International Responsibility of States for Cyberattacks against Countries’ Critical Infrastructure
Keywords:
international responsibility of states, cyberattacks, critical infrastructure, attribution, evidentiary standardsAbstract
Cyberattacks against countries’ critical infrastructure have become one of the most significant challenges of international law over the past two decades. Using a descriptive-analytical method, this article examines the international responsibility of states for such attacks. The research findings indicate that, despite the consolidation of the general principles of responsibility in classical law, establishing responsibility in cyberspace faces two fundamental obstacles: first, the difficulty of proving the attribution of attacks to states due to the intangible and transboundary nature of cyberspace, the possibility of identity falsification, and the use of non-state actors by states; and second, the absence of clear and uniform standards regarding the level of evidence required to prove cyberattacks. State practice in the cases of Stuxnet and attacks on Ukraine’s infrastructure shows that states often refrain from accepting responsibility and resort to a strategy of denial. If responsibility is established, its legal consequences include cessation of the wrongful act, reparation for damage, and countermeasures, each of which faces practical implementation challenges. Finally, the article presents proposals for drafting a comprehensive international treaty, establishing an independent body for investigating cyberattacks, and developing evidentiary standards.
References
Banks, C., & Riedl, J. (2022). Legal Requirements for Cybersecurity. Oxford University Press.
Brown, R. (2020). International cooperation in cyber evidence collection. Journal of International Law, 45(3), 112-135.
Brownlie, I. (2019). Principles of Public International Law (9th ed.). Oxford University Press.
Crawford, J. (2013). State Responsibility: The General Part. Cambridge University Press.
Dinstein, Y. (2017). War, Aggression and Self-Defence (6th ed.). Cambridge University Press.
Edwards, M. (2021). State practice in cyber operations. International Law Review, 38(4), 201-225.
Farahani, M. (2020). Countermeasures in cyberspace. International Law Journal, 24(3), 145-170.
Farajnia, S. (2022). Political and legal attribution in cyberspace. Strategic Studies, 21(4), 103-128.
Ghorbani, M. (2022). Practice of United Nations bodies in the field of cyberspace. United Nations and Law Journal, 15(4), 57-82.
Goldman, R. (2022). Dynamic interpretation in cyber law. Yale Journal of International Law, 47(1), 78-105.
Heidari, A. (2018). Attribution of conduct of state organs in cyberspace. Comparative Law, 11(2), 75-98.
Henry, P. (2020). Use of force in cyberspace. British Yearbook of International Law, 91(1), 156-182.
Hosseini, S. (2021). Digital evidence and evidentiary challenges in cyber disputes. Legal Journal, 36(4), 105-130.
Imani, M. (2019). Russian cyber attacks against Ukraine and challenges of international law. Comparative Law Research, 12(4), 89-110.
Jackson, T. (2021). Attribution challenges in cyber operations. American Journal of International Law, 115(3), 423-456.
Jafari, H. (2020). Elements of international responsibility of states in cyber attacks. Scientific-Research Journal of Constitutional Law, 17(34), 41-62.
Karami, A. (2019). Use of indirect instruments in cyber attacks. Law and Technology, 6(1), 35-58.
Khosravi, A. (2020). Judicial and state practice in cyber attacks. Law of Nations Journal, 20(4), 63-86.
Martinez, L. (2022). State responsibility in the cyber domain. European Journal of International Law, 33(2), 445-472.
Mirabbasi, S. B. (2019). Public International Law. Mizan.
Mohaddesi, A. (2020). Legal effects of the realization of responsibility in cyber attacks. Public Law Journal, 14(2), 87-110.
Mohammadinejad, H. (2019). Plausible deniability in cyber attacks. Legal Journal, 32(2), 73-96.
Moradi, A. (2019). Obligation to cease the wrongful act in cyberspace. Legal Research, 12(3), 45-68.
Muller, K. (2024). Digital sovereignty and international law. German Yearbook of International Law, 67(1), 89-116.
Naderi, M. (2021). The strategy of denial in state practice. Cybersecurity Studies, 7(3), 99-124.
Philipps, R. (2021). Evidentiary standards in cyber attacks. Stanford Journal of International Law, 57(2), 234-261.
Radsheld, C. (2022). Cyber International Law. Mizan.
Ranjbar, A. (2020). Evidentiary standards in international cyber law. International Legal Journal, 23(4), 89-112.
Rezaei, A. (2020). Evidentiary challenges in cyber attacks. Technology Law Quarterly, 8(2), 43-68.
Rezazadeh, M. (2019). Use of intermediary servers and attribution of cyber attacks. Law and Information Technology, 5(3), 77-100.
Richardson, S. (2021). Countermeasures in cyberspace. International & Comparative Law Quarterly, 70(3), 567-594.
Roscini, M. (2014). Cyber Operations and the Use of Force in International Law. Oxford University Press.
Salari, M. (2021). International cooperation in discovering cyber evidence. Law and Politics Journal, 17(3), 99-124.
Schmitt, M. N. (2021). Sovereignty in cyberspace. International Law Studies, 97(1), 112-138.
Sloan, R. (2023). Cyber responsibility and sovereignty. Columbia Journal of Transnational Law, 61(2), 178-205.
Taghizadeh, R. (2018). The Stuxnet cyber attack and international responsibility. Legal Journal, 29(2), 45-70.
Tsagourias, N. (2023). State Responsibility in Cyberspace. Cambridge University Press.
Vaezi, A. (2022). Digital evidence and its validation. Legal Research, 20(1), 105-130.
Wilson, T. (2022). Independent international body for cyber investigations. Georgetown Law Journal, 110(4), 789-816.
Zare, M. (2020). Control and direction in attribution of conduct to states. Public law, 12(1), 55-78.
Zarepour, N. (2021). Compensation for damage in cyber attacks. Private Law Research, 9(2), 119-144.
Zemanek, K. (2018). State responsibility and cyber attacks. In Max Planck Encyclopedia of Public International Law. Oxford University Press.
Ziaei Bigdeli, M. R. (2019). Public International Law. Ganj-e Danesh.
Downloads
Published
Submitted
Revised
Accepted
Issue
Section
License
Copyright (c) 2025 Kiana Abdi
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
