International Law Studies


Adverse cyber operations against States are on the rise, and so are the legal challenges related to such incidents under public international law. This article will not delve into already intensely debated problems of classification, such as whether adverse cyber operations constitute “armed attacks” or “use of force.” Rather, the article will focus on causality and attribution with special regard to problems of evidence. In particular, the article will elaborate on the applicable standards of proof to be met by the victim State when submitting, or having to submit, evidence to justify self-defense or countermeasures against the State of origin. We propose a “sliding scale” of standards of proof depending on the gravity, or seriousness, of the deviation from public international law. Accordingly, the standard of proof differs depending on whether the victim State strikes back through use of force or through action below the use of force threshold. Importantly, even in light of a high standard of proof, the burden of proof incumbent on the victim State may be discharged based on indirect evidence only. Particularly for satisfying proof of attribution, we suggest distinguishing between cyber operations traceable to State IT systems of the State of origin and cyber operations traceable to private IT systems located within the State of origin. This distinction is significant with regard to the requirements for a rebuttal of attribution by the State of origin. These requirements are expressions of due diligence obligations on the part of the State of origin.