International Law Cyber Espionage
Russell Buchan, Iñaki Navarrete
  • LAST REVIEWED: 24 September 2020
  • LAST MODIFIED: 24 September 2020
  • DOI: 10.1093/obo/9780199796953-0212


Cyberspace gives rise to risks as well as opportunities, and a prominent threat emerging from this domain is cyber espionage. Because no internationally and legally recognized definition of cyber espionage exists, the following definitions of espionage will be used only to frame the subject under examination. “Cyber espionage” describes the exploitation of cyberspace for the purpose of accessing and collecting confidential data. It can occur via close or remote access. “Close access cyber espionage” involves the collection of confidential data through the installation of hardware or software by malicious actors in close physical proximity to the targeted computer network or system. In contrast, “remote access cyber espionage” is launched some distance from the targeted network, usually by exploiting pathways created by the Internet. Cyber espionage takes different forms depending upon the type of confidential data targeted, the actor undertaking this activity, and the context in which it occurs. “Political” cyber espionage is usually state-sponsored (although it can be undertaken by nonstate actors such as terrorist groups) and describes the appropriation of political and military information belonging to state and nonstate actors during times of peace or armed conflict. “Economic” cyber espionage is also state-sponsored but instead involves the theft of confidential business information from foreign companies. “Industrial” cyber espionage entails the theft of confidential business information, but, unlike economic cyber espionage, it is carried out by companies against foreign rivals without the support or assistance of a state. The dawn of cyberspace has heralded an exponential increase in political, economic, and industrial espionage for several reasons: first, cyberspace is used to store huge amounts of confidential information, and is therefore a resource-rich environment for cyber spies to target; second, the instantaneous nature of cyberspace means that cyber spies can access confidential information quickly, cheaply, and efficiently; and third, cyberspace is a virtual and interconnected domain, meaning that espionage can be conducted remotely and anonymously, thus making it a relatively risk-free enterprise. Peacetime espionage is not specifically regulated by international law, and thus there is no “international law of espionage” that can be applied to cyber-enabled espionage. But this does not mean that cyber espionage exists in an international law vacuum. In fact, there is an array of general principles of international law as well as specialized regimes that are potentially applicable to cyber espionage. Unlike peacetime espionage, cyber espionage committed during times of armed conflict is directly regulated by international humanitarian law.

General Overview

Oxford Bibliographies already contains an entry on espionage and international law (see the article “Espionage in International Law”). However, the a-territorial, interconnected, and instantaneous nature of cyberspace creates particular problems for the application of international law to cyber espionage and, since the 2013 Edward Snowden revelations, there has been a surge in scholarship examining these issues, thus requiring a separate entry for this topic. Prior to the Snowden disclosures, only a handful of texts dealt with the topic. Early academic authors focused on cyber espionage in the context of “information warfare” (Kanuck 1996). In 1999, the Office of the General Counsel of the US Department of Defense likewise issued a memorandum on international legal issues in information operations, including unauthorized cyber intrusions (see US Department of Defense, Office of General Counsel 1999). Other early studies focused on whether international law even applied to cyber espionage. Today, the tenor of the literature focuses on different issues and seeks to draw distinctions between different forms of cyber espionage based on the methods used or the type of information targeted (such as economic and industrial data). Ziolkowski 2013 was the first publication to provide an intensive analysis of how international law applies to cyber espionage. Rule 32 of the Schmitt 2017 states that peacetime cyber espionage is not per se regulated by international law. Rather, it is the manner (i.e., the methods) in which cyber espionage operations are conducted that may violate international law and, when considering how these rules apply to cyber operations, the Tallinn Manual 2.0 often uses cyber espionage as an example. This statement is consistent with prior scholarship (Lafouasse 2011) as well as express statements by states (Egan 2017), which have maintained that there is no prohibition per se on espionage activities generally in international law. However, there is no consensus on what “methods” used to conduct cyber espionage may violate certain rules of international law. Few book-length analyses exist on the topic. Buchan 2018 systematically analyzes how international law applies to cyber espionage, although its research scope is limited to political and economic cyber espionage conducted during times of peace. Pehlivan 2019 offers another rare but brief treatment of the subject, focusing on municipal legal responses to economic and industrial cyber espionage. The subject of cyber espionage can be viewed through the prism of the principles of territorial sovereignty and nonintervention, diplomatic and consular law, and international humanitarian law. Other discrete issues relate to the existence of customary exceptions, the status of economic and industrial cyber espionage, and cyber espionage targeted against individuals. Looking prospectively at how international law should evolve, a segment of the literature has devoted its attention to lex ferenda analyses of cyber espionage.

