ATTRIBUTION OF CYBERATTACKS AS A PREREQUISITE FOR ENSURING RESPONSIBLE BEHAVIOR IN CYBERSPACE

Abstract

Growing impunity in cyberspace is cause by the lack of responsibility for the most serious cyberoperations that present a threat to both state and non-state actors. The only possible solution is to trace such cyberoperations to those who stand behind them. Since the seriousness of consequences increases in case of state-committed cyberattacks, the article deals with the issue of attribution of cyberattacks to states with the aim of ensuring responsible behavior of all states in cyberspace. The existing practice of public attribution and features of cyberoperations, as a rule, requires not only performing legal attribution, but also technical and public (political) attribution. Author thus starts with analyzing the current state of affairs – public attribution of cyberattack, its effectiveness and the role of private sector in attribution (decentralized attribution to support or deny government`s finding). The article also examines the customary basis for attributing state-related cyberattacks contained in the Articles on State Responsibility for Internationally Wrongful Acts and Tallinn Manual 2.0 on the Application of International Law to Cyberoperations. Although public attribution is, indeed, a step towards responsible behavior in cyberspace, legal attribution may contribute even more. In this article increased attention is paid to the test of effective control, which is used to attribute internationally wrongful acts to states committed by non-state actors acting under its control or direction. Finally, it concludes that global efforts are needed to ensure responsible behavior in cyberspace, especially in the context of international security. For this, states should get into partnership with private sector in performing attribution of cyberoperations and apply to international bodies, which have jurisdiction over state claims and are able to perform legal attribution for the purpose of establishing state responsibility. Only in this way it will be possible to guarantee responsible behavior of states in cyberspace, and create a common understanding and approach against cyberoperations committed by non-state cyber actors.