"State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem"
NWC faculty member Rich Andres published "State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem" with Scott Shackelford in the Georgetown Journal of International Law (Summer 2011, Vol. 42, No. 4). The essay argues that it has been difficult to define "state responsibility in cyberspace," in part because of the anonymity of cyber attacks. "Sponsoring States may, for example, incite groups to commit cyber attacks and then hide behind a (however sheer) veil of plausible deniability to escape accountability."
Andres and Shackleford examine potential legal regimes of State responsibility to help hold State sponsors of cyber attacks more accountable. They discuss options including control standards termed "effective control" and "overall control" of activities, as well as reviewing lesser-known standards including the "governmental awareness" and the "sliding scale" approach. The article then applies thesse various options for legal regimes to real examples of State sponsorship, from the Estonian cyber militia to cyber criminals in Africa, including instances of neutral States allowing their networks to be used for launching cyber attacks thus giving rise to problems of neutrality and distinction that is analyzed under the Law of Armed Conflict. The article argues for a flexible standard of State responsibility for cyber attacks incorporating elements of the various proposed standards.