Obligation to Defend the Critical Infrastructure? Offensive Cybersecurity Measures

Critical infrastructure is vital for the functioning of the state and the society. Even though the legal foundations for critical infrastructure protection in material world are well-established, there is almost no legal basis for providing critical infrastructure security in the cyberspace. In this paper, we study the applicability of different types of cybersecurity measures including the most offensive ones in different domains by drawing parallels to providing security in the material world. By further focusing on the offensive cybersecurity measures (i.e., hack back), we lay out the circumstances in which such invasive measures could be employed for providing security for the critical infrastructure.