Chapter 5: Hacking Back under International Law: Toward Effective Remedies against Cyberattacks for Non-State Actors

The unilateral response by non-state actors such as private companies to unauthorized, hostile breach of their computer systems and data — “hacking back” — poses knotty problems under national and international law. National laws have so far fallen short of providing effective remedies for targeted companies that suffer financial and reputational losses, and the applicable international law is complex and underutilized. This chapter explores two possible avenues of effective remedy for such non-state actors: (1) reparations via the doctrine of diplomatic protection when attacks originate outside of national borders; and (2) state authorization for hackbacks under defined parameters for cyberattacks, without reference to their point of origin. Further study is needed to develop more effective remedies under both national and international law for private sector actors, especially operators of critical infrastructure, as their influence as key stakeholders in global cybersecurity escalate. Such remedies should leverage the commonality of cybersecurity interests shared by them and their nation-state.