Research On The Application Of Cyber Attack In Article 8 Of ASR

As a responsibility rule to regulate the behavior of the state in the world and effectively protect the rights of states,state responsibility has special historical significance and value.With the improvement of the international court of justice practice,In 2001,the international law commission adopted the second reading of the draft articles on the responsibility of states for internationally wrongful ACTS(ASR).In this draft,the international wrongful act of a state,the content of the international responsibility of a state,the performance of the international responsibility of a state and general provisions are stipulated to systematically identify the responsibility of the state and safeguard the rights and interests of the injured state.Nowadays,the rapid development of network technology not only enriches our lives,but also becomes a tool to threaten our security.The main manifestation is that some countries have suffered or have suffered cyber attacks this new way of attack.In2007 Estonia was hit by widespread cyber-attacks that crippled the Internet;In 2008,Russia used cyberattacks in its armed conflict with Georgia to cut off the government's access to its people;In 2010,stuxnet destroyed about 1,000 centrifuges used in Iran's nuclear program;In 2014,a stylized skull with skeletal fingers flashed on the computer of every SONY pictures entertainment employee.Accompanying the skull was a message that a group known as guardians of peace had obtained all ofSONY's internal data and would release it,unless the studio canceled an upcoming comedy,the interview.These attacks are not only a threat to the national network security,but also a strong blow to the normal functioning of the country.The determination of state responsibility not only requires the violation of international law,but also requires the attribution rule to identify the perpetrators of such ACTS as belonging to the state.At present,most cyber attacks present the identity of the attackers as hackers or individuals and organizations,while international law does not generally regulate the behavior of individuals,only when there is a connection between an individual act and the state can an individual act be attributed to the state in accordance with article 8 of the ASR.Currently,the ICJ and the ICTY have set two standards for command and control under article 8 ASR,namely,the effective control standard and the overall control standard.However,it is difficult to attribute the cyber attack to the country,because of the secrecy of the network it is difficult to identify the attacker,or even if the attacker's address is found,the relationship between the attacker and the state cannot be determined,that is,the behavioral attribution cannot be made according to the control standards determined by international jurisprudence.Because the standard in the international jurisprudence itself is set according to the traditional way of force attack under the premise of strict attribution,when faced with the new way of attack such as cyber attack,the traditional rules are naturally challenged.This paper is divided into four chapters.The first chapter deals with the general issues of article 8 ASR,including the historical evolution of the articles on state responsibility and article 8 thereof,the provisions of article 8 ASR and the commentary of the international law commission.Most important are the criteria for effective control established by the ICJ and the criteria for overall control established by the ICTY.Article 8 ASR is arguably the most important article on attribution of state responsibility,and it is also the most important article to attribute cyber attacks to state responsibility based on the specific situation of current cyber attacks.Therefore,in the first chapter,this paper introduces in detail the historical evolution and specific provisions of article 8 of the ASR,aswell as the comments made by the international law commission on the very important application of state responsibility and a wealth of international court cases.The second chapter introduces the cyber attack and analyzes the attribution of Estonian cyber attacks by selecting the earlier and more influential cyber attacks and applying the constitutive elements theory of state responsibility.The purpose of this chapter is to introduce the problems and difficulties in the attribution of network attack under the current rules through examples.At present,the definition of cyber attack has not been defined uniformly.Although the use of cyber attack in academic circles is not uniform,it still reflects the specific definition of cyber attack.The types of network attacks are also very diverse,and due to the complexity of the network itself,there will be a trend of more diverse and complex types in the future.The types listed in this paper are to better explain the concrete manifestation of the relatively abstract and fresh concept of network attacks.Finally,based on the introduction of the cyber attack in section 1,this paper analyzes which cyber attack may be applicable to article 8 of the ASR.The constitutive elements of state responsibility include the violation of obligations under international law and the circumstances under which the act will be attributed to the state.However,as the object of this paper is attribution problem,the analysis of illegality in second section adopts hypothesis theory under reasonable premise.Then the section focus on the effective control standards of the ICJ and the comprehensive control standards of the ICTY to analyze whether the cyber attack in Estonia can be attributed to Russia.The third chapter is based on the analysis of the events in the second chapter,summarizes the causes of the the existing problems of the attribution criteria.First of all,the technical attribution dilemma is the direct cause of the legal attribution dilemma.Because of the complexity of the network and the concealability of the identity,it is extremely difficult to identify the identity of the attacker and determine its connection with the country.Some schol ASR even believe that the technical attribution dilemma is unsolvable.This has brought great challenges to legalattribution,which has led to the controversy of maintaining effective control over this high standard and lowering attribution standard.The fourth chapter provides some Suggestions and measures for the application of high or low standards of attribution.In order to solve the attribution dilemma,the high and low attribution standards can be determined by distinguishing different responses of victim countries to cyber attacks.If the victim state attempts to respond by activating the right to self-defense,the attribution at this time should apply the high standard of effective control,because it is necessary to prevent the victim state from exercising the right to self-defense or implementing countermeasures to further escalate the situation and maintain Internet security and regional stability.If the victim country is seeking positive cooperation in response to the cyber attack,the attribution standard can be lowered and the theory of strict liability can be applied to better find the attacking country and impose sanctions on the attacking country to punish such illegal behavior.Secondly,there are currently cyber attacks as the tools of general force attacks.With the phenomenon of force attacks,the behavior of cyber attacks can be attributed to the country based on the time point of force attacks.Although this is not a perfect method,it lowers the standard of attribution of cyber attack,and can help the injured state to identify the responsible state,and then seek a cooperative way to solve the cyber attack conflict.