Sovereignty and Cyber Attacks: Technology's Challenge to the Law of State Responsibility 14 Melbourne Journal of International Law 2013

14 Melb. J. Int'l L. 496 (2013)
Sovereignty and Cyber Attacks: Technology's Challenge to the Law of State Responsibility

handle is hein.journals/meljil14 and id is 506 raw text is: SOVEREIGNTY AND CYBER ATTACKS:
TECHNOLOGY'S CHALLENGE TO THE LAW OF STATE
RESPONSIBILITY
PETER MARGULIES*
Cyber threats pose fresh challenges to sovereignty and to international law on state
responsibility. In addressing kinetic attacks, international law defines state responsibility
narrowly. A party asserting that a state is responsible for a kinetic attack must comply with the
'effective control' test adopted by the International Court of Justice in the Military and
Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America) decision
or, at the very least, with the 'effective control' test adopted by the International Criminal
Tribunal for the Former Yugoslavia in Prosecutor v Tadic. Driven by concerns about the risks of
escalation, the International Law Commission's (ILC) Draft Articles on Responsibility of
States for Internationally Wrongful Acts hardened this narrow approach. The recently published
Tallinn Manual on the International Law Applicable to Cyber Warfare ('Manual) tracks the
ILC's analysis. While the Manual is an exceptionally valuable effort to apply lex lata to the fluid
cyber realm, caution may not serve international law in this context. Cyber reflects what I call
'attribution asymmetry': cyber threats from private groups assisted by states are both more
difficult to trace than kinetic attacks for victims and easier to control for the state providing the
assistance. Because of this asymmetry, the international law on state responsibility for kinetic
attacks does not adequately address the issue of cyber attacks. A test of virtual control would be
more effective, imposing responsibility on a state that has provided financial or other assistance
to private groups. The virtual control test would deter states from using private groups to
engineer plausible deniability. This heightened deterrence provides a more useful template for
the development of international law in the cyber domain.
CONTENTS
I In tro d u c tio n .......................................................................................................... 4 9 7
II T ypes of C yber A ttacks ........................................................................................ 50 1
A D D o S A ttack s ........................................................................................... 50 1
B Undermining Operating and Control Systems .......................................... 502
III The Challenges of Technical A ttribution .............................................................. 502
IV Cyber Attacks, Kinetic Attacks and International Law on State Responsibility... 504
A International Law: The US Position, the Draft Articles and the Cases ..... 505
B T he M anual's T ake .................................................................................. 507
V The Difference Cyber Makes: Critiquing the Manual .......................................... 508
A Neglecting a Broader Reading of International Case Law ...................... 508
B The D raft A rticles' Siren Song ................................................................. 509
C The W ages of Unduly Fine Distinctions .................................................. 510
D The D ifference C yber M akes ................................................................... 511
1 Critiquing the Manual's Caution on Use of State Infrastructure
for C yb er A ttack s ......................................................................... 5 11
2 Distinguishing Cyber from Kinetic Attacks: Attribution
A sy m m etry ................................................................................... 5 12
E S u m m a ry .................................................................................................. 5 14
VI An Alternative to the Manual: The Virtual Control Approach ............................. 514
BA (Colgate University), JD (Columbia University); Professor of Law, Roger Williams
University School of Law. I thank Maxine Kutner for her research assistance and
anonymous reviewers for comments on a previous draft.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter