Home > The Oxford Process on International Law Protections in Cyberspace

The Oxford Process on International Law Protections in Cyberspace

About the Process

The Oxford Process on International Law Protections in Cyberspace is an initiative of the Oxford Institute for Ethics, Law and Armed Conflict (ELAC) at the Blavatnik School of Government that was set in motion in May 2020 in partnership with Microsoft. At the core of this initiative lies a collaborative effort between international legal experts from across the Globe aimed at the identification and clarification of rules of international law applicable to cyber operations across a variety of contexts. The Oxford Statements on International Law Protections, which have been a major input of the Process in 2020, articulate short lists of consensus protections that apply under existing international law to cyber operations targeting a range of protected objects. Going beyond the generally accepted view that international law applies in cyberspace, the Process analyses how it applies to specific sectors and objects. The Statements articulate both prohibited and prescribed state behaviour in cyberspace, without necessarily spelling out their specific legal basis under international law. To date, the Process has yielded five different Statements.

The Statements

Humanitarian Action
International Justice and Accountability
International Peace and Security

Aims & Methodology

Unlike previous initiatives that have sought to identify the rules of international law applicable to cyber operations, the Oxford Process takes a contextual approach. Instead of elaborating on the applicable international legal rules in abstracto, it examines the law as it applies to specific objects of protection, such as the healthcare sector and electoral processes. In choosing these specific objects of protection, the team behind the Oxford Process is driven by some of the most pressing needs facing the international community. In 2020, these needs were multifaceted, and they continue to evolve. The healthcare sector, which largely shouldered the burden of the covid-19 pandemic, was under attack in 2020 with a steady stream of cyber operations against hospitals, pharmaceutical companies, as well as the World Health Organisation. As soon as covid-19 vaccine development initiatives began, vaccine research, manufacture and distribution facilities became a new target of cyber operations. Cyberattacks have ranged from attempts to steal vaccine and clinical trial data to supply chain disruptions, seriously endangering the worldwide immunisation efforts. Beyond the healthcare context, the Oxford Process focused on the protection of electoral processes. Election insecurity strikes at the core of democracy, and reports of election interference through digital means have now become a pervasive feature of political discourse across jurisdictions.

In May, a two-day virtual workshop at the University of Oxford, co-sponsored by ELAC, Microsoft and the Government of Japan, examined the intersection between cyber operations and covid-19. During that workshop, it became clear that, while differences may exist regarding how the participants reach certain conclusions on the scope of international law protection, there is widespread agreement on the coverage of that protection. This realisation is what led to the first Oxford Statement, which elaborated these points of consensus on the protection of the healthcare sector. The Oxford Statement on safeguarding vaccine research and the Oxford Statement on foreign electoral interference followed the same process and were published in the aftermath of workshops organised by ELAC.

The discussions generated during these workshops lie at the core of the success of the Oxford Process and the three Statements. With a group of recognised experts from diverse regional and disciplinary backgrounds, each state obligation outlined in the Statements has been subjected to careful review. These workshops greatly benefited from the input of computer scientists, engineers, cryptographers, government advisors and representatives of the private sector. The interdisciplinary focus brought by these experts was of great assistance in discerning the types of harm engendered by cyber operations, the measures currently in place to prevent, mitigate and redress such harm, as well as further measures that would be necessary to ensure effective protection. The Process is an ongoing dialogue between academia, states and the industry, which will continue to generate a research-led debate among those stakeholders.

Global crises create unique opportunities for agreement about the interpretation and application of international law protections, and the crises faced in 2020 opened rare windows of opportunity for clarifying the protective scope of the law. Through the Oxford Statements, it was made clear that international law is neither silent nor powerless in the face of such crises, and that international lawyers have an important role to play in clarifying and disseminating the legal rules that protect us all from harm.

All Oxford Statements remain open for signature by international law scholars. International lawyers who wish to append their name to the statement should send an email to oxfordcyberstatement@gmail.com.