On May2021 a massive sophisticated cyberattack was launched against a major US energy pipeline which caused it to lose 1.2 million barrels of fuel in a day. The attack caused the pipeline to shut-down. Though it is not believed to have disrupted any fuel supplies but has impacted the firm’s technological systems.
The colonel pipelines, is the largest refined products pipeline in the United States. It carries refined gasoline and jet fuel up the east coast from Texas to New York. They even ship about 45 percent of fuel supplies to the east coast. They transport 2.5million barrels each day, from the Gulf Coast to major airports and New York Harbour.
Following the attack, the US intelligence agency found that the group responsible for the cyber-attack belonged to Russia. The name of the group is believed to be DarkSide. US president, Joe Biden was also quoted saying, “so far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, have some responsibility to deal with this.”The US government’s statement, implying that the Russian government will have some responsibility in this matter, has sparked many questions. According to (ARSIWA), Articles on the Responsibility of States for Internationally Wrongful Acts, even if a government doesn’t directly implement an attack, it can be held responsible for it.
Under which conditions can Russia be held responsible for the act?
ARSIWA provides complete bodywork of acts that are categorized “wrongful acts” under international law.
The Article Two of ARSIWA lists the criteria for committing a “wrongful act” as when the act
is attributable to the State under international law.
Constitutes a breach of an international obligation of the State.
Article Four speaks that -
The conduct of any State organ shall be considered an act of that state under international law, whether the organ exercises legislative, executive, judicial or any other functions, whatever position it holds in the organization of the state, and whatever its character as an organ of the central Government or of a territorial unit of the state.
Under this article, the Russian government could escape the attribution as the US government has still not been able to prove that the attack was implemented by Russia and so the cyber attack could not be credited to any “organ” of the Russian government.
However, article eight begs to differ. It states -
The conduct of a person or group of persons shall be considered an act of a state under international law if the person or group of persons is in fact acting on the instructions of, or under the direction or control of, which state in carrying out the conduct.
The article implies that even if the government itself didn’t initiate the attack but coordinated with the person or group responsible for it, then the government will be held accountable for it. Under this circumstance the attackers would be “under the direction or control” of the state government in carrying out the cyber-attack.
What would be the repercussions if the cyber-attack is attributed to Russia?
If proven guilty, the Russian government will have to provide necessary remedies to the US government. As mentioned in the Article 30, the organ responsible for it will “offer appropriate assurances and guarantees of non-repetition, if circumstances so require.”
This will mean providing funds to the US to recover the damage caused by the cyber-attack. Moreover, they’ll have to commit never to enable a cyber-attack again. They will be asked to take concrete steps against the groups responsible for such attack.
The US could also approach the UN Security Council regarding this matter. Owing to the fact that Russia has veto in the council, the US would likely get allies in the form the European Union who in the past have criticized the hacks made by Russia. However, Russia has repeatedly denied all the allegations imposed on it.
The attack on the US is an indication of how cyber-attacks continue to provide new territory that international law has not conclusively covered. It even raises concern that cyber attacks could be a new frontline in global conflict as states attempt to disrupt rival’s infrastructure through secretive hacking attempts. Therefore, it also highlights the importance on the need to improvise the international community’s law to deal with the cyber-attacks.
Follow LexTalk World for more news and updates from International Legal Industry.