The workshop will investigate the legal and political backdrop to discussions surrounding the question of developing new attribution or accountability mechanisms for international cyber operations. Arguably, existing international rules and institutions do not fully capture the special challenges posed by cyber operations in terms of their modus operandi (e.g., extensive reliance of private actors), the related forensics (e.g., decoys, time-delayed logic bombs etc), and the general lack of transparency of the field, and, as a result, it is characterised by low levels of norm-compliance and accountability. The workshop would try to unpack some of the central legality and accountability challenges by examining the adequacy of the international rules of state responsibility to address cyber operations, the increased tendency to develop collective attribution statements, positions and sanctions, and the reasons for opposition and support by different groups of states for developing new attribution institutions. On the basis of such discussions, questions of feasibility, desirability and possible contours of a new attribution or accountability mechanism for international cyber operations will be revisited.
10:05-11:30 – Panel I – International for Cyber Operations
Discussant: Yaël Ronen, The Hebrew University of Jerusalem (Presentation)
Chair: Paul Ducheine
Are international law rules on state responsibility suitable to address the particular challenges posed by the need to attribute cyber-operations to states? In particular, how do the rules deal with situations of chronic uncertainty, the role of private actors and states’ due diligence obligations? What reforms, if any, in the rules of state responsibility should be considered? What is the relationship between the political and legal dimensions of attribution?
11:30-11:45 – Coffee Break
11:45-13:15 – Panel II – Collective Attribution for Cyber Operation
Discussant: Isabella Brunner, Bundeswehr University Munich (Presentation)
Chair: Harriet Moynihan
Is it possible to identify a trend towards collective attribution at the international level? Is collective attribution likely to develop as an ad hoc practice, or through existing international mechanisms? Is there a role for a new attribution mechanism in this regards? To what extent does collective attribution rely on consensus around the law governing cyber operations and state responsibility? Is there a role for private actors in facilitating collective attribution? What has been the impact of previous attempts to engage in collective attribution?
13:15-14:15 – Lunch (SNF Floor)
14:15-15:45 – Panel III – Lessons Learned from Other Attribution Mechanisms
Discussants: Dan Efrony, The Hebrew University of Jerusalem & Jack Kenny, The Hebrew University of Jerusalem (Presentation)
Chair: Paul Ducheine
What features should an international attribution machinery develop? How can such an initiative take off the ground? Is the new Microsoft International CyberPeace Institute an element of a new international attribution architecture are there are other noteworthy initiatives? What are the considerations that would make any such mechanism politically feasible? role does international law have to play in developing new mechanisms and how can transparency in attribution be enhanced?
15:45-16:00 – Coffee Break
16:00-17:30– Concluding Panel – The Political Feasibility of new Mechanisms
Chairs: Paul Ducheine, University of Amsterdam & Yuval Shany, The Hebrew University of Jerusalem
What should be the next steps for states and technology companies to pursue in order to increase accountability in cyberspace? What should be the next steps for researchers working in the field?
17:30 – Dinner at Aubaine Mayfair – 31 Dover St, Mayfair, London