  • Buchan, Russell. Cyber Espionage and International Law. Oxford: Hart, 2018.

    This monograph contains three elements. First, it defines cyber espionage. Second, it presents political and economic cyber espionage as a threat to international peace and security. Third, it examines whether cyber espionage is regulated by general principles of international law and specialized regimes. It also contains chapters assessing whether cyber espionage is permitted by customary law and whether it can be justified on the basis of self-defense and the doctrine of necessity.

  • Egan, Brian J. “International Law and Stability in Cyberspace.” Berkeley Journal of International Law 35 (2017): 169–180.

    This is a statement by the Legal Adviser at the US State Department on the application of international law to cyberspace. The statement claims that most if not all states engage in intelligence collection abroad and, in light of this, there is no absolute prohibition on this activity under international law. Importantly, the statement cautions that specific intelligence operations may nonetheless violate international law.

  • Kanuck, Sean P. “Information Warfare: New Challenges for Public International Law.” Harvard International Law Journal 37 (1996): 272–292.

    This is a broad article identifying the challenges that information warfare presents for public international law. It discusses the legality of cyber espionage, and offers an original analysis on how the information age may be redrawing the contours of international law concepts such as “territory” and “jurisdiction.”

  • Lafouasse, Fabien. L’Espionnage dans le Droit International. Paris: Nouveau Monde, 2011.

    This book is the most comprehensive and thorough study of the application of international law to espionage. It therefore represents a useful starting point when studying espionage, though it only discusses cyber espionage in passim. The book’s main contribution is the distinction between territorially intrusive acts of espionage and those which are not intrusive because they occur outside the target-state’s territory, such as on the high seas or international air space.

  • Pehlivan, Oğuz Kaan. Confronting Cyberespionage under International Law. New York: Routledge, 2019.

    This book argues that cyber espionage is a type of cyber attack. As such, it determines that domestic and international law is available to regulate cyber espionage and can therefore be harnessed to confront the threat posed by this activity. It provides a broad overview of the application of these frameworks to cyber espionage, and its specific focus is on the regulation of economic and industrial cyber espionage under various municipal systems.

  • Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge, UK: Cambridge University Press, 2017.

    Rule 32 holds that cyber espionage is not per se regulated by international law. Yet it determines that international law may regulate the underlying act depending upon the actors involved, the information collected, and the operative legal context. The legality of cyber espionage is therefore addressed under other international legal rules; namely, the principles of territorial sovereignty and nonintervention, and diplomatic and consular law.

  • US Department of Defense, Office of General Counsel. An Assessment of International Legal Issues in Information Operations. 2d ed. Arlington, VA: US Department of Defense, 1999.

    Until recently, this 1999 assessment stood as the most comprehensive and authoritative US statement on international legal issues raised by the increased resort to information operations, including cyber espionage operations. The memorandum argued that an unauthorized electronic intrusion into another nation’s computer systems may well end up being regarded as a violation of the target-state’s sovereignty — thus suggesting that only state practice can settle this topical issue.

  • Ziolkowski, Katharina. “Peacetime Cyber Espionage—New Tendencies in Public International Law.” In Peacetime Regime for State Activities in Cyberspace: International Law, International Relations and Diplomacy. By Katharina Ziolkowski, 425–464. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre of Excellence, 2013.

    A catalogue-like piece analyzing the application of international law to political and economic cyber espionage under international law. One of the first to do so systematically and a good starting point for research. This chapter zeros in on the principles of territorial sovereignty, nonintervention and nonuse of force, as well as the law of the sea, international economic law, human rights law, and diplomatic and consular law.

back to top

Users without a subscription are not able to see the full content on this page. Please subscribe or login.

How to Subscribe

Oxford Bibliographies Online is available by subscription and perpetual access to institutions. For more information or to contact an Oxford Sales Representative click here.