Defending medical facilities from cyber attacks: critical issues with the principle of due diligence in international law

ABSTRACTABSTRACTI explore reasons why existing defense has failed to prevent cyber attacks on medical facilities. I look into one of the least studied notions of cyberspace behavior known as the principle of due diligence. The principle posits that states should do their best not to allow their territory to be used for cyber operations that produce adverse consequences for other states. I point out three reasons why the principle has failed to protect medical facilities. First, the principle of due diligence suffers from flaws with its enforcement mechanism and applicability to nonstate hackers. Second, the principle suffers from the lack of specificity in that it has never clarified what potential targets are supposed to be spared. Finally, the principle is prone to fail to mobilize states enmeshed with providers of network infrastructure – internet service providers (ISPs) – to practice due diligence. In sum, my analysis shows that factors that are external to the principle are as critical as internal ones in shaping the principle’s ineffectiveness. While the principle is not the only cause of failure to prevent attacks on medical facilities, it is one of the reasons for the failure.KEYWORDS: Principle of due diligencemedical facilitiesinternet service providers Disclosure statementNo potential conflict of interest was reported by the author(s).