Skip to main content Accessibility help
×
×
Home

The Bumpy Road to a Meaningful International Law of Cyber Attribution

  • William C. Banks (a1)

Extract

Attributing computer network intrusions has grown in importance as cyber penetrations across sovereign borders have become commonplace. Although advances in technology and forensics have made machine attribution easier in recent years, identifying states or others responsible for cyber intrusions remains challenging. This essay provides an overview of the attribution problem and its international legal dimensions and argues that states must develop accountable attribution mechanisms for international law to have practical value in this sphere.

  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      The Bumpy Road to a Meaningful International Law of Cyber Attribution
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      The Bumpy Road to a Meaningful International Law of Cyber Attribution
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      The Bumpy Road to a Meaningful International Law of Cyber Attribution
      Available formats
      ×

Copyright

This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited.

References

Hide All

2 U.S. Dep't of Def., Summary Cyber Strategy 1 (2018).

4 David D. Clark & Susan Landau, Untangling Attribution, 2 Harv. Nat'l Sec. J. 531, 531 (2011).

5 See John P. Carlin, Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, 7 Harv. Nat'l Sec. J. 391, 409 (2016); Jeffrey Carr, Inside Cyber Warfare 29, 139–40 (2010).

6 Thomas Rid & Ben Buchanan, Attributing Cyber Attacks, 38 J. Strategic Stud. 4 (2015).

7 Id. at 7 (“[A]ttribution is an art as much as a science.”).

8 See Carlin, supra note 5, at 396–97 (discussing the expertise required for the complex attribution analysis).

9 Id.

10 Rid & Buchanan, supra note 6, at 4.

11 See, e.g., Carlin, supra note 5, at 416; Herbert Lin, Attribution of Malicious Cyber Incidents: From Soup to Nuts, 70 J. Int'l Affairs 75, 82–83 (2017).

12 Carlin, supra note 5, at 409; Lin, supra note 11, at 84.

13 See William Banks, State Responsibility and Attribution of Cyber Intrusions After Tallinn 2.0, 95 Tex. L. Rev. 1487, 1494–97 (2017).

14 UN Int'l Law Comm'n, Report of the International Law Commission, Draft Articles of State Responsibility, UN GAOR, 53rd Sess., Supp. No. 10, UN Doc. A/56/10 (2001) [hereinafter Articles on State Responsibility].

15 Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations 3 (Michael N. Schmitt ed., 2017) [hereinafter Tallinn Manual 2.0].

16 Id. at 87–92 (rule 15).

17 Id. at 94–95 (rule 17).

18 Id. at 312 (rule 66(1)).

19 Id. at 312–13.

20 Id. at 85 (rule 15(7)).

21 Military and Paramilitary Activities in and against Nicaragua (Nicar. v. U.S.), Merits, 1986 ICJ Rep. 14, para. 205 (June 27).

22 Tallinn Manual 2.0, supra note 15, at 317 (rule 66(18)).

23 Michael N. Schmitt & Liis Vihul, Proxy Wars in Cyberspace: The Evolving International Law of Attribution, I Fletcher Sec. Rev. 55, 60 (Spr. 2014).

24 Tallinn Manual 2.0, supra note 15, at 81.

25 Id. at 81–82.

26 Id. at 80.

27 Id. at 81.

28 Id. at 111 (rule 20).

29 Id.

30 Id. at 111–12.

31 Id. at 124.

32 Id. at 112; Articles on State Responsibility, supra note 14, chapeau to ch. II of pt. 3, para. 3 of commentary.

33 Thomas Giegerich, Retorsion, Max Planck Encyclopedia of Public International Law (Rüdiger Wolfrum ed., 2017).

34 Tallinn Manual 2.0, supra note 15, at 81.

35 In support of its position, the IGE cited Oil Platforms (Iran v. U.S.), 2003 ICJ Rep. 161, para. 33 (Nov. 6) (separate opinion of Judge Higgins); Corfu Channel Case, (UK v. Alb.), 1949 ICJ Rep. 4, para. 17 (Apr. 9); Application of Convention on Prevention and Punishment of Crime of Genocide (Bosn. & Herz. v. Serb. & Montenegro), 2007 ICJ Rep. 108, paras. 209–10 (Feb. 26); and Application of Convention on Prevention and Punishment of Crime of Genocide (Croat. v. Serb.), 2015 ICJ Rep. 3, para. 178 (Feb. 3).

36 Tallinn Manual 2.0, supra note 15, at 82.

37 Id.

38 Id. at 82–83.

39 Id. at 118–20.

40 Id. at 116.

41 Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, Report, UN Doc. A/70/174, para. 24 (July 22, 2015).

43 Tallinn Manual 2.0, supra note 15, at 83.

44 Id.

45 Id.

46 Clement Guitton, Inside the Enemy's Computer: Identifying Cyber Attackers 66 (2017).

48 Id. at 54.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

AJIL Unbound
  • ISSN: -
  • EISSN: 2398-7723
  • URL: /core/journals/american-journal-of-international-law
Please enter your name
Please enter a valid email address
Who would you like to send this to? *
×

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed