States are increasingly focused on the measures—cyber or otherwise—that they can take in response to hostile cyber operations. Although cyber operations are usually responded to with acts of “retorsion” (acts that are lawful, although unfriendly), international law recognizes other self-help mechanisms that allow for more robust responses. In the cyber context, most attention has focused on countermeasures and self-defense. Yet, both are subject to various limitations that constrain their availability.
This article examines a further option, the so-called “plea of necessity.” It allows States to respond to a hostile cyber operation when the action taken would otherwise be unlawful but is the only way to safeguard an “essential interest” of the State from a “grave and imminent peril.” Although the plea has commanded comparatively little attention, it avoids some of the limitations and ambiguity besetting its counterparts. Indeed, necessity often provides a more defensible legal basis for responding to serious hostile cyber operations, although it is not without its own limitations and ambiguity.