State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem 42 Georgetown Journal of International Law 2010-2011

42 Geo. J. Int'l L. 971 (2010-2011)
State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem

handle is hein.journals/geojintl42 and id is 979 raw text is: STATE RESPONSIBILITY FOR CYBER ATTACKS:
COMPETING STANDARDS FOR A
GROWING PROBLEM
ScorrJ. SHACKELFORD & RICHARD B. ANDRES*
At a time in which the unchecked sovereign authority of States is being
challenged across many arenas, State responsibility remains a key component of
international security. However, defining State responsibility in cyberspace has
proven to be difficult given both the speed and anonymity of cyber attackers.
Sponsoring States may, for example, incite groups to commit cyber attacks and
then hide behind a (however sheer) veil of plausible deniability to escape
accountability. This Article analyzes potential legal regimes of State responsibil-
ity to help hold these State sponsors of cyber attacks more accountable, including
the effective and overall control standards. Other lesser-known standards are
also reviewed, including the governmental awareness and the sliding scale
approach. These regimes are then applied to real examples of State sponsorship,
from the Estonian cyber militia to cyber criminals in Africa, including instances
of neutral States allowing their networks to be used for launching cyber attacks
thus giving rise to problems of neutrality and distinction that is analyzed under
the Law of Armed Conflict. The Article concludes by arguing for the adoption of
a flexible standard of State responsibility for cyber attacks given the extreme
difficulties involved with proving the identity of cyber attackers.
TABLE OF CONTENTS
I. INTRODUCTION ......................................... 972
* Scott J. Shackelford is an Assistant Professor of Business Law and Ethics at Indiana
University, Kelley School of Business. He is a graduate of Stanford Law School, a Ph.D. candidate
in international relations at the University of Cambridge, and author of the forthcoming book
Cyber Peace: Countering Cyber Attacks in International Law, Business, and Relations, being published by
Cambridge University Press. He wishes to thank his lovely wife, Emily, for all of her help and
support, as well as his colleagues at Indiana University for their helpful comments including David
Fidler and Fred Cate. He would also like to thank Evan Sarosi for his invaluable research support
throughout this project, as well as the Indiana University Center for International Business
Education and Research, the Center for Applied Cybersecurity Research, the Boren fellowship
program, and the fantastic staff at the Institute for National Security Studies. Dr. Richard B.
Andres is Professor of National Security Strategy at the U.S. National War College, and Senior
Fellow and Chair of EESP at the Institute for National Strategic Studies at National Defense
University. The views expressed in this article are those of the author and do not necessarily
represent the official policy or position of the U.S. government. @ 2011, ScottJ. Shackelford and
Richard B. Andres.

971

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter