State Responsibility for Cyber Attacks

The domestic and global implications of human society’s increasingly critical dependence on the Internet makes necessary the ability to deter, detect, and minimize the effects of cyber attacks. Today, NATO and the United States alike are at the point of determining how the governance of cyberspace should develop, including influencing the vector of the jus ad bellum from the very inception of the legal framework for cyberwarfare. The strategies and practices that are assumed in the short-term thus will greatly impact how this fast evolving body of law is shaped. There are currently two vying regimes for State responsibility under international law: the effective and overall control standards. Due to the technical difficulties with proving attribution for cyber attacks, along with the unreasonably high standards of proof imposed by the effective control standard, the overall control standard should be adopted. This has the benefit of holding accountable State sponsors of cyber attacks where there exists sufficient proof beyond a reasonable doubt, as opposed to beyond any doubt. Adopting the overall control standard for cyber attacks is thus both within the best interests of NATO and the international community.