Abstract International discussions on establishing and implementing norms for behavior in cyberspace have spanned over two decades. However, differences in what constitutes ‘acceptable conduct’ have hindered progress in forming these norms. In recent years, Western countries have adopted a strategy to signal what is considered unacceptable behavior by publicly attributing cyberattacks and intrusions. I argue that this act of official public attribution serves as a practice for countries to express their disapproval of inappropriate cyberspace behavior and condemnation and can cumulatively shape international practices, holding the attacking state accountable. I explore this by (1) analyzing new data from the European Repository of Cyber Incidents, which shows patterns of official public attributions for the years 2000–2023, providing exploratory directions and trends, and (2) examining the Iranian cyberattack against Albania in 2022 and its subsequent official public attributions as an illustrative case study. I demonstrate how repeated instances of official public attribution can contribute to the development of a common practice that signals dissatisfaction of a specific behavior. As state-sponsored cyberattacks and intrusions are on the rise, this practice could have an accumulative effect.
Read full abstract