Cyber Attribution: Technical and Legal Approaches and Challenges

Abstract Considering the role of attribution in the law of state responsibility, this article examines the technical and international law methodologies and determinants used when attributing malicious cyber activities falling below the use-of-force threshold to a state, and identifies the challenges that arise which lead to responsibility gaps. The article goes on to discuss a number of proposals that aim to improve the effectiveness of the attribution process and also close some of the existing responsibility gaps. They include institutional proposals envisaging the creation of an international attribution agency; normative proposals advocating the revision of the legal determinants of attribution; and proposals concerning the standard of proof. The aim of the article is to reconstruct the theory and practice of cyber attribution in order to enhance the regulatory potential of international law in this area.