Originally from The Law and Practice of International Arbitration: Essays in Honor of John Fellas – Preview Page

I. INTRODUCTION 

Innovation, at any point in history, is defined as transformative,2 creates normative impact,3 and, viewed through the longer lens of time, leads to the transition of legal traditions.4 The advent of cyberspace has expanded the domain of human existence and diversified human activities, even creating new normativity in legal practices. For example, the digitalisation of international arbitration has ushered in an era of unprecedented efficiency, marked by electronic submissions, virtual hearings, and online case management.5 Indeed, these innovations have enabled participants to transcend geographical barriers and reduce procedural delays. However, the digital leap has exposed a critical tension between cybersecurity issues and efficiency. Early in 2018, a survey conducted by BCLP’S International Arbitration Group found that 11% of respondents indicated that they had experience cybersecurity incidents in international arbitration.6 This figure is particularly worrying for the stability of this mechanism, all the more so given the surge in cybersecurity concerns following the accelerated digital shift brought on by the COVID-19 pandemic. 

In fact, the wide use of cyberspace inevitably give rise to cybersecurity incidents involving a broad range of actors.7 “Cybersecurity,” as defined by the U.S. Cybersecurity and Infrastructure Security Agency, refers to the protection of systems, data, and networks from any unauthorised access and threats like malware or data breaches, ensuring information remains confidential, accurate, and accessible.8 Accordingly, “cybersecurity incidents” can be defined as the result of any cyber operations performed with a purpose of deceiving, degrading, disrupting, denying, exploiting, etc.9 For example, cyberattack, a highly destructive form of cyber operations, have already become commonplace in legal practices.10 Yet cybersecurity incidents extend beyond such destructive cyber operations; many cyber operations, unlike like cyberattacks, neither damage a document nor result in network failure. However, they can indirectly affect accuracy, confidentiality, as well as accessibility of information. Such operations are often the cause of cybersecurity incidents in international arbitration.11