Lex Cybernetica Podcast

State actors abuse the ability to cyberattack anonymously or through proxies, which allows them to evade the consequences and avoid retaliation. Before we determine what we should and should not do in reaction to a cyberattack, we need to make sure we correctly attribute it to its source. “Currently, one of the predicaments is that states are able to do very bad things and get away with it, scot free”, says Prof. Yuval Shany, the head of The Federmann Cyber Security Center – Cyber Law Program and the chair of the UN Human Rights Committee. There are currently no international agencies responsible for naming the actual entities behind the dummy cyberattackers. Prof. Shany, alongside Exeter University and the Dutch government, are researching this in a feasibility study, looking to borrow ideas from other areas where attribution is important, among them proliferation of nuclear and chemical weapons. A lot of attacks take place on infrastructure, software and platforms that are run by private tech companies.