Three tales of attribution in cyberspace: Criminal law, international law and policy debates
In this policy brief, Dennis Broeders, Els De Busser and Patryk Pawlak discuss attribution of in cyberspace from three different perspectives: criminal law, international law and policy.
In the relatively short history of attribution of cyber-attacks, states have used different paths. While many attributions are hidden from the scrutiny of public opinion, some states have also opted for more public forms of attribution through indictments under criminal law and political attributions - albeit with a very limited reference to international law and norms that have been violated. These different legal and political regimes however all have their own tale to tell in terms of their internal logic and rules. This policy brief aims to shed some light on how the different stages of the attribution process are addressed in criminal law, international law, and international policy.
About this policy brief
The policy brief is a joint publication from The Hague Program for Cyber Norms and EU Cyber Direct. The brief builds on ideas and opinions expressed during two workshops organized in The Hague in May 2019 and Brussels in September 2019. The workshop explored the different approaches to attribution from an international law, a criminal law and a policy perspective. The participating experts were from Europe, Asia, North and South America and had a background in international law, criminal law or policy.
You can download the policy brief here.