A Study On State Responsibility Of Cyber Attacks In Peacetime

In this fast changing information age, cyber attack incidents have emerged in an endless stream. The fresh means, wide range, and heavy harm of cyber attacks have caught the attention of the academia and governments. This paper will not address the domestic aspect of criminal law, but will talk about state responsibility of inter-state cyber attacks from an international law perspective, based on the two elements of state responsibility as the basic framework, and discuss what kind of cyber attack will invoke the problem of state responsibility of a state. At the same time, aside from the special background related to wartime jurisprudence such as the armed conflict law and international humanitarian law, this paper will only address peacetime background as the starting point.Although the current international society lacks judicial cases related to inter-state cyber attacks, the analysis can be based on existing international law on Draft Articles on State Responsibility, the International Court of Justice cases, Tallinn Manual and authoritative scholars’ books and articles. It has affirmed the applicability of the rules of international law of state responsibility on cyber attack. Then the two elements of state responsibility are addressed separately, focusing on each element’s conditions and standards.From the view of the element of illegality, this paper makes use of the main existing international law principles, but not comprehensive of all basic principles, namely the principle of territorial sovereignty and territorial integrity, the principle of non-intervention, the prohibition of the use of force and the due diligence principle. In this paper, the principles applied in the network attack are more or less faced with a series of different obstacles from the traditional mode of attack problems, mainly concentrating in the application problem. In defining the boundaries of illegality, the reference of views of experts and scholars are compared and summarized, affirming the applicability of above principles in peacetime cyber attacks. Although specific boundaries remain controversial, each principle is discussed with specific method of application process and standards they may encounter.From the view of the element of attribution, the judgment of cyber attack attribution firstly needs some reasonable attribution rules as the basis, and then seek certain legal means of evidence to certain standard of proof to meet the attribution rule. The discussion of rules of attribution mainly focuses on the private subject which can cause state responsibility, because it is unquestionable conclusion that the state agency itself is attributable to a state. In the judgment of private subject attribution rules, this paper analyses from a historical perspective, and found a shift of responsibility from direct to indirect responsibility. After defining the attribution rules, it is necessary to discuss the allocation of the burden of proof, the reasonable standard of proof and certain legal means to prove that the attribution rules are met. Therefore, this paper discusses the key problem of evidence under the attribution problem.