Since the late 1990s, the United States has operated from the premise that international law applies in cyberspace. This remains the U.S. approach nearly two decades later. What appears to have changed since then is the Department of Defense’s position on sovereignty in cyberspace. In 1999, the question was not whether a State could violate another State’s sovereignty as a matter of law; rather, the challenge was identifying when cyber operations do so. Recently, the DoD has indicated that it may have reassessed its position that sovereignty can be violated as a matter of international law in the cyber context. In this article, Professors Schmitt and Vihul examine the point of contention between the DoD’s earlier view, as well as the Tallinn Manuals’, and that which now appears to be the revised DoD position.