Lawfare News

Due Diligence and the U.S. Defend Forward Cyber Strategy

Eric Talbot Jensen, Sean Watts
Tuesday, October 20, 2020, 11:06 AM

Published by The Lawfare Institute
in Cooperation With

As its name implies, the 2018 US Department of Defense Defend Forward strategy is principally reactive. The strategy assumes that the United States will continue to suffer harm from competitors and malign actors through cyberspace. Accordingly, it outlines US reactions in order to preempt threats, defeat ongoing harm, and deter future harm. Previous strategies have instructed similarly, but the 2018 National Cyber Strategy purports to reflect a strategic evolution in its overt commitment to countering cyber harm at its origin and to doing so not intermittently or episodically but on a “day-to-day” basis. Defending forward involves a wide range of cyber activities, but a defining feature will likely be routine nonconsensual cyber operations in the networks of hostile foreign governments and private actors.

These operations are sure to require technical, doctrinal, political, and even diplomatic reevaluations. But they also call for review of supporting international legal justifications. While a host of international law doctrines will be relevant to Defend Forward, the principle of due diligence is likely to play a significant role, in light of both the reactive nature of Defend Forward and the interconnected yet shadowy domain of cyberspace.

Well before the Defend Forward strategy or even cyberspace itself emerged, states developed the international law obligation of due diligence as an important regulation of international relations. In the incomplete and fragmented international legal system, due diligence has served as a general policing regime to manage and redress harm between states. At its most general level, due diligence requires states to take reasonable measures to put a stop to activities, whether private or public, within their borders that cause serious adverse consequences to other states. Breaches of due diligence do not require that harm be attributed to a state, only that a state knew of and failed to quell harm coming from its territory. International tribunals and publicists have repeatedly confirmed that breaches of due diligence entitle injured states to relief and reparations from offending states. Just as important, breaches of due diligence authorize victim states to react with a wide range of measures of self-correction from nondiligent states, including resorting to countermeasures.

This essay evaluates due diligence in light of the Defend Forward cyber strategy. It begins with a brief review of due diligence as an obligation of general international law, highlighting a broad base of support from international tribunals and commentators for due diligence as a freestanding rule of conduct. It then recounts recent efforts to apply due diligence to activities in cyberspace. Next, it reviews past US foreign relations experience with due diligence, including its invocation in international litigation and its use to generate favorable diplomatic outcomes. It concludes that positive US diplomatic and legal precedent counsel in favor of renewed recognition of due diligence as an obligation under general international law. It then examines how conceptions of due diligence may complement the Defend Forward strategy in cyberspace. Specifically, it suggests how the United States might best tailor a view on due diligence specific to activities in cyberspace and offer doctrinal refinements that might be acknowledged in light of the US Defend Forward strategy.

Professor Eric Talbot Jensen is the Robert W. Barker Professor of Law at Brigham Young University Law School. He has been teaching law for over ten years after serving in the U.S. government. He recently served as the Special Counsel to the General Counsel of the Department of Defense in 2016 and 2017.
Sean Watts is a Professor in the Department of Law at the United States Military Academy at West Point where he co-directs the Lieber Institute for Law and Land Warfare. He serves as Co-Editor-in-Chief of Articles of War. He is also the James L. Koley ’54 Professor of Constitutional Law at Creighton University Law School. He co-founded the annual Creighton Law School Nuremberg to The Hague Summer Program in international criminal law. He serves as a Senior Fellow with the NATO Cooperative Cyber Defence Center of Excellence in Tallinn, Estonia. From 2010-2016 he participated in drafting both volumes of The Tallinn Manual on International Law Applicable to Cyber Warfare. From 2009-2011 he served as a defense team member in Gotovina et al. at the International Criminal Tribunal for Former Yugoslavia. In December 2017, he testified as an expert in the law of war at the Military Commissions at Guantanamo Bay, Cuba. Prior to teaching, Professor Watts served as an active-duty U.S. Army officer for fifteen years in legal and operational assignments as a military lawyer and as an Armor officer in a tank battalion. He later served in Army Reserve billets at the Army JAG School, West Point, and U.S. Strategic Command. Watts holds an LL.M. from the U.S. Army Judge Advocate General’s School, a J.D. from the College of William & Mary School of Law, and a B.A. from the University of Colorado, Boulder. He earned his commission as an Army R.O.T.C. distinguished military graduate.

Subscribe to Lawfare