Focus: Foreign Cyberattacks against Civilians

Cyber Attribution: Technical and Legal Approaches and Challenges

Tsagourias, Nicholas 1
Farrell, Michael 2

Abstract

Considering the role of attribution in the law of state responsibility, this article examines the technical and international law methodologies and determinants used when attributing malicious cyber activities falling below the use-of-force threshold to a state, and identifies the challenges that arise which lead to responsibility gaps. The article goes on to discuss a number of proposals that aim to improve the effectiveness of the attribution process and also close some of the existing responsibility gaps. They include institutional proposals envisaging the creation of an international attribution agency; normative proposals advocating the revision of the legal determinants of attribution; and proposals concerning the standard of proof. The aim of the article is to reconstruct the theory and practice of cyber attribution in order to enhance the regulatory potential of international law in this area.

1International Law at the University of Sheffield and Director of the Sheffield Centre for International and European Law, UK
2Institute for Information Security & Privacy, Georgia Institute of Technology, USA

Full text available in PDF format

The free viewer (Acrobat Reader) for PDF file is available at the Adobe Systems