Los ciberataques de los actores no estatales y la “ciberdiligencia debida” de los Estados

  1. Andrea Cocchini 1
  1. 1 Universidad de Navarra
    info

    Universidad de Navarra

    Pamplona, España

    ROR https://ror.org/02rxc7m23

Revista:
Revista UNISCI / UNISCI Journal

ISSN: 2386-9453

Año de publicación: 2021

Título del ejemplar: Cuestiones sobre seguridad y defensa

Número: 55

Páginas: 69-98

Tipo: Artículo

Otras publicaciones en: Revista UNISCI / UNISCI Journal

Resumen

Los ciberataques en tiempos de paz – por parte de grupos de hacktivistas, organizaciones criminales transnacionales o bandas terroristas – aumentan cada año más, suponiendo para los Estados la ciberamenaza más frecuente contra sus infraestructuras informáticas. Ante esta realidad, la comunidad internacional no cuenta todavía con una herramienta jurídica eficaz para atribuir la responsabilidad internacional a aquellos Estados desde cuyo territorio dichos actores no estatales lanzan sus ciberataques contra otros países. Por tanto, en el presente artículo se propone la adopción del concepto de “ciberdiligencia debida”. Partiendo de la noción clásica de “diligencia debida” desarrollada en el Derecho internacional del medioambiente, se sugiere que la “ciberdiligencia debida” permitiría identificar con más facilidad al Estado responsable y atribuirle la responsabilidad por no adoptar las medidas preventivas, como las de monitoreo, necesarias para oponerse a las actividades cibernéticas ilícitas de estos grupos privados.

