Beyond Naming and Shaming: Accusations and International Law in Cybersecurity

  title={Beyond Naming and Shaming: Accusations and International Law in Cybersecurity},
  author={Martha Finnemore and Duncan B. Hollis},
  journal={European Journal of International Law},
Accusations of bad state behaviour in cyberspace are proliferating, yet this increase in naming has not obviously produced much shame. Accused states uniformly deny the accusation or decline to comment, without changing behaviour. For international lawyers, the problem is compounded by the absence of international law in these charges. States are not invoking international law when they complain of other states’ behaviour, suggesting the law is weak – or worse, irrelevant – in holding states… 
Public attribution of cyber intrusions
The article examines the use of public attribution as a political strategy for attaining specific political effects beyond the dyadic attacker–victim relationship, including shaping the operational and normative environment of cyber operations, with the potential to exert an independent deterrent effect.
Advancing cyber diplomacy in the Asia Pacific: Japan and Australia
ABSTRACT The stability in the cyber domain is rapidly deteriorating on several fronts marked by increasing sophistication of cyberattacks, declining consensus on global internet governance and
Contested public attributions of cyber incidents and the role of academia
ABSTRACT Public attributions of cyber incidents by governments and private industry have become prevalent in recent years. This article argues that they display a skewed version of cyber conflict for
Between Strategic Autonomy and International Norm-setting: The EU’s Emergent “Cyber-Sanctions” Regime
According to the 2016 EU Global Strategy (EUGS), today’s world is characterised by an increased strategic competition and rising threats to multilateralism and a rules-based order. In this fast
The unexpected norm-setters: Intelligence agencies in cyberspace
To prevent the hollowing-out of cyber regulation efforts, the norm-setting role of intelligence actors should be taken into account when designing cyber norms.
The Missing Component in Deterrence Theory: The Legal Framework
This chapter takes the starting point that the power to deter consists of three components: (physical) capacities, concepts (strategy, plans, decision-making procedures) and will (moral,
Publicly attributing cyber attacks: a framework
This article describes the "grey area" that exists between when states publicly attribute cyber intrusions and when they do not, and what should be done about it.


An International Legal Framework for Surveillance
Edward Snowden’s leaks laid bare the scope and breadth of the electronic surveillance that the U.S. National Security Agency and its foreign counterparts conduct. Suddenly, foreign surveillance is
It is suggested that within the context of a youth-services agency using a mobile application, which involves a combination of social media and traditional media, is more beneficial than either of the alternatives.
In the last year, moreover, several States have issued statements offering general views on how international law applies to cyberspace
  • One exception is the accusations surrounding GRU cyber-operations against the OPCW, WADA, and other targets
Decentralized Cyberattack Attribution', 113 AJIL U (2019) 213. For Eichensehr's argument that decentralized attribution should continue, see Eichensehr
  • The Law & Politics of Cyberattack Attribution', 67 UCLA Law Review
  • 2020