Cyberattack Attribution and the Virtues of Decentralization

Publication Type: 
Other Writing
Publication Date: 
July 3, 2019

In the midst of rising tensions between the United States and Iran over tanker attacks and Iran’s downing of a U.S. drone, reports emerged that U.S. Cyber Command had launched a responsive cyber operation against a group linked to the Iranian Revolutionary Guard Corps. The following day, the Department of Homeland Security warned about “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.”

As cyber operations by both states heat up, non-governmental actors may play pivotal roles, not just as potential victims and collateral damage from states’ actions, but also as accusers of states. Non-governmental actors have attributed previous cyberactivities to Iranian-government linked actors and played an important role in investigating the Stuxnet attack on Iranian nuclear centrifuges. As I discuss in an essay published last week in the American Journal of International Law Unbound, non-governmental parties play an important role in the current decentralized system of publicly attributing cyberattacks to states.

Read the full post at Just Security