Referencias bibliográficas

  • Bannelier-Christakis, Karine: “Cyber Diligence: A Low-Intensity Due Diligence Principle for Low-Intensity Cyber Operations?”, Baltic Yearbook of International Law, vol. 14 (2014), pp. 1-15.
  • Bethlehem, Daniel: “Self-defense against an Imminent or Actual Armed Attack by Nonstate Actors”, American Journal of International Law, vol. 106 (2012), pp. 769-777.
  • Brunnée, Jutta y Meshel, Tamar: “Teaching an Old Law New Tricks: International Environmental Law Lessons for Cyberspace Governance”, German Yearbook of International Law, vol. 58 (2015), pp. 129-168.
  • Buchan, Russell: “Cyber Attacks: Unlawful Uses of Force or Prohibited Interventions”, Journal of Conflict & Security Law, vol. 17 (2012), pp. 211-227.
  • Buchan, Russell: “Cyberspace, Non-State Actors and the Obligation to Prevent Transboundary Harm”, Journal of Conflict & Security Law, vol. 21, nº 3 (2016), pp. 429-453.
  • Casanovas, Oriol y Rodrigo, Ángel J. (2005): Casos y textos de Derecho internacional público, Asunto de la Isla de Palmas (Estados Unidos vs. Países Bajos), Madrid, Tecnos, pp. 276-283.
  • CCN-CERT, Informe de Ciberamenazas y Tendencias 2019, en: https://www.ccncert.cni.es/informes/informes-ccn-cert-publicos/3776-ccn-cert-ia-13-19-ciberamenazas-ytendencias-edicion-2019-1/file.html
  • Chircop, Luke: “A Due Diligence Standard of Attribution in Cyberspace”, International and Comparative Law Quarterly, vol. 67 (2018), pp. 643-668.
  • Couzigou, Irène: “The Right to Self-Defence Against Non-State Actors – Criteria of the ‘Unwilling or Unable’ Test”, Heidelberg Journal of International Law – Self-Defence Against Non-State Actors: Impulses from the Max Planck Trialogues on the Law of Peace and War, vol. 77, nº 1-2 (2017), pp. 53-56.
  • Couzigou, Irène: “Securing cyber space: the obligation of States to prevent harmful international cyber operations”, International Review of Law, Computers & Technology, vol. 32, nº 1 (abril 2018), pp. 37-57.
  • Crawford, James (2002): The International Law Commission’s Articles on State Responsibility: Introduction, Text and Commentaries, Cambridge, Cambridge University Press.
  • Crawford, James (2008): Brownlie’s Principles of Public International Law, Oxford, Oxford University Press.
  • Dominicé, Christian : “La société internationale à la recherche de son équilibre”, Recueil des Cours de l’Académie de Droit International, vol. 370 (2013), pp. 29-392.
  • Dörr, Oliver: “Obligations of the State of Origin of a Cyber Security Incident”, German Yearbook of International Law, vol. 58 (2015), pp. 87-100.
  • European Union Agency for Cybersecurity: ENISA Threat Landscape – The year in review, 20 de octubre de 2020, en: https://www.enisa.europa.eu/publications/year-in-review
  • European Union Agency for Cybersecurity: ENISA Threat Landscape – Main incidents in the EU and worldwide, 20 de octubre de 2020, pp. 16-17, en https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-mainincidents
  • Gutiérrez Espada, Cesáreo: “Sobre la prohibición del uso de la fuerza armada en los últimos setenta años (1945-2015)”, en Pons Rafols, Xavier (dir.) (2015): Las Naciones Unidas desde España: 70 aniversario de las Naciones Unidas. 60 aniversario del ingreso de España en las Naciones Unidas, Barcelona, Asociación para las Naciones Unidas en España, pp. 125-150.
  • Gutiérrez Espada, Cesáreo: “La ciberguerra y el Derecho internacional”, en Martínez Capdevila, Carmen et al. (eds.) (2017): Las amenazas a la seguridad internacional hoy, Valencia, Tirant lo Blanch, pp. 204- 233.
  • Huang, Zhxiong: “The Attribution Rules in ILC’s Articles on State Responsibility: A Preliminary Assessment on Their Application to Cyber Operations”, Baltic Yearbook of International Law, vol. 14 (2014), pp. 41-54.
  • International Law Association (2014): Study Group on Due Diligence in International Law, Tim Stephens (Rapporteur), First Report, pp. 1-33, en https://olympereseauinternational.files.wordpress.com/2015/07/due_diligence_- _first_report_2014.pdf
  • International Law Association (2014): Study Group on Due Diligence in International Law, Tim Stephens (Rapporteur), Second Report, pp. 1-48, en: https://www.ila-hq.org/index.php/study-groups?study-groupsID=63
  • Jolley, Jason (2017): Attribution, State Responsibility, and the Duty to Prevent Malicious Cyber-Attacks in International Law, PhD Thesis, University of Glasgow, en https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3056832
  • Kittichaisaree, Kriangsak (2017): Public International Law of Cyberspace, Switzerland, Springer International Publishing.
  • Koivurova, Timo: “Due Diligence”, Max Planck Encyclopedia of Public International Law, Febrero 2010, en https://opil.ouplaw.com/view/10.1093/law:epil/9780199231690/law9780199231690-e1034?rskey=RRSS4U&result=1&prd=MPIL
  • Kolb, Robert: “Reflections on Due Diligence Duties and Cyberspace”, German Yearbook of International Law, vol. 58 (2015), pp. 113-128.
  • Kuehl, Daniel T.: “From Cyberspace to Cyberpower: Defining the Problem”, en Kramer, Franklin D.; Starr, Stuart H. y Wentz Larry K. (eds.) (2009): Cyberpower and National Security, Potomac Books, Washington, D. C., pp. 24-42.
  • Liu, Ian Yuying: “State Responsibility and Cyberattacks: Defining Due Diligence Obligations”, Indonesian Journal of International & Comparative Law, vol. 4, nº 2 (2017), pp. 191-260.
  • Marauhn, Thilo: “Customary Rules of International Environmental Law: Can they Provide Guidance for Developing a Peacetime Regime for Cyberspace?”, en Ziolkowski, Katharina (ed.) (2013): Peacetime Regime for State Activities in Cyberspace. International Law, International Relations and Diplomacy, Tallinn, NATO CCD COE Publication, pp. 465-484.
  • Maurer, Tim, y Nelson, Arthur (2020): International Strategy to Better Protect the Financial System Against Cyber Threats, Washington, Carnegie Endowment for International Peace, pp. 1- 233, en https://carnegieendowment.org/2020/11/18/international-strategy-to-better-protectfinancial-system-against-cyber-threats-pub-83105
