To what extent is existing international law, including the UN Charter, adequate to regulate cyber attacks and related offensive and defensive activities today and in the future? By “cyber attacks”, the authors means efforts to alter, disrupt, degrade or destroy computer systems or networks or the information or programs on them. This article examines one slice of that legal puzzle: the UN Charter’s prohibitions of the threat or use of “force” contained in Article 2(4). As a general matter, military attacks are prohibited by Article 2(4) except in self-defense or when authorized by the UN Security Council. Also as a general matter, most economic and diplomatic assaults or pressure, even if they exact tremendous costs on a target State, are not barred in the same way. Where along the spectrum in between might cyber attacks — which have some attributes of military attacks and some attributes of non-military pressure — lie?