skip to content
Monday, 13 July 2020

Tomohiro Mikanagi is LCIL Partner Fellow and Deputy Director-General of the International Legal Affairs Bureau (Deputy Legal Advisor), Ministry of Foreign Affairs, Japan. While he was a Visiting Fellow at the Centre from 2017 to 2019, he co-organized two international workshops titled International Law and Cyber Security and The Future of Multilateralism and published an article Establishing a Military Presence in a Disputed Territory: Interpretation of Article 2(3) and (4) of the UN Charter in International & Comparative Law Quarterly (ICLQ).



Based on the discussion at the two workshops at the Lauterpacht Centre, I co-authored with Kubo Mačák, Legal Adviser of ICRC, a new article Attribution of cyber operations: an international law perspective on the Park Jin Hyok case published in the Cambridge International Law Journal (CILJ). This article examines the 172-page-long affidavit on The United States of America v Park Jin Hyok case published in June 2018 and analyzes challenges posed by the legal attribution of cyber operations.

Difficulties in attributing cyber operations to States have been pointed out by scholars and officials, but, due to States’ reluctance to reveal evidence relating to the cyber attribution, discussion on this matter has inevitably tended to be abstract. While there has been no case before ICJ or other international tribunals where evidence concerning cyber attribution has been examined, as an alternative, I have been looking for an example of domestic proceeding relating to cyber operations.

In this affidavit the FBI presented fairly detailed and wide-ranging information on the alleged North Korean hostile cyber operations, including WannaCry. Due to the nature of the proceedings, the affidavit does not directly concern the attribution of Mr Park’s alleged conduct to North Korea as a matter of international law. However, given the absence of other comparable documents published by governments, this affidavit seems to be useful in grasping the image of evidence available for proving the attribution of cyber operations.

The result of the analysis is not surprising. While the affidavit refers to numerous links to e-mail accounts and IP address, including those in North Korea, and similarities of malwares employed in different cyber operations, direct evidence showing the involvement of the suspect or the North Korean authority in actual malicious cyber operations seems difficult to obtain.

The following is the abstract of the article:

States are increasingly willing to publicly attribute hostile cyber operations to other States. Sooner or later, such claims will be tested before an international tribunal against the applicable international law. When that happens, clear guidance will be needed on the methodological, procedural and substantive aspects of attribution of cyber operations from the perspective of international law. This article examines a recent high-profile case brought by the United States authorities against Mr Park Jin Hyok, an alleged North Korean hacker, to provide such analysis.

The article begins by introducing the case against Mr Park and the key aspects of the evidence adduced against him. It then considers whether the publicly available evidence, assuming its accuracy, would in principle suffice to attribute the alleged conduct to North Korea. In the next step, this evidence is analyzed from the perspective of the international jurisprudence on the standard of proof and on the probative value of indirect or circumstantial evidence. This analysis reveals the need for objective impartial assessment of the available evidence and the article thus continues by considering possible international attribution mechanisms.

Before concluding, the article considers whether the principle of due diligence may provide an alternative pathway to international responsibility, thus mitigating the deficiencies of the existing attribution law. The final section then highlights the overarching lessons learned from the Park case for the attribution of cyber operations under international law, focusing particularly on States' potential to make cyberspace a more stable and secure domain through the interpretation and development of the law in this area.