State Responsibility Of Cyber Attacks From The Perspective Of International Law

The rule of state responsibility has been established for a long period,as the subject of international law,states enjoy rights under international law,while shall assume obligations correspondingly.States shall be responsible for international wrongful act within its jurisdiction that can be attributable to it.According to the Draft Articles on Responsibility of States for Internationally Wrongful Acts,with Commentaries 2001 compiled by the international law committee,if an action or omission is attributable to the state under international law and consists of a breach of international obligation of the state,then the state of such shall be responsible for such acts or omissions.The establishment of rules of state responsibility promotes states to better comply with international law and meanwhile providing the victim state with indemnification,which effectively safeguards international peace and security.With the development of social society and technology,network gradually becomes an integral part of both work and daily life.Due to the anonymity,convenience and low cost of the network,cyber attacks have been regarded by state and non-state actors as a new way of conducting attacks.In April 2007,Estonia suffered a protracted cyber attack,and its internet was paralyzed by a large number of botnets from around the world.In August 2008,governmental and news sites of Georgia were hacked by hackers for denial of service(Do S).In January 2009,both the websites of Defense Forces and the discount banks in Israel were hacked by denial of service attacks,and other sites have been affected as well.The Snowden incident shocked the world in 2013 and pushed the network security issues to a new level.The international community condemned American prism plan,at the same time increasingly realized the enormous lethality and destructiveness of cyber attacks.Cyber attacks pose new challenges to the current rules of state responsibility.That cyber attacks constitute breaches of international obligations and are attributable to a state are two conditions for a state to bear such responsibility.Due to the versatile effects of cyber attacks and the absence of notion of “use of force” and “armed attack” under international law,it is difficult if not impossible to discern whether a cyber attack qualifies as use of force or an armed attack.The anonymity of cyber attacks and difficulty of reserving evidence add difficulty of attributing cyber attacks to a state.Some scholars even suggest developing new rules to regulate state responsibility for cyber attacks.There are few studies on state responsibility for cyber attacks.Current studies mainly focus on the application of the law of war in cyber attacks.Few academic articles discuss the attribution rules of cyber attacks,but do not involve related issues such as burden of proof,standard of proof and probative force.This paper aims to explore the state responsibility of cyber attacks,and analyze the illegality of network attacks and the attribution of cyber attacks.This paper aims to address the topic of state responsibility for cyber attacks,discuss the illegality and attribution of cyber attacks in details.The main research methods of this paper are case analysis,literature analysis and comparative study.On the one hand,this paper summarizes the standards used by international jurisdictional institutions of use of force and armed attacks,also the attribution rules of cyber attacks by analyzing a large number of related cases.On the other hand,single out the most appropriate rules for cyber attacks by comparing different standards,views and suggestions from scholar works and academic articles.The paper consists of four parts:The first part is a general overview of the current state responsibility of cyber attacks.Through the review of historical cyber attacks,first summarize the concept and the characteristics of network attacks.Then,it discusses the theoretical basis of the state responsibility of cyber attack.As the subject of international law,while a state enjoys rights,it shall be responsible for internationally wrongful act that can be attributable to it.Therefore,a state will not be held responsible for cyber attacks unless the cyber attack is demonstrated to be internationally illegal and can be attributed to the state.The second part discusses the illegality of cyber attacks.Cyber attacks are divided into three categories,those constitute use of force,those constitute armed attacks and those below the threshold of use of force based on the severity of the consequences.Thanks to the absence of definition of use of force and armed attacks in both international treaty law and customary international law,there has been a heated dispute over the two notions for a long time.Based on the draft history of international treaties and judgments of international judicial institutions in related cases,this paper endeavors to explore the definition of the use of force and armed attacks,and further discusses the identification standards.For those below the standard of use of force areleft to the principle of non-interference and the principle of sovereignty.The third part discusses the attribution of cyber attacks.There has always being a debate over the "effective control" and "overall control" to determine whether a non-state actor's activities can be attributed to a state.The anonymity of cyber attacks makes it more difficult to determine the relationship between the individual and a state,thus the "actual control" standard is more appropriate in the context of cyber space.Factors such as the difficulty for the victim state to provide evidence,whether the cyber attack constitutes armed attack will not affect the principle of “he who claims produces evidence”.As different from domestic law,there is no clear standard of proof in international law.The standards of proof are usually established by international jurisdictional institutions on a case by case basis.This paper tries to figure out appropriate standard of proof for cyber attacks through comparative analysis of the existing standard of proof.In the end,this paper analyzes probative force of different evidence such as the written evidence,the official speech,the testimony of the witness,the consultation and the expert advice and the electronic evidence.The fourth part is the summary of the whole article.It is significant to make new explanations to the existing rules concerning state responsibility to solve the state responsibility over cyber attacks.Cyber attacks could constitute armed attack,violate the principle of non-use of force,the principle of non-intervention and the principle of state sovereignty.It is possible to contribute cyber attacks to a state in theory,but the possibility is minor due to the technology limitation.