Publicly Attributing Cyber Attacks: A Framework

When should states publicly attribute cyber intrusions? Whilst this is a question governments increasingly grapple with, academia has hardly helped in providing answers. This article by CSS Florian Egloff and Max Smeets describes the stages of public attribution and provides a Public Attribution Framework designed to explain, guide, and improve decision making of public attribution by states. This article asserts that public attribution is a highly complex process which requires trade-offs of multiple considerations. Effective public attribution not only needs a clear understanding of the attributed cyber operation and the cyber threat actor, but also of the broader geopolitical environment, allied positions and activities, and the legal context. Nevertheless, public attribution can also carry risks. This article proposes that public attribution can only be successful if there is a consistent goal, whilst the avenues for potential negative counter effects are assessed on a case-by-case basis.