Abstract
The Great Power Competition perpetuates the inability to reach a universal consensus on how to resolve normative ambiguity on the application of international law to cyberspace. Adhering to a strategy of ambiguity, the United States and its closest allies have been holding their rival States accountable for “irresponsible State behavior” in cyberspace, based on flawed legitimacy, as reflected in a weakened normative layer, and the national U.S. attribution process. Embracing collective attribution has not cured the flaws. The upshot is a poor framework for holding States accountable and an enduring vicious cycle. This article calls on the United States and its closest allies to break this vicious cycle by formulating an international “workable consensus” that underpins a three-tiered governance regime of “Triple I”: an International Cyber Law Convention, to ensure normative clarity; an International Cyber Security Initiative, as a cyber security arm to bolster deterrence through collaboration in defense and resilience; and a centralized International Cyber Attribution Mechanism that would produce a legitimate and credible claim for attributing responsibility to specific States. Acknowledging the obstacles and challenges, this regime could be established incrementally, garnering legitimacy over time. The International Cyber Attribution Mechanism ICAM would be prioritized, serving as the keystone for enhancing accountability and an important confidence-building measure for completing the entire governance regime.
html