Whether cyberattacks should be regarded as a legitimate strategic means is a complex issue involving international law, ethics, national security and international relations. The following analyzes its legitimacy and potential impact from multiple angles： --- ### **1. Applicability of existing international law** -**The Charter of the United Nations and the Law of Armed Conflict** According to Article 2(4) of the Charter of the United Nations, a state may not use force or threaten the sovereignty of another state. Traditional "force” usually refers to military operations, but whether cyberattacks are “force” is not yet clearly defined. If a cyberattack causes physical damage or casualties (such as paralyzing the power grid or hospital system), it may be regarded as a “use of force” and thus subject to international law. -**An attempt at the Tallinn Manual** The Tallinn Manual attempts to apply international law to cyberwarfare, emphasizing that cyberattacks must comply with the “principle of distinction” (distinguishing military and civilian targets) and the “principle of proportionality” (the means of counterattack are commensurate with the scale of the attack). However, the manual is only expert advice and is not legally binding. --- ### **2. The uniqueness and challenges of cyber attacks** -**Concealment and attribution difficulties** Cyber attacks are usually difficult to trace, and attackers can hide their identities through springboard servers or anonymous technologies. Misattribution may lead to misjudgment and cause unnecessary conflicts (for example, mistakenly attributing civilian hacking to the state). -**Asymmetry and diffusion risk** Cyberattacks have low costs and low thresholds, and may be abused by non-state actors (such as terrorist organizations) or small countries, disrupting the strategic balance. If legalized, it may trigger a global cyber arms race. -**Impact on civilian facilities** Attacks on critical infrastructure (such as energy, finance, and medical systems) may cause large-scale social chaos and violate the principle of protecting civilians in the law of war. --- ### **3. The core of the legality dispute** -**Applicability of the right to self-defense** According to Article 51 of the Charter of the United Nations, the state has the right to self-defense against “armed attacks”. If a cyberattack is determined to be an “armed attack”, the injured country may take counterattack including cyber or traditional military means. However, how to define the threshold for “armed attack” (for example, whether physical damage needs to be caused) is still the focus of controversy. -**The risk of abuse in the “gray area”** Some countries may take advantage of the ambiguity of cyberattacks to implement strategic deterrence (such as interfering with elections and stealing data) without triggering a full-scale war. This kind of ”gray area" behavior may weaken the effectiveness of international rules. --- ### **4. Differences and Practices of the international community** -**The Game of Great Powers and Double Standards** The main countries have different positions: the United States regards certain cyberattacks as “hostile acts” and claims to reserve the right to military counterattack; Russia and China emphasize cyber sovereignty and oppose Western-led rules. This disagreement makes it difficult to form an international consensus. -**Practical case** - **Stuxnet virus (2010)**: The cyberattack on Iran's nuclear facilities is widely regarded as a state act (allegedly led by the United States and Israel), but it did not trigger a formal war, highlighting the “de-warization” characteristics of cyber operations. -**SolarWinds incident (2020)**: Russia was accused of invading U.S. corporate systems, but the U.S. side only imposed sanctions rather than a military response, indicating that cyberattacks may be regarded as a means of “below the threshold of war.” --- ### **5. Possible solutions** -**Promote international rule-making** It is necessary to formulate more binding cyberwarfare rules through the United Nations or multilateral mechanisms (such as the G20), clarify the boundaries between legal and illegal acts, and establish independent attribution agencies. -**Strengthen international cooperation and trust** Reduce the risk of misjudgment through information sharing, joint exercises and crisis communication mechanisms. For example, the United States and Russia have established a network security hotline, but the actual effect is limited. -**Balance of technical defense and deterrence** Countries need to strengthen their own network security capabilities while avoiding excessive dependence on offensive network methods to prevent conflicts from escalating. --- ###**Conclusion: cyberattacks should not be fully legalized, but rules need to be clear** The legitimacy of cyberattacks as a strategic means depends on whether they comply with the principles of international law (such as differentiation and proportionality) and whether they are used for self-defense. In the absence of global consensus and effective attribution mechanisms, full legalization may exacerbate international instability. A more feasible path is： 1. **Include cyber attacks that cause physical damage or casualties in the category of ”use of force"** to clarify their illegality； 2. **Standardize ”below the threshold of force" cyber operations** (such as espionage) to prevent them from destroying civilian facilities； 3. **Curb the trend of militarization of cyberspace through multilateral cooperation** and avoid the strategic risk of ”replacing defense with attack". Ultimately, peace in cyberspace depends on the joint advancement of technological governance, legal constraints, and the responsibilities of major powers.