- Wednesday, March 27, 2019 at 12:10PM - 1:30PM
- SLB Room 120
- Open To The Yale Community
- Add to Calendar:
The Law & Politics of Cyberattack Attribution
Attribution of cyberattacks requires stripping away anonymity in cyberspace and identifying those responsible for bad acts, prominently including states. But the difficult technical side of attribution is just the precursor to highly contested legal and policy questions about who, when, and how to accuse governments of responsibility for cyberattacks. Although politics may determine whether attributions are made public, this Article argues that public attributions of cyberattacks to states should be legally grounded. Instead of blocking the development of evidentiary standards for attribution, as the United States and United Kingdom are currently doing, states should establish an international law requirement that public attributions must include sufficient evidence to enable cross-checking of the accusations. This functionally defined standard harnesses both governmental and non-governmental attribution capabilities to shed light on states’ actions in cyberspace, and understanding state practice is a necessary precondition to establishing norms and customary international law to govern state behavior. Moreover, setting a clear evidentiary standard for attribution in the cybersecurity context has the potential to clarify the currently unsettled general international law evidentiary rules as well. The Article also engages debates about institutional design for cyberattack attribution. Companies and think tanks have made several recent proposals for an international entity to handle attribution of state-sponsored cyberattacks. Although these proposals have much to recommend them, the Article argues that such an entity should supplement, not replace, the current decentralized system of attribution. Having a multiplicity of attributors—both governmental and non-governmental—yields a greater likelihood that public attributions will serve the goals that attributors aim to achieve, namely strengthening defenses, deterring further attacks, and improving stability in and avoiding conflict over cyberspace.
Kristen Eichensehr '08, is an Assistant Professor at UCLA School of Law. She writes and teaches about cybersecurity, foreign relations, separation of powers, and national security law. She received the 2018 Mike Lewis Prize for National Security Law Scholarship for her article, "Courts, Congress, and the Conduct of Foreign Relations." Before joining the UCLA faculty, Eichensehr clerked for Justices Sandra Day O’Connor and Sonia Sotomayor of the Supreme Court of the United States.