New wine in old bottles: applicability of the rules on attribution to cyberattacks committed against objects of critical infrastructure
Growing number of cyberattacks committed by states or with their support testifies to the need of legal attribution for the purpose
of international responsibility. Tallin Manual that comprises authoritative findings on how the attribution rules should be applied raises
a serious concern about the practical possibility to establish attribution. The main reason for this concern may be found in the nature of
cyberspace that is characterized by anonymity, spoofing and targeting from the territory of other states etc.
The rules of Tallinn Manual reiterated the provisions of ARSIWA and do not evidence about the existence of lex specialis for
cyberattacks attribution. Pursuant to them, states are responsible for actions of their de facto and de jure organs empowered to exercise
the elements of governmental functions, private actors within their effective control or for the violation of due diligence obligations.
This article argues that there is no necessity to change the rules on attribution, but, due to limited human and technical resources
of most states, a special body for technical attribution should be created. The author analyses the different proposals that foresees a
membership of states or fully excludes it. Notwithstanding a model, which may be chosen, there should be a variety of technical exper -
tise and limitations of states ability to impact a decision concerning the choice of a case and its outcomes.