Most cyber-intrusions now and in the foreseeable future will take place outside the traditional consensus normative framework for uses of force supplied by international law. For the myriad, multi-layered and multi-faceted cyber-attacks that disrupt but do not destroy, whether state-sponsored or perpetrated by organized private groups or single hacktivists, much work remains to be done to build a normative architecture that will set enforceable limits on cyber intrusions and provide guidelines for responses to disruptive cyber-intrusions. In this paper, the interest is directed at a subset of those cyber-attacks – those where terrorists are responsible or attribution is not known but points in terrorists’ direction, and where the effects are very disruptive but not sufficiently destructive to cross the traditional LOAC and Charter self-defense thresholds. For this subset of cyber attacks, counterterrorism law may offer a useful complementary normative supplement to LOAC and the Charter. Especially over the last decade, a corpus of counterterrorism law has evolved as domestic and international law in response to transnational terrorism. In contrast to the dominant pre-September 11 conception that countering terrorism involved either the use of military force or enforcement of the criminal laws, counterterrorism law now incorporates a diverse range of responses to terrorism, many of which are borrowed, sometimes in modified form, from existing international and domestic law. Based on a maturing international legal regime, this article concludes that over time and through state practice, along with legal, strategy and policy development in the international community a set of counterterrorism law norms for cyber war could emerge.