Read on Twitter
Iran 
(!) has released its views on how international law applies in cyberspace. Here's a brief summary (thanks to @KuboMacak for the tip). *Thread* https://nournews.ir/En/News/53144/General-Staff-of-Iranian-Armed-Forces-Warns-of-Tough-Reaction-to-Any-Cyber-Threat
(!) has released its views on how international law applies in cyberspace. Here's a brief summary (thanks to @KuboMacak for the tip). *Thread* https://nournews.ir/En/News/53144/General-Staff-of-Iranian-Armed-Forces-Warns-of-Tough-Reaction-to-Any-Cyber-Threat
International law applies in cyberspace. This includes key principles such as 
sovereignty & sovereign equality prohibition of the use of force prohibition of aggression non-intervention self-determination good faith
Rules on territorial sovereignty & jurisdiction apply online just as they do offline.
Cyber ops with tangible or non-tangible effects which threathen national security or may cause political, economic, social or cultural destabilization of nat sec significance constitute a violation of sovereignty.
Iran joins the sovereignty-as-a-rule camp and opts for the intrusion-based approach, i.e. any unlawful intrusion into cyber infrastructure on another State's territory violates that State's sovereignty.
This seems quite similar to the French penetration-based approach: https://www.defense.gouv.fr/content/download/567648/9770527/file/international+law+applied+to+operations+in+cyberspace.pdf
On a personal note, I've advocated an intrusion-based approach at the Hague Conference on Cyber Norms in 2018 & the article is recently out in the post -conf book: https://rowman.com/WebDocs/Open_Access_Governing_Cyberspace_Broeders_and_van_den_Berg.pdf
On a personal note, I've advocated an intrusion-based approach at the Hague Conference on Cyber Norms in 2018 & the article is recently out in the post -conf book: https://rowman.com/WebDocs/Open_Access_Governing_Cyberspace_Broeders_and_van_den_Berg.pdf
Iranian touch here: sanctions, asset freezes etc. supposedly violate the target State's sovereignty. This is certainly not the mainstream view.
Violations of the principle of non-intervention include: cyber-manipulation of elections (dis)info-ops ("engineering public opinion") during elections sending mass messages to voters paralyzing websites in a state to provoke internal tensions
Another Iranian touch: "dainty" and "complicated" techniques of duress aimed at political, cultural or economic liberalization constitute an intervention.
Cyber ops which result in grave & widespread material damage or loss of life or affecting "vital national infrastructures" (both public & private) constitute use of force.
On self-defence, it looks like Iran endorses the scale-and-effects-test: a State has the right to self-defence against cyber ops if their gravity is comparable to a conventional armed attack.
Conclusion: this is a very interesting document, not dissimilar to major "western" documents such as the French or the Dutch. It looks like Iran has studied the major statements very carefully and there are significant commonalities.
Might write a piece on that topic...
Might write a piece on that topic...
