Abstract [eng] |
States’ Attribution in Cyber Conflict: From Theoretical Approach to Common Practise Development in information technologies led to a new type of threat in the field of international relations. Cyber attacks are already considered a threat to international stability, peace and security. For more than two decades, regardless of the efforts to attribute cyber attacks to particular states, there is no practise on how to hold incriminated states accountable. Previous attempts to attribute cyber attacks to specific states failed due to lack of technical proof. While cyberspace is accessible to governments, non-state organizations, private enterprises and individuals it is easy to disguise the origin of an operation. However, reliable identification and attribution of cyber activities is particularly difficult. Internet enables anonymity more than security. Therefore, this bottom-up process of tracking particular actors instead of host countries is rarely successful. Recently, the discussions regarding cyber attribution took a new approach to the problem. Jason Healey shared the idea to look into cyber attribution as a top-down policy issue with nations held responsible for major attacks originating from their territory or conducted by their citizens. For national security policymakers, he says, knowing “who is to blame?” can be more important than “who did it?”. Considering this approach, the problem question of this paper appears - although cyber attacks are becoming an increasing problem of national security, the state is not able to find appropriate mechanisms to define responsibilities for the attacks even if failure of responsibility attribution may minimize the efficiency to respond to cyber threats. The main objective remains to determine the conditions and circumstances in which the state is responsible for the committed cyber attack and to assess whether the existing rules of international law are sufficient to provide the framework for the responsibility fixation. “Top-down” approach proposes a spectrum of state responsibility which helps to assign responsibility for a particular attack or campaign of attacks to the particular state. This spectrum, developed by J. Healey, allocates a different degree of responsibility, based on whether attacks ignored, encouraged, supported or conducted by national governments. In order to confirm this, paper introduces a case study for previously completed cyber attacks. The government and military of China was accused by US for cyber-spying between 2006 and 2013. A report by a private security firm tied cyber attacks on US computers to Chinese military. By using states responsibilities spectrum China falls into two categories: “state-ordered” and “state-rogue-conducted” according to these analyses. However, there are several reasons why the national responsibility of attacks in cyberspace at US – China case was not allocated. Firstly, regardless continuous cyber attacks, none of the countries desired to start the escalation which could lead to an armed conflict with a possible use of kinetic power. Secondly, US, as well as the other Western countries, and China share a completely different view on sovereignty over cyberspace. Finally, cooperation is the key in order to reduce the number of cyber attacks. China strongly disagrees with most of the documents proposed to attribute national responsibility for any attacks in cyberspace. Cyberspace will remain insecure until nations will become more responsible for the actions they take in cyberspace, directly or indirectly, by using “third party” actors to mislead the international community. As the problem is growing, the resolution in regards to responsibility attribution is required. International law is becoming more and more adapted to consider illegal actions in cyberspace as any other illegal actions done by kinetic power. It is hopefully a near future scenario where the states’ attribution in cyber conflict will become a reality. |