A fresh round of public attributions this spring — several routed through joint government advisories rather than press releases — has pushed the old question of state responsibility back to the center of the cyber-law debate.

Writing for the Atlantic Council's Cyber Statecraft Initiative, analysts noted that governments are increasingly willing to name the state they hold accountable while stopping short of the legal language that would trigger a formal countermeasure. That gap — between political attribution and legal attribution under the law of state responsibility — is precisely where the hardest questions live: when does a state's failure to police criminal actors operating from its territory become its own internationally wrongful act?

JLCW authors have wrestled with this directly. In the publication's Spring 2024 edition, the article "Sovereignty in Cyberspace on the Usurpation of Political Independence" examines how the sovereignty rule constrains — and fails to constrain — hostile operations that fall below the use-of-force threshold. The companion piece "Silicon Trenches: Use of Force in the Cyber Age" maps the same terrain from the jus ad bellum side.

For the full treatment of sovereignty and attribution, read Volume 9, Issue 2 of the Journal of Law and Cyber Warfare. – JLCW Staff Writers