportional and limited countermeasures. If the act constitutes an armed attack, the target state may engage in self-defence. But what if the initial act, while malicious and harmful, does not clearly violate an international legal obligation? In such an instance, the primary option for response is retorsion, which is defined as an unfriendly but legal act. Little scholarship has meaningfully examined the contours of retorsion, which is increasingly important in an era of persistent, low-intensity cyber aggression. This paper seeks to fill that gap by exploring the contours of retorsion and examining the types of responses that could fall within its scope. It argues for an expansive view of retorsion that encompasses any responses that comport with international law. Definitional clarity is increasingly important to allow states to understand the range of potential responses to persistent cyber aggression that do not necessarily violate international law. Among the types of activities that may fall within the scope of retorsion are: exerting pressure via international relations, gathering information from the adversary’s networks, observing the adversary on one’s own network using tools such as honeypots, sending warnings to individual operatives, establishing a position on the adversary’s systems and slowing down malign cyber operations.