Shifting paradigms in Europe's approach to cyber defence: ambitions to disrupt malicious cyber activity need to protect norms as well as networks

Abstract

As high-level European Union (EU) policy documents call for investment in active cyber defence capabilities, the legal and political powers for their use remain ill-defined. To demonstrate their commitment to principles of responsible state behaviour and due diligence, the EU and its member states have a duty to establish the normative foun­dations for the use of active cyber defence measures ahead of their deployment, while carefully managing the risk of a gradual militarisation of the cyber and information domain. (author's abstract)