Public Attribution in Cyberspace: Symbolic Gesture or Strategic Weapon?
Downloads
States have developed multiple defensive approaches, but deterrence has emerged as a central element of cyber strategy. Public attribution (the official act of publicly identifying the actor responsible for a cyber operation) has become a widely used instrument, particularly among NATO and EU members, despite its high political and technical costs. This paper examines the relationship between public attribution and deterrence, with reference to five recognized forms: punishment, denial, entanglement, norms, and association. Using recent data and selected cases, the analysis shows that public attributions can sometimes generate tangible outcomes (e.g., sanctions, indictments, or defensive improvements), while in other cases they produce little deterrent effect. Nonetheless, the value of public attribution should not be measured solely by utilitarian efficiency, but also through the principled lens of international law and normative signaling. Even when immediate effects are absent, attribution reaffirms international norms, imposes reputational costs, and prevents the normalization of hostile behavior in cyberspace.
Downloads
M. Elgan, "A decade of global cyberattacks, and where they left us," IBM, 9 July 2024. [Online]. Available: https://www.ibm.com/think/insights/decade-global-cyberattacks-where-they-left-us. [Accessed 2 September 2025].
A. Alageel and S. Maffeis, "Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures," Computer Science, 2025.
N. Ibrahim, N. Rajalakshmi and K. Hammadeh, "Exploration of Defensive Strategies, Detection Mechanisms, and Response Tactics against Advanced Persistent Threats APTs," Nanotechnology Perceptions, vol. 20, no. 4, pp. 439-455, 2024.
R. L. Kugler, "Deterrence of cyber attacks," Cyberpower and national security, vol. 320, pp. 309-340, 2009.
D. Tran, "The Law of Attribution: Rules for Attribution the Source of a Cyber-Attack," Yale JL & Tech, vol. 20, p. 376, 2018.
A. Schmidt, "The Estonian Cyberattacks," in The fierce domain - conflicts in cyberspace 1986-2012, Washington, D.C., Atlantic Council, 2013.
F. Nasir and R. Sohail, "State, Surveillance, and Cyberspace: An Intelligence Analysis of Operation Aurora," Social Science Review Archives, vol. 3, no. 2, 2025.
S. Goel, "How improved attribution in cyber warfare can help de-escalate cyber arms race," Connections , vol. 19, no. 1, pp. 87-95, 2020.
J. S. Nye, "Deterrence and Dissuasion in Cyberspace," International Security, vol. 41, no. 3, p. 44-71, 2017.
C. Lu and L. Zhang, "A Chinese Perspective on Public Cyber Attribution," China Quarterly of International Strategic Studies, vol. 8, no. 1, pp. 61-77, 2022.
N. J. Ryan, "Five Kinds of Cyber Deterrence," Philosophy & Technology, vol. 31, p. 331-338, 2018.
FBI, "APT 41 GROUP," 3 September 2020. [Online]. Available: https://www.fbi.gov/wanted/cyber/apt-41-group. [Accessed 21 September 2025].
FBI, "APT 10 GROUP," 7 December 2018. [Online]. Available: https://www.fbi.gov/wanted/cyber/apt-10-group. [Accessed 21 September 2025].
FBI, "APT 40 CYBER ESPIONAGE ACTIVITIES," 24 November 2020. [Online]. Available: https://www.fbi.gov/wanted/cyber/apt-40-cyber-espionage-activities. [Accessed 21 September 2025].
F. Egloff and A. Wenger, "Public Attribution of Cyber Incidents," CSS Analyses in Security Policy, vol. 244, 2019.
J. R. Lindsay, "Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack," Journal of Cybersecurity, vol. 1, no. 1, pp. 53-67, 2015.
F. J. Egloff and M. Smeets, "Publicly attributing cyber attacks: a framework," Journal of Strategic Studies, vol. 46, no. 3, pp. 502-533, 2021.
European Repository of Cyber Incidents, "Attribution Tracker," [Online]. Available: https://eurepoc.eu/attribution-tracker/. [Accessed 20 September 2025].
S. Romanosky and B. Boudreaux, "Private-Sector Attribution of Cyber Incidents: Benefits and Risks to the U.S. Government," International Journal of Intelligence and CounterIntelligence, vol. 34, no. 3, pp. 463-493, 2021.
G. Baram, "Cyber Diplomacy through Official Public Attribution: Paving the Way for Global Norms," International Studies Perspectives, 2024.
R. Gottemoeller, K. Hedgecock, J. Magula and P. Poast, "Engaging with emerged and emerging domains: cyber, space, and technology in the 2022 NATO strategic concept," Defence Studies, vol. 22, no. 3, pp. 516-524, 2022.
M. Grigutytė, "Microsoft Exchange zero-day vulnerability: What do you need to know?," NordVPN, 7 April 2024. [Online]. Available: https://nordvpn.com/blog/microsoft-exchange-exploits/. [Accessed 26 September 2025].
Microsoft 365 Security; Microsoft Threat Intelligence, "HAFNIUM targeting Exchange Servers with 0-day exploits," 2 March 2021. [Online]. Available: https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/. [Accessed 26 September 2025].
Foreign, Commonwealth & Development Office; National Cyber Security Centre; The Rt Hon Dominic Raab, "UK and allies hold Chinese state responsible for a pervasive pattern of hacking," 19 July 2021. [Online]. Available: https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking. [Accessed 26 September 2025].
BBC, "China says Microsoft hacking accusations fabricated by US and allies," 20 July 2021. [Online]. Available: https://www.bbc.com/news/world-asia-china-57898147. [Accessed 26 September 2025].
Department of Justice, "Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians," 25 March 2024. [Online]. Available: https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived. [Accessed 26 September 2025].
Ministère de l'Europe et des Affaires étrangères, "Russia - Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (April 29th, 2025)," 29 April 2025. [Online]. Available: https://www.diplomatie.gouv.fr/en/country-files/russia/news/2025/article/russia-attribution-of-cyber-attacks-on-france-to-the-russian-military. [Accessed 26 September 2025].
Secrétariat général de la défense et de la sécurité nationale, "National Strategic Review," 2025. [Online]. Available: https://www.sgdsn.gouv.fr/files/files/Publications/20250713_NP_SGDSN_RNS2025_EN_0.pdf. [Accessed 26 September 2025].
P. Madhiraju, "France says Russia-backed APT28 hackers targeted Olympic networks and government systems," 1 May 2025. [Online]. Available: https://business-news-today.com/france-says-russia-backed-apt28-hackers-targeted-olympic-networks-and-government-systems/. [Accessed 26 September 2025].
A. Waldman, "Mandiant upgrades Sandworm to APT44 due to increasing threat," 17 April 2024. [Online]. Available: https://www.techtarget.com/searchsecurity/news/366581178/Mandiant-upgrades-Sandworm-to-APT44-due-to-increasing-threat. [Accessed 26 September 2025].
Cybersecurity and Infrastructure Security Agency, "New Sandworm Malware Cyclops Blink Replaces VPNFilter," 23 February 2022. [Online]. Available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-054a. [Accessed 26 September 2025].
