The United States faces a growing risk of cyberterrorism against its financial system, electric power grid, and other critical infrastructure sectors. Yet relatively little attention has been paid to building a legal framework that can bring those who attack from abroad to justice. This Article argues that the protective principle—which predicates prescriptive jurisdiction on whether a nation suffered a fundamental security threat—should govern cyberterrorist prosecutions. To support this argument, the Article examines the full range of principles on which States could claim prescriptive jurisdiction and assesses their strengths and weaknesses for extending extraterritorial application of U.S. statutes to cyberterrorism. This Article also contends that sequential prosecutions would provide the best way to resolve multiple jurisidictional claims.