Attribution of cyber operations: an international law perspective on the Park Jin Hyok case
  • 1 Deputy Director-General, International Legal Affairs Bureau, Ministry of Foreign Affairs of Japan, Tokyo, Japan
  • | 2 Partner Fellow, Lauterpacht Centre for International Law, University of Cambridge, UK
  • | 3 Legal Adviser, International Committee of the Red Cross, Geneva, Switzerland
  • | 4 Associate Professor of Public International Law, University of Exeter, UK (on leave)

States are increasingly willing to publicly attribute hostile cyber operations to other States. Sooner or later, such claims will be tested before an international tribunal against the applicable international law. When that happens, clear guidance will be needed on the methodological, procedural and substantive aspects of attribution of cyber operations from the perspective of international law. This article examines a recent high-profile case brought by the United States authorities against Mr Park Jin Hyok, an alleged North Korean hacker, to provide such analysis. The article begins by introducing the case against Mr Park and the key aspects of the evidence adduced against him. It then considers whether the publicly available evidence, assuming its accuracy, would in principle suffice to attribute the alleged conduct to North Korea. In the next step, this evidence is analysed from the perspective of the international jurisprudence on the standard of proof and on the probative value of indirect or circumstantial evidence. This analysis reveals the need for objective impartial assessment of the available evidence and the article thus continues by considering possible international attribution mechanisms. Before concluding, the article considers whether the principle of due diligence may provide an alternative pathway to international responsibility, thus mitigating the deficiencies of the existing attribution law. The final section then highlights the overarching lessons learned from the Park case for the attribution of cyber operations under international law, focusing particularly on States' potential to make cyberspace a more stable and secure domain through the interpretation and development of the law in this area.

Contributor Notes

This article is based on the research at the Lauterpacht Centre for International Law, University of Cambridge and the views expressed herein do not represent the official position of the Japanese Government.

This article was entirely researched and written prior to the author's engagement in the Legal Division of the ICRC and the views expressed herein do not represent the official position of the ICRC or its Legal Division. The authors would like to thank Ana Beduschi, Isabella Brunner, Russell Buchan, Andraz Kastelic, Tomáš Minárik and Hitoshi Nasu for their valuable comments on earlier drafts. We also acknowledge with gratitude Matthew Kuningas's research assistance and Barbora Ruščin's help with designing the infographic in Figure 1.

You are not authenticated to view the full text of this chapter or article.

Access options

Get access to the full article by using one of the access options below.


Pay to Access Content (PDF download and unlimited online access)

Other access options

Redeem Token

Institutional Login

Log in with Open Athens, Shibboleth, or your institutional credentials

Login via Institutional Access

Personal login

Log in with your Elgar Online account

Login with you Elgar account