Over the past few decades, cyberspace has expanded and affected numerous aspects of human life where individuals, states, and organizations have abused the opportunities that it offers. The cyber domain has challenged the existing political, social, and economic structures of international society. It has intensified the pace and volume of communications, thus shifting how states are governed, how individuals interact, and how citizens take part in civil society. In light of these developments, cyberspace has raised various concerns for individual and collective security, and people are exposed to persistent cyber threats. Due to the commodification and proliferation of cyber capabilities, important national infrastructures are now vulnerable to cyber-attacks. Cybercrime and cyber-espionage are threatening the world economy, and the threat of hackers is lingering over people. Ransomware attacks, disruption of public and private communications, meddling in elections, manipulation of banking systems, threats to electric grids, and dismantling of military communication systems are the drumbeats of contemporary news headlines. These stories paint a gloomy picture of an ungoverned online space that can have grim implications for world economies, geopolitics, nation-states, and cyberspace itself. Starting with defining the security challenges faced by the Westphalian state in cyberspace, this article examines and applies the concept of sovereignty in cyberspace and will argue that state cyberspace is not immune to state sovereignty and that effective mechanisms of authority and control are required to regulate cyberspace.
Anyhow, the debate about whether the concept of sovereignty applies to cyberspace or not is ongoing. In principle, international forums such as the United Nations, the European Union, NATO, and the Shanghai Cooperation Organization have also agreed that international law of sovereignty applies in cyberspace.Many of the individual states that prepared the Tallinn Manual 2.0, along with the Netherlands, France, Germany, Iran, the Czech Republic, and Austria, also share the point of view that the law of sovereignty applies to cyberspace, but these states are yet unable to define the exact way of application of the law to regulate the space. On the other hand, states like the UK and the US endorse the point of view that cyber operations cannot breach state sovereignty.
However, some recent instances of cyber conflict illustrate the challenges posed to the Westphalian state system in cyberspace. In February 2022, the websites of the Ukrainian Ministry of Foreign Affairs and Education were disrupted some days before the Russian invasion of Ukraine. Likewise, in 2008, during the conflict between Russia and Georgia over South Ossetia, Georgian governmental websites were targeted by cyber-attacks. The Georgian case shows that cyber-attacks take place in a borderless world where the laws of armed conflict cannot be applied. One of the most definite cyberattacks was the Stuxnet, which was specially designed to attack the Iranian nuclear facility at Natanz with the aim of halting or slowing down Iran’s nuclear program. Cyber-attacks, in other words, are a very convenient strategy that states use to practice coercive diplomacy.
Due to the increase of low-cost information and communication technologies, barriers to entering cyberspace are also diminishing. Therefore, the cyber option appears to be cost-effective and appropriate as compared to traditional military techniques. Cyber-attacks can take different forms. For instance, Ghost Net was a cyber-espionage operation that was revealed by Information Warfare Monitor. This operation used malware and attacked NGOs and embassies that were working on Tibetan issues. Also, in January 2010, Google announced that a computer attack from China had entered its infrastructure and had stolen information. These attacks also targeted the Google accounts of numerous human rights activists.
The incidents indicate that malicious actors and states have the power to control thousands of computers that are the property of governments, private firms, or ordinary people. Thus, untangling the complexities of cyberspace requires defining the concept of sovereignty as it largely defines the contemporary international order. The principle of state sovereignty encompasses the ultimate authority of the state over territorial integrity, political independence, and its membership in the international system. Stephen D. Krasner, in his book Sovereignty: Organized Hypocrisy, identifies four ways in which sovereignty could be understood, namely: domestic sovereignty, interdependence sovereignty, international legal sovereignty, and Westphalian sovereignty. The argument that cyberspace is immune from state sovereignty is based on the belief that it is not a physical space, so the rules that apply to land, air, sea, and outer space do not apply to cyberspace. Although the actions of cyberspace appear to take place virtually outside the state’s territorial jurisdiction, their implications impact states endogenously, and they cannot operate chaotically without regulations. For national security reasons, companies that operate in cyberspace need the laws of states to run their business, and states also need to be present in cyberspace and exert control for national security reasons. Regarding domestic sovereignty, cyberspace has impacted domestic authority equally in liberal democracies and authoritarian states. A growing number of states are attempting to regulate citizens’ access to information that they deem a threat to national security. For example, Russia and China consider social networks a threat to national security and have regulated their use. Western governments, especially the US and the European Union, have expanded their surveillance techniques. Developing nations like Pakistan are also considering serious regulations to regulate cyberspace as it has faced some crucial cyber-attacks on the banking sector as well as on governmental data. This unhampered flow of information in cyberspace impacts independent sovereignty.
The use of the internet for propaganda is an archetypical case where states have no control over what passes through their borders. Cyberspace does not pose a definitive threat to international legal sovereignty, but it does pose a significant threat to Westphalian sovereignty. As mentioned above, the cases of cyber-conflicts as committed in Ukraine, Georgia, and cyber-attacks on another state’s information arrangement constitute a violation of Westphalian sovereignty.
Nation-states must deal with various technical and political issues to establish order and sovereignty in cyberspace. The absence of attribution is the major impediment to exercising sovereignty. Until and unless states get the ability to identify actors and trace cyber-attacks, any claim to exercising power in cyberspace will be insubstantial. With the involvement of multiple state territories and data storage facilities, pinpointing the exact point of origin of the attack becomes difficult. This ambiguous nature of cyber operations makes it difficult to regulate cyberspace efficiently.
Another problem is reaching an agreement on regulating cyberspace. The role of major cyber-powers like Russia, China, and the US is important, but cyberspace is another instance where a great power game is being played. Officials in the United States maintain that the country is in imminent danger of cyber attacks from both state and non-state actors, and they publicly worry about the dangers of cyber-pearl harbor.That, in turn, requires the development of offensive capabilities to defend the nation. China considers its cyber-warfare capabilities an asymmetrical tool to deter the US and Russia. The ability of states to have control over their information space is fundamental.
In a nutshell, cyberspace is not immune to state sovereignty. States have a long way to go before developing a control mechanism that is both effective and efficient.Cyberspace reflects the contemporary international system in a new realm. So, politics in cyberspace will have state rivalries, geopolitical concerns, and mutual interests. National interests clash, but states cooperate in cyberspace as well. Notwithstanding the unique challenges posed by cyber technologies, international norms to regulate and govern their use should be reorganized and reengineered in tandem with a strong international component established on diplomacy and deterrence. Moreover, an efficient mechanism providing fair, secure, and open cyberspace must be introduced by the international community, in accordance with the principle of noninterference and respecting other countries’ sovereignty, else the Westphalian state system would remain under constant threat.