The principle of State sovereignty has also given rise to a number of specific rules, such as those
prohibiting the use of force and intervention in the internal affairs of other States. Below the
threshold of prohibited intervention, all States have an obligation to refrain from acts that violate
the territorial integrity or political independence of other States.
The International Court of Justice has consistently confirmed that it is a duty of every State to
respect the territorial sovereignty of others. This applies to unauthorized intrusions to physical
spaces such as overflight of a State’s territory by an aircraft belonging to another State or under
its control,5 penetration of territorial waters by foreign warships,6 conducting of certain activities
in another State’s territory without its consent7 but also to producing effects in another State’s
territory without physical intrusion.8 According to the Court, it is “quite obvious that a State
possesses a legal interest in the protection of its territory from any form of external harmful
action”.9
Similarly, a non-consensual intrusion in the computer networks and systems that rely on the
cyber infrastructure in another State’s territory may amount to a violation of that State’s
sovereignty. The prohibition of cyber operations violating the territorial sovereignty of another
State protects, first of all, the cyber infrastructure located in the territory of that State, or
otherwise under its jurisdiction, as well as computer networks and systems supported by such
infrastructure, from material harm. The situation is the same irrespective of whether such
infrastructure belongs to or is operated by governmental institutions, private entities or private
individuals. In addition to material harm that may be caused by such an operation, other relevant
considerations include whether an intrusion in the cyber infrastructure triggers a loss of
functionality of the equipment relying on it, or modifies or deletes information belonging to the
target State, or to private actors in its territory.
More generally, an unauthorized intrusion by cyber means may be seen as a violation of the
target State’s territorial sovereignty if it interferes with data or services that are necessary for
the exercise of inherently governmental functions. This rule put forward in the Tallinn Manual
2.0 10 is consistent with the understanding of violations of sovereignty as unauthorized exercise
of authority in another State’s territory. Finally, cyber operations against objects that enjoy
sovereign immunity (warships, ships owned by a State and used only for government or noncommercial service; State aircraft) can be characterized as violations of sovereignty.11
5
Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America), Merits,
Judgment, I.C.J. Reports 1986, p. 14, paras. 251, 253, 292.
6
Corfu Channel case (United Kingdom v. Albania), Judgment, I.C.J. Reports 1949, p. 4, at 26, 35, 36.
7
Certain Activities carried out by Nicaragua in the Border Area (Costa Rica v,. Nicaragua) and Construction of a
Road in Costa Rica along the San Juan River (Nicaragua v. Costa Rica), Judgment, I.C.J. Reports 2015, p.665, paras.
66,67,69, 93, 221-223 and 229.
8
Nuclear Tests (Australia v. France), Judgment, I.C.J. Reports 1974, p. 253, para. 454.
9
Ibid. para 456, emphasis added.
10
Michael N. Schmitt (ed.), Tallinn Manual 2.0, Cambridge University Press 2017, Rule 4, para. 15.
11
Cf. Ibid., Rule 5.
2