Kristen Eichensehr

Fast Facts

  • Director, National Security Law Center at the University of Virginia School of Law
  • Clerked for Supreme Court Justices Sandra Day O’Connor and Sonia Sotomayor
  • Expertise on cybersecurity, foreign relations, international law, and national security law

Areas Of Expertise

  • Foreign Affairs
  • American Defense and Security
  • Domestic Affairs
  • Law and Justice
  • Science and Technology

Kristen Eichensehr is professor of law and director of the National Security Law Center at the University of Virginia School of Law. She writes and teaches about cybersecurity, foreign relations, international law, and national security law. Her work has addressed, among other issues, the attribution of state-sponsored cyberattacks, the important roles that private parties play in cybersecurity, the constitutional allocation of powers between the president and Congress in foreign relations, and the role of foreign sovereign amici in the Supreme Court. She received the 2018 Mike Lewis Prize for National Security Law Scholarship for her article, “Courts, Congress, and the Conduct of Foreign Relations.” 

Eichensehr is a member of the U.S. State Department’s Advisory Committee on International Law and the National Academies of Sciences, Engineering & Medicine Forum on Cyber Resilience. She serves on the editorial boards of Just Security and the Journal of National Security Law & Policy and previously edited the American Journal of International Law’s section on Contemporary Practice of the United States Relating to International Law. She is a faculty senior fellow at the University of Virginia’s Miller Center, as well as an affiliate of the Stanford Center for International Security and Cooperation and Stanford Law’s Center for Internet and Society. 

Eichensehr clerked for Justices Sandra Day O’Connor and Sonia Sotomayor of the Supreme Court of the United States and for Judge Merrick B. Garland of the U.S. Court of Appeals for the D.C. Circuit. She also served as special assistant to the legal adviser of the U.S. Department of State and practiced at Covington & Burling in Washington, D.C.

Kristen Eichensehr News Feed

Constitutional self-government and authoritarianism are in a worldwide contest—and it is not going well for democracy. Miller Center Faculty Senior Fellow and Taylor Professor of Politics John M. Owen IV engages with experts to discuss open liberal internationalism and what comes next for "The Ecology of Nations," the title of his latest book.
Aynne Kokas, John Owen, Kristen Eichensehr, Eric Edelman Miller Center Presents
Kristen Eichensehr, a former O'Connor clerk, recalls her inner toughness tempered by good humor and abiding pragmatism
Kristen Eichensehr
For years, Russia has both officially and unofficially used cyber tools to ruthlessly advance its international agenda. For this reason, many expected Russia's recent invasion of Ukraine to also kick off a new and brutal era of international cyberwar. Instead, cyber measures have only played a small part in the overall conflict compared to more conventional capabilities, leading many to ask whether Russian cyber capabilities and the role of cyber in the future of warfare more generally might well have been exaggerated. To dig into these issues, Scott R, Anderson sat down with University of Virginia law professor Kristen Eichensehr, who wrote a recent article on the topic for the American Journal of International Law. They discussed possible explanations for the limited role that cyber capabilities have played in the conflict, whether that might change in the next stage of the conflict and what it all means for the future of cyber measures in warfare.
Kristen Eichensehr Lawfare Podcast
Russia’s invasion of Ukraine has put to the test theories about how cyberattacks fit into conventional war. Contrary to many expectations, cyber operations appear to have played only a limited role in the initial stages of the invasion, prompting competing theories and rampant speculation about why. Although written while the conflict continues, this essay considers how either of two broad explanations for the limited role of cyberattacks to date—that Russia’s attempted cyberattacks were thwarted or that Russia chose not to deploy them widely—challenges conventional wisdom about cybersecurity. The essay concludes by suggesting that one lesson international lawyers should draw from the current conflict is the urgent need to clarify and enforce international rules not just for the rare high-end destructive or widely disruptive cyber operations, but also for lower-level operations that have proven more consistently problematic, both in Ukraine and elsewhere. Clarifying such rules could help to manage escalation risk now and in the future, even if such rules—like the most venerable international law prohibitions that Russia’s invasion has violated—do not necessarily restrain behavior directly.
Kristen Eichensehr SSRN
On Wednesday, the U.S. Department of Justice (DOJ) announced that it had “disrupt[ed] a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm,” and identified by the U.S. government as “the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).” This action is the latest in what appears to be a string of public moves to impose additional friction on malicious Russian actors in cyberspace since the invasion of Ukraine, and it’s also emblematic of the efforts by the United States over the last few months to shift the framing of some cybersecurity threats from purely criminal matters to national security concerns.
Kristen Eichensehr Just Security
What has the U.S. done since to shore up its defense? Kristen Eichensehr, a former special assistant to the legal adviser of the U.S. Department of State and current director of UVA’s National Security Law Center, said executive edicts have moved the nation to a stronger cybersecurity footing. “In the wake of SolarWinds, the Biden administration issued an executive order that was aimed at better securing U.S. government systems, which makes sense because that’s what was ultimately compromised with SolarWinds,” said Eichensehr, a Martha Lubin Karsh and Bruce A. Karsh Bicentennial Professor of Law. “So that’s doing things to harden the defenses and make more U.S. government systems more resilient.
Kristen Eichensehr UVA Today