Earlier this week, the U.S. Department of Justice unsealed an indictment accusing two men linked to China’s Ministry of State Security of a decade-long campaign of hacking dissidents, human rights activists, and a variety of private sector targets, including most recently entities working on COVID-19 treatments, tests, and vaccines. This cyberattack attribution follows on the heels of last week’s joint U.K., U.S., and Canadian advisory accusing Russian intelligence services of targeting COVID-19 vaccine development “with the intention of stealing information and intellectual property.” Both are part of an uptick in governmental attributions of state-sponsored cyberattacks over the last few years, including internationally coordinated attributions of the WannaCry attack to North Korea, the NotPetya attack to Russia, and October 2019 cyberattacks on Georgia to Russia.
But the relationship of these and other cyberattack attributions to international law is not well understood.
Attributions interact with international law in at least in two ways. First, cyberattack attribution announcements could explicitly say that particular cyberattacks violate international law. To date, however, attributions do not typically call out cyberattacks as international law violations. At most, they characterize cyberattacks as violations of international norms. In a press conference on the latest attribution, for example, Assistant Attorney General John Demers alleged, “state-sponsored theft of intellectual property and knowingly providing . . . safe havens for cyber crim ..
Support the originator by clicking the read the rest link below.
