State Responsibility in the Cyber Age: The Course towards Indirect Evidence

  • Lucie Kadlecová
Keywords: attribution, state responsibility, indirect evidence, cyberspace, Russia, Georgia

Abstract

The problem of attributing responsibility for cyber-attacks is almost as old as cyberspace itself, yet it remains one of the most troublesome issues of that domain. It is often impossible to uncover direct evidence that would reveal the identities of the attackers. Investigators must therefore rely on other, more indirect avenues of proof. The aim of this exploratory study is to develop a basic categorisation of indirect evidence that can be used to attribute state responsibility for cyber-attacks in international relations. To do so, the article works with international legal concepts but transposes them into the analysis of international relations. The categorization of indirect proof is based on the Russian-Georgian conflict of 2008, which provides one of the richest arrays of this kind of evidence. The analysis identifies four kinds of indirect evidence: level of coordination, level of preparedness, state relations with the national hacker community, and state conception of cyber-security.

Author Biography

Lucie Kadlecová

born in 1989, is a researcher and Ph.D. candidate at Charles University in Prague, Czech Republic. She has recently been a visiting researcher on a Fulbright scholarship at the Massachusetts Institute of Technology in Cambridge, USA. Previously, Lucie worked at the National Cyber Security Centre of the Czech Republic and was a trainee in the Cyber Defence Section of the NATO Headquarters and the Cabinet of the Commissioner for Enlargement and European Neighbourhood Policy at the European Commission in Brussels. She holds an MA in International Peace and Security from the War Studies Department at King’s College London.

Section
Research Articles