The issues concerning attribution of cyber-attacks of state actors and non-state actors

Abstract

This thesis aims to analyse the extent to which the current legal standards of attribution can be applied to cyber-attacks carried out by hacker groups under the control of a State actor. Considering the increase of cyber-attacks within the last 20 years, State actors have made public announcements attributing the attacks to non-state actors which have acted as de facto agents of a State. The current legal standards for attribution of de facto agents are too stringent and cannot be fulfilled due to the nature of the cyber-attacks and the hacker groups that carry them out. While there is an ongoing discourse among State actors and academia about the attribution of cyber-attacks within technical, political and legal contexts, there remains a lack of political willingness and State practice concerning legal and practical attribution of cyber-attacks. Due to the nature of cyber-attacks, namely, the high level of secrecy surrounding their planning, execution and the subsequent lack of evidence connecting each side. The high degree of confidentiality and high threshold of control necessary to attribute cyber-attacks to State actors results in a meagre chance of attribution of cyber-attacks carried out by non-state actors, acting as de facto agents of a State.