Stuxnet vs WannaCry and Albania: Cyber-attribution on Trial
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14220%2F24%3A00136342" target="_blank" >RIV/00216224:14220/24:00136342 - isvavai.cz</a>
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S026736492400075X" target="_blank" >https://www.sciencedirect.com/science/article/pii/S026736492400075X</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.clsr.2024.106008" target="_blank" >10.1016/j.clsr.2024.106008</a>
Alternative languages
Result language
angličtina
Original language name
Stuxnet vs WannaCry and Albania: Cyber-attribution on Trial
Original language description
The cyber-attribution problem poses a significant challenge to the effective application of international law in cyberspace. Rooted in unclear standards of proof, evidence disclosure requirements, and deficiencies within the legal framework of the attribution procedure, this issue reflects the limitations of some traditional legal concepts in addressing the unique nature of cyberspace. Notably, the effective control test, introduced by the ICJ in 1986 and reaffirmed in 2007 to attribute the actions of non-state actors, does not adequately account for the distinctive dynamics of cyberspace, allowing states to use proxies to evade responsibility. The legal impracticality and insufficiency of the attribution procedure not only give rise to the cyber-attribution problem but also compel states to develop new attribution tactics. This article explores the evolution of these cyber-attribution techniques to assess whether contemporary state practices align with the customary rules of attribution identified by the ICJ and codified by the ILC within ARSIWA, or whether new, cyber-specific rules might emerge. By analyzing two datasets on cyber incidents and three distinct cases – Stuxnet, WannaCry, and the 2022 cyberattacks against Albania – this article concludes that the effective control test cannot be conclusively identified as part of customary rules within cyberspace due to the insufficient support in state practice. Furthermore, it is apparent that the rules of attribution in the cyber-specific context are in a disarray, lacking consistent, widespread and representative practice to support a general custom. However, emerging state practice shows some degree of unification and development, suggesting the potential for the future establishment of cyber-specific rules of attribution.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
50501 - Law
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2024
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computer Law & Security Review
ISSN
0267-3649
e-ISSN
0267-3649
Volume of the periodical
54
Issue of the periodical within the volume
September 2024
Country of publishing house
GB - UNITED KINGDOM
Number of pages
19
Pages from-to
1-19
UT code for WoS article
001262497400001
EID of the result in the Scopus database
2-s2.0-85197343750