According to a new paper authored by Columbia Law School professor Matthew Waxman, the likelihood that a cyber attack would elicit a traditional military response is significantly less than for physical attacks.
The United States has long reserved the option to respond to cyber-based attacks with military force, though Waxman believes there is an innately higher threshold to elicit such actions in retaliation to a cyber attack.
Complicating the matter are several factors, including the difficulty of accurately attributing cyber attacks to a specific actor and the likelihood that such an attack would even be revealed to the public, which reduces the possibility that political pressure would necessitate an armed response.
“It is widely believed that sophisticated cyber attacks could cause massive harm—whether to military capabilities, economic and financial systems, or social functioning—because of modern reliance on system interconnectivity… [but] armed self-defense to a cyber attack will likely require quite a high minimum threshold of harm.” Waxman writes.
Waxman goes on to argue that nations who attempt to publicly make a case for the right to armed response in the absence of a greater conflict or in response to cyber attacks that do not result in significant damage or death would result in “eroding [the] normative constraints on military responses to non-military harms.”