  • McKeever, David: “The Contribution of the International Court of Justice to the Law on the Use of Force: Missed Opportunities or Unrealistic Expectations?”, Nordic Journal of International Law, vol. 78, nº 3 (2009), pp. 361-396.
  • Margulies, Peter: “Sovereignty and Cyber Attacks: Technology’s Challenge to the Law of State Responsibility”, Melbourne Journal of International Law, vol. 14, nº 2 (2013), pp. 496-519.
  • Milanovic, Marko: “State Responsibility for Genocide”, European Journal of International Law, vol. 17, nº 3 (2006), pp. 553-604.
  • Moir, Lindsay (2016): “Action Against Host States of Terrorist Groups”, en Weller, Marc (ed.) (2016): The Oxford Handbook of the Use of Force in International Law, en http://www.oxfordhandbooks.com/view/10.1093/law/9780199673049.001.0001/oxfordhb9780199673049-e-33
  • Morgan, Steve: “Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021”, Cybercrime Magazine, 7 de diciembre de 2018, en https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
  • Ney, Martin y Zimmermann, Andreas: “Cyber-Security beyond the Military Perspective: International Law, Cyberspace, and the Concept of Due Diligence”, German Yearbook of International Law, vol. 58 (2015), pp. 51-66.
  • Okwori, Enenu O.: “The Obligation of Due Diligence and Cyber-Attacks: Bridging the Gap Between Universal and Differential Approaches for States”, en Yihdego, Zeray; Desta, Melaku; Geboye, Hailu y Martha, Belete (eds.) (2018): Ethiopian Yearbook of International Law 2018: In Pursuit of Peace and Prosperity, pp. 205-242.
  • Patrick, Colin: “Debugging the Tallinn Manual 2.0’s Application of the Due Diligence Principle to Cyber Operations”, Washington International Law Journal, vol. 28, nº 2 (2019), pp. 581-604.
  • Powell, Matt: “11 Eye Opening Cyber Security Statistics for 2019”, CPO Magazine, 25 de junio de 2019, en https://www.cpomagazine.com/tech/11-eye-opening-cyber-security-statistics-for2019/
  • Pozo Serrano, Pilar (2011): La guerra de Af-Pakistán y el uso de la fuerza en las relaciones internacionales, Pamplona, Eunsa.
  • Presidencia del Gobierno de España, Estrategia Nacional de Ciberseguridad 2019, en: https://www.dsn.gob.es/es/documento/estrategia-nacional-ciberseguridad-2019
  • Proulx, Vincent-Joël: “Babysitting Terrorists: Should States Be Strictly Liable for Failing to Prevent Transborder Attacks”, Berkeley Journal of International Law vol. 23, nº 3 (2005), pp. 615-668.
  • Ronzitti, Natalino: “The Current Status of Legal Principles Prohibiting the Use of Force and Legal Justifications of the Use of Force”, en Bothe, Michael et al. (eds.) (2005): Redefining Sovereignty. The Use of Force after the Cold War, New York, Transnational Publishers, pp. 91-110.
  • Schmitt, Michael N.: “Cyber Operations in International Law: The Use of Force, Collective Security, Self-Defense, and Armed Conflicts”, en National Research Council of the National Academies (ed.) (2010): Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, Washington, National Academies Press, pp. 151-178.
  • − (ed.) (2017): Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations Prepared by the International Groups of Experts at the Invitation of the NATO Cooperative Cyber Defence Centre of Excellence, Cambridge, Cambridge University Press, pp. 1-597.
  • Segura Serrano, Antonio: “Ciberseguridad y Derecho internacional”, Revista Española de Derecho Internacional, vol. 69, nº 2 (2017), pp. 291-299.
  • Shackelford, Scott J.; Russell, Scott y Kuehn, Andreas: “Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors”, Chicago Journal of International Law, vol. 17, nº 1 (2016), pp. 1-50.
  • Shaw, Malcom N. (2008): International Law, Cambridge, Cambridge University Press.
  • Sklerov, Matthew J.: “Solving the Dilemma of Sate Responses to Cyberattacks: A Justification for the Use of Active Defenses against States Who Neglect Their Duty to Prevent”, Military Law Review, vol. 201, nº 1 (2009), pp. 1-85.
  • Starski, Paulina: “Right to Self-Defense, Attribution and the Non-State Actor – Birth of the ‘Unable or Unwilling’ Standard?”, Heidelberg Journal of International Law, vol. 75, nº 3 (2015), pp. 455-501.
  • Stockburger, Peter Z.: “From Grey Zone to Customary International Law: How Adopting the Precautionary Principle May Help Crystallize the Due Diligence Principle in Cyberspace”, en Minárik, Tomas; Jakschis, Raik y Lindström, Lauri (eds.) (2018): 10th International Conference on Cyber Conflict, Tallinn, NATO CCD COE Publications, pp. 245-262.
  • Takano, Akiko: “Due Diligence Obligations and Transboundary Environmental Harm: Cybersecurity Applications”, Multidisciplinary Digital Publishing Institute, Laws, vol. 7, nº 4 (2018), pp. 1-12.
  • Tams, Christian J.: “Light Treatment of a Complex Problem: The Law of Self-Defence in the Wall Case”, European Journal of International Law, vol. 16, nº 5 (2006), pp. 963-978.
  • Tsagourias, Nicholas: “Cyber attacks, Self-defence and the Problem of Attribution”, Journal of Conflict & Security Law, vol. 17 (2012), pp. 229-244.
  • − : “The legal status of cyberspace”, en Tsagourias, Nicholas y Buchan, Russell (eds.) (2015): Research Handbook on International Law and Cyberspace, Cheltenham, Edward Elgar Publishing, pp. 13-29.
  • Värk, René: “State Responsibility for Private Armed Groups in the Context of Terrorism”, Juridica International, vol. 11 (2006), pp. 184-193.
  • Vihul, Liis: “The Tallinn Manual on the International Law applicable to Cyber Warfare”, EJIL: Talk!, 15 de abril de 2013, en: https://www.ejiltalk.org/the-tallinn-manual-on-the-internationallaw-applicable-to-cyber-warfare/
  • Walter, Christian: “Obligations of States, before, during, and after a Cyber Security Incident”, German Yearbook of International Law, vol. 58 (2015), pp. 67-86.
  • World Economic Forum, The Global Risks Report 2019, en http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf