Decoding Article 8 of the International Law Commission’s Articles on State Responsibility: Attribution of Cyber Operations by Non-State Actors
Journal of Conflict and Security Law
Oxford University Press (OUP)
Reason for embargo
Cyber operations pose a set of novel challenges to the generally conservative body of the law of State responsibility. Central among them is the problem of attribution, which lies at the intersection of technology and law. This article reflects the recent developments in the States’ technological capacity to identify the sources of cyber attacks from the perspective of international law. It revisits Article 8 of the International Law Commission’s Articles on State Responsibility in order to ‘decode’ its contents vis-à-vis its drafting history and with an eye on its future application to the conduct in cyberspace. The article argues that there are three autonomous standards of attribution built into that provision: instructions, direction, and control. It then demonstrates the utility and limitations of each of them against the backdrop of actual and hypothetical cyber operations. The article concludes with suggestions for further development of the law in this area, focussing on the missing potential of the law to regulate instigation of wrongful cyber conduct and on the prohibitively strict test of control applicable de lege lata.
I would like to gratefully acknowledge the generous support of the Minerva Center for the Rule of Law under Extreme Conditions at the Faculty of Law and Department of Geography and Environmental Studies, University of Haifa, Israel and of the Israeli Ministry of Science, Technology and Space.
This is the author accepted manuscript. The final version is available from OUP via the DOI in this record.
Vol. 21 (3), pp. 405-428