Abstract
Since cyberattacks are nonphysical, standard theories of casus belli — which typically rely on the violent and forceful nature of military means — appear inapplicable. Yet, some theorists have argued that cyberattacks nonetheless can constitute just causes for war — generating a unilateral right to defensive military action — when they cause significant physical damage through the disruption of the target's computer systems. I show that this view suffers from a serious drawback: it is too permissive concerning the types of actions that generate casus belli since many essentially peaceful and non-violent mechanisms can nonetheless cause physical damage. I resolve this difficulty by developing a sovereignty-based account of casus belli and applying it to cyberwarfare. I argue that legitimate states have a constrained right to unilaterally respond with military force to unfriendly actions that bypass or overwhelm the political deliberations of the target state in order to force a change in behaviour contrary to the determinations of the people of the target state. This new account of casus belli avoids the problems of the consequence-based view by plausibly restricting the types of unfriendly action that give rise to casus belli and yet offers an attractive explanation for why some cyberattacks nonetheless do generate a potential right to a unilateral defensive response.