Experts

Kristen Eichensehr

Faculty Senior Fellow
Eichensehr CV_Miller Center 7-13-21.pdf

Fast Facts

  • Director, National Security Law Center at the University of Virginia School of Law
  • Clerked for Supreme Court Justices Sandra Day O’Connor and Sonia Sotomayor
  • Expertise on cybersecurity, foreign relations, international law, and national security law

Areas Of Expertise

  • Foreign Affairs
  • American Defense and Security
  • Domestic Affairs
  • Law and Justice
  • Science and Technology

Kristen Eichensehr is the Martha Lubin Karsh and Bruce A. Karsh Bicentennial Professor and director of the National Security Law Center at the University of Virginia School of Law. She writes and teaches about cybersecurity, foreign relations, international law, and national security law. She has written articles on, among other things, the attribution of state-sponsored cyberattacks, the important roles that private parties play in cybersecurity, the constitutional allocation of powers between the president and Congress in foreign relations, and the role of foreign sovereign amici in the Supreme Court. She received the 2018 Mike Lewis Prize for National Security Law Scholarship for her article, “Courts, Congress, and the Conduct of Foreign Relations,” published in the University of Chicago Law Review.

Eichensehr clerked for Justices Sandra Day O’Connor and Sonia Sotomayor of the Supreme Court of the United States and for Judge Merrick B. Garland of the U.S. Court of Appeals for the D.C. Circuit. She also served as special assistant to the legal advisor of the U.S. Department of State and practiced at Covington & Burling LLP in Washington, DC, where she specialized in appellate litigation and international and national security law, including cybersecurity issues. 

She is the editor of the American Journal of International Law section on Contemporary Practice of the United States Relating to International Law and a member of the editorial boards of the national security blog Just Security and the Journal of National Security Law & Policy. She is a member of the National Academies of Sciences, Engineering & Medicine Forum on Cyber Resilience, an affiliate at the Stanford Center for International Security and Cooperation, and an affiliate scholar at the Center for Internet and Society at Stanford Law School.

Eichensehr received her JD from Yale Law School, where she served as executive editor of the Yale Law Journal and articles editor of the Yale Journal of International Law. She holds an AB in government from Harvard University and an MA in international relations from the University of Cambridge.

Kristen Eichensehr News Feed

Lawfare Podcast
Kristen Eichensehr on the Cyberwar that Wasn't in Ukraine
For years, Russia has both officially and unofficially used cyber tools to ruthlessly advance its international agenda. For this reason, many expected Russia's recent invasion of Ukraine to also kick off a new and brutal era of international cyberwar. Instead, cyber measures have only played a small part in the overall conflict compared to more conventional capabilities, leading many to ask whether Russian cyber capabilities and the role of cyber in the future of warfare more generally might well have been exaggerated. To dig into these issues, Scott R, Anderson sat down with University of Virginia law professor Kristen Eichensehr, who wrote a recent article on the topic for the American Journal of International Law. They discussed possible explanations for the limited role that cyber capabilities have played in the conflict, whether that might change in the next stage of the conflict and what it all means for the future of cyber measures in warfare.
Kristen Eichensehr Lawfare Podcast
SSRN
Ukraine, Cyberattacks, and the Lessons for International Law
Russia’s invasion of Ukraine has put to the test theories about how cyberattacks fit into conventional war. Contrary to many expectations, cyber operations appear to have played only a limited role in the initial stages of the invasion, prompting competing theories and rampant speculation about why. Although written while the conflict continues, this essay considers how either of two broad explanations for the limited role of cyberattacks to date—that Russia’s attempted cyberattacks were thwarted or that Russia chose not to deploy them widely—challenges conventional wisdom about cybersecurity. The essay concludes by suggesting that one lesson international lawyers should draw from the current conflict is the urgent need to clarify and enforce international rules not just for the rare high-end destructive or widely disruptive cyber operations, but also for lower-level operations that have proven more consistently problematic, both in Ukraine and elsewhere. Clarifying such rules could help to manage escalation risk now and in the future, even if such rules—like the most venerable international law prohibitions that Russia’s invasion has violated—do not necessarily restrain behavior directly.
Kristen Eichensehr SSRN
Just Security
Friction, Framing & U.S. Cybersecurity-Related Actions Against Russia
On Wednesday, the U.S. Department of Justice (DOJ) announced that it had “disrupt[ed] a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm,” and identified by the U.S. government as “the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).” This action is the latest in what appears to be a string of public moves to impose additional friction on malicious Russian actors in cyberspace since the invasion of Ukraine, and it’s also emblematic of the efforts by the United States over the last few months to shift the framing of some cybersecurity threats from purely criminal matters to national security concerns.
Kristen Eichensehr Just Security
UVA Today
Stay vigilant: How Americans can protect themselves against Russian cyberattacks
What has the U.S. done since to shore up its defense? Kristen Eichensehr, a former special assistant to the legal adviser of the U.S. Department of State and current director of UVA’s National Security Law Center, said executive edicts have moved the nation to a stronger cybersecurity footing. “In the wake of SolarWinds, the Biden administration issued an executive order that was aimed at better securing U.S. government systems, which makes sense because that’s what was ultimately compromised with SolarWinds,” said Eichensehr, a Martha Lubin Karsh and Bruce A. Karsh Bicentennial Professor of Law. “So that’s doing things to harden the defenses and make more U.S. government systems more resilient.
Kristen Eichensehr UVA Today
UVA Law School
From Sanctions to Cyberattacks: What’s Next in the Ukraine Conflict?
Russia’s invasion of Ukraine has raised numerous dilemmas for nations and the international community, a fact underlined by Professors Kristen Eichensehr and Paul B. Stephan ’77 of the University of Virginia School of Law, who spoke about the conflict at an online event Friday.
Kristen Eichensehr UVA School of Law
Bloomberg
Balance of Power: Threat of Russian Cyber Attacks
University of Virginia Law School Professor Kristen Eichensehr discusses the threat of Russian cyber attacks. She spoke with Bloomberg's David Westin.
Kristen Eichensehr Bloomberg Radio