Sat. Jun 3rd, 2023

Content Assessment: Who Did It? Developing Applicable Standards of Proof for Peacetime Cyber Attribution (CCDCOE)

Information - 91%
Insight - 90%
Relevance - 89%
Objectivity - 92%
Authority - 93%



A short percentage-based assessment of the qualitative benefit of the paper by the NATO CCDCOE on the topic of cyber attribution.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.

Background Note: Shared for the non-commercial educational benefit of cybersecurity, information governance, and eDiscovery professionals, this recently published Tallinn Paper may be useful for legal, business, and information technology professionals seeking a deeper understanding of cyber attribution. The Tallinn Papers are peer-reviewed publications of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). They are designed to inform strategic dialogue regarding cyber security within the Alliance and beyond. They address cyber security from a multidisciplinary perspective by examining a wide range of issues, including cyber threat assessment, domestic and international legal dilemmas, governance matters, assignment of roles and responsibilities for the cyber domain, the militarization of cyberspace and technical. Focusing on the most pressing cyber security debates, the Tallinn Papers aim to support the creation of a legal and policy architecture that is responsive to the peculiar challenges of cyberspace. With their future-looking approach, they seek to raise awareness and to provoke the critical thinking that is required for well-informed decision-making on the political and strategic levels.

Tallinn Paper from CCDCOE*

Developing Applicable Standards of Proof for Peacetime Cyber Attribution

Jeremy K. Davis

Paper Overview

In order to take countermeasures properly under customary international law, states must attribute the triggering internationally wrongful act to the perpetrator state accurately. International law tolerates no mistake or error in such attributions, in essence holding states to a standard of proof of “beyond reasonable doubt” for a countermeasure to be lawful. However, in the potentially more consequential context of self-defense — in which, unlike with countermeasures, military force is authorized — a notably less stringent standard of “reasonableness” applies and errors in attribution are accepted. The author proposes that standards of proof applicable to peacetime cyber attribution should be more stringent as the severity of the action in response increases. According to the new Tallinn Paper, a more balanced approach would subject attribution of internationally wrongful cyber operations giving rise to countermeasures to a preponderance of the evidence standard. At the same time, any response taken by a state in self-defense should require attribution based on clear and convincing evidence before it is deemed “reasonable”.

Read the original post.

Paper Introduction

Strained inter-state relationships and strategic competition are increasingly finding their expression in the cyberspace domain. The United States and Israel reportedly masterminded the 2009–2010 Stuxnet operation destroying centrifuges at the Natanz nuclear facility in Iran. Russia meddled in the 2016 and 2020 US presidential elections. North Korea perpetrated the 2017 WannaCry malware operation infecting hundreds of thousands of computers globally. The US, in 2019, allegedly disabled Iranian computer systems being used to plan attacks on oil tankers in the Persian Gulf. Russia conducted the 2020 SolarWinds malware operation that affected US government agencies and private sector companies.

States broadly agree that cyberspace is not a lawless void. Extant international law governs cyber activities whether one conceives of cyberspace as a warfighting domain or, more broadly, as a strategic domain. Calls to negotiate and conclude a new treaty governing cyber operations will likely be unsuccessful and, unfortunately, the two main forums aimed at achieving state consensus regarding how existing international law applies to state cyber activities – the United Nations Group of Governmental Experts (‘GGE’) and the United Nations Open-ended Working Group (‘OEWG’) – have so far yielded only tepid results. While the pursuit of broad international understanding concerning what constitutes lawful cyber activity remains ongoing, states are (or should be) examining the legal and policy parameters governing their pre-planned and anticipated responses to both lawful and unlawful hostile cyber operations.

To date, the GGE, the OEWG, and states in their official statements have focused on the conformity of state cyber operations with existing norms of international law. Primary rule questions such as when a cyber operation constitutes an armed attack and how the principle of proportionality applies to cyber operations will likely be answered either by ‘as is’ application of well-settled international law or through evolutionary changes to international law resulting from state interpretation. States have seemingly eschewed identifying the quantum of evidence necessary to validate their cyber attributions because questions of cyber attribution involve secondary rules of international law that are ‘notoriously underdeveloped even outside the cybersecurity context’.

This article adopts an international relations-based approach to standards of proof for cyber attribution, concentrating on the development of international norms of evidence applicable to state-on-state hostile cyber operations. This article will illuminate the lack of law on standards of proof for peacetime cyber attribution, discuss the complexities those missing standards introduce into the foreign relations calculus and propose discrete standards of proof that will provide a uniform frame of analysis by which to critique a victim state’s attribution and resulting response.

Complete Paper: Developing Applicable Standards of Proof for Peacetime Cyber Attribution (PDF) – Mouseover to Scroll

Jeremy K. Davis - Standards of Attribution

Read the original paper.

NATO Cooperative Cyber Defence Center of Excellence – Cyber Defence Library

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT and DALL-E2, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is a premier online publication renowned for providing essential insights and intelligence in the realms of cybersecurity, information governance, and legal discovery to professionals navigating these fields. As a leading source of information, the publication expertly combines original research with aggregated news to cater to a highly specialized audience. Committed to enhancing readers’ understanding of relevant topics, ComplexDiscovery stands as an impartial and comprehensive resource for exploring trends, technologies, and services associated with electronically stored information.

The driving force behind this influential publication is ComplexDiscovery OÜ, a technology marketing firm that excels in strategic planning and tactical execution for organizations operating within these sectors. Registered as a private limited company in Estonia, a global leader in digital advancements, ComplexDiscovery OÜ dedicates its primary focus to supporting the publication. The company capitalizes on its virtual presence to provide marketing consulting and services to a diverse array of clients around the world, further solidifying its reputation as a leading voice in the eDiscovery ecosystem.

Send this to a friend