Cyber warfare is outpacing global legal accountability

Recent tensions involving the United States, Israel and Iran highlight a clear shift in how force is exercised today. According to reporting and policy analyses, the recent strikes were accompanied not only by conventional military action but also by cyber operations, which has included the hacking of news websites and widely used applications to disrupt communication and influence the information environment. The use of cyber means is not an isolated development, but is part of a broader pattern in which digital disruption operates alongside traditional military force. Cyber operations are increasingly being used to support conventional military action, including by disrupting communication and defence systems ahead of physical strikes.

Recent cyber incidents during the conflict have been linked to groups such as the Handala Hack Team, which has claimed responsibility for attacks on entities including a U.S.-based medical technology company. While such activity shows how cyber operations can extend conflict well beyond physical battlefields, it remains unclear how the law responds to this shift.

Establishing threshold is difficult

In reality, international law does not lack relevant principles. The prohibition on the use of force under Article 2(4) of the United Nations Charter, along with the framework of state responsibility, applies to cyberspace in principle. When cyber operations affect infrastructure or essential services, serious legal issues may arise. Determining when such conduct crosses the threshold and becomes sufficiently serious to be classified as an internationally wrongful act or a prohibited use of force is the most complicated part. Such actions could lead to state responsibility and even claims for compensation, in theory. In practice, however, establishing this threshold remains extremely difficult.

This gap between what the law allows and what actually happens has become increasingly visible. As noted in recent analyses, including those by Just Security, victims of cyber operations rarely succeed in bringing cases before courts or obtaining remedies through legal processes. The problem, therefore, is not simply whether the law applies, but whether it can actually be used.

A major reason for this gap lies in attribution. To establish a breach of international law, the act must be attributed to a state. However, cyber operations are, by their nature, secretive and routed through multiple networks and jurisdictions. Even when governments are reasonably certain about who is responsible for the operation, it is much harder to translate that into legally admissible evidence. This creates a gap between political certainty and legal proof.

Concerns that hinder litigation

The unavailability of an appropriate forum for such disputes is also a practical constraint. Sensitive cyber disputes are unlikely to be heard by international courts, including the International Court of Justice, without the consent of states. Domestic courts also face similar challenges, particularly because foreign states are often protected by sovereign immunity. As a result, there are very few forums where cyber-related claims can be effectively heard. There is also a strategic reason why states may avoid legal processes. Bringing a case might escalate inter-state tensions or invite retaliation and may require the disclosure of sensitive intelligence or capabilities. For this reason, many cyber incidents are handled politically or diplomatically, rather than through courts.

Another challenge is evidence. Cyber incidents involve technical data, classified intelligence and complex chains of causation. It can therefore be extremely difficult in a court setting to show who carried out an operation, how much damage it caused, and how it led to specific harm. This makes legal action both complicated and uncertain. International awareness of this matter is reflected in instruments such as the Budapest Convention on Cybercrime and the United Nations Convention against Cybercrime, which aim to create a broader global framework to address incidents of cybercrime. However, these initiatives primarily focus on cybercrime and law enforcement. They fall short in addressing issues of state responsibility when cyber operations are part of geopolitical conflict.

The result is a growing mismatch. Incidents of cyber operations are becoming more frequent and, in some cases, more damaging. Yet, they rarely lead to legal consequences. This does not imply that international law is no longer relevant, but it does suggest that applying existing legal frameworks to this type of conflict remains a significant challenge.

India must help shape cyber norms

This is a particularly significant issue for a country such as India. In recent times, India has become increasingly reliant on digital infrastructure across sectors such as finance, energy and governance. As a result, it faces both greater vulnerability and has a larger stake in shaping international regulations. Strengthening domestic cyber resilience is important, but it is also essential to engage actively in international discussions on accountability, attribution and responsible behaviour in cyberspace.

The challenge, therefore, is not only to recognise that cyber operations have become part of modern conflict but also to ensure that the law is able to respond in a meaningful way. If cyber operations continue to expand without credible pathways to accountability, the gap between law and reality will only widen, leaving a form of conflict that causes real harm, yet remains largely beyond the reach of the law.

Jyoti Singh is an advocate based in Delhi, researching cyber warfare and the use of force under international law

Published – May 23, 2026 12:08 am IST