Open AccessPUBLIC ATTRIBUTION OF CYBERATACS BY EU MEMBER STATES AND THE APPLICATION OF CYBERSANCTIONS BY THE UNION TO CYBERATTACKS THREATENING THE UNION OR ITS MEMBER STATES
Author(s) -
Олена Олексіївна Сурілова
Publication year - 2021
Publication title -
pravova deržava
Language(s) - English
Resource type - Journals
ISSN - 2411-2054
DOI - 10.18524/2411-2054.2021.43.241005
Subject(s) - sanctions , attribution , member state , european union , political science , secrecy , law and economics , state (computer science) , law , diplomacy , member states , public relations , business , international trade , politics , economics , social psychology , psychology , algorithm , computer science
The article examines the issue of public attribution of cyberattacks threatening the European Union or its Member States, and effectiveness of the adopted «cyber diplomacy toolbox» within the Framework for a joint EU diplomatic response to malicious cyber activities. Since public attribution of cyberattacks is a sovereign political decision, which differs from legal attribution for the purpose of invoking state responsibility under Articles on State Responsibility for Internationally Wrongful Acts, author defines the rationale behind decisions to attribute or not to attribute cyberattacks to a particular state by examples of the Netherlands and France. While the Netherlands insist on deterrent effect of public attribution, France believes in the effectiveness of attribution provided to the allege wrongdoer by diplomatic channels.In the article, the effectiveness of cybersanctions implemented at Union level against a limited range of cyberattacks threatening the Union or its Member States was also under assessment. Article concludes that imposition of targeted sanctions in conjunction with sectoral sanctions will increase sanctions` purposes to coerce, constrain, and to signal.However, nowadays only targeted sanctions against individuals and legal entities are foreseen by the EU`s decision. At the same time, this fact does not exclude the possible application of sectoral sanctions against the most serious cyberattacks against EU` or its member states` infrastructure.Finally, the article justifies the possibility of using attribution reports prepared by the private sector to include individuals in the sanctions list if the attribution of Member States is based on intelligence that they do not wish to disclose. Moreover, malicious cyberoperations affect not only states`, but also private sector`s, interests. Private IT and cybersecurity companies thus have a chance to prove their ability to produce detailed and reliable reports on attribution of cyberoperations. Author is convinced both centralized (governmental) and decentralized (private) attribution of cyberattacks is necessary for correctness of